Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

The Shift from Cyber Defense to Recovery-Driven Security

  There has been a structural recalibration of cybersecurity strategies as organizations recognize that breaches impact operations, finances...

All the recent news you need to know
women
Artificial Intelligence Capitalism developing countries Gig Economy Indonesa Technology women

AI Was Meant to Help. So Why Is It Making Work Harder for Women in Indonesia?

 



Artificial intelligence is often presented as a neutral and forward-looking force that improves efficiency and removes human bias from decision-making. In practice, however, many women working in Indonesia’s gig economy experience these systems very differently. Rather than easing workloads, AI-driven platforms are intensifying existing pressures.

Recent research examining female gig workers introduces the concept of “AI colonialism.” This idea describes how older patterns of domination continue through digital systems. In this framework, powerful technology actors, largely based in wealthier regions, extract labour, data, and economic value from workers in developing countries, reinforcing unequal global relationships. The structure resembles historical colonial systems, but operates through algorithms and platforms instead of direct political control.

In Indonesia, platforms such as Gojek, Grab, Maxim, and Shopee rely heavily on informal workers. These companies have not transformed the nature of employment. Instead, they have digitised an already informal labour market. Workers are labelled as independent “partners,” which excludes them from basic protections such as minimum wages, paid sick leave, and maternity benefits. Earnings depend entirely on the number of completed tasks and algorithm-based performance scores.

For women, this structure intersects with what is often described as the “double burden,” where paid work must be balanced alongside unpaid domestic responsibilities. One delivery worker, Lia, begins her day before sunrise by preparing meals and organising her children’s routines. Only after completing these responsibilities can she log into the platform. As she explains, the system recognises only whether she is online, not the constraints shaping her availability.

Platform algorithms prioritise continuous, uninterrupted activity. Incentive systems often require completing a fixed number of orders within strict time windows. For workers managing caregiving roles, this creates structural disadvantages. Logging off to attend to family responsibilities can result in lost bonuses, while reducing work hours due to fatigue or health issues leads to declining performance metrics.

This reflects a greater economic reality in which unpaid domestic labour underpins the formal economy without recognition or compensation. Instead of addressing this imbalance, AI systems can intensify it. Another worker, Cinthia, observed a noticeable drop in job assignments after taking time off due to illness. The experience created a sense that the system penalises any interruption, making workers reluctant to pause even when necessary.

Although algorithms do not explicitly target women, they are designed around an ideal worker who is always available and unconstrained by caregiving duties. This assumption produces indirect but consistent disadvantage. The claim that digital platforms operate neutrally is further challenged by everyday experiences. For example, a driver named Yanti often informs passengers in advance that she is female, leading to frequent cancellations. While the system records these cancellations, it does not capture the gender bias behind them.

Safety concerns also shape participation. Many women avoid working late hours due to risk, which limits access to peak-demand periods and higher earnings. The system interprets this reduced availability as lower productivity. Scholars such as Virginia Eubanks have argued that automated systems frequently replicate and amplify existing social inequalities rather than eliminate them.

Similar patterns have been observed in other countries. In India, women working in ride-hailing services report lower average earnings, partly because safety considerations influence when and where they work. Algorithms, however, measure output without accounting for these risks.

Safety challenges persist even within delivery roles. Around 90% of women in group discussions reported choosing delivery work over ride-hailing due to perceived safety advantages, yet harassment remains a concern from both customers and other drivers. During the COVID-19 pandemic, gig workers were classified as essential, but their incomes declined sharply, in some cases by up to 67% in early 2020. To compensate, many worked more than 13 hours a day. Despite these conditions, platform performance systems remained unchanged, and illness-related breaks often resulted in lower ratings.

This inflicts a deeper impact in the contemporary labour control, where oversight is embedded within digital systems rather than managed by human supervisors. AI colonialism, in this sense, extends beyond ownership to the structure of control itself. Workers provide labour, time, and data, while platforms retain authority over decision-making processes.

In response, women workers have developed informal networks through messaging platforms to share information, warn others about unsafe situations, and adapt to algorithmic changes. They support each other by increasing activity on inactive accounts, lending money for operational costs, and collectively responding to account suspensions. When harassment occurs, information is circulated quickly to protect others.

These practices represent a form of mutual support rooted in shared vulnerability. Rather than relying on formal recognition as employees, many women build systems of protection among themselves. This surfaces a form of everyday resistance, where collective action becomes a strategy for navigating structural constraints.

Artificial intelligence is not inherently exploitative. However, when deployed within unequal economic systems, it can reinforce patterns of extraction and imbalance. As digital platforms continue to expand, understanding the lived experiences of workers, particularly women in developing economies, is essential. Behind every efficient system is a human reality shaped by trade-offs between income, safety, and dignity.


Read more »
Hacker attack
Cyber Attacks Cyber crimes Cyber Extortion cybercrime gangs CyberSecurity Ransomware Attacks Hacker attack

Rival Ransomware Gangs 0APT And Krybit Clash In Unusual Cyber Extortion Battle

 

A clash almost unseen among digital outlaws has begun - 0APT, a hacking collective, now warns it will unmask operatives from enemy faction Krybit. This shift came to light through surveillance of hidden online forums. Tension simmers beneath the surface of these underground circles. Rival gangs once operating in parallel seem to fracture under pressure. Trust, usually scarce, is vanishing faster than usual. Evidence points toward escalating friction inside ransomware communities. 

What began as covert threats may reshape alliances unexpectedly. Reports indicate 0APT sent a threat to Krybit, insisting on payment under risk of exposing private records - names, positions, operational files - if ignored. A limited set of claimed stolen materials was published shortly after, serving as evidence - a move mirroring classic dual-pressure methods seen in attacks on businesses. Yet using such an approach toward another illicit network stirs doubt around its real impact, given that public image matters little within hidden communities. 

Even so, the danger remains somewhat real. Because cybercrime networks depend on staying hidden, revealed identities might invite legal trouble or revenge attacks. From the exposed information, security analysts pulled login details tied to Krybit members - alongside digital currency wallets - hinting at weak points in how the group functions. Yet the full impact stays unclear. Now showing a blank page, Krybit's site now displays only a standard upkeep notice, hinting at disruptions tied to recent events. Little is known about the collective so far, mainly because big security analysts have published almost nothing on them - possibly a sign they are just beginning operations. 

On the opposite end, 0APT emerged around spring 2026 and gained attention fast, marked by complex tools and methods, even though some doubt surrounds how truthful their early reports of breaches really were. Odd as it seems, infighting among hackers has happened before. Earlier clashes included DragonForce going after opponents - BlackLock, then Mamona - by altering web pages and exposing private messages. 

In much the same way, activity aimed at RansomHub tied back to DragonForce, revealing ongoing friction between ransomware crews. This conflict taking shape between 0APT and Krybit signals changes in how cybercriminals operate - motives like money, dominance, and competition now spark open clashes. With ransomware networks evolving fast, these kinds of face-offs might happen more often, making it harder for security experts to follow the players involved.
Read more »
UAE Firms
AI Attacks AI tools Business Security Cyber Attacks UAE Firms

UAE Businesses Warned of Escalating AI‑Powered Cyber Threats

 

UAE businesses are being urgently warned about a sharp rise in AI‑powered cyber threats that can compromise systems within hours, and sometimes even minutes, if organisations remain unprepared. Cybercriminals are increasingly using artificial intelligence to craft highly realistic phishing emails, deepfake voice and video impersonations, and automated attacks that exploit gaps in security before teams can respond. 

Nature of AI‑driven threats 

Attackers are leveraging generative AI to personalize scams at scale, including cloned emails, synthetic voices, and fake video calls that mimic senior executives or partners. These AI‑enabled methods make spear‑phishing and impersonation fraud far more convincing, increasing the chances that employees will authorise fraudulent transfers or share sensitive credentials. 

AI tools now allow adversaries to perform reconnaissance, scan for vulnerabilities, and launch password‑guessing and ransomware attacks in a fraction of the time it once took. Security experts note that many organisations now face same‑day compromises, where attackers move from initial access to data theft or system encryption within a single business day.

Impact on UAE firms and the economy 

The UAE’s role as a regional financial and technology hub makes it a prime target for state‑backed and criminal hacking groups that use AI to intensify their campaigns.Breaches can lead to substantial financial losses, reputational damage, regulatory penalties, and disruption of critical services, especially as digital‑government and smart‑city initiatives expand.

Cyber professionals recommend continuous staff training on spotting AI‑powered phishing and impersonation, tightening access controls, securing machine identities, and maintaining tested incident‑response and recovery plans. With AI adoption accelerating across industries, firms that act quickly to strengthen cyber resilience will be better positioned to withstand the next wave of AI‑enhanced cyber threats in the UAE.
Read more »
Stuxnet Precursor
APT attacks Cyber Physical Attacks Cyber Sabotage Engineering Software Threats Fast16 Malware industrial cybersecurity Lua Based Malware malware Stuxnet Precursor

Pre Stuxnet Fast16 Threat Revealed Targeting Engineering Environments


 

New discoveries regarding early stages of cyber sabotage are changing the historical timeline of offensive digital operations and revealing that sophisticated disruption techniques were developed well before they became widely popular. 

An undocumented malware framework that was discovered in the mid-2000s underscores the extent to which threat actors were already manipulating industrial and engineering systems with precision, laying the foundations for highly specialized cyber weapons that would develop later in time. 

A Lua-based malware framework, named fast16, which predates the outbreak of the Stuxnet worm by several years has been identified by cybersecurity researchers based on this context. According to a detailed analysis published by SentinelOne, the framework originated around 2005, with its operational focus focused on engineering and calculation software with high precision. 

The fast16 algorithm was designed rather than causing immediate system failure to introduce inaccuracies that propagate across interconnected environments by subtly corrupting computational outputs. With its lightweight scripting capabilities and seamless integration with C/C++, Lua is an excellent choice for modular malware development, allowing attackers to extend functionality without recompiling core components. 

Upon analyzing fast16, researchers identified distinct Lua artifacts, including bytecode signatures beginning with /x1bLua and environmental markers such as LUA_PATH, which allowed them to trace svcmgmt.exe, a sample which initially appeared benign, but ultimately appeared to be a part of the early attack framework.

Researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade concluded that the malware's architecture suggested a deliberate intent to spread disruption through self-propagation mechanisms, effectively standardizing erroneous results across entire facilities through self-propagation mechanisms. This approach is a reflection of an early understanding of systemic compromise, which emphasizes data integrity rather than availability as the primary attack vector. 

Fast16 is estimated to have emerged at least five years before Stuxnet, widely regarded as the first digital weapon designed for physical disruption of the world. While fast16 offers a compelling precedent, despite the historical association between Stuxnet and state-sponsored efforts to disrupt Iran's nuclear infrastructure and later influence Duqu and other tools.

The report demonstrates that conceptual basis for cyber-physical sabotage had already been explored in earlier, less visible campaigns, suggesting a more advanced and complex evolution of offensive cyber capabilities than previously assumed. Further reverse engineering confirmed that fast16 did not conform to typical malware engineering patterns observed in the mid-2010s. 

In response to Vitaly Kamluk's observation, several implementation choices indicated that the project was developed much earlier than it was actually implemented, a view that SentinelOne later reinforced by environmental and code-level constraints. 

The sample exhibits compatibility limitations consistent with legacy systems, which can only be executed reliably on Windows XP and single-core processors, which were pre-existing when multi-core consumer processors were introduced by Intel in 2006.

In accordance with behavioral analysis, the implant implements a kernel-level component, fast16.sys, in conjunction with worm-like propagation routines to establish persistence. Moreover, its architecture predates other advanced threats such as Flame, as well as being among the earliest known examples of a Windows-based malware that embeds a Lua virtual machine as an integral component. 

Initially identified as a generic service wrapper, the svcmgmt.exe executable appears to have originated the framework. However, it was later discovered to contain the Lua 5.0 runtime and encrypted bytecode payload, which formed the framework. As indicated by the timestamp metadata, the build date is August 2005, and the submission to VirusTotal was more than a decade later, further supporting the fact that the program has a long history.

In an in-depth inspection, it was revealed that Windows NT subsystems were tightly integrated, including direct interaction with the file system, registry, service control, and networking APIs. In addition to the Lua bytecode containing the core execution logic, an associated driver whose PDB path dates July 2005 enables interception and manipulation of executable data while the data is being read from the disk, an advanced stealth and control technique. 

Additionally, references to "fast16" have been found within driver lists associated with sophisticated intrusion toolsets reportedly linked to the National Security Agency, which were disclosed by Shadow Brokers. By combining technical lineage with leaked operational tooling, this intersecting information further exacerbates the ambiguity surrounding the framework's origins, highlighting its significance within the early development of cyber-physical attack methodologies. 

Further analysis positions svcmgmt.exe as the operational core of the framework, operating as a highly flexible carrier that can adapt execution paths depending on runtime conditions. SentinelOne asserts that embedded forensic markers, particularly a path in the PDB, establish a link between the sample and deconfliction signatures which were revealed in leaks attributed to tools used by the National Security Agency, suggesting that the origin is far more sophisticated. 

From an architectural perspective, the module consists of three components: Lua bytecode controlling configuration and propagation logic, a dynamic library that assists with configuration, and a kernel-level driver (fast16.sys) that performs low-level manipulations. After installation of the malware as a Windows service, it can elevate privileges by activating the kernel implant and initiating a controlled propagation routine that targets legacy Windows environments with weak authentication controls once deployed. 

There is a particular emphasis on operational stealth in its conditional execution, which either occurs manually or when specific security products are detected through registry inspections, indicating an early but deliberate effort to extend its spread. On a functional level, the kernel driver represents the framework's sabotage capability, intercepting executable flows and modifying them according to rule-based rules, especially against binaries compiled using Intel C/C++ tools. As a result, the outputs of high-precision engineering and simulation platforms such as LS-DYNA, PKPM, and MOHID can be precisely manipulated. 

Through the introduction of subtle, systematic deviations into mathematical models, this malware can negatively impact simulation accuracy, undermine research integrity, and affect real-world engineering outcomes over the long term. Further enhancement of situational awareness is provided by supporting modules; for example, a network monitoring component logs connection information through Remote Access Service hooks, strengthening the framework's surveillance capabilities.

Modular separation of a stable execution wrapper from encrypted, task-specific payloads promotes a reusable design philosophy, thus allowing operators to tailor deployments while maintaining a stable outer binary footprint. As a result of these findings, the timeline for cyber-physical attacks has been significantly revised in comparison to the broader threat landscape. 

A correlation with artifacts released by the Shadow Brokers, as well as a correlation with early offensive toolchains, suggest that capabilities often associated with later campaigns, including Stuxnet, were being developed and could have been deployed years earlier. As a result, fast16 is no longer merely an isolated discovery, but also a transitional framework bridging covert early stage experimentation with the more visible development of advanced persistent threats.

During the period covered by this paper, state-aligned actors operationalized long-term, precision-focused sabotage strategies well before such activities became public knowledge, a year in which software became a major tool for influencing physical systems on a strategic level. 

A number of factors, including the emergence of fast16, reframe long-held assumptions about the origins of cyberphysical sabotage, demonstrating that highly targeted, computation-focused attack models were operational well in advance of their public recognition. This modular design, selective propagation logic, and precision-driven payloads demonstrate a maturity typically associated with advanced persistent threat campaigns of a later stage.

The report emphasizes, in addition to its strategic significance, the shift away from disruptive attacks that target system availability to covert manipulation of data integrity within critical engineering environments. 

Fast16 is therefore both an historical anomaly and the prototype of modern state-aligned cyber operations, in which subtle interference can have a far-reaching impact without immediate detection within critical engineering environments.
Read more »
Technology
Chrome Skills feature Gemini AI features Google browser update Google Chrome AI reusable AI prompts Technology

Google Chrome Introduces “Skills” to Reuse AI Prompts Across Web Pages with Gemini Integration

 

Google has announced a new wave of AI-powered enhancements for its Chrome browser, unveiling a feature called “Skills.” This addition enables users to store and reuse their preferred AI prompts across different websites, eliminating the need to repeatedly type them.

The new functionality builds on Chrome’s integration with Gemini, which arrived as competition in the browser space heats up with offerings from companies like OpenAI (Atlas), Perplexity (Comet), and The Browser Company (Dia).

Gemini already enables users to interact with web pages by asking questions, generating summaries, or completing tasks. With the addition of Skills, users can now save frequently used prompts and activate them instantly whenever needed.

For example, Google notes that users who regularly ask Gemini for vegan alternatives while browsing recipes can save that instruction as a Skill and apply it seamlessly across multiple sites. These prompts can be saved directly from chat history and later accessed by typing a forward slash (/) or clicking the plus (+) icon. Once selected, the Skill executes on the current page and can also extend to other selected tabs.

Google highlighted that Skills remain flexible, allowing users to modify them at any time. Early testing showed that adopters used the feature for tasks such as tracking nutrition metrics in recipes, comparing products while shopping, and summarizing long-form content.

To simplify onboarding, Google is also launching a Skills library featuring ready-made prompts for common use cases like productivity, budgeting, shopping, and cooking. Users can add these pre-built Skills to their collection and customize them as needed.

Similar to other Gemini-powered actions in Chrome, the browser will request user approval before carrying out sensitive tasks, such as sending emails or scheduling calendar events.

The rollout of Skills begins today for desktop Chrome users logged into their Google accounts. Initially, the feature will only be available when the browser language is set to English (US).
Read more »
unauthorised access
browser data Credential Theft Cybersecurity Google Infostealer malware Sensitive data Storm unauthorised access

New Malware “Storm” Steals Browser Data and Hijacks Sessions Without Passwords

 



A newly identified infostealer called Storm has emerged on underground cybercrime forums in early 2026, signalling a change in how attackers steal and use credentials. Priced at under $1,000 per month, the malware collects browser-stored data such as login credentials, session cookies, and cryptocurrency wallet information, then covertly transfers the data to attacker-controlled servers where it is decrypted outside the victim’s system.

This change becomes clearer when compared to earlier techniques. Traditionally, infostealers decrypted browser credentials directly on infected machines by loading SQLite libraries and accessing local credential databases. Because of this, endpoint security tools learned to treat such database access as one of the strongest indicators of malicious activity.

The approach began to break down after Google Chrome introduced App-Bound Encryption in version 127 in July 2024. This mechanism tied encryption keys to the browser environment itself, making local decryption exponentially more difficult. Initial bypass attempts relied on injecting into browser processes or exploiting debugging protocols, but these techniques still generated detectable traces.

Storm avoids this entirely by skipping local decryption. Instead, it extracts encrypted browser files and quietly sends them to attacker infrastructure, removing the behavioural signals that endpoint tools typically rely on. It extends this model by supporting both Chromium-based browsers and Gecko-based browsers such as Firefox, Waterfox, and Pale Moon, whereas tools like StealC V2 still handle Firefox data locally.

The data collected includes saved passwords, session cookies, autofill entries, Google account tokens, payment card details, and browsing history. This combination gives attackers everything required to rebuild authenticated sessions remotely. In practice, a single compromised employee browser can provide direct access to SaaS platforms, internal systems, and cloud environments without triggering any password-based alerts.

Storm also automates session hijacking. Once decrypted, credentials and cookies appear in the attacker’s control panel. By supplying a valid Google refresh token along with a geographically matched SOCKS5 proxy, the platform can silently recreate the victim’s active session.

This technique aligns with earlier research by Varonis Threat Labs. Its Cookie-Bite study showed that stolen Azure Entra ID session cookies can bypass multi-factor authentication, granting persistent access to Microsoft 365. Similarly, its SessionShark analysis demonstrated how phishing kits intercept session tokens in real time to defeat MFA protections. Storm packages these methods into a commercial subscription service.

Beyond credentials, the malware collects files from user directories, extracts session data from applications like Telegram, Signal, and Discord, and targets cryptocurrency wallets through browser extensions and desktop applications. It also gathers system information and captures screenshots across multiple monitors. Most operations run in memory, reducing the likelihood of detection.

Its infrastructure design adds resilience. Operators connect their own virtual private servers to Storm’s central system, routing stolen data through infrastructure they control. This setup limits the impact of takedowns, as enforcement actions are more likely to affect individual operator nodes rather than the core service.

Storm supports multi-user operations, allowing teams to divide responsibilities such as log access, malware build generation, and session restoration. It also automatically categorises stolen credentials by service, with visible rules for platforms including Google, Facebook, Twitter/X, and cPanel, helping attackers prioritise targets.

At the time of analysis, the control panel displayed 1,715 log entries linked to locations including India, the United States, Brazil, Indonesia, Ecuador, and Vietnam. While it is unclear whether all entries represent real victims or test data, variations in IP addresses, internet service providers, and data volumes suggest ongoing campaigns.

The logs include credentials associated with platforms such as Google, Facebook, Twitter/X, Coinbase, Binance, Blockchain.com, and Crypto.com. Such information often feeds into underground credential marketplaces, enabling account takeovers, fraud, and more targeted intrusions.

Storm is offered through a tiered pricing model: $300 for a seven-day trial, $900 per month for standard access, and $1,800 per month for a team licence supporting up to 100 operators and 200 builds. Use of an additional crypter is required. Notably, once deployed, malware builds continue operating even after a subscription expires, allowing ongoing data collection.

Security researchers view Storm as part of a broader evolution in credential theft. By shifting decryption to remote servers, attackers avoid detection mechanisms designed to identify on-device activity. At the same time, session cookie theft is increasingly replacing password theft as the primary objective.

The data collected by such tools often marks the beginning of further attacks, including logins from unusual locations, lateral movement within networks, and unauthorised access patterns.


Indicators of compromise include:

Alias: StormStealer

Forum ID: 221756

Registration date: December 12, 2025

Current version: v0.0.2.0 (Gunnar)

Build details: Developed in C++ (MSVC/msbuild), approximately 460 KB in size, targeting Windows systems


This advent of Storm underlines how cybercriminal tools are becoming more advanced, automated, and difficult to detect, requiring organisations to strengthen monitoring of sessions, user behaviour, and access patterns rather than relying solely on traditional credential protection methods.


Read more »
Subscribe to: Comments (Atom)

Featured