Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Qilin Ransomware Targets Die Linke in Suspected Politically Motivated Cyberattack

  A major digital attack hit Die Linke when hackers using the name Qilin said they broke into internal networks and copied confidential file...

All the recent news you need to know

Google DeepMind Maps How the Internet Could be Used to Manipulate AI Agents

Researchers at Google DeepMind have outlined a growing but less visible risk in artificial intelligence deployment, the possibility that the internet itself can be used to manipulate autonomous AI agents. In a recent paper titled “AI Agent Traps,” the researchers describe how online content can be deliberately designed to mislead, control or exploit AI systems as they browse websites, read information and take actions. The study focuses not on flaws inside the models, but on the environments these agents operate in.  

The issue is becoming more urgent as companies move toward deploying AI agents that can independently handle tasks such as booking travel, managing emails, executing transactions and writing code. At the same time, malicious actors are increasingly experimenting with AI for cyberattacks. OpenAI has also acknowledged that one of the key weaknesses involved, prompt injection, may never be fully eliminated. 

The paper groups these risks into six broad categories. One category involves hidden instructions embedded in web pages. These can be placed in parts of a page that humans do not see, such as HTML comments, invisible elements or metadata. While a user sees normal content, an AI agent may read and follow these concealed commands. In more advanced cases, websites can detect when an AI agent is visiting and deliver a different version of the page tailored to influence its behavior. 

Another category focuses on how language shapes an agent’s interpretation. Pages filled with persuasive or authoritative sounding phrases can subtly steer an agent’s conclusions. In some cases, harmful instructions are disguised as educational or hypothetical content, which can bypass a model’s safety checks. The researchers also describe a feedback loop where descriptions of an AI’s personality circulate online, are later absorbed by models and begin to influence how those systems behave. 

A third type of risk targets an agent’s memory. If false or manipulated information is inserted into the data sources an agent relies on, the system may treat that information as fact. Even a small number of carefully placed documents can affect how the agent responds to specific topics. Other attacks focus directly on controlling an agent’s actions. Malicious instructions embedded in ordinary web pages can override safety safeguards once processed by the agent. 

In some experiments, attackers were able to trick agents into retrieving sensitive data, such as local files or passwords, and sending it to external destinations at high success rates. The researchers also highlight risks that emerge at scale. Instead of targeting a single system, some attacks aim to influence many agents at once. They draw comparisons to the Flash Crash, where automated trading systems amplified a single event into a large market disruption. 

A similar dynamic could occur if multiple AI agents respond simultaneously to false or manipulated information. Another category involves the human users overseeing these systems. Outputs can be designed to appear credible and technical, increasing the likelihood that a person approves an action without fully understanding the risks. 

In one example, harmful instructions were presented as legitimate troubleshooting steps, making them easier to accept. To address these risks, the researchers outline several areas for improvement. On the technical side, they suggest training models to better recognize adversarial inputs, as well as deploying systems that monitor both incoming data and outgoing actions. 

At a broader level, they propose standards that allow websites to signal which content is intended for AI systems, along with reputation mechanisms to assess the trustworthiness of sources. The paper also points to unresolved legal questions. If an AI agent carries out a harmful action after being manipulated, it is unclear who should be held responsible. 

The researchers describe this as an “accountability gap” that will need to be addressed before such systems can be widely deployed in regulated sectors. The study does not present a complete solution. Instead, it argues that the industry lacks a clear, shared understanding of the problem. Without that, the researchers suggest, efforts to secure AI systems may continue to focus on the wrong areas.

LinkedIn Secretly Scans 6,000+ Chrome Extensions, Collects Device Data

 

LinkedIn is facing renewed scrutiny after a report alleged that its website secretly scans browsers for more than 6,000 Chrome extensions and collects device data tied to user profiles . The company says the detection is meant to identify scraping and other policy-violating extensions, not to infer sensitive personal information.

LinkedIn’s critics say the practice goes far beyond basic security checks because the platform can connect extension data to real identities, employers, and job roles. That makes the scanning especially controversial, since the results could reveal which tools workers or companies use, including products that compete with LinkedIn’s own sales offerings.

BleepingComputer said it independently confirmed part of the behavior during testing, observing a LinkedIn-loaded JavaScript file with a randomized name that checked for 6,236 browser extensions . The script reportedly did this by probing extension-related file resources, a known method for determining whether specific extensions are installed . 

The report also says the script gathers broader browser and device details, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features . That kind of data can contribute to browser fingerprinting, which may allow websites to build a more unique profile of a visitor across sessions . 

LinkedIn, however, rejects the allegation that it is using the data to profile users in a harmful way . The company says it looks for extensions that scrape data without consent or violate its terms, and that it uses the findings to improve defenses and protect site stability . The dispute also appears to be tied to a broader legal fight involving a LinkedIn-related browser extension developer, with LinkedIn pointing to a German court ruling that sided with the company .

Indian Government Bans Chinese Camera Import, Supply Shortage in Indian Brands


The Indian government has banned the import and sale of internet-connected CCTV cameras from China. This move has significantly impacted Hyderabad city’s surveillance device market. Traders and installers have reported immediate upsets in consumer behaviour, pricing, and supply. 

Impact on wholesale markets

In famous wholesale hubs like Chenoy Trade Centre (CTC) in Secunderabad and Gujarati Galli in Koti, the effects of the ban are already visible: unsold stock, lower volumes, and price surge in non-Chinese devices.

Om Singh, a local businessman, has been running Kimpex Security Solutions for 14 years. He has called the ban ‘sudden’ and the transition ‘blunt’. According to The Hindu’s reporting, “Before the ban, we had 20 to 25 brands. Now we are left with only one. Customers have reduced significantly because rates have increased a lot and they are not satisfied with the quality.”

The scale of the drop

Om used to sell between 2,000 and 3,000 cameras every month for each of the brands, including Hikvision, TP-Link, and Dahua Technology. In total, he sold ₹30–40 lakh worth of shares each month. Om currently has stock that is worth between ₹15 and ₹20 lakh. He is worried about the sale of this remaining stock.

In the market, local traders say prices of Indian brands have surged by 10-30% since April 1. Cameras previously priced at ₹25k are now available for ₹ 27,000-32,000 or higher. 

Another trader, Bhavesh, has been running Jeevraj CCTV for a decade. He says the change in demand is clear but also confusing. Indian brands are in high demand, especially CP Plus. However, businesses have increased prices for associated equipment and IT cameras. Sales and customer numbers have decreased due to the price increase.

Disruption, supplies, sales

Traders believe the situation is not sudden and has been building up over time. Over the past year, traders have not received significant supplies of these cameras. Shops sold whatever Chinese stock they had before March 31 so that it could be billed for GST, before the new financial year. Therefore, the ban didn’t significantly impact the markets as traders were left with a small number of Chinese stocks. 

For installers and system integrators designing and executing surveillance setups, the impact is more optional. One system integration expert said the sudden rise in demand for Indian brands has resulted in supply bottlenecks. Clients are now demanding ‘Make in India’ products, and stock for Indian cameras is not ready for the current demand. Installers are facing pressure. 

Advanced Remote Access Trojan Eliminates Need for APK or IPA to Hijack Phones


 

A remote access Trojan (RAT) has evolved steadily from opportunistic malware to highly controlled instruments of digital intrusion in the evolving landscape of cyber threats as they have evolved from opportunistic malware. These programs are designed to create a concealed backdoor within a targeted computer system, allowing attackers to gain administrative access without being noticed by the user. 

A RAT is a piece of software that is often infiltrated with deception to gain access, embedded within seemingly legitimate applications, such as games and innocuous email attachments. When executed, they operate silently in the background, turning the compromised device into an accessible endpoint remotely. Through this foothold, threat actors have the ability to continue monitoring and controlling infected systems, as well as spreading the malware to multiple infected systems, resulting in coordinated botnets.

As a result of their widespread use through exploit frameworks such as Metasploit, modern RATs are designed for efficiency and resilience. They establish direct communication channels with command-and-control servers through defined network ports, ensuring uninterrupted access and control of an infected environment. 

ZeroDayRAT signals an escalation of commercialization and accessibility of advanced mobile surveillance capabilities, building on this established threat model. Researchers at iVerify identified and examined the toolkit in February 2026, which was positioned not as a niche exploit but rather as a fully developed spyware offering distributed through Telegram channels. 

As opposed to traditional RAT deployments that often require a degree of technical proficiency, ZeroDayRAT enables operators to deploy the program without any technical knowledge by providing them with streamlined infrastructure, such as dedicated command servers, preconfigured malicious application builders, and intuitive user interfaces.

With the combination of operational simplicity and capabilities commonly associated with state-sponsored tooling, attackers are able to control Android and iOS devices comprehensively. When the malware has been deployed, commonly through smishing campaigns, phishing emails, counterfeit applications, or weaponized links shared across messaging platforms, it establishes persistent access to the target system and begins gathering data about the device. 

Operator dashboards aggregate critical data points, such as device specifications, operating system information, battery metrics, location, SIM and carrier details, application usage patterns, and SMS fragments, enabling continuous behavioral profiling. With this level of control, attackers can utilize real-time and historical GPS tracking, intercept notifications across applications, and observe incoming communications and missed interactions without direct user engagement to further extend their control. By doing so, they maintain a deep yet unobtrusive presence within the compromised device ecosystem. 

A parallel and equally worrying trend aligns closely with this operational model: a proliferation of fraudulent mobile applications posing as legitimate brands in large numbers. The development and maintenance of authentic applications remains a priority for organizations; however, adversaries are increasingly taking advantage of this trust by distributing nearly perfect replicas across multiple channels for app distribution. 

A counterfeit application not only reproduces the visual identity of the brand—logos, user interfaces, name conventions, and store listing assets—but it also replicates some elements of functional behavior, creating a virtually indistinguishable experience for end users. It is, however, under the surface that the divergence occurs. 

In contrast to connecting to trusted backend infrastructure, these applications have been designed to covertly redirect sensitive data to attacker-controlled environments without disrupting the expected user experience, including authentication credentials, session tokens, financial information, and personally identifiable information.

Unlike other attack vectors that require exploiting software vulnerabilities and breaching enterprise networks, mobile app impersonation represents a low-barrier, high-yield attack vector that does not require exploiting software vulnerabilities or breaching enterprise networks. 

As a result, it utilizes user trust and distribution ecosystems to repackage and replicate existing applications under deceptive branding and requires minimal technical expertise. This category of threat is typically classified into distinct constructs by security analysis: repackaged applications, which involve reverse engineering legitimate binaries, altering them with malicious payloads, resigning, and redistributing them; fully developed interface clones that replicate the original application's design to facilitate credential harvesting and financial fraud; typosquatted variants that utilize minor naming variations in order to capture organic traffic from unaware users.

A significant issue is that the threat is not limited to one platform. Although Android's open distribution model facilitates sideloading and third-party app distribution, adversaries targeting iOS ecosystems have taken advantage of mechanisms such as enterprise provisioning profiles, beta distribution frameworks such as TestFlight, and Progressive Web Application delivery techniques to circumvent traditional review controls in order to gain access to their systems. 

The collective use of these tactics reinforces a shift in the landscape of mobile threats in which deception and distribution manipulation are increasingly enabling large-scale compromises more effectively than technical exploitation. As mobile threats extend beyond initial access and persistence, their operational capabilities reflect the convergence of high-end commercial spyware frameworks with their operational capabilities. 

With advanced control functions, operators are able to manipulate device states remotely, including locking and shutting devices, activating the ringer and adjusting the display, while integrating compromised devices into distributed botnet infrastructures capable of executing coordinated network attacks simultaneously. 

File management tools, typically accompanied by encryption, facilitate structured data extraction, while continuous monitoring of the front and rear cameras, microphone inputs, screen activity, and keystroke logging enables comprehensive monitoring of the user's behavior. By displaying a similar level of visibility to platforms such as Pegasus spyware, people are illustrating a shift in capability from state-aligned operations to widely available cybercriminal tools. 

An integral part of this ecosystem is the exploitation of financial resources. Specialized data extraction modules are designed to target widely used digital wallets and payment platforms, such as MetaMask, Trust Wallet, Binance, Google Pay, Apple Pay, and PayPal, with emphasis on capturing credential data and intercepting transactions automatically. 

Parallel to this, the inclusion of banking trojan capabilities positions such frameworks not only as potential means of immediate financial exploitation, but also as a precursor to more complex attack chains, including those involving ransomware or targeted fraud. Furthermore, the broader threat landscape indicates the acceleration of development cycles as illustrated by underground forum activity in early April 2026, which closely followed earlier releases disseminated via encrypted messaging channels. 

In parallel with these developments, additional toolsets utilizing zero-interaction exploitation techniques have appeared across recent mobile operating system versions, raising concerns regarding the rapid commoditization of previously restricted capabilities. An emerging underground service model is enhancing the evolution of this model further. 

As a result of subscription-based access to modular control panels, customizable payload builders, and attacker-managed command-and-control infrastructure, mid-tier threat actors have experienced a significant reduction in barriers to entry. Additionally, public disclosures and tutorials have accelerated adoption, reducing the need to develop exploits in-house. 

Nevertheless, claims of compatibility with the latest device firmware including the latest smartphone generation and extended support across legacy Android versions suggest that the attack surface is potentially extensive, especially in environments where patch management is inconsistent. From a defensive perspective, mitigation strategies must adapt to these increasingly evasive threat profiles. 

In addition to timely updates to operating systems, activated enhanced security modes, rigorous audits of third-party permissions and OAuth integrations, and continuous monitoring of unusual device behaviors, such as unauthorized sensor activation and unexplained battery drain, are essential. An enterprise should also implement additional controls to ensure that messaging-based delivery vectors are inspected, background process privileges are limited, and mobile threat defense frameworks are aligned with behaviors consistent with advanced spyware activity in order to detect those behaviors. 

As a whole, these developments indicate that the mobile security industry has reached a turning point. In the recent history of cybercrime, the transition from sophisticated surveillance techniques that were once exclusively possessed by state-sponsored actors to scalable, service-oriented offerings signals the emergence of a more competitive and fragmented threat landscape. 

In markets such as India, especially among high-risk groups, such as journalists, corporate executives, activists and cryptocurrency users, the potential impact is amplified by region-specific financial ecosystems, such as UPI-based payment infrastructures. It is important to note that the trajectory of mobile threats underscores the need for organizations and individual users alike to shift from reactive security postures to proactive risk governance. 

Mobile devices must be treated as high-value endpoints of enterprise systems, which require the same level of scrutiny. As threat intelligence monitoring continues, app distribution controls are stricter, and user awareness of installation sources is a necessity, not an optional measure. The resilience of organizations will be affected by adversaries' ongoing industrialization of surveillance capabilities and refinement of social engineering vectors. 

Consequently, layered defenses, rapid detection mechanisms, and informed users will be necessary to identify subtle indicators of compromise before they escalate into full-scale breaches.

New GPU Rowhammer Attacks on Nvidia Cards Enable Full System Takeover

 

High-performance GPUs, often priced at $8,000 or more, are commonly shared among multiple users in cloud environments—making them attractive targets for attackers. Researchers have now uncovered three new attack techniques that allow a malicious user to gain full root access to a host system by exploiting advanced Rowhammer vulnerabilities in Nvidia GPUs.

These attacks take advantage of a growing weakness in memory hardware known as bit flipping, where stored binary values (0s and 1s) unintentionally switch. First identified in 2014, Rowhammer showed that repeatedly accessing DRAM could create electrical interference, causing such bit flips. By 2015, researchers demonstrated that targeting specific memory rows could escalate privileges or bypass security protections. Earlier exploits focused primarily on DDR3 memory.

Rowhammer’s Evolution from CPUs to GPUs

Over the past decade, Rowhammer techniques have significantly advanced. Researchers have expanded attacks to newer DRAM types like DDR4, including those with protections such as ECC (Error Correcting Code) and Target Row Refresh. New strategies like Rowhammer feng shui and RowPress allow attackers to precisely target sensitive memory areas. These methods have enabled attacks across networks, extraction of encryption keys, and even compromising Android devices.

Only recently have researchers begun targeting GDDR memory used in GPUs. Initial results were limited, producing minimal bit flips and only affecting neural network outputs. However, new findings mark a major escalation.

Two independent research teams recently demonstrated attacks on Nvidia’s Ampere-generation GPUs that can trigger GDDR memory bit flips capable of compromising CPU memory. This effectively gives attackers complete control over the host machine—provided IOMMU (input-output memory management unit) is disabled, which is typically the default BIOS setting.

“Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well,” said Andrew Kwong, co-author of one of the studies. “GDDRHammer: Greatly Disturbing DRAM Rows—Cross-Component Rowhammer Attacks from Modern GPUs.” “With our work, we… show how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to all of the CPU’s memory, resulting in complete compromise of the machine.”

A third technique, revealed shortly after, further intensifies concerns. Unlike earlier methods, this attack—called GPUBreach—works even when IOMMU protections are enabled.

“By corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write, and then chain that capability into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver,” the researchers explained. “The result is system-wide compromise up to a root shell, without disabling IOMMU, unlike contemporary works, making GPUBreach a more potent threat.”

Inside the Attacks: GDDRHammer, GeForge, and GPUBreach

The first method, GDDRHammer, targets Nvidia RTX 6000 GPUs from the Ampere architecture. Using advanced hammering patterns and a technique called memory massaging, it significantly increases the number of bit flips and breaks memory isolation. This allows attackers to gain read and write access to GPU memory and, ultimately, CPU memory.

Kwong emphasized the broader implications:
“What our work does that separates us from prior attacks is that we uncover that Rowhammer on GPU memory is just as severe of a security consequence as Rowhammer on the CPU and that Rowhammer mitigations on CPU memory are insufficient when they do not also consider the threat from Rowhammering GPU memory.

A large body of work exists, both theoretical and widely deployed, on both software and hardware level mitigations against Rowhammer on the CPU. However, we show that an attacker can bypass all of these protections by instead Rowhammering the GPU and using that to compromise the CPU. Thus, going forward, Rowhammer solutions need to take into consideration both the CPU and the GPU memory.”

The second attack, GeForge, operates similarly but targets a different memory structure—the page directory instead of the page table. It successfully triggered over a thousand bit flips on RTX 3060 GPUs, enabling attackers to gain unrestricted system access and execute commands with root privileges.

“By manipulating GPU address translation, we launch attacks that breach confidentiality and integrity across GPU contexts,” the GeForge researchers noted. “More significantly, we forge system aperture mappings in corrupted GPU page tables to access host physical memory, enabling user-to-root escalation on Linux. To our knowledge, this is the first GPUside Rowhammer exploit that achieves host privilege escalation.”

GPUBreach takes a distinct route by exploiting memory-safety flaws in Nvidia’s GPU driver. Even when memory access is restricted by IOMMU, the attack manipulates metadata to trigger unauthorized memory writes, ultimately granting full system control.

Memory Massaging: A Key Technique

All three attacks rely on “memory massaging,” a method used to reposition sensitive data structures into vulnerable memory regions. Normally, GPU page tables are stored in protected areas, but attackers use this technique to relocate them where Rowhammer-induced bit flips can occur.

“Since these page tables dictate what memory is accessible, the attacker can modify the page table entry to give himself arbitrary access to all of the GPU’s memory,” Kwong explained. “Moreover, we found that an attacker can modify the page table on the GPU to point to memory on the CPU, thereby giving the attacker the ability to read/write all of the CPU’s memory as well, which of course completely compromises the machine.”

Researchers confirmed that Nvidia RTX 3060 and RTX 6000 GPUs from the Ampere generation are vulnerable. Enabling IOMMU in BIOS can mitigate some attacks by restricting GPU access to sensitive memory, though it may reduce performance. However, this protection does not stop GPUBreach.

Another safeguard is enabling ECC on GPUs, which helps detect and correct memory errors, though it also impacts performance and may not fully prevent all Rowhammer exploits.

Despite these findings, there have been no confirmed real-world attacks exploiting these vulnerabilities so far. Still, the research highlights serious risks, especially in shared cloud environments, and signals the need for stronger, GPU-inclusive security defenses.

Public Quizlet Flashcards Raise Concerns Over Possible CBP Security Exposure

 



A set of publicly available flashcards discovered through simple online searches has sparked concern after appearing to reveal sensitive details related to facility security at U.S. Customs and Border Protection locations in Kingsville, Texas.

The flashcards were hosted on Quizlet and compiled under the title “USBP Review” in February. They remained accessible until March 20, when the set was made private shortly after an inquiry was sent to a phone number potentially linked to the account. Although the listed user appeared to be located near a CBP facility, there is no confirmation that the content was created by an active employee or contractor.

CBP has stated that its Office of Professional Responsibility is reviewing the matter, emphasizing that such reviews are routine and do not automatically indicate misconduct. Other agencies under the Department of Homeland Security, including Immigration and Customs Enforcement, did not respond to requests for comment.

If the material is found to be linked to CBP personnel, it could signal a serious lapse for an agency tasked with protecting national borders and safeguarding the country.

The flashcards included what appeared to be access codes for checkpoint doors and specific facility gates, with exact numerical combinations provided in response to direct prompts. Some gate names were not disclosed in reporting due to uncertainty over their confidentiality. Additional entries outlined immigration-related violations such as passport misuse, visa fraud, and attempts to evade checkpoints, along with associated legal consequences.

Several cards also detailed procedural workflows, including voluntary return processes, expedited removals, and warrants of removal. These entries referenced required documentation and reminded users to verify accuracy using an internal “agents Resources Page.”

Quizlet stated that it takes reports of sensitive content seriously and removes material that violates its policies, encouraging users to report concerning sets for review.

Further content within the set described the Kingsville sector’s operational scope, covering approximately 1,932 square miles across six counties. It also explained internal grid and zone systems, noting that one grid designation does not exist due to the layout of regional highways.

The flashcards additionally identified 11 operational towers in the area, including abbreviated naming formats and shared jurisdiction between certain towers. Some of these references appeared to align with the previously mentioned gate locations, increasing the potential sensitivity.

Another entry described an internal system called “E3 BEST,” which enables officers to record, investigate, and process secondary inspection cases. The system allows simultaneous database checks on individuals and vehicles and supports the creation of event records tied to enforcement outcomes.

The incident comes at a time of accelerated hiring across border enforcement agencies. CBP has offered incentives of up to $60,000 to attract recruits, while ICE has promoted similar packages, including signing bonuses and student loan repayment support. Increased recruitment may expand the use of informal study tools, raising the risk of unintended exposure.

Additional searches also surfaced other flashcard sets potentially linked to DHS-related training. These included materials on detention standards and transportation procedures, with prompts such as detainees being transported in a “safe and humane manner” and rules stating that driving under the influence is prohibited. Another set appeared to contain answers to internal training questions, including multiple-choice responses such as “Both A and C” and “All of the above.”

One user created more than 60 flashcard sets between November 2025 and February 2026, covering topics from radio codes and alphabets to more advanced areas like body-worn camera policies and immigration-related Spanish vocabulary. A more recent set included terms resembling language used in recruitment messaging, such as “the nation,” “the security,” and “the homeland.”

From a broader security perspective, the incident highlights how publicly accessible platforms can unintentionally expose operational knowledge. While no confirmed misuse has been reported, the situation underlines the importance of controlling how internal training materials are created, shared, and stored, particularly within agencies responsible for national security.

Featured