Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

How Poorly Secured Endpoints Are Expanding Risk in LLM Infrastructure

  As organizations build and host their own Large Language Models, they also create a network of supporting services and APIs to keep those ...

All the recent news you need to know
Korea
Bitcoin Bitcoin Cyber Threat Bithumb cryptocurrency Cryptocurrency news Cyber Security digital currency Financial Regulators Korea

Bithumb Error Sends 620,000 Bitcoins to Users, Triggers Regulatory Scrutiny in South Korea

 

A huge glitch at Bithumb, South Korea’s second-biggest digital currency platform, triggered chaos when users suddenly found themselves holding vast quantities of bitcoin due to a flawed promotion. Instead of issuing minor monetary rewards, a technical oversight allowed 620,000 bitcoins to be wrongly allocated. Regulators quickly stepped in, launching investigations as the scale of the incident became clear. Recovery efforts are now underway for assets exceeding $40 billion, stemming directly from the mishap. Legal pressure mounts on the firm while authorities assess compliance failures. What began as a routine marketing effort has turned into one of the largest operational blunders in crypto trading history.  

On 6 February, a mistake unfolded amid a promotion meant to give rewards to 695 qualifying users - totaling 620,000 Korean won, about $423. Instead of using local currency, one employee typed in bitcoin by accident; this shifted the reward value dramatically. What should have been small bonuses became 620,000 bitcoins, valued around $42 billion then. Among those who qualified, nearly half accessed their digital boxes before anyone noticed. These 249 people ended up with massive deposits, exceeding the entire crypto balance held by the platform. 

Bithumb said it fixed many incorrect deposits through adjustments in its internal records. Still, regulators noted approximately 13 billion won - about $9 million - was unaccounted for, lost when certain users moved or cashed out funds prior to detection. During the half-hour span before freezing actions began, 86 individuals allegedly offloaded close to 1,788 bitcoins, sparking temporary shifts in pricing across the site's trading system. 

Criticism came fast once news broke. "Catastrophic" was the word used by Lee Chan-jin - head of South Korea’s Financial Supervisory Service - to describe what happened to those who offloaded their bitcoin. With prices climbing afterward, people forced to give back holdings might now owe money instead. Not just a one-off error, according to Lee; it revealed deeper flaws in how crypto platforms handle internal ledgers and transaction safeguards. 

Disagreement persists among legal professionals regarding possible criminal consequences for users who withdrew accidentally deposited bitcoin. Though crypto assets were central to a 2021 South Korean high court decision, their exclusion from the definition of "property" in penal statutes muddies enforcement paths. Instead of pursuing drawn-out lawsuits, Bithumb initiated private talks with around eighty individuals who converted the digital value into local currency, asking repayment in won amounts. 

Now probing deeper, the Financial Supervisory Service has opened a comprehensive review; meanwhile, lawmakers in Seoul will hold an urgent session on 11 February to press officials and platform leaders for answers. Speaking publicly, Bithumb admitted changes are underway - its payout systems being rebuilt, oversight tightened - even though they insist no cyberattack occurred nor did outside actors gain access.
Read more »
Zero-Day Attack
Chrome Browser Safari Security Vulnerabilities and Exploits Zero-Day Attack

Millions of Chrome, Safari, and Edge Users at Risk from New Browser Exploit

 

A critical security vulnerability is threatening millions of users of popular web browsers including Google Chrome, Apple Safari, and Microsoft Edge. Security researchers have uncovered a sophisticated exploit that allows attackers to hijack sessions and steal sensitive data directly from affected browsers. The flaw, actively exploited in the wild, bypasses traditional defenses and targets core rendering engines shared across these platforms.

This vulnerability stems from a zero-day flaw in the WebKit and Chromium rendering engines, which power Safari and large portions of Chrome and Edge respectively. Attackers can craft malicious web pages that trigger the bug when visited, leading to remote code execution without user interaction. Cybersecurity firm Glasgowlive reports that the issue has already impacted over 2.5 billion devices worldwide, urging immediate patching.Early indicators show campaigns originating from state-sponsored actors aiming at high-value targets like journalists and activists.

Browser vendors have responded swiftly with emergency updates. Google rolled out Chrome 131.0.6778.100 for Windows, Mac, and Linux, while Apple pushed Safari 18.2 via macOS and iOS updates. Microsoft Edge users should navigate to Settings > Help and Feedback > About Microsoft Edge for auto-updates. Failing to apply these patches leaves systems exposed to drive-by downloads and persistent malware infections. Experts recommend enabling automatic updates and avoiding suspicious links during this period.

The incident highlights ongoing risks in browser monoculture, where Chromium-based browsers dominate 80% of the market. Chrome alone commands 66% of global web traffic, amplifying the blast radius of such flaws. Privacy advocates note that while features like sandboxing mitigate some damage, shared codebases create systemic weaknesses.Users of older versions, especially on enterprise networks, face heightened threats from phishing sites mimicking legitimate updates.

To stay safe, reboot devices post-update, clear browser caches, and deploy endpoint detection tools. Security firms advise scanning for indicators of compromise, such as unusual network activity. This incident underscores the need for diversified browser usage and vigilant patch management in 2026's threat landscape. As cyber threats evolve, proactive updates remain the first line of defense for billions online.
Read more »
ZeroDayRAT Malware
Android Security Threats Commercial Spyware Platforms iOS Surveillance Risks malware Mobile Banking Trojan Mobile Spyware NFC Relay Attacks Remote Access Trojan ZeroDayRAT Malware

ZeroDayRAT Marks Significant Shift in Cross Platform Mobile Surveillance


 

It is widely recognized that mobile devices serve as modern life vaults, containing conversations, credentials, financial records, and fragments of professional strategy behind polished glass screens. But this sense of contained security is increasingly being tested.

A new cross-platform remote access trojan designed to operate across both Android and iOS environments has been discovered by security researchers. A sophisticated zero-day exploit alone is not sufficient to gain initial access to the threat, as it is able to exploit carefully crafted social engineering lures and sideloaded applications. 

Once embedded, it provides continuous, real-time control over compromised devices by capturing screen images, logging keystrokes, and extracting sensitive information and credentials in a systematic manner. With its modular design and deliberate stealth mechanisms, it blends seamlessly into legitimate system processes, complicating detection efforts for conventional mobile security defenses and emphasizing the increasing threat surface of everyday smartphones and tablets. 

Additionally, a thorough analysis indicates that ZeroDayRAT is not a standalone sample of malware, but rather a commercially packaged surveillance platform intended for wide distribution. A technical report published by iVerify on February 10, 2026 and a follow-up article by The Hacker News on February 16, 2026 indicate that the spyware can be deployed using Telegram-based channels as a ready-to-deploy toolkit. 

The system includes a graphical application builder, a web control panel for managing devices, a structured sales and support infrastructure, and regular updates from developers. With the operation model, advanced mobile compromise can be made accessible to individuals without technical expertise, by decentralizing command infrastructure by allowing each purchaser to operate an independent control panel rather than relying on a shared command-and-control backbone. 

Furthermore, ZeroDayRAT does not rely upon exploiting undetected zero-day vulnerabilities within mobile operating systems in order to function. Rather, its operators employ layered social engineering techniques to obtain initial access.

Early campaigns have exhibited a variety of distribution vectors, including malicious APK download links sent via smishing campaigns, phishing emails that direct recipients to fraudulent portals, cloned app storefronts, and weaponized links distributed through messaging platforms such as WhatsApp and Telegram.

Infection chains typically involve installing malicious configuration profiles or enterprise-signed payloads on iOS devices and Android devices; they are persuaded to sideload malicious applications. When spyware is deployed, it establishes persistent remote access, enabling real-time monitoring, credential harvesting, file extraction, and manipulation of devices. 

As of today, this platform is compatible with Android versions 5 through 16 as well as iOS versions 26 and older, as well as newly released hardware. The cross-version operability of commercial spyware underscores the shift towards scalability and adaptability as opposed to exploit dependency in the commercial spyware sector. 

Using spyware-as-a-service models to eliminate centralized infrastructure and reduce the technical requirements for operation, ZeroDayRAT illustrates how spyware-as-a-service models are transforming the threat ecosystem in 2026. In recent years, the mobile device has become more and more a primary target for financial fraud, coercive surveillance, and data exfiltration, driven largely by the systematic weaponization of human trust rather than novel vulnerabilities. 

Research conducted by iVerify demonstrates that ZeroDayRAT's surveillance architecture extends far beyond conventional data harvesting and functions as a comprehensive system for monitoring and exploiting financial assets in real-time. By providing a structured overview of compromised devices, the operator dashboard identifies the device model, operating system build, battery metrics, SIM identifiers, geographical location, and lock status of compromised devices.

In addition, attackers are able to view detailed activity logs, such as application usage histories, SMS exchanges, and chronological activity timelines, which allows them to effectively reconstruct a victim's digital behavior profile based on this central interface. Further dashboard modules display incoming notification streams, enumerate registered accounts on the device (displaying associated email addresses or user IDs), and facilitate credential-stuffing and brute-force operations. 

In the event that location permissions have been granted, the spyware can plot live device positioning through a rendered interface similar to Google Maps, complete with historical tracking of movements. As opposed to passive observation, ZeroDayRAT provides active intrusion features as well, enabling operators to remotely activate front and rear cameras, listen to live audio recordings, and initiate screen recordings to capture sensitive activity on a computer screen. 

As soon as SMS permissions are obtained, the malware may intercept incoming one-time passwords, effectively negating two-factor authentication measures, and also dispatch outbound messages directly from the compromised device. In addition to a dedicated keylogging module, the toolkit incorporates a dedicated feature to record gesture patterns, screen unlock sequences, and typed input. 

An additional component of financial targeting includes scanning for wallet applications including MetaMask, Trust Wallet, Binance, and Coinbase, among others, to detect cryptocurrency theft. The attacker attempts clipboard manipulation by substituting copied wallet addresses with attacker-controlled ones upon detection and catalogs wallet identifiers and balances. 

To harvest authentication credentials, parallel modules employ overlay attacks against banking applications, UPI platforms such as Google Pay and PhonePe, as well as payment services such as Apple Pay and PayPal in order to target traditional financial ecosystems. Despite the lack of exhaustive description of ZeroDayRAT's exact initial infection vectors, iVerify describes ZeroDayRAT as a comprehensive mobile compromise toolkit designed to allow for operational flexibility. 

Individual privacy violations are not the only implication; infected employee devices may provide access into enterprise environments, exposing corporate credentials, communications, and financial systems. Compromised security may result in sustained surveillance and direct financial loss for individual users. 

In addition to strict adherence to official application distribution channels, researchers recommend limiting installation of applications to reputable publishers. These include Google Play for Android and Apple App Store for iOS. 

As a precaution against high-impact mobile spyware campaigns, high-risk users are encouraged to enable hardened security configurations, such as Lockdown Mode on iOS and Advanced Protection features on Android. This exposure of ZeroDayRAT reinforces a broader security imperative: mobile risk cannot be considered secondary to desktop or network security.

As surveillance-grade technology becomes more commercialized and operationally simplified, organizations will have to revisit their trust assumptions regarding both employee-owned and corporate-issued devices. It is important to consider continuous monitoring of mobile threats, enforcing strict mobile device management policies, enforcing conditional access controls, and performing routine permission audits as baseline safeguards rather than advanced ones. 

It remains important to minimize sideloading practices, analyze configuration profile requests carefully, restrict accessibility privileges, and maintain rapid operating system updates as part of a comprehensive countermeasure strategy. 

A key finding of the trajectory of mobile spyware development is that technical defenses must be paired with user awareness and institutional resilience. Currently, smartphones serve as consolidated authentication, financial, and communication hubs; their strategic value requires layered security disciplines commensurate with their strategic importance.
Read more »
Global Economy
ai strategy AI Training CISO Cyber Security ec Council Global Economy

EC-Council Introduces AI Training Programs as Demand for Skilled Professionals Grows

 



As artificial intelligence becomes embedded in daily business functions, concerns are growing over whether the workforce is adequately prepared to manage its risks and responsibilities. EC-Council has announced the launch of four new AI-focused certifications along with an updated Certified CISO v4 program, marking the largest single expansion in the organization’s 25-year history.

The rollout comes amid projections that unmanaged AI-related vulnerabilities could expose the global economy to as much as $5.5 trillion in risk, according to industry estimates attributed to IDC. At the same time, analysis from Bain & Company suggests that approximately 700,000 workers in the United States will require reskilling in AI and cybersecurity disciplines to meet rising demand.

Global institutions including the International Monetary Fund and the World Economic Forum have identified workforce capability as a primary constraint on AI-driven productivity, arguing that the barrier is no longer access to technology but access to trained professionals.

Security threats are escalating in parallel with adoption. Reports indicate that 87 percent of organizations have encountered AI-enabled cyberattacks. Additionally, generative AI-related network traffic has increased by 890 percent, significantly expanding potential attack surfaces. Emerging risks include prompt injection attacks, data poisoning, manipulation of machine learning models, and compromise of AI supply chains.

The new Enterprise AI Credential Suite is structured around EC-Council’s operational framework described as Adopt, Defend, and Govern. The “Adopt” pillar emphasizes structured and safeguarded AI deployment. “Defend” focuses on protecting AI systems from evolving threats. “Govern” integrates oversight, accountability, and risk management mechanisms into AI systems from the design stage.

Artificial Intelligence Essentials serves as the foundational certification, aimed at building practical literacy and responsible AI usage across professional roles. The Certified AI Program Manager credential prepares professionals to convert AI strategy into coordinated implementation, ensuring governance alignment and measurable return on investment.

The Certified Offensive AI Security Professional program trains specialists to identify vulnerabilities in large language models, simulate adversarial techniques, and strengthen AI infrastructure. The Certified Responsible AI Governance and Ethics certification centers on enterprise-scale oversight and compliance, referencing established standards such as those developed by NIST and ISO.

Certified CISO v4 has also been updated to prepare executive leaders for AI-integrated risk environments, where intelligent systems influence operational and strategic decisions. According to EC-Council leadership, security executives must now manage adaptive systems that evolve rapidly and require clear governance accountability.

The initiative aligns with U.S. federal priorities outlined in Executive Order 14179, the July 2025 AI Action Plan’s workforce development pillar, and Executive Orders 14277 and 14278, all of which emphasize expanding AI education pathways and strengthening job-ready skills across professional and skilled trade sectors.

AI expertise remains geographically concentrated, with 67 percent of U.S. AI talent located in just 15 cities, while women account for 28 percent of the workforce, underlining ongoing participation disparities.

Founded in 2001, EC-Council is known for its Certified Ethical Hacker credential. The organization holds ISO/IEC 17024 accreditation and reports certifying more than 350,000 professionals globally, including personnel within government agencies, the Department of Defense under DoD 8140 baseline recognition, and Fortune 100 companies.

As AI transitions from experimentation to infrastructure, workforce readiness and governance capability are increasingly central to secure and sustainable deployment.

Read more »
Social Security number leak
Data Breach fintech security incident PayPal data breach 2025 PayPal Working Capital app exposure Social Security number leak

PayPal Alerts Users to Data Exposure Linked to Loan App Software Glitch

 

PayPal has informed customers about a data exposure incident caused by a software error in its loan application platform, which left sensitive personal information visible for nearly six months in 2025.

The issue involved the company’s PayPal Working Capital (PPWC) loan application, a service designed to provide small businesses with fast financing solutions.

According to PayPal, the problem was identified on December 12, 2025. An internal review revealed that customer information — including names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth — had been accessible since July 1, 2025.

The company stated it corrected the coding error within a day of detection, preventing further unauthorized access.

In breach notification letters sent to affected individuals, PayPal said: "On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025," PayPal said in breach notification letters sent to affected users."PayPal has since rolled back the code change responsible for this error, which potentially exposed the PII. We have not delayed this notification as a result of any law enforcement investigation."

The company confirmed that a limited number of users experienced unauthorized account transactions connected to the exposure. Those customers have been reimbursed.

To support impacted individuals, PayPal is offering two years of complimentary three-bureau credit monitoring and identity restoration services through Equifax. Customers must enroll by June 30, 2026, to receive the benefits.

Users are encouraged to closely monitor account activity and credit reports for unusual behavior. PayPal reiterated that it does not request passwords, one-time passcodes, or authentication details via phone calls, text messages, or emails — warning customers to remain cautious of phishing attempts that often follow breach disclosures.

Additionally, passwords for affected accounts have been reset. Customers who have not already updated their credentials will be required to do so at their next login.

This is not the first security-related incident involving the fintech firm. In January 2023, PayPal disclosed a credential stuffing attack that compromised approximately 35,000 accounts between December 6 and December 8, 2022. In January 2025, the State of New York announced a $2 million settlement with the company over allegations that it failed to meet state cybersecurity compliance standards tied to the 2022 breach.

Following publication of the report, a PayPal spokesperson clarified the scope of the incident in a statement to BleepingComputer, emphasizing that core systems were not breached and that roughly 100 customers were potentially affected.

"When there is a potential exposure of customer information, PayPal is required to notify affected customers," the spokesperson said. "In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.”
Read more »
Threat Intelligence
AI Tool Anthropic Claude Code Technology Threat Intelligence

Anthropic Launches Claude Code Security To Autonomously Detect And Patch Bugs

 

Anthropic has introduced Claude Code Security, a new AI-powered capability in its Claude Code assistant that promises to raise the bar for software security by scanning entire codebases for vulnerabilities and suggesting human-reviewed patches. The feature is currently rolling out in a limited research preview for Enterprise and Team customers, reflecting Anthropic’s cautious approach to deploying advanced cybersecurity tools. By positioning this as a defender-focused technology, the company aims to counter the same AI-driven techniques that attackers are starting to use to automate vulnerability discovery at scale.

Unlike traditional static analysis tools that rely on rule-based pattern matching and known vulnerability signatures, Claude Code Security analyzes code more like a human security researcher. It reasons about how different components interact, traces data flows through the application, and flags subtle issues that conventional scanners often miss. This deeper contextual understanding is designed to surface complex and high-severity bugs that may have remained hidden despite years of manual and automated review. 

Each issue identified by Claude Code Security goes through a multi-stage verification process intended to filter out false positives before results ever reach a security analyst. The system re-examines its own findings, attempts to prove or disprove them, and assigns both severity and confidence ratings so teams can prioritize the most critical fixes. All results are presented in a dedicated dashboard, where developers and security teams can inspect the affected code, review the suggested patches, and decide how to remediate. Anthropic emphasizes a human-in-the-loop model, ensuring that nothing is changed without explicit developer approval.

Claude Code Security builds on more than a year of research into Anthropic’s cybersecurity capabilities, including testing in capture-the-flag competitions and collaborations with partners such as Pacific Northwest National Laboratory. Using its latest Claude Opus 4.6 model, Anthropic reports that it has already uncovered more than 500 long-standing vulnerabilities in production open-source projects, many of which had survived decades of expert scrutiny. Those findings are now going through triage and responsible disclosure with maintainers, reinforcing the tool’s emphasis on real-world impact and careful rollout. 

Anthropic sees this launch as part of a broader shift in the cybersecurity landscape, where AI will routinely scan a significant share of the world’s code for flaws. The company warns that attackers will increasingly use similar models to find exploitable weaknesses faster than ever, but argues that defenders who move quickly can seize the same advantages to harden their systems in advance. By making Claude Code Security available first to enterprises, teams, and open-source maintainers, Anthropic is betting that AI-augmented defenders can keep pace with, and potentially outmaneuver, AI-empowered adversaries.
Read more »
Subscribe to: Comments (Atom)

Featured