Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Centre Orders Blocking of Battery Management Apps Exploited to Disable E-Rickshaws

After the Central Government discovered that seven battery management system (BMS) mobile applications were being misused to remotely disabl...

All the recent news you need to know

Researchers Expose Veil#Drop: A Stealthy Malware Chain Delivering PureLog Stealer via Blogspot

 

 
Threat researchers at Securonix have identified an advanced, multi-layered malware delivery operation that leans on hacked websites and social-engineering tactics to plant information-stealing malware on victims' systems.

Tracked under the name Veil#Drop, the campaign chains together JavaScript launchers and PowerShell download routines to fetch and run malicious code hosted on Blogspot — a platform sitting on Google's reputable infrastructure, which helps the activity blend in with legitimate traffic.

The attack kicks off when a target opens a JavaScript file disguised to look like an ordinary document. Once triggered, the script fires off PowerShell commands built to slip past execution-policy restrictions, then reaches out to attacker-run Blogspot pages to pull down further payloads.

Those Blogspot-hosted stages carry out several actions at once: they show a decoy document to keep the victim unaware, shut down certain running processes, and decrypt hidden content. The unpacked code then spins up more Blogspot links and runs the next payloads straight from memory, leaving little behind on disk.

According to Securonix, a follow-on loader stores XOR-scrambled .NET assemblies inside oversized embedded data blocks. These are rebuilt and unscrambled only while the malware is running, a technique that frustrates static inspection and weakens signature-based defenses.

The operation is also engineered with redundancy in mind, relying on backup execution paths and misusing legitimate, Microsoft-signed Windows binaries (living-off-the-land binaries, or LOLBINs) to run code while sidestepping security tools. Securonix notes that the mix of compromised sites, files masquerading with multiple extensions, trusted cloud hosting, obfuscated payloads, reflective in-memory .NET loading, and LOLBIN abuse reflects a calculated push to dodge conventional antivirus products, minimize forensic traces, and stay hidden throughout the intrusion.

The endgame is infection with PureLog Stealer, a .NET-based data thief. Once installed, it profiles the compromised machine and begins scraping data from a wide range of browsers, including Google Chrome, Microsoft Edge, Firefox, Brave, Opera, and other Chromium-based options.

Its targets include saved credentials, cookies, autofill entries, session tokens, and browsing history, and it actively hunts for cryptocurrency wallet data on the device. Beyond browsers, PureLog Stealer can pull information from messaging apps, email clients, remote-access utilities, FTP tools, cloud-storage software, developer applications, and password managers. Everything it collects is bundled up and transmitted to attacker-controlled servers in encrypted form.

Because the stealer casts such a wide net, Securonix warns that compromising a single endpoint could open the door to a much larger breach, depending on the secrets — credentials, tokens, and keys — stored on that machine. In corporate settings, the firm points out, info-stealers often serve as the opening move in bigger campaigns, with harvested logins later fueling ransomware deployment, data-theft operations, business email compromise, or drawn-out espionage.

India Considers Separate AI Regulatory Framework as Government Signals Policy Shift

 

The Indian government is considering a law to govern artificial intelligence (AI) systems, signaling a shift from its previous approach of relying solely on existing information technology laws. Senior officials from the Ministry of Electronics and Information Technology (MeitY) stated that the current developments in this space are so significant that they require legislation. 

Speaking at an industry event this week, MeitY Secretary S. Krishnan said that consultations on laws governing AI had already begun. Both Krishnan and Union IT minister Ashwini Vaishnaw had previously stated that the government would consider separately legislating for AI at an appropriate time, and he added that the moment appeared to be now. 

Existing laws were largely sufficient to address deepfakes or AI-manipulated media, as well as misinformation, fraud, and other issues, he argued, but this was no longer the case as AI became more sophisticated and started to be integrated into critical industries. The new framework would provide guidance on the development of these systems while also protecting citizens, businesses, and critical infrastructure. 

While the government did not set a deadline for legislation, Krishnan noted that MeitY could begin drafting proposals for approval, with the framework then being debated and approved by Parliament. India is not alone in this endeavor as policymakers globally are considering steps to govern AI. A growing number of countries have been looking at laws and policies that seek to address potential risks to privacy, national security, intellectual property, and more while also encouraging innovation. 

The move also marks a notable shift in approach for India, which has largely promoted a lax regulatory environment for technology and adopted a voluntary approach to AI governance, with laws and policies focusing on promoting innovation and adopting existing frameworks for oversight. 

A separate law could add another layer of oversight while also supporting India’s broader ambitions in this space, including IndiaAI Mission, as it looks to promote and bolster its AI ecosystem alongside its digital transformation initiatives. 

Industry stakeholders will also be able to contribute to the process as the government considers its proposals. The law would promote responsible innovation and address risks posed by increasingly ubiquitous and sophisticated AI systems, officials added.

WhatsApp Appoints CRED Founder Kunal Shah as New Global Head

 

In a landmark move for the global tech industry, WhatsApp announced in June 2026 that its long-serving head Will Cathcart will step down, with Indian fintech founder Kunal Shah appointed as his successor. This transition marks the first time an Indian entrepreneur will lead one of the world's largest messaging platforms, which boasts over three billion monthly active users. The announcement coincides with Meta's substantial $900 million investment in Shah's credit-card rewards platform, CRED, valuing the fintech company at $4.5 billion. 

Will Cathcart has led WhatsApp since 2019, overseeing a period of rapid expansion and navigating complex challenges around encryption, misinformation, and regulatory scrutiny across multiple continents. During his seven-year tenure, the platform evolved from a simple messaging app into a comprehensive communication ecosystem with business tools, payments integration, and enhanced privacy features. 

Cathcart will not depart Meta entirely; instead, he transitions to a newly created division focused on developing next-generation consumer products using artificial intelligence technologies. Meta CEO Mark Zuckerberg expressed enthusiasm about continuing close collaboration with Cathcart in this innovative capacity, signaling the company's strategic pivot toward AI-driven product development. 

Kunal Shah, 42, is no stranger to building successful technology ventures, having previously co-founded FreeCharge—an online recharge platform acquired by Snapdeal in 2015—before launching CRED in 2018. CRED quickly became one of India's most prominent fintech platforms, offering a members-only credit-card payment and rewards service that recently achieved its first profitable quarter in 2026. 

As part of this leadership transition, Shah will relocate from Bengaluru to Meta's headquarters in Menlo Park, California, stepping away from day-to-day operations at CRED while remaining a shareholder. Miten Sampat, who has led strategy and finance at CRED since 2020, assumes the role of interim CEO. 

The $900 million investment secures Meta a 20 percent minority stake in CRED, reflecting the tech giant's confidence in Shah's vision and India's digital payments ecosystem. Shah emphasized on social media that Meta's investment does not grant access to CRED member data, maintaining the platform's privacy commitments. 

This deal positions Meta deeper into India's fintech landscape while leveraging Shah's expertise in building trusted, user-centric platforms—a critical asset as WhatsApp continues expanding its payment and business services globally. The timing underscores Meta's broader strategy of integrating financial services within its social and communication products, with Shah's appointment expected to accelerate WhatsApp's monetization efforts in emerging markets.

BeyondTrust Patches Four Vulnerabilities in Remote Support and PRA

 




BeyondTrust has released security updates to remediate four vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, including two Critical authentication bypass flaws that could allow attackers to gain unauthorized access to vulnerable appliances under specific deployment configurations. The products are commonly used by organizations to deliver remote technical support and manage privileged access to enterprise systems, making them attractive targets because they often provide administrative access to critical IT environments.

The most severe issues originate within the products' authentication mechanisms, which verify user identities before granting access. Because the vulnerabilities can be triggered before the authentication process is completed, successful exploitation may allow attackers to bypass an important security control without first supplying valid credentials.

One of the Critical vulnerabilities, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and affects both BeyondTrust Remote Support and Privileged Remote Access. According to the advisory, the flaw stems from improper validation of authentication data within the authentication subsystem. Under specific authentication configurations, a network-positioned attacker could bypass access controls and obtain unauthorized access to the appliance, including accounts with elevated privileges.

BeyondTrust also addressed CVE-2026-40139, another Critical vulnerability assigned a CVSS score of 9.2 that impacts Remote Support. The issue results from improper processing of authentication requests and could enable an unauthenticated remote attacker to circumvent authentication controls and gain unauthorized access to affected appliances, including privileged accounts. Similar to CVE-2026-40138, exploitation depends on a particular authentication configuration being enabled, meaning the exposure varies according to how affected environments are deployed.

In addition to the authentication bypass flaws, the company disclosed CVE-2026-40140, a High-severity vulnerability with a CVSS score of 8.7 affecting the network communication subsystem. The issue arises from insufficient validation of client-supplied input and could allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition, disrupting the availability of vulnerable appliances rather than providing direct access to them.

The fourth vulnerability, CVE-2026-40141, received a CVSS score of 8.5 and affects web application components within both Remote Support and Privileged Remote Access. Caused by inadequate validation of user-supplied input, the flaw could enable an authenticated user with limited privileges to access resources or information beyond their intended authorization. BeyondTrust noted that exploitation of this vulnerability is limited to accounts that already possess specific permissions.

The company said the vulnerabilities were identified during ongoing internal security assessments with assistance from publicly available artificial intelligence models, including Anthropic Claude Opus 4.8, alongside BeyondTrust's proprietary security research tooling. The use of AI-supported analysis reflects a growing trend of incorporating large language models into vulnerability research to assist security teams in identifying potential weaknesses alongside conventional testing techniques.

According to BeyondTrust, the most severe vulnerabilities could allow authentication bypass and unauthorized access when affected systems are configured in specific ways. The remaining flaws could result in service disruption, unintended access to data, or expanded privileges for authenticated users under defined conditions, potentially affecting the confidentiality, availability, and integrity of vulnerable systems.

The vulnerabilities have been resolved in Remote Support version 25.3.3 and later and Privileged Remote Access version 25.3.3 and later. Organizations running version 25.3.2 or earlier of either product are advised to upgrade to the latest available release to mitigate the disclosed risks.

BeyondTrust stated that it has not observed evidence of the newly disclosed vulnerabilities being exploited in the wild. Nevertheless, the company noted that its Remote Support and Privileged Remote Access products have previously been targeted by threat actors. Earlier vulnerabilities, including CVE-2024-12356 and CVE-2026-1731, were exploited to deploy web shells and backdoors on compromised appliances, demonstrating the continued interest of attackers in enterprise remote access infrastructure. Given that history and the privileged role these products play within enterprise environments, organizations are encouraged to apply the available security updates promptly to reduce their exposure to potential attacks.

Flipper Zero Firmware Continues With New Community Rules


Flipper Devices said it will continue the development of the Flipper Zero firmware, with more reliance on community contributions and a smaller internal team.

New devices 

The announcement came after Flipper decided on building new devices such as Flipper One open Linux platform, where the organization shifted to the community’s help to finish development.

Besides this, Flipper also launched a Buy Bar device for people with Attention Deficit Hyperactivity Disorder (ADHD) to reduce interruptions, which will be open for sale on July 14 in the US, U.K, Canada, and Europe.

Limited production 

Flipper Devices said that the genuine firmware for the Flipper Zero portable pen-testing device will still continue, but full-time feature production ends now.

The first major stable release- Flipper Zero Firmware 1.0, was announced in September last year, after three years of development. The latest stable launch is variant 1.4.3, out since December last year.

By then, the company felt that the firmware was matured, with APIs and a stable SDK and all features implemented safely.

Backlash from community

Recently, the team hinted that firmware development was shut down, resulting in strong backlash from people. “We've seen the strong reaction from the community over the idea that we've stopped developing the Flipper Zero firmware,” Flipper said in a blog post. "We want to address this and let you know that we've heard all your feedback and have decided to rethink our approach to maintaining the project and engaging with the community," Flipper added.

Flipper's response

To address the concerns, Flipper has made a new technique for the project that depends on closer communication with supporters to keep firmware development in process.

The project will continue with a few resources and in a new way to communicate with the community, such as:

  • Interactions will only happen via GitHub Discussions, where new requests may be voted too.
  • Flipper Zero requests will be seen weekly.
  • Community pull requests will be considered with strict review guidelines.
  • Firmware modifications to require compulsory integration and regression analysis, and will be open to the community. 

“We're moving all requests from the Flipper Zero community to GitHub Discussions. Now you can 🤚 vote for feature requests that really matter, so we can see what the community actually wants and prioritize them,” Flipper said.

Five Eyes Warn AI-Powered Cyberattacks Could Outpace Defenses Within Months


 

A Five Eyes intelligence alliance has issued an urgent warning, warning that advanced artificial intelligence could soon allow cyberattacks capable of overwhelming government and enterprise defenses. They urge companies to strengthen their cybersecurity before these threats become reality. 

The alliance, comprising the United States, the United Kingdom, Canada, Australia, and New Zealand, announced on Monday that frontier artificial intelligence models are expected to transform offensive and defensive cyber operations in the coming months, rather than years, according to the alliance. According to the agencies, rapidly advancing artificial intelligence capabilities are lowering the barriers to cybercrime by facilitating faster, more sophisticated attacks. 

Several recent U.S. restrictions on foreign access to Anthropic's most advanced AI systems were prompted by concerns about their cybersecurity capabilities. This warning comes amid growing concern over the security implications of next-generation AI models. It was requested by intelligence partners that governments and businesses strengthen their cyber resilience immediately. 

There are several recommended measures, including patching known software vulnerabilities, modernizing legacy infrastructure, enforcing stricter access controls, and investing in proactive security monitoring. In addition to acknowledging the trend of threat actors adopting artificial intelligence to accelerate cyber operations, the alliance also stressed that this technology can significantly strengthen defenses.

Security tools powered by artificial intelligence can be used to identify vulnerabilities earlier, detect suspicious activity in real-time, improve software quality, and respond to incidents more quickly. According to cybersecurity experts, the warning is of particular significance to small and medium-sized companies, which may lack the resources and mature security programs found in large corporations. 

AI-driven attacks are likely to present the greatest risk to organizations with outdated systems and weak security controls as they become more accessible. Furthermore, the statement highlights the growing debate on AI governance. The debate between governments and industry continues, however experts contend that regulatory efforts have not kept pace with the rapid development of frontier AI models. 

echnology leaders and security researchers have recently called for a more transparent and scientifically based approach to artificial intelligence risk assessment while ensuring defensive security capabilities continue to advance. A Five Eyes warning emphasizes that artificial intelligence is rapidly transforming the cyber threat landscape. 

Organizations that are proactive in strengthening their security posture and integrating artificial intelligence into their defense systems will have greater success defending themselves against the next generation of cyber threats. The Five Eyes warning reflects a growing consensus that artificial intelligence is transforming cyber threat landscapes at a historic pace. 

Organizations with a strong resilience strategy, modernized security infrastructure, and responsible adoption of AI-driven defenses will be better prepared to deal with the next generation of cyber threats as offensive capabilities evolve.

Featured