Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Signed Lenovo Driver Could Be Misused to Shut Down Security Software, Researcher Warns

  A security researcher has uncovered a weakness in a Lenovo-signed Windows driver that could allow attackers to disable antivirus and endpo...

All the recent news you need to know
VISA
Cyber Fraud Data Breach sensitive information UK government VISA

UK Visa Application Service Left More Than 100,000 Identity Documents Accessible Online

 




A private visa assistance website used by travelers seeking permission to enter the United Kingdom left a large collection of customer records accessible online, exposing passport copies, identity verification photographs, and location information linked to applicants.

The website, known as UK Visa Portal, offers paid assistance for visa and travel authorization applications. The platform is not operated by the U.K. government, although reports indicate that some users may have mistaken it for an official government service and paid application-related fees through the site instead of using government channels.

The exposure came to light after an individual discovered a security issue affecting the platform and reported it to journalists. According to information shared by the source, the accessible records included more than 100,000 files uploaded by applicants during the visa application process. These files reportedly contained passport images and selfie photographs that users submitted to verify their identities.

Following inquiries from journalists, the exposed data was secured. However, details regarding how long the information remained accessible have not been publicly disclosed.

According to reporting on the incident, the exposed records were stored in an Amazon-hosted cloud storage repository used by UK Visa Portal. While the storage system did not openly display a list of documents to the public, individual files could still be accessed by anyone who possessed the correct web address. The individual who identified the issue stated that a flaw within the website's backend functionality made it possible to view references to files stored in the cloud environment.

Journalists investigating the incident reportedly verified the authenticity of the exposed records by contacting individuals whose documents appeared in the dataset. Those contacted confirmed that the information matched records they had submitted through the platform.

Beyond passport scans and identity photographs, some uploaded images reportedly contained embedded geolocation metadata. This information can be automatically recorded by smartphones and digital cameras when a photograph is taken. In certain cases, the metadata was reportedly detailed enough to reveal the location where the image was captured, including locations associated with applicants' residences.

The exposure of identity documents can create opportunities for fraud and impersonation. Passports, facial images, dates of birth, addresses, and other personal identifiers are frequently used during account verification processes. If obtained by unauthorized parties, such information may be used in attempts to create fraudulent accounts, bypass identity checks, or conduct targeted social engineering operations.

The handling of the incident has also left several questions unanswered. Reports indicate that journalists attempted to notify the company about the security issue but were unable to identify a dedicated vulnerability reporting channel. The website reportedly did not provide public contact information for company executives or security personnel responsible for addressing cybersecurity matters.

After initial contact was made through customer support, a manager was identified as a potential point of contact. However, reports indicate that direct engagement with company management did not occur. Instead, communication later involved representatives from a public relations firm and attorneys from a U.S.-based law firm.

Following publication of the findings, journalists sought additional information regarding the incident, including the length of time the storage repository remained exposed, whether access logs exist, whether any files were downloaded by unauthorized parties, and who oversees cybersecurity operations within the organization. Public answers to those questions have not been released.

The company is reportedly linked to an organization called Active Leadgen LLC, which is described as having connections to the United Arab Emirates. However, independent verification of the ownership structure has not been publicly established.

The incident comes amid increasing reliance on online identity verification systems by governments, financial institutions, and digital service providers. As more organizations require users to submit passports and photographs electronically, the protection of those documents has become a critical responsibility for any company handling sensitive personal information.

Applicants seeking authorization to travel to the United Kingdom are generally advised to confirm that they are using official government services before submitting identity documents or making payments. In most cases, travelers can complete the application process directly through official U.K. government channels without relying on third-party visa assistance platforms.

Read more »
Signal Jamming
Cyber Security Defence Secretary RAF Jet Russian Border Signal Jamming

RAF Jet Carrying UK Defence Secretary John Healey Has Signal Jammed Near Russia Border

 

An RAF jet carrying UK Defence Secretary John Healey experienced signal jamming near the Russian border earlier this week, highlighting the growing security risks faced by military and government flights operating close to tense front lines. The incident took place while Healey was returning to the UK after visiting British troops stationed in Estonia. According to the BBC report, the aircraft’s GPS was affected, forcing the crew to rely on an alternative navigation system for the three-hour journey. 

The reported disruption has raised fresh concerns about electronic interference in areas bordering Russia, where GPS jamming and related forms of signal disruption have become a familiar feature of the strategic environment. The BBC said it is suspected that Russia was behind the interference, although it remains unclear whether Healey himself was deliberately targeted. The flight path was reportedly visible on aircraft-tracking platforms, which may have made the plane easier to monitor. 

Signal jamming is not only a technical nuisance; it can also carry serious operational implications. When GPS is disabled or distorted, pilots must depend on backup systems and heightened crew awareness to maintain safe navigation. The BBC noted that a similar incident occurred in 2024, when an RAF aircraft carrying then-Defence Secretary Grant Shapps also faced GPS jamming near Russian airspace. That history suggests the latest case is part of a broader pattern rather than an isolated event. 

For the UK, the episode underlines the pressures of supporting allies in Eastern Europe while deterring hostile interference. Britain has maintained a military presence in Estonia as part of its NATO commitments, and visits by senior officials send a message of solidarity and readiness. Yet incidents like this show that even routine travel in the region can be affected by electronic warfare and other forms of disruption. The incident adds another layer of caution for defence planners and transport crews working in contested airspace. 

Although the full circumstances remain under review, the incident is a reminder that modern conflict is increasingly fought in invisible ways. Jamming signals, disrupting navigation, and probing aircraft movements are part of a wider contest that extends beyond traditional battlefields. As European tensions remain high, the UK and its allies are likely to keep paying close attention to the safety of flights operating near Russia’s borders.
Read more »
Google Research
AI Generated Content Law AI manufacturing research Cyber Security Fake Data generative AI fraud Google Research

AI-Generated Fake Citations Surge Across Scientific Papers and Peer-Reviewed Journals

 

Surprising numbers of made-up sources now show up in research articles, thanks to artificial intelligence. Instead of slowing down, the problem grew fast - around 150,000 false references slipped into academic work just in 2025 alone. While some stay hidden in early drafts online, others make it through review systems and land in official journals. What once seemed rare has become common, raising concerns across universities and publishing houses alike. 

From 2020 to 2025, scholarly articles totaling 2.5 million were examined by analysts at Cornell, UCLA, and Berkeley. These documents contributed a citation count of 111 million. Data originated in prominent archives - arXiv, bioRxiv, SSRN, and PubMed Central being among them. Attention shifted toward references that lacked confirmation in standard indexing systems. Tools like Semantic Scholar, OpenAlex, and Google Scholar failed to validate certain paper titles. Scrutiny centered on these unverifiable instances. Work unfolded without reliance on assumed accuracy. 

Instead, gaps in traceability became the point of departure. Midway through 2024, a noticeable spike emerged in made-up citations. This shift came alongside broader adoption of advanced language software - systems initially built for drafting text but now able to produce full reference lists. Although such tools speed up writing tasks, they sometimes invent scholarly sources that sound real yet lead nowhere. 

A paper called "LLM Hallucinations in the Wild" traced this pattern directly to how these models operate when asked to cite materials. Because false references mimic genuine ones so closely, spotting them becomes difficult without careful checking. Surprisingly, the investigation reveals fabricated citations appear beyond clearly dishonest work. These false references turn up across credible-looking documents, implying certain authors include AI-suggested sources without checking them first. What stands out is how casually unverified material slips into accepted formats. 

Most current safety measures faced questions about how well they work. The research showed that close to 78.8% of made-up citations got through arXiv’s review process without detection. Even after some bioRxiv papers appeared in journals listed by PubMed Central, around 85.3% still kept their false references unchanged. A study appearing in The Lancet highlighted recurring issues in biomedical literature. 

Over 4,000 false references turned up in nearly three thousand reviewed articles from 2023 through early 2026. Papers drawn from that span showed a sharp climb in made-up sources. While just one in 2,828 works contained such problems at the start, the proportion jumped - by early 2026, it was one out of every 277. Growth like this signals deeper cracks forming beneath the surface. 

One concern gaining traction: false references might cycle back into AI training data once they land in shared digital archives. Because these inaccuracies can persist, journals are being pushed toward using software checks on citations prior to accepting articles. 

As artificial intelligence plays a larger role in research tasks, closer scrutiny seems less like an option and more like a necessity. Some now see automated validation not as extra effort but as basic hygiene in scholarly communication.
Read more »
Ukraine
Gamaredon GammaPhish GammaWorm malware Russia Ukraine

Russian State-sponsored Hackers Attack Ukraine, Exploit WinRAR to Install Malware


The Russian Hacking group called Gamaredon has been linked to the constant hack of a WinRar bug to install a few malware strains aiming to propagate and steal data.

According to Sekoia, the attack consists of exploiting the bug CVE-2025-8088, a path traversal bug in WinRAR, to run an HTML App payload called GammaPhish, which is later used to get a VBScript payload from the C2 server. The main goal is to fingerprint the host device and update the network settings in the registry via dead drop resolvers (DDRs), retrieve and launch arbitrary VBScript payloads from the C2 servers.

About the malware

“Gamaredon’s arsenal has undergone a significant transformation over the last decade, transitioning from Pteranodon custom-built framework into a fragmented and modular malware. Based on our observation, today’s Gamaredon capacities are characterised by a proliferation and a highly active development cycle of new malware variants,” said Sekoia

Payloads attacking VBS

One payload is a VBScript worm called GammaWorm that builds persistence through scheduled tasks and is built to hide authentic directories in network shares and USB drives and replace with infected Windows Shortcut (LNK) files. This causes the launch of arbitrary code gotten from a C2 server.

To fix C2,  GammaWorm starts a GET request to the public Telegram channel. Via genuine platforms such as Telegram, hackers blend with regular traffic, escape getting caught, and launch long-term spying campaigns. GammaWorm also depends on NTFS Alternate Data Streams (ADS) tactics to hide its core modules.

Other malware strains

A different malware family deployed through GammaLoad is a modular information stealer called GammaSteel that stores files matching particular extensions and retrieves the stolen files on AWS S3 bucket or a threat-actor regulated server as a backup option. According to Sekoia, the infection chain could be used to launch different malware strains like GammaWipe or GamaWiper, this depends on the hacker’s targets. 

"The exact deployment vector for GammaWorm remains ambiguous; it could be dropped concurrently by GammaLoad, or introduced independently via a user executing a weaponized USB drive," it noted. "In addition, assessing the global execution flow, we assess with high confidence that GammaPhish is designed to deploy GammaLoad first,” Sekoia said.

State-sponsored hackers involved

Russian state-sponsored actor Gamaredon associated with the official Federal Security Service (FSB) has a long history of targeting Ukraine and its government, critical infrastructures, military via spear-phishing emails that consist infected attachments in “booby-trapped RAR archives”, according to the Hacker News.

Gamaredon, a Russian state-sponsored intrusion-set officially linked to the Federal Security Service (FSB), has a history of targeting Ukraine, particularly government, military, and critical infrastructure entities, using spear-phishing emails containing malicious attachments, in this booby-trapped RAR archives.

Read more »
RTGS Fraud Scheme
Cyber Crime Investigation Cyber Fraud Cyber Frauds Digital Arrest Scam Karnataka Cyber Command Money Laundering Scam Mule Bank Accounts Online Financial Fraud RTGS Fraud Scheme

Fake Digital Arrest Racket Cheats Bengaluru Woman of Rs 24 Crore


 

Using cyber technology, an impersonation racket for high-net-worth individuals in India has been exposed as a sophisticated scam in the form of a so-called "digital arrest." A network of fraudsters posing as officials from central investigation agencies has allegedly coerced Bengaluru resident Lakshmi Ramamurthy into transferring large sums of money over a period of several months, involving 74-year-old Bengaluru resident Lakshmi Ramamurthy. 

The Karnataka State Cyber Command has uncovered a Rs 24 crore fraud involving her. Authorities allege that the accused exploited sensitive financial information related to recent property transactions, fabricated false allegations of money laundering, continuously monitored, and psychologically manipulated to create a false sense of legal threat. 

After Ramamurthy approached the ICICI Bank Cantonment Branch to mortgage 1.3 kilograms of gold jewellery in an effort to obtain additional funds, the scheme was undetected until he approached the bank officials. Bank officials alerted law enforcement officials, triggering an investigation that led to the arrest of six suspects from a variety of states, including Tamil Nadu, Maharashtra, Gujarat, Delhi, and Bihar. 

The victim, Ramamurthy, a former teacher who lived in Dubai and is currently residing alone in Bengaluru's Shivajinagar neighbourhood, has been deemed to be a lucrative target because she owns properties in Bengaluru and Mumbai, and she is actively seeking to liquidate certain assets for the benefit of her children in the United States. 

Police claim that the fraudulent engagement began in February when individuals claiming to be officers from the Central Bureau of Investigation (CBI) and Enforcement Directorate (ED) started calling her. She was falsely accused of involvement in a money laundering network and repeatedly threatened arrest and legal action by the callers, who repeatedly threatened her arrest. 

In the process of clarifying her position, the perpetrators escalated the deception through WhatsApp video calls, employing impersonation techniques that were designed to simulate official proceedings as well as reinforce the credibility of the false accusations. Also during the course of the investigation, police were able to seize six mobile phones thought to have been used for coordinating and executing the fraud, providing vital data regarding the network's communication infrastructure. This was followed by an extended campaign of coercive social engineering in which the victim was alleged to have been isolated from external intervention and to have been kept under constant psychological pressure through repeated calls and virtual interactions. 

During their conversation, the fraudsters falsely informed Ramamurthy that her bank accounts were connected to a money laundering investigation. The fraudsters claimed that Ramamurthy had been placed under a confidential "digital arrest" and instructed her not to discuss the matter. A number of factors were employed by the accused to convince her that large financial transfers were necessary for account verification, regulatory scrutiny, and fund clearance, including fear, authority impersonation, and fabricated legal consequences. 

A total of Rs 24 crore was allegedly transferred from the victim's ICICI Bank account between February 10 and April 24 through 26 RTGS transactions involving 23 mule accounts maintained at ten different banks nationwide. Police said the funds were distributed through a layered network of beneficiary accounts designed to obscure the money trail and complicate recovery efforts. 

On April 24, the victim reportedly attempted to secure a gold loan worth Rs 3 crore to satisfy additional demands from the scammers that were still underway when the fraud operation was still active. In response to suspicious activity detected by ICICI Bank Cantonment Branch officials, the Karnataka State Cyber Command was immediately alerted, and officers at the Karnataka State Cyber Command intervened, counselled the victim, and prevented further financial losses. 

Following the initial investigation, a large-scale interstate cybercrime investigation focused on tracking the flow of funds via the fraud network's laundering infrastructure was initiated in order to investigate the fraud. Investigators tracked first-layer mule accounts that received the proceeds of the crime by using financial intelligence, transaction analysis, and data available through the National Cybercrime Reporting Portal (NCRP) and initiated account freeze procedures across a number of banking channels.

The operation resulted in the freezing of over Rs 4 crore, while a further Rs 1.46 crore was recovered through court-directed proceedings. Approximately six individuals have been arrested as a result of the investigation - N Sivagnanam of Erode, Tamil Nadu; Akkach Mallick of Mumbai, Maharashtra; Palak Bhai Patel and Amit Narendra Patel of Ahmedabad, Gujarat; Om Prakash Rajput of New Delhi; and Gaurav Kumar of Bihar.

Furthermore, authorities seized six mobile phones suspected of being used to coordinate fraudulent activities. According to the Karnataka State Cyber Command Unit, the investigation continues as efforts continue to identify additional operatives, uncover the larger financial network, and trace the masterminds suspected of orchestrating the nationwide digital arrest fraud scheme. 

A significant aspect of the case is the fact that modern cybercrime has evolved beyond technical exploitation into highly orchestrated psychological manipulation, in which trust, fear, and perceived authority are weaponised so that rational decision-making is overridden. 

The incident underscores the fact that no legitimate law enforcement agency or government agency conducts investigations through secret video calls, requires financial transfers for verification, or instructs individuals to isolate themselves from family members or legal counsel as digital arrest scams continue to surface across the country. 

In addition to independent verification of such claims through official channels, cybersecurity experts advise citizens to be cautious when receiving unsolicited communications expressing legal threats, as well as to report suspicious activity immediately to the National Cyber Crime Reporting Portal or local cyber police authorities. One of the most effective measures against fraud schemes designed to exploit both technology and human vulnerability remains awareness in an increasingly connected world.
Read more »
Supply Chain Attack
Backdoor GitHub malware Megalodon Supply Chain Attack

Megalodon Malware Backdoors 5,500+ GitHub Repos in 6-Hour Supply-Chain Attack

 

On May 18, 2026, a massive automated supply-chain attack codenamed Megalodon struck GitHub, injecting malicious CI/CD backdoors into more than 5,500 repositories in under six hours. Security firm SafeDep discovered the campaign, which pushed 5,718 malicious commits to 5,561 distinct repositories using throwaway accounts with randomized eight-character usernames, marking one of the most aggressive GitHub Actions poisoning campaigns ever recorded. 

The attackers forged bot-like author identities—build-bot, auto-ci, ci-bot, and pipeline-bot—using emails build-system@noreply.dev and ci-bot@automated.dev to mimic routine automated CI maintenance. Between approximately 11:36 and 17:48 UTC on May 18, these fake commits slipped into repositories without triggering immediate suspicion, as they appeared to be ordinary build optimization updates. 

Megalodon deployed two distinct GitHub Actions workflow variants sharing the same command-and-control server at 216.126.225.129:8443. The SysDiag variant added a new ci.yml file triggering on every push and pull_request_target, ensuring automated execution on any commit across all branches. The Optimize-Build variant replaced existing workflows with a workflow_dispatch trigger, creating a dormant backdoor that attackers can silently activate on demand via the GitHub API, producing zero visible CI runs and no failed builds. 

The base64-encoded 111-line bash payload conducted aggressive credential harvesting, exfiltrating all CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, GitLab CI/CD tokens, and dozens of other secrets while scanning source code for more than 30 secret regex patterns. 

The attack's most critical downstream impact targeted Tiledesk, an open-source live chat platform, where the attacker compromised the repository and replaced the legitimate Docker build workflow. The unsuspecting maintainer published @tiledesk/tiledesk-server versions 2.18.6 through 2.18.12 to npm, propagating the backdoor to the package registry. Organizations should immediately revert malicious commits from build-system@noreply.dev or ci-bot@automated.dev, rotate all secrets, audit cloud logs for anomalous OIDC requests, check Actions tabs for unexpected workflow_dispatch executions, and pin GitHub Actions to specific commit SHAs.
Read more »
Subscribe to: Posts (Atom)

Featured