Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

New GPU Rowhammer Attacks on Nvidia Cards Enable Full System Takeover

  High-performance GPUs, often priced at $8,000 or more, are commonly shared among multiple users in cloud environments—making them attract...

All the recent news you need to know
public Quizlet
CBP Cyber Security Department of Homeland Security public Quizlet

Public Quizlet Flashcards Raise Concerns Over Possible CBP Security Exposure

 



A set of publicly available flashcards discovered through simple online searches has sparked concern after appearing to reveal sensitive details related to facility security at U.S. Customs and Border Protection locations in Kingsville, Texas.

The flashcards were hosted on Quizlet and compiled under the title “USBP Review” in February. They remained accessible until March 20, when the set was made private shortly after an inquiry was sent to a phone number potentially linked to the account. Although the listed user appeared to be located near a CBP facility, there is no confirmation that the content was created by an active employee or contractor.

CBP has stated that its Office of Professional Responsibility is reviewing the matter, emphasizing that such reviews are routine and do not automatically indicate misconduct. Other agencies under the Department of Homeland Security, including Immigration and Customs Enforcement, did not respond to requests for comment.

If the material is found to be linked to CBP personnel, it could signal a serious lapse for an agency tasked with protecting national borders and safeguarding the country.

The flashcards included what appeared to be access codes for checkpoint doors and specific facility gates, with exact numerical combinations provided in response to direct prompts. Some gate names were not disclosed in reporting due to uncertainty over their confidentiality. Additional entries outlined immigration-related violations such as passport misuse, visa fraud, and attempts to evade checkpoints, along with associated legal consequences.

Several cards also detailed procedural workflows, including voluntary return processes, expedited removals, and warrants of removal. These entries referenced required documentation and reminded users to verify accuracy using an internal “agents Resources Page.”

Quizlet stated that it takes reports of sensitive content seriously and removes material that violates its policies, encouraging users to report concerning sets for review.

Further content within the set described the Kingsville sector’s operational scope, covering approximately 1,932 square miles across six counties. It also explained internal grid and zone systems, noting that one grid designation does not exist due to the layout of regional highways.

The flashcards additionally identified 11 operational towers in the area, including abbreviated naming formats and shared jurisdiction between certain towers. Some of these references appeared to align with the previously mentioned gate locations, increasing the potential sensitivity.

Another entry described an internal system called “E3 BEST,” which enables officers to record, investigate, and process secondary inspection cases. The system allows simultaneous database checks on individuals and vehicles and supports the creation of event records tied to enforcement outcomes.

The incident comes at a time of accelerated hiring across border enforcement agencies. CBP has offered incentives of up to $60,000 to attract recruits, while ICE has promoted similar packages, including signing bonuses and student loan repayment support. Increased recruitment may expand the use of informal study tools, raising the risk of unintended exposure.

Additional searches also surfaced other flashcard sets potentially linked to DHS-related training. These included materials on detention standards and transportation procedures, with prompts such as detainees being transported in a “safe and humane manner” and rules stating that driving under the influence is prohibited. Another set appeared to contain answers to internal training questions, including multiple-choice responses such as “Both A and C” and “All of the above.”

One user created more than 60 flashcard sets between November 2025 and February 2026, covering topics from radio codes and alphabets to more advanced areas like body-worn camera policies and immigration-related Spanish vocabulary. A more recent set included terms resembling language used in recruitment messaging, such as “the nation,” “the security,” and “the homeland.”

From a broader security perspective, the incident highlights how publicly accessible platforms can unintentionally expose operational knowledge. While no confirmed misuse has been reported, the situation underlines the importance of controlling how internal training materials are created, shared, and stored, particularly within agencies responsible for national security.

Read more »
LinkedIn Users
Cyber Security Cybersecurity Jobs Fake Job Fake Job Ads Linkedin Linkedin Hacks LinkedIn Users

How to Spot and Avoid LinkedIn Scams: A Complete Guide to Staying Safe Online

 

Most people trust LinkedIn for connecting careers, finding jobs, or growing businesses - yet that very trust opens doors for fraudsters. Because profiles often reveal detailed backgrounds, attackers pull facts straight from bios to craft believable tricks. Spotting odd requests or sudden offers helps block risks before they grow. Awareness matters, especially when messages seem too eager or oddly timed. 

Most people come across false job listings on LinkedIn at some point. Fake recruiter accounts tend to advertise positions offering large salaries, little work, fast placement, or overseas moves. Often, these deals turn out poorly once applicants get asked for private details or required to cover costs like setup fees, instruction modules, or tools. A different but frequent method relies on deceptive messages that mimic real notifications from the platform - these contain harmful web addresses meant to capture account passwords and access codes. 

One way attackers operate now involves tailored tactics, including spear-phishing. Studying someone's online activity helps them design messages appearing genuine and familiar. Sometimes these interactions shift from LinkedIn to apps such as WhatsApp or Telegram, avoiding detection more easily. Moving communication elsewhere raises serious concerns - it typically precedes deeper manipulation. Another trend gaining ground includes scams based on fake investments or romantic connections; here, confidence grows slowly until false money offers appear, frequently tied to digital currency. Watch out for certain red flags when using professional platforms. 

When messages push you to act fast, promise big rewards, or ask for private data, stay cautious. A profile showing few contacts, missing background, or odd job timelines might not be genuine. Confirm who you're dealing with by checking corporate sites - this basic move often gets ignored. Start smart - shielding your online presence begins with straightforward habits. Click only trusted links, since risky ones open doors to trouble. Two-step login adds a layer of safety, making breaches harder. Strong passwords matter; reusing them weakens protection. 

Staying inside LinkedIn messages helps keep exchanges secure. Sharing less personal detail lowers exposure quietly. Privacy controls fine-tune who sees what - adjust them often. Safety grows when small steps add up behind the scenes. Right away, cut contact if something feels off - then alert LinkedIn about the account. 

When financial data might be exposed, changing passwords fast becomes key, while also warning your bank without delay. Even as the platform expands, threats rise at the same pace, which means staying alert matters more than any tool. Awareness acts quietly but powerfully, standing between safety and harm.
Read more »
Residential Proxies
Cyber Security GreyNoise IP‑reputation Residential Proxies

Residential Proxies Evade IP Reputation Checks in 78% of 4 Billion Sessions

 

Residential proxy networks are now evading IP‑reputation‑based security controls in a majority of malicious sessions, greatly undercutting a core pillar of network defense. A recent analysis by cybersecurity intelligence firm GreyNoise found that residential‑proxy‑routed traffic escaped IP‑reputation checks in 78% of roughly 4 billion malicious sessions over a three‑month window. Attackers rely on ordinary home and mobile‑network IP addresses passed through these proxies, making it hard for defenders to distinguish malicious scans from legitimate user traffic.

How residential proxies work 

Residential proxies route traffic through real‑world consumer devices—home routers, mobile phones, and small‑business connections—owned by ordinary users or enrolled into third‑party bandwidth‑sharing schemes. Many of these IPs are short‑lived, appearing only once or twice in attacker logs before being rotated, which prevents reputation feeds from cataloging them in time. About 89.7% of the residential IPs involved in attacks are active for under a month, with only small fractions persisting beyond two or three months.

The main problem is that IP reputation typically tags long‑running or heavily abused addresses, yet most residential proxy IPs are highly transient and geographically scattered. GreyNoise’s data shows the attacking residential IPs come from 683 different ISPs, blending with normal customer traffic and diluting any clear “bad‑IP” signal. Because attackers mainly use these proxies for low‑volume network scanning and reconnaissance instead of direct exploits, traffic patterns look benign at the network layer, letting 78% of such sessions slip past reputation‑based filters.

The study points to China, India, and Brazil as major sources of residential‑proxy traffic, with usage patterns that mirror human behavior, such as a noticeable drop in activity at night. GreyNoise identifies two main ecosystems behind these proxies: IoT botnets and compromised consumer devices whose installed software—such as free VPNs and ad‑blocking apps—secretly sells the device’s bandwidth. SDKs embedded in these apps enroll consenting or unaware users into proxy networks that monetize idle home‑network capacity.

Implications and future defenses 

The high evasion rate means relying solely on IP reputation is no longer sufficient for detecting threats routed through residential proxies. GreyNoise recommends shifting toward behavior‑based detection, including tracking sequential probing from rotating residential IPs, blocking unsupported enterprise protocols from ISP‑facing networks, and persistently fingerprinting devices even when their IP changes. Security teams will need layered analytics—combining session‑level behavior, device profiles, and protocol anomalies—to stay effective as attackers continue to exploit the camouflage of residential‑proxy infrastructure.
Read more »
TruffleHog
Amazon Web Services AWS Cyber Attacks TeamPCP TruffleHog

TruffleHog Targets European Commission, Breach Leaked Data of 30 EU Entities


The European Union Cybersecurity Service (CERT-EU) has linked the European Commission cloud breach to the TeamPCP gang. The breach leaked the information of 29 Union organizations.

The breach

The commission disclosed the attack on March 27, when Bleeping Computer confirmed the breach of the European Union’s primary executive body.

Recently, the European Commission informed CERT-EU about the breach, informing them that their Cybersecurity Operations was not warned about an API exploit, a possible account hack, or any malicious network traffic until March 24.

TeamPCP's attack tactic

In March, TeamPCP exploited a compromised AWS API key to manage rights over different Commission AWS accounts (hacked in the Trivy supply-chain breach).

After that, the gang deployed TruffleHog to look for more secrets, then added a new access key to an existing user to escape detection before doing more spying and data theft. 

In the past, TeamPCP has been known for supply-chain attacks targeting developer code forums like NPM, Docker, PyPi, and GitHub. The gang also attacked the LiteLLM PyPI package in a campaign that affected tens of thousands of devices via its “TeamPCP Cloud Stealer” data-stealing malware. 

ShinyHunters' role

Later, data extortion gang ShinyHunters posted the stolen data on their dark web leak site as a 90 GB archive of documents (around 340GB uncompressed), which includes email addresses, contacts, and email information. 

According to the CERT-EU analysis, hackers have stolen tens of thousands of documents; the leak affects around 42 internal European Commission clients and around 20 other Union firms. 

"The threat actor used the compromised AWS secret to exfiltrate data from the affected cloud environment. The exfiltrated data relates to websites hosted for up to 71 clients of the Europa web hosting service: 42 internal clients of the European Commission, and at least 29 other Union entities,” CERT-EU said. Regarding the dataset, CERT-EU said it also contained “at least 51,992 files related to outbound email communications, totalling 2.22 GB. The majority of these are automated notifications with little to no content. However, 'bounce-back' notifications, which are responses to incoming messages from users, may contain the original user-submitted content, posing a risk of personal data exposure."

The impact

No websites were taken offline or altered as a result of this attack, and no lateral movement to other Commission AWS accounts has been found, according to CERT-EU.

Although it would probably take "a considerable amount of time" to analyze the exfiltrated databases and information, the Commission has informed the appropriate data protection authorities and is in direct contact with the impacted organizations.

After learning that a mobile device management platform used to oversee employees' devices had been compromised, the European Commission revealed another data breach in February.

Read more »
Third Party Risk
Customer Data Exposure Cybersecurity Threats Data Breach Healthcare Data Security phishing risks Social Engineering Attack Telehealth Security Third Party Risk

Hims and Hers Discloses Cyberattack Impacting Customer Support Infrastructure


 

The integrity of digital systems has become inextricably linked to patient trust in an industry where discretion is not only expected but is fundamental. Telehealth providers, by design, are at the intersection of convenience and confidentiality, handling deeply personal disclosures ranging from routine wellness concerns to highly sensitive conditions, delivering a balance between convenience and confidentiality. 

In spite of their rapid scaling and increasing reliance on third-party services for customer interactions, these platforms have a security posture that extends far beyond their own infrastructure. External integrations no matter how efficient they may be operationally introduce a new layer of vulnerability, increasing the attack surface in ways often not apparent until the incident has occurred. 

A breach involving the company’s customer support environment has now materialized that risk for Hims & Hers, which is notifying customers. In fact, the incident did not result from the organization's core medical systems, but from its third-party customer service platform which handles user queries and support tickets an often overlooked repository of information submitted by users. 

A preliminary investigation was initiated by the company on February 5, which resulted in unauthorized access to support tickets between February 4 and February 7. Upon conducting a comprehensive review of those tickets, which was concluded on March 3, the company confirmed that personal information was contained therein. It was disclosed to the Office of the California Attorney General that an unidentified threat actor gained access to what was described as "certain tickets sent to our customer service team." This had a limited impact on a limited number of users. 

The company has not fully disclosed the scope of exposed data, but acknowledges that names, contact information, and additional user-provided information was likely accessed. Some of these details are redacted in the filing. As a matter of fact, Hims & Hers stated that no medical records or direct doctor-patient communications were compromised. 

Nevertheless, the nature of the exposed data underscores a more general concern concerning telehealth ecosystems. Support tickets frequently contain contextual clues symptoms described in plain language, product inquiries pertaining to specific conditions, or follow-ups that reveal treatment journeys implicitly. 

When a platform offers services such as hair loss, erectile dysfunction, mental health, skincare, and weight management, even limited identifiers may be used to communicate unintended sensitivity. Thus, this breach highlights a critical reality of healthcare-related digital services: operational information and deeply personal information are far more closely linked than they appear to be in these services. It is unclear at this time what the extent of the exposure is. 

The company has not yet confirmed the number of individuals affected. The California data breach notification framework mandates disclosures when there are 500 or more residents involved, a threshold that often indicates that the event is of higher materiality. An employee spokesperson of the company, Jake Martin, stated in the report that the intrusion had been caused by a social engineering attack, suggesting that the attackers were exploiting a purely technical vulnerability rather than manipulating internal personnel to gain unauthorized access. 

A granular breakdown of the information accessed was not provided by the company despite follow-up inquiries, which indicated that the compromised dataset primarily consisted of customer names and email addresses. As an important point, the organization has not disclosed whether it has received direct communication from the threat actors, including extortion demands or ransom demands, leaving open the question of the attacker's intent and post-compromise activities.

The ambiguity is indicative of a wider and increasingly familiar threat landscape trend characterized by customer support and ticketing environments emerging as highly valued targets for adversaries motivated by financial gain. 

In addition to being information-rich, these systems are also less fortified than core transactional or clinical systems because they aggregate user-submitted data in less structured formats. Additionally, this incident aligns with a growing number of breaches involving similar infrastructures. As part of its customer service ticketing system compromise in 2025, Discord disclosed the exposure of 70,000 users' sensitive identity documents, including government-issued identifications, submitted for age verification purposes by approximately 70,000 users. 

A critical shift in attacker focus can be observed in these cases, where peripheral service layers, particularly those that are managed by third parties, are increasingly used as entry points for accessing highly sensitive data by compromising primary systems rather than confronting them directly. 

Keeping in line with industry practice, Hims & Hers is now providing complimentary credit monitoring to affected customers for a period of 12 months. These measures provide a minimum level of financial oversight, but they do little to mitigate the risk of targeted social engineering that is more immediate and sophisticated. 

Specifically, the release of support ticket data provides an opportunity for highly contextual phishing campaigns, in which threat actors use authentic user interactions, such as prescription-related queries or treatment discussions, to create messages that are significantly more convincing than generic fraud attempts. By utilizing personalized communications instead of direct breaches of financial systems, these tactics achieve maximum effectiveness. 

The security analyst community has consistently warned that even small amounts of health-related context can be used to weaponize datasets for coercion, fraud, and reputational damage. It is unclear whether such misuse has taken place in this case, but it remains plausible. If sensitive treatment or condition information is linked to identifiable contact information, it can be used in extortion schemes or deceptive outreach campaigns to obtain more information.

It is noteworthy that this emerging threat model aligns with prior Federal Bureau of Investigation advisories, which have documented cases in which adversaries impersonated insurance companies, claims investigators, or healthcare representatives to obtain medical records and financial information. Due to this backdrop, affected individuals are encouraged to take a more defensive position in addition to passive monitoring in order to protect themselves from harm. 

In particular, users are advised to be cautious when responding to unsolicited communications referencing specific treatments, past support interactions, or account activity, as well as verifying any requests for information through official, trusted communication channels before engaging with embedded links or attachments in unexpected messages. 

An enhanced level of situational awareness can be enhanced by taking proactive measures, such as monitoring for data exposure across illicit marketplaces. It may be possible to identify downstream misuse early when utilizing tools such as Malwarebytes Digital Footprint Scanner, which tracks credential and personal information circulation. This can allow individuals to act before such information is actively exploited.

According to prevailing industry practice, Hims & Hers is offering 12 months' complimentary credit monitoring to affected users. Although such measures provide a baseline layer of financial oversight, they are insufficient to mitigate the more immediate and sophisticated risks associated with targeted social engineering. 

A particular concern with the availability of support ticket data is the possibility of highly contextual phishing campaigns, where threat actors can craft messages based on genuine user interactions, such as prescription-related queries or treatment discussions, which are much more convincing than generic fraud attempts. In order to successfully utilize these tactics, it is imperative that trust be exploited through personalization, not by directly breaching financial systems. 

The security analyst community has consistently warned that even small amounts of health-related context can be used to weaponize datasets for coercion, fraud, and reputational damage. It is unclear whether such misuse has taken place in this case, but it remains plausible. 

In combination with identifiable contact details, information related to sensitive treatments or conditions may be used to perpetrate extortion schemes or deceptive outreach aimed at eliciting further disclosures. In line with prior advice from the Federal Bureau of Investigation, this evolving threat model aligns with cases in which adversaries have impersonated insurance companies, claims investigators, and healthcare representatives in order to extract medical records and financial information. This background is being used to encourage affected individuals to adopt a more defensive posture which goes beyond passive monitoring. 

Taking note of unsolicited communications especially those referencing specific treatments, past interactions with support staff, or account activity is essential. It is advised that users avoid engaging with embedded links or attachments within unexpected messages and verify all requests for information using official and trusted channels. 

Monitoring for potential data exposure across illicit marketplaces can further enhance situational awareness by enhancing proactive measures. It is possible for malwarebytes to provide early indications of downstream misuse through tools like the Malwarebytes Digital Footprint Scanner, which tracks credentials and personal data circulation. Therefore, individuals can respond before such information is actively exploited. 

The nature of incidents such as these underscores the need for digital health providers to redesign their security strategies beyond traditional system boundaries in light of these incidents. A healthcare platform's resilience is increasingly dependent on the governance of third-party integrations, employee awareness and a visibility of data flows across support ecosystems, as demonstrated by Hims & Hers. 

In order to protect themselves against social engineering threats in the future, organizations operating in this field will need to adopt a layered security posture integrating continuous monitoring, stricter access controls, and targeted training. 

While maintaining caution and being informed, users must realize that even limited data exposures can be exploited by sophisticated attack chains. As the threat landscape evolves, it is evident that safeguarding healthcare data is not limited to clinical systems but is also extended to every interface which creates, shares, or stores personal information.
Read more »
NVIDIA
AMD Corporations Cyber Security Intel NVIDIA

AMD Announces Plan to Acquire Intel in Unprecedented Industry Turn

 




Advanced Micro Devices has revealed plans to acquire long-time rival Intel Corporation, marking a dramatic reversal in one of the most enduring rivalries in the semiconductor industry.

The proposed transaction, structured entirely as a stock-based deal, signals a major shift in industry power. Once viewed as the underdog, AMD has now surpassed Intel in market valuation, and the acquisition would further cement that transition.

For over four decades, the relationship between the two companies has been defined by competition, imitation, legal disputes, and strategic overlap. AMD historically operated in Intel’s shadow, often positioning itself as a secondary supplier while attempting to challenge its dominance. In recent years, however, AMD has strengthened its position across multiple computing segments and improved investor confidence, while Intel has faced setbacks.

Intel’s struggles have included delays in manufacturing advancements, inconsistent product execution, and repeated strategic adjustments. These challenges have contributed to a broader shift in market perception, allowing AMD to close the gap and eventually move ahead in key areas.

The idea of AMD acquiring Intel would have seemed highly unlikely just a few years ago, given Intel’s long-standing dominance as the central force in the personal computing ecosystem. The potential merger now reflects how drastically that balance has changed.

If completed, integrating the two companies could present organizational and cultural challenges, given their long history as direct competitors. Leadership from AMD indicated that the combined entity could accelerate product development timelines, streamline user experience, and maintain a level of internal competition despite operating under one structure.

In its response, Intel stated that the agreement could enhance shareholder value while providing its engineering teams with clearer direction and stronger operational support to rebuild competitive product offerings.

Industry analysts are still assessing the broader implications. Historically, Intel’s scale and manufacturing capabilities positioned it at the center of the computing market, while AMD functioned as a challenger that introduced competitive pressure. That dynamic has shifted as AMD expanded its presence in servers, desktops, and mobile computing, while Intel’s recovery efforts remain ongoing.

Several practical questions remain unresolved. These include how branding will be handled, whether both product lines will continue independently, and how regulators will evaluate the consolidation of two primary x86 architecture competitors under a single entity.

Sources familiar with the matter suggest AMD may adopt a structure that retains both brands in the near term. One internal concept reportedly frames Intel as a legacy-focused division, reflecting its historical significance while redefining its position within the organization.

Investor reaction has ranged from surprise to cautious optimism. Some market participants see the potential for operational efficiency and reduced rivalry, while others are concerned that combining the two companies could limit competition in the x86 processor market.

From a regulatory perspective, the deal is likely to face scrutiny due to the potential concentration of market power. The long-standing competition between AMD and Intel has historically driven innovation and pricing balance, and its reduction could reshape industry dynamics.

The announcement comes at a time when the semiconductor sector is undergoing rapid transformation, driven by demand for artificial intelligence, high-performance computing, and evolving global supply chains. Both companies have been investing heavily in these areas, alongside competitors such as NVIDIA Corporation.

At present, the timeline for completion remains subject to regulatory approvals and further review. While the companies have indicated confidence in moving forward, the scale and implications of the deal mean that its outcome will be closely watched across the industry.

Read more »
Subscribe to: Comments (Atom)

Featured