CySecurity News - Latest Information Security and Hacking Incidents: AI

AI AI Training Artificial Intelligence ChatGPT Cybersecurity Google IT OpenAI Technology

Building Smarter AI Through Targeted Training

In recent years, artificial intelligence and machine learning have been in high demand across a broad range of industries. As a consequence, the cost and complexity of constructing and maintaining these models have increased significantly. Artificial intelligence and machine learning systems are resource-intensive, as they require substantial computation resources and large datasets, and are also difficult to manage effectively due to their complexity.

As a result of this trend, professionals such as data engineers, machine learning engineers, and data scientists are increasingly being tasked with identifying ways to streamline models without compromising performance or accuracy, which in turn will lead to improved outcomes. Among the key aspects of this process involves determining which data inputs or features can be reduced or eliminated, thereby making the model operate more efficiently.

In AI model optimization, a systematic effort is made to improve a model's performance, accuracy, and efficiency to achieve superior results in real-world applications. The purpose of this process is to improve a model's operational and predictive capabilities through a combination of technical strategies. It is the engineering team's responsibility to improve computational efficiency—reducing processing time, reducing resource consumption, and reducing infrastructure costs—while also enhancing the model's predictive precision and adaptability to changing datasets by enhancing the model's computational efficiency.

An important optimization task might involve fine-tuning hyperparameters, selecting the most relevant features, pruning redundant elements, and making advanced algorithmic adjustments to the model. Ultimately, the goal of modeling is not only to provide accurate and responsive data, but also to provide scalable, cost-effective, and efficient data. As long as these optimization techniques are applied effectively, they ensure the model will perform reliably in production environments as well as remain aligned with the overall objectives of the organization.

It is designed to retain important details and user preferences as well as contextually accurate responses when ChatGPT's memory feature is enabled, which is typically set to active by default so that the system can provide more personalized responses over time. If the user desires to access this functionality, he or she can navigate to the Settings menu and select Personalization, where they can check whether memory is active and then remove specific saved interactions if needed.

As a result of this, it is recommended that users periodically review the data that has been stored within the memory feature to ensure its accuracy. In some cases, incorrect information may be retained, including inaccurate personal information or assumptions made during a previous conversation. As an example, in certain circumstances, the system might incorrectly log information about a user’s family, or other aspects of their profile, based on the context in which it is being used.

In addition, the memory feature may inadvertently store sensitive data when used for practical purposes, such as financial institutions, account details, or health-related queries, especially if users are attempting to solve personal problems or experiment with the model. It is important to remember that while the memory function contributes to improved response quality and continuity, it also requires careful oversight from the user. There is a strong recommendation that users audit their saved data points routinely and delete the information that they find inaccurate or overly sensitive. This practice helps maintain the accuracy of data, as well as ensure better, more secure interactions.

It is similar to clearing the cache of your browser periodically to maintain your privacy and performance optimally. "Training" ChatGPT in terms of customized usage means providing specific contextual information to the AI so that its responses will be relevant and accurate in a way that is more relevant to the individual. ITGuides the AI to behave and speak in a way that is consistent with the needs of the users, users can upload documents such as PDFs, company policies, or customer service transcripts.

When people and organizations can make customized interactions for business-related content and customer engagement workflows, this type of customization provides them with more customized interactions. It is, however, often unnecessary for users to build a custom GPT for personal use in the majority of cases. Instead, they can share relevant context directly within their prompts or attach files to their messages, thereby achieving effective personalization.

As an example, a user can upload their resume along with a job description when crafting a job application, allowing artificial intelligence to create a cover letter based on the resume and the job description, ensuring that the cover letter accurately represents the user's qualifications and aligns with the position's requirements. As it stands, this type of user-level customization is significantly different from the traditional model training process, which requires large quantities of data to be processed and is mainly performed by OpenAI's engineering teams.

Additionally, ChatGPT users can increase the extent of its memory-driven personalization by explicitly telling it what details they wish to be remembered, such as their recent move to a new city or specific lifestyle preferences, like dietary choices. This type of information, once stored, allows the artificial intelligence to keep a consistent conversation going in the future. Even though these interactions enhance usability, they also require thoughtful data sharing to ensure privacy and accuracy, especially as ChatGPT's memory is slowly swelled over time.

It is essential to optimize an AI model to improve performance as well as resource efficiency. It involves refining a variety of model elements to maximize prediction accuracy and minimize computational demand while doing so. It is crucial that we remove unused parameters from networks to streamline them, that we apply quantization to reduce data precision and speed up processing, and that we implement knowledge distillation, which translates insights from complex models to simpler, faster models.

A significant amount of efficiency can be achieved by optimizing data pipelines, deploying high-performance algorithms, utilizing hardware accelerations such as GPUs and TPUs, and employing compression techniques such as weight sharing, low-rank approximation, and optimization of the data pipelines. Also, balancing batch sizes ensures the optimal use of resources and the stability of training.

A great way to improve accuracy is to curate clean, balanced datasets, fine-tune hyperparameters using advanced search methods, increase model complexity with caution and combine techniques like cross-validation and feature engineering with the models. Keeping long-term performance high requires not only the ability to learn from pre-trained models but also regular retraining as a means of combating model drift. To enhance the scalability, cost-effectiveness, and reliability of AI systems across diverse applications, these techniques are strategically applied.

Using tailored optimization solutions from Oyelabs, organizations can unlock the full potential of their AI investments. In an age when artificial intelligence is continuing to evolve rapidly, it becomes increasingly important to train and optimize models strategically through data-driven optimization. There are advanced techniques that can be implemented by organizations to improve performance while controlling resource expenditures, from selecting features and optimizing algorithms to efficiently handling data.

As professionals and teams that place a high priority on these improvements, they will put themselves in a much better position to create AI systems that are not only faster and smarter but are also more adaptable to the daily demands of the world. Businesses are able to broaden their understanding of AI and improve their scalability and long-term sustainability by partnering with experts and focusing on how AI achieves value-driven outcomes.

Fake Candidates, Real Threat: Deepfake Job Applicants Are the New Cybersecurity Challenge



 

Verification

AI Cyber Fraud Cybersecurity Deepfake Fraud identity Recruitment Resume Verification

Fake Candidates, Real Threat: Deepfake Job Applicants Are the New Cybersecurity Challenge

When voice authentication firm Pindrop Security advertised an opening for a senior engineering role, one resume caught their attention. The candidate, a Russian developer named Ivan, appeared to be a perfect fit on paper. But during the video interview, something felt off—his facial expressions didn’t quite match his speech. It turned out Ivan wasn’t who he claimed to be.

According to Vijay Balasubramaniyan, CEO and co-founder of Pindrop, Ivan was a fraudster using deepfake software and other generative AI tools in an attempt to secure a job through deception.

“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”

While businesses have always had to protect themselves against hackers targeting vulnerabilities, a new kind of threat has emerged: job applicants powered by AI who fake their identities to gain employment. From forged resumes and AI-generated IDs to scripted interview responses, these candidates are part of a fast-growing trend that cybersecurity experts warn is here to stay.

In fact, a Gartner report predicts that by 2028, 1 in 4 job seekers globally will be using some form of AI-generated deception.

The implications for employers are serious. Fraudulent hires can introduce malware, exfiltrate confidential data, or simply draw salaries under false pretenses.

A Growing Cybercrime Strategy

This problem is especially acute in cybersecurity and crypto startups, where remote hiring makes it easier for scammers to operate undetected. Ben Sesser, CEO of BrightHire, noted a massive uptick in these incidents over the past year.

“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”

This isn’t a problem confined to startups. Earlier this year, the U.S. Department of Justice disclosed that over 300 American companies had unknowingly hired IT workers tied to North Korea. The impersonators used stolen identities, operated via remote networks, and allegedly funneled salaries back to fund the country’s weapons program.

Criminal Networks & AI-Enhanced Resumes

Lili Infante, founder and CEO of Florida-based CAT Labs, says her firm regularly receives applications from suspected North Korean agents.

“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”

To filter out such applicants, CAT Labs relies on ID verification companies like iDenfy, Jumio, and Socure, which specialize in detecting deepfakes and verifying authenticity.

The issue has expanded far beyond North Korea. Experts like Roger Grimes, a longtime computer security consultant, report similar patterns with fake candidates originating from Russia, China, Malaysia, and South Korea.

Ironically, some of these impersonators end up excelling in their roles.

“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.

Even KnowBe4, the cybersecurity firm Grimes works with, accidentally hired a deepfake engineer from North Korea who used AI to modify a stock photo and passed through multiple background checks. The deception was uncovered only after suspicious network activity was flagged.

What Lies Ahead

Despite a few high-profile incidents, most hiring teams still aren’t fully aware of the risks posed by deepfake job applicants.

“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” said BrightHire’s Sesser. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”

As deepfake tools become increasingly realistic, experts believe the problem will grow harder to detect. Fortunately, companies like Pindrop are already developing video authentication systems to fight back. It was one such system that ultimately exposed “Ivan X.”

Although Ivan claimed to be in western Ukraine, his IP address revealed he was operating from a Russian military base near North Korea, according to the company.

Pindrop, backed by Andreessen Horowitz and Citi Ventures, originally focused on detecting voice-based fraud. Today, it may be pivoting toward defending video and digital hiring interactions.

“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”

Payment Fraud on the Rise: How Businesses Are Fighting Back with AI



 

Payment Fraud on the Rise: How Businesses Are Fighting Back with AI

The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are increasingly leveraging hardware tools like skimmers and keystroke loggers, as well as malware, to extract sensitive data during legitimate transactions.

As a result, companies are under mounting pressure to adopt more advanced fraud prevention systems. Credit and debit card fraud continue to dominate fraud cases globally. A recent report by Nilson found that global losses due to payment card fraud reached $33.83 billion in 2023, with nearly half of these losses affecting U.S. cardholders.

While chip-enabled cards have reduced in-person fraud, online or card-not-present (CNP) fraud has surged. Debit card fraud often results in immediate financial damage to the victim, given its direct link to bank accounts. Meanwhile, mobile payments are vulnerable to tactics like SIM swapping and mobile malware, allowing attackers to hijack user accounts.

Other methods include wire fraud, identity theft, chargeback fraud, and even check fraud—which, despite a decline in paper check usage, remains a threat through forged or altered checks. In one recent case, customers manipulated ATM systems to deposit fake checks and withdraw funds before detection, resulting in substantial bank losses. Additionally, criminals have turned to synthetic identity creation and AI-generated impersonations to carry out sophisticated schemes.

However, artificial intelligence is not just a tool for fraudsters—it’s also a powerful ally for defense. Financial institutions are integrating AI into their fraud detection systems. Platforms like Visa Advanced Authorization and Mastercard Decision Intelligence use real-time analytics and machine learning to assess transaction risk and flag suspicious behavior.

AI-driven firms such as Signifyd and Riskified help businesses prevent fraud by analyzing user behavior, transaction patterns, and device data. The consequences of payment fraud extend beyond financial loss. Businesses also suffer reputational harm, resource strain, and operational disruptions.

With nearly 60% of companies reporting fraud-related losses exceeding $5 million in 2024, preventive action is crucial. From employee training and risk assessments to AI-powered tools and multi-layered security, organizations are now investing in proactive strategies to protect themselves and their customers from the rising tide of digital fraud.

AI Powers Airbnb’s Code Migration, But Human Oversight Still Key, Say Tech Giants



 

Technology

AI AI technology Airbnb LLM Technology

AI Powers Airbnb’s Code Migration, But Human Oversight Still Key, Say Tech Giants

In a bold demonstration of AI’s growing role in software development, Airbnb has successfully completed a large-scale code migration project using large language models (LLMs), dramatically reducing the timeline from an estimated 1.5 years to just six weeks. The project involved updating approximately 3,500 React component test files from Enzyme to the more modern React Testing Library (RTL).

According to Airbnb software engineer Charles Covey-Brandt, the company’s AI-driven pipeline used a combination of automated validation steps and frontier LLMs to handle the bulk of the transformation. Impressively, 75% of the files were migrated within just four hours, thanks to robust automation and intelligent retries powered by dynamic prompt engineering with context-rich inputs of up to 100,000 tokens.

Despite this efficiency, about 900 files initially failed validation. Airbnb employed iterative tools and a status-tracking system to bring that number down to fewer than 100, which were finally resolved manually—underscoring the continued need for human intervention in such processes. Other tech giants echo this hybrid approach. Google, in a recent report, noted a 50% speed increase in migrating codebases using LLMs.

One project converting ID types in the Google Ads system—originally estimated to take hundreds of engineering years—was largely automated, with 80% of code changes authored by AI. However, inaccuracies still required manual edits, prompting Google to invest further in AI-powered verification. Amazon Web Services also highlighted the importance of human-AI collaboration in code migration.

Its research into modernizing Java code using Amazon Q revealed that developers value control and remain cautious of AI outputs. Participants emphasized their role as reviewers, citing concerns about incorrect or misleading changes. While AI is accelerating what were once laborious coding tasks, these case studies reveal that full autonomy remains out of reach.

Engineers continue to act as crucial gatekeepers, validating and refining AI-generated code. For now, the future of code migration lies in intelligent partnerships—where LLMs do the heavy lifting and humans ensure precision.

600 Phishing Campaigns Emerged After Bybit Heist, Biggest Crypto Scam in History



 

phishing

AI Bybit cryptocurrency Cyber Attacks Ethereum phishing

600 Phishing Campaigns Emerged After Bybit Heist, Biggest Crypto Scam in History

Recently, the cryptocurrency suffered the largest cyberattack to date. The Bybit exchange was hit by the "largest cryptocurrency heist in history, with approximately $1.5 billion in Ethereum tokens stolen in a matter of hours," Forbes said.

After the Bybit hack, phishing campaigns steal crypto

Security vendor BforeAI said around 600 phishing campaigns surfaced after the Bybit heist, which was intended to steal cryptocurrency from its customers. In the last three weeks, after the news of the biggest crypto scam in history, BforeAI found 596 suspicious domains from 13 different countries.

Dozens of these malicious domains mimicked the cryptocurrency exchange itself (Bybit), most using typosquatting techniques and keywords like “wallet,” “refund,” “information, “recovery,” and “check.”

According to BforeAI, there were also “instances of popular crypto keywords such as ‘metaconnect,’ ‘mining,’ and ‘airdrop,’ as well as the use of free hosting and subdomain registration services such as Netlify, Vercel, and Pages.dev.”

Malicious free domains used for attacks

The use of free hosting services and dynamics is a common practice in this dataset. Many phishing pages are hosted on forums that offer anonymous, quick deployment without asking for domain purchases. Also, the highest number of verified malicious domains were registered in the UK.

After the incident, Bybit assured customers that they wouldn’t lose any money as a result. But the hackers took advantage of this situation and intentionally created a sense of anxiety and urgency via deceptive tactics like ‘fake recovery services and ‘phishing schemes.’ A few phishing websites pretended to be the “Bybit Help Center.”

The end goal was to make victims enter their crypto/Bybit passwords. A few weeks later, campaigns changed from “withdrawals, information, and refunds” through spoof Bybit sites to providing “crypto and training guides” and special rewards to trick potential investors.

Regardless of the change in these crypto and training guides, the campaigns persevered a “connection to the earlier withdrawal scams by including ‘how to withdraw from Bybit guides,’ BforeAI explained. This results in “a flow of traffic between learning resources fakes and withdrawal phishing attempts,” it added.

Bybit has accused North Korean hackers behind the attacks, costing the firm a massive $1.5 billion in stolen crypto. The campaign has contributed to Q1 2025 with an infamous record: a $1.7 billion theft in the first quarter, the highest in history.

Alibaba Launches Latest Open-source AI Model from Qwen Series for ‘Cost-effective AI agents’



 

Technology

AI Alibaba China Cloud DeepSeek GenAI Technology

Alibaba Launches Latest Open-source AI Model from Qwen Series for ‘Cost-effective AI agents’

Alibaba Launches Lates Open-source AI Model from Qwen Series for ‘Cost-effective AI agents’

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI.

The latest "Qwen2.5-Omni-7B" is a multimodal model- it can process inputs like audio/video, text, and images- while also creating real-time text and natural speech responses, Alibaba’s cloud website reports. It also said that the model can be used on edge devices such as smartphones, providing higher efficiency without giving up on performance.

According to Alibaba, the “unique combination makes it the perfect foundation for developing agile, cost-effective AI agents that deliver tangible value, especially intelligent voice applications.” For instance, the AI can be used to assist visually impaired individuals to navigate their environment via real-time audio description.

The latest model is open-sourced on forums GitHub and Hugging Face, after a rising trend in China post DeepSeek breakthrough R1 model open-source. Open-source means a software in which the source code is created freely on web for potential modification and redistribution.

In recent years, Alibaba claims it has open-sourced more that 200 generative AI models. In the noise of China’s AI dominance intensified by DeepSeek due to its shoe string budget and capabilities, Alibaba and genAI competitors are also releasing new, cost-cutting models and services an exceptional case.

Last week, Chinese tech mammoth Baidu launched a new multimodal foundational model and its first reasoning-based model. Likewise, Alibaba introduced its updated Qwen 2.5 AI model in January and also launched a new variant of its AI assistant tool Quark this month.

Alibaba has also made strong commitments to its AI plan, recently, it announced a plan to put $53 billion in its cloud computing and AI infrastructure over the next three years, even surpassing its spending in the space over the past decade.

CNBC talked with Kai Wang, Asia Senior equity analyst at Morningstar, Mr Kai told CNBC that “large Chinese tech players such as Alibaba, which build data centers to meet the computing needs of AI in addition to building their own LLMs, are well positioned to benefit from China's post-DeepSeek AI boom.” According to CNBC, “Alibaba secured a major win for its AI business last month when it confirmed that the company was partnering with Apple to roll out AI integration for iPhones sold in China.”

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon



 

VPN

AI Cyber Attacks cyber resilience Internet phishing VPN

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon

In a series of unfortunate events, experts suggest the advancement of cybercrime isn’t ending anytime soon.

Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a major one and not showing signs of ending anytime soon. Artificial Intelligence, large-scale data breaches, businesses, governments, and rising target refinement across media platforms have contributed to this problem. However, Nord VPN CTO Marijus Briedis believes, “Prevention alone is insufficient,” and we need resilience.

VPN provider Nord VPN experienced first-hand the changing cyber threat landscape after the spike in cybercrime cases attacking Lithuania, where the company is based, in the backdrop of the Ukraine conflict.

Why cyber resilience is needed

In the last few years, we have witnessed the expansion of cybercrime gangs and state-sponsored hackers and also the abuse of digital vulnerabilities. What is even worse is that “with little resources, you can have a lot of damage,” Briedis added. Data breaches reached an all-time high in 2024. The infamous “mother of all data breaches” incident resulted in a massive 26 billion record leak. Overall, more than 1 billion records were leaked throughout the year, according to NordLayer data.

Google’s Cybersecurity Forecast 2025 included Generative AI as a main threat, along with state-sponsored cybercriminals and ransomware.

Amid these increasing cyber threats, companies like NordVPN are widening the scope of their security services. A lot of countries have also implemented laws to safeguard against cyberattacks as much as possible throughout the years.

Over the years, governments, individuals, and organizations have also learned to protect their important data via vpn software, antivirus, firewall, and other security software. Despite these efforts, it’s not enough. According to Briedis, this happens because cybersecurity is not a fixed goal. "We have to be adaptive and make sure that we are learning from these attacks. We need to be [cyber] resilience."

The plan forward

In a RightsCon panel that Briedis attended, the discourse was aimed at NGOs, activists, and other small businesses, people take advantage of Nord’s advice to be more cyber-resilient. He gives importance to education, stressing it’s the “first thing.”

Revolution or Hype? Meet the AI Agent That’s Automating Invoicing for Thousands



 

Technology

AI AI Twin Product invoicing Technology

Revolution or Hype? Meet the AI Agent That’s Automating Invoicing for Thousands

French startup Twin has introduced its very first AI-powered automation tool to help business owners who use Qonto. Qonto is a digital banking platform that offers financial services to companies across Europe. Many Qonto users spend hours each month gathering invoices from different sources and uploading them. Twin’s new tool does this job faster and with almost no effort from the user.

The tool is called Invoice Operator. It has been designed to save time by automatically finding and attaching invoices to the right transactions in a Qonto account. This means users no longer have to search for documents themselves or waste time uploading files manually.

Usually, companies use tools like Zapier or software like UiPath to automate tasks. These tools often need coding knowledge or work through complex scripts that break if a website changes. Twin uses a smarter method that copies how a person uses a web browser but with the help of artificial intelligence.

Here’s how Invoice Operator works: when a Qonto user starts the tool, it first checks which transactions are missing invoices. Then it opens a browser and prepares to visit the websites where invoices might be stored. If a login is required, the tool will stop and ask the user to enter their username and password. After logging in, the AI continues its job— finding the needed documents and uploading them to Qonto automatically.

This method is useful because businesses often use many different platforms to make purchases. It would be too difficult and time-consuming to write special instructions for each website. But Twin’s technology can handle thousands of services without needing extra scripts.

The tool is powered by an advanced AI model developed by OpenAI, which allows the software to operate a browser in the same way a person would. Twin was one of only a few companies allowed to test this AI model before it was released to the public.

What makes Twin’s tool even more helpful is that it’s very easy to use. Business owners don’t have to understand coding or set up anything complicated. Once logged in, the AI handles the process without further input. This makes it ideal for people who want results without dealing with technical steps.

In the long run, Twin believes its technology can be useful for many other tasks in different industries. For example, it could help online stores handle orders or assist customer support teams in finding information quickly.

With this launch, Twin is showing how smart automation can reduce boring and repetitive work. The company hopes to bring its AI tools to more people and businesses in the near future.



 

Threat Intelligence

AI AI Tool Data Privacy Technology Threat Intelligence

AI and Privacy – Issues and Challenges

Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the line between safety and overreach as AI-driven systems become more and more integrated into daily life.

The same artificial intelligence (AI) tools that aid in spotting online threats, optimising security procedures, and stopping fraud can also be used for intrusive data collecting, behavioural tracking, and mass spying. The use of AI-powered surveillance in corporate data mining, law enforcement profiling, and government tracking has drawn criticism in recent years. AI runs the potential of undermining rather than defending basic rights in the absence of clear regulations and transparency.

AI and data ethics

Despite encouraging developments, there are numerous instances of AI-driven inventions going awry, which raise serious questions. A face recognition business called Clearview AI amassed one of the largest facial recognition databases in the world by illegally scraping billions of photos from social media. Clearview's technology was employed by governments and law enforcement organisations across the globe, leading to legal action and regulatory action about mass surveillance.

The UK Department for Work and Pensions used an AI system to detect welfare fraud. An internal investigation suggested that the system disproportionately targeted people based on their age, handicap, marital status, and country. This prejudice resulted in certain groups being unfairly picked for fraud investigations, raising questions about discrimination and the ethical use of artificial intelligence in public services. Despite earlier guarantees of impartiality, the findings have fuelled calls for increased openness and supervision in government AI use.

Regulations and consumer protection

The ethical use of AI is being regulated by governments worldwide, with a number of significant regulations having an immediate impact on consumers. The AI Act of the European Union, which is scheduled to go into force in 2025, divides AI applications into risk categories.

Strict regulations will be applied to high-risk technology, like biometric surveillance and facial recognition, to guarantee transparency and moral deployment. The EU's commitment to responsible AI governance is further reinforced by the possibility of severe sanctions for non compliant companies.

Individuals in the United States have more control over their personal data according to California's Consumer Privacy Act. Consumers have the right to know what information firms gather about them, to seek its erasure, and to opt out of data sales. This rule adds an important layer of privacy protection in an era where AI-powered data processing is becoming more common.

The White House has recently introduced the AI Bill of Rights, a framework aimed at encouraging responsible AI practices. While not legally enforceable, it emphasises the need of privacy, transparency, and algorithmic fairness, pointing to a larger push for ethical AI development in policy making.

Attackers Exploit Click Tolerance to Deliver Malware to Users



 

malware

Advanced Technology AI CyberCrime Cybersecurity CyberThreat malware

Attackers Exploit Click Tolerance to Deliver Malware to Users

The Multi-Factor Authentication (MFA) system has been a crucial component of modern cybersecurity for several years now. It is intended to enhance security by requiring additional forms of verification in addition to traditional passwords. MFA strengthens access control by integrating two or more authentication factors, which reduces the risk of credential-based attacks on the network.

Generally, authentication factors are divided into three categories: knowledge-based factors, such as passwords or personal identification numbers (PINs); possession-based factors, such as hardware tokens sent to registered devices or one-time passcodes sent to registered devices; as well as inherent factors, such as fingerprints, facial recognition, or iris scans, which are biometric identifiers used to verify identity. Although Multi-factor authentication significantly reduces the probability that an unauthorized user will gain access to the computer, it is not entirely foolproof.

Cybercriminals continue to devise sophisticated methods to bypass authentication protocols, such as exploiting implementation gaps, exploiting technical vulnerabilities, or influencing human behaviour. With the evolution of threats, organizations need proactive security strategies to strengthen their multifactor authentication defences, making sure they remain resilient against new attack vectors.

Researchers have recently found that cybercriminals are exploiting users' familiarity with verification procedures to deceive them into unknowingly installing malicious software on their computers. The HP Wolf Security report indicates that multiple threat campaigns have been identified in which attackers have taken advantage of the growing number of authentication challenges that users face to verify their identities, as a result of increasing the number of authentication challenges.

The report discusses an emerging tactic known as "click tolerance" that highlights how using authentication protocols often has conditioned users to follow verification steps without thinking. Because of this, individuals are more likely to be deceptively prompted, which mimic legitimate security measures, as a result.

Using this behavioural pattern, attackers deployed fraudulent CAPTCHAs that directed victims to malicious websites and manipulated them into accepting counterfeit authentication procedures designed to trick users into unwittingly granting them access or downloading harmful payloads. As a result of these fraudulent CAPTCHAs, attackers were able to leverage this pattern.

For cybersecurity awareness to be effective and for security measures to be more sophisticatedtoo counter such deceptive attack strategies, heightened awareness and more sophisticated security measures are needed. A similar strategy was used in the past to steal one-time passcodes (OTPs) through the use of multi-factor authentication fatigue. The new campaign illustrates how security measures can unintentionally foster complacency in users, which is easily exploited by attackers.

Pratt, a cybersecurity expert, states that the attack is designed to take advantage of the habitual engagement of users with authentication processes to exploit them. People are increasingly having difficulty distinguishing between legitimate security procedures and malicious attempts to deceive them, as they become accustomed to completing repetitive, often tedious verification steps. "The majority of users have become accustomed to receiving authentication prompts, which require them to complete a variety of steps to access their account.

To verify access or to log in, many people follow these instructions without thinking about it. According to Pratt, cybercriminals are now exploiting this behaviour pattern by using fake CAPTCHAs to manipulate users into unwittingly compromising their security as a result of this behavioural pattern." As he further explained, this trend indicates a significant gap in employee cybersecurity training. Despite the widespread implementation of phishing awareness programs, many fail to adequately address what should be done once a user has fallen victim to an initial deception in the attack chain.

To reduce the risks associated with these evolving threats, it is vital to focus training initiatives on post-compromise response strategies. When it comes to dealing with cyber threats in the age of artificial intelligence, organizations should adopt a proactive, comprehensive security strategy that will ensure that the entire digital ecosystem is protected from evolving threats. By deploying generative artificial intelligence as a force multiplier, threat detection, prevention, and response capability will be significantly enhanced.

For cybersecurity resilience to be strengthened, the following key measures must be taken preparation, prevention, and defense. Security should begin with a comprehensive approach, utilizing Zero Trust principles to secure digital assets throughout their lifecycle, from devices to identities to infrastructure to data, cloud environments, networks, and artificial intelligence systems to secure digital assets. Taking such measures also entails safeguarding devices, identities, infrastructures, data, and networks.

To ensure robust identity verification, it is essential to use AI-powered analytics to monitor user and system behaviour to identify potential security breaches in real-time, and to identify potential security threats. To implement explicit authentication, AI-driven biometric authentication methods need to be paired with phishing-resistant protocols like Fast Identity Online (FIDO) and Multifactor Authentication (MFA) which can protect against phishing attacks.

It has been shown that passwordless authentication increases security, and continuous identity infrastructure management – including permission oversight and removing obsolete applications – reduces vulnerability. In order to accelerate mitigation efforts, we need to implement generative artificial intelligence with Extended Detection and Response (XDR) solutions. These technologies can assist in identifying, investigating, and responding to security incidents quickly and efficiently.

It is also critical to integrate exposure management tools with organizations' security posture to help them prevent breaches before they occur. Protecting data remains the top priority, which requires the use of enhanced security and insider risk management. Using AI-driven classification and protection mechanisms will allow sensitive data to be automatically secured across all environments, regardless of their location. It is also essential for organizations to take advantage of insider risk management tools that can identify anomalous user activities as well as data misuse, enabling timely intervention and risk mitigation.

Organizations need to ensure robust AI security and governance frameworks are in place before implementing AI. It is imperative to conduct regular red teaming exercises to identify vulnerabilities in the system before they can be exploited by real-world attackers. An understanding of artificial intelligence applications within the organization is crucial to ensuring that AI technologies are deployed in accordance with security, privacy, and ethical standards. To maintain system integrity, updates of both software and firmware must be performed consistently.

Automating patch management can prevent attackers from exploiting known security gaps by remediating vulnerabilities promptly. To maintain good digital hygiene, it is important not to overlook these practices. Keeping browsing data, such as users' history, cookies, and cached site information, clean reduces their exposure to online threats. Users should also avoid entering sensitive personal information on insecure websites, which is also critical to preventing online threats. Keeping digital environments secure requires proactive monitoring and threat filtering.

The organization should ensure that advanced phishing and spam filters are implemented and that mobile devices are configured in a way that blocks malicious content on them. To enhance collective defences, the industry needs to collaborate to make these defences more effective. Microsoft Sentinel is a platform powered by artificial intelligence, which allows organizations to share threat intelligence, thus creating a unified approach to cybersecurity, which will allow organizations to be on top of emerging threats, and it is only through continuous awareness and development of skills that a strong cybersecurity culture can be achieved.

Employees must receive regular training on how to protect their assets as well as assets belonging to the organization. With an AI-enabled learning platform, employees can be upskilled and retrained to ensure they remain prepared for the ever-evolving cybersecurity landscape, through upskilling and reskilling.

AI as a Key Solution for Mitigating API Cybersecurity Threats



 

Technology

AI AI vulnerabilities API Artificial Intelligence CERT-In CyberCrime Cyberhackers CyberThreat Technology

AI as a Key Solution for Mitigating API Cybersecurity Threats

Artificial Intelligence (AI) is continuously evolving, and it is fundamentally changing the cybersecurity landscape, enabling organizations to mitigate vulnerabilities more effectively as a result. As artificial intelligence has improved the speed and scale with which threats can be detected and responded, it has also introduced a range of complexities that necessitate a hybrid approach to security management.

An approach that combines traditional security frameworks with human-digital interventions is necessary. There is one of the biggest challenges AI presents to us, and that is the expansion of the attack surface for Application Programming Interfaces (APIs). The proliferation of AI-powered systems raises questions regarding API resilience as sophisticated threats become increasingly sophisticated. As AI-driven functionality is integrated into APIs, security concerns have increased, which has led to the need for robust defensive strategies.

In the context of AI security, the implications of the technology extend beyond APIs to the very foundation of Machine Learning (ML) applications as well as large language models. Many of these models are trained on highly sensitive datasets, raising concerns about their privacy, integrity, and potential exploitation. When training data is handled improperly, unauthorized access can occur, data poisoning can occur, and model manipulation may occur, which can further increase the security vulnerability.

It is important to note, however, that artificial intelligence is also leading security teams to refine their threat modeling strategies while simultaneously posing security challenges. Using AI's analytical capabilities, organizations can enhance their predictive capabilities, automate risk assessments, and implement smarter security frameworks that can be adapted to the changing environment. By adapting to this evolution, security professionals are forced to adopt a proactive and adaptive approach to reducing potential threats.

Using artificial intelligence effectively while safeguarding digital assets requires an integrated approach that combines traditional security mechanisms with AI-driven security solutions. This is necessary to ensure an effective synergy between automation and human oversight. Enterprises must foster a comprehensive security posture that integrates both legacy and emerging technologies to be more resilient in the face of a changing threat landscape. However, the deployment of AI in cybersecurity requires a well-organized, strategic approach. While AI is an excellent tool for cybersecurity, it does need to be embraced in a strategic and well-organized manner.

Building a robust and adaptive cybersecurity ecosystem requires addressing API vulnerabilities, strengthening training data security, and refining threat modeling practices. A major part of modern digital applications is APIs, allowing seamless data exchange between various systems, enabling seamless data exchange. However, the widespread adoption of APIs has also led to them becoming prime targets for cyber threats, which have put organizations at risk of significant risks, such as data breaches, financial losses, and disruptions in services.

AI platforms and tools, such as OpenAI, Google's DeepMind, and IBM's Watson, have significantly contributed to advancements in several technological fields over the years. These innovations have revolutionized natural language processing, machine learning, and autonomous systems, leading to a wide range of applications in critical areas such as healthcare, finance, and business. Consequently, organizations worldwide are turning to artificial intelligence to maximize operational efficiency, simplify processes, and unlock new growth opportunities.

While artificial intelligence is catalyzing progress, it also introduces potential security risks. In addition to manipulating the very technologies that enable industries to orchestrate sophisticated cyber threats, cybercriminals can also use those very technologies. As a result, AI is viewed as having two characteristics: while it is possible for AI-driven security systems to proactively identify, predict, and mitigate threats with extraordinary accuracy, adversaries can weaponize such technologies to create highly advanced cyberattacks, such as phishing schemes and ransomware.

It is important to keep in mind that, as AI continues to grow, its role in cybersecurity is becoming more complex and dynamic. Organizations need to take proactive measures to protect their organizations from AI attacks by implementing robust frameworks that harness its defensive capabilities and mitigate its vulnerabilities. For a secure digital ecosystem that fosters innovation without compromising cybersecurity, it will be crucial for AI technologies to be developed ethically and responsibly.

The Application Programming Interface (API) is the fundamental component of digital ecosystems in the 21st century, enabling seamless interactions across industries such as mobile banking, e-commerce, and enterprise solutions. They are also a prime target for cyber-attackers due to their widespread adoption. The consequences of successful breaches can include data compromises, financial losses, and operational disruptions that can pose significant challenges to businesses as well as consumers alike.

Pratik Shah, F5 Networks' Managing Director for India and SAARC, highlighted that APIs are an integral part of today's digital landscape. AIM reports that APIs account for nearly 90% of worldwide web traffic and that the number of public APIs has grown 460% over the past decade. Despite this rapid proliferation, the company has been exposed to a wide array of cyber risks, including broken authentication, injection attacks, and server-side request forgery. According to him, the robustness of Indian API infrastructure significantly influences India's ambitions to become a global leader in the digital industry.

“APIs are the backbone of our digital economy, interconnecting key sectors such as finance, healthcare, e-commerce, and government services,” Shah remarked. Shah claims that during the first half of 2024, the Indian Computer Emergency Response Team (CERT-In) reported a 62% increase in API-targeted attacks. The extent of these incidents goes beyond technical breaches, and they represent substantial economic risks that threaten data integrity, business continuity, and consumer trust in addition to technological breaches.

Aside from compromising sensitive information, these incidents have also undermined business continuity and undermined consumer confidence, in addition to compromising business continuity. APIs will continue to be at the heart of digital transformation, and for that reason, ensuring robust security measures will be critical to mitigating potential threats and protecting organisational integrity.

Indusface recently published an article on API security that underscores the seriousness of API-related threats for the next 20 years. There has been an increase of 68% in attacks on APIs compared to traditional websites in the report. Furthermore, there has been a 94% increase in Distributed Denial-of-Service (DDoS) attacks on APIs compared with the previous quarter. This represents an astounding 1,600% increase when compared with website-based DDoS attacks.

Additionally, bot-driven attacks on APIs increased by 39%, emphasizing the need to adopt robust security measures that protect these vital digital assets from threats. As a result of Artificial Intelligence, cloud security is being transformed by enhancing threat detection, automating responses, and providing predictive insights to mitigate cyber risks.

Several cloud providers, including Google Cloud, Microsoft, and Amazon Web Services, employ artificial intelligence-driven solutions for monitoring security events, detecting anomalies, and preventing cyberattacks.

The solutions include Chronicle, Microsoft Defender for Cloud, and Amazon GuardDuty. Although there are challenges like false positives, adversarial AI attacks, high implementation costs, and concerns about data privacy, they are still important to consider.

Although there are still some limitations, advances in self-learning AI models, security automation, and quantum computing are expected to raise AI's profile in the cybersecurity space to a higher level. The cloud environment should be safeguarded against evolving threats by using AI-powered security solutions that can be deployed by businesses.

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data



 

AI Backdoor Data Encryption Pegasus Spyware Technology WhatsApp

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data

Law demanding companies to provide encrypted data

New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed.

France has proposed a law requiring end-to-end encryption messaging apps like WhatsApp and Signal, and encrypted email services like Proton Mail to give law enforcement agencies access to decrypted data on demand.

The move comes after France’s proposed “Narcotraffic” bill, asking tech companies to hand over encrypted chats of suspected criminals within 72 hours.

The law has stirred debates in the tech community and civil society groups because it may lead to building of “backdoors” in encrypted devices that can be abused by threat actors and state-sponsored criminals.

Individuals failing to comply will face fines of €1.5m and companies may lose up to 2% of their annual world turnover in case they are not able to hand over encrypted communications to the government.

Criminals will exploit backdoors

Few experts believe it is not possible to bring backdoors into encrypted communications without weakening their security.

According to Computer Weekly’s report, Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said, “A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cyber criminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”

Researchers stress that the French proposals aren’t technically sound without “fundamentally weakening the security of messaging and email services.” Similar to the “Online Safety Act” in the UK, the proposed French law exposes a serious misunderstanding of the practical achievements with end-to-end encrypted systems. Experts believe “there are no safe backdoors into encrypted services.”

Use of spyware may be allowed

The law will allow using infamous spywares such as NSO Group’s Pegasus or Pragon that will enable officials to remotely surveil devices. “Tuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT Security Act and Germany’s Telecommunications Act (TKG) which require companies to secure their customer’s data,” reports Computer Weekly.

These Four Basic PC Essentials Will Protect You From Hacking Attacks



 

Technology

AI Antivirus Internet Password Technology

These Four Basic PC Essentials Will Protect You From Hacking Attacks

There was a time when the internet could be considered safe, if the users were careful. Gone are the days, safe internet seems like a distant dream. It is not a user's fault when the data is leaked, passwords are compromised, and malware makes easy prey.

Online attacks are a common thing in 2025. The rising AI use has contributed to cyberattacks with faster speed and advanced features, the change is unlikely to slow down. To help readers, this blog outlines the basics of digital safety.

Antivirus

A good antivirus in your system helps you from malware, ransomware, phishing sites, and other major threats.

For starters, having Microsoft’s built-in Windows Security antivirus is a must (it is usually active in the default settings, unless you have changed it). Microsoft antivirus is reliable and runs without being nosy in the background.

You can also purchase paid antivirus software, which provides an extra security and additional features, in an all-in-one single interface.

Password manager

A password manager is the spine of login security, whether an independent service, or a part of antivirus software, to protect login credentials across the web. In addition they also lower the chances of your data getting saved on the web.

A simple example: to maintain privacy, keep all the credit card info in your password manager, instead of allowing shopping websites to store sensitive details.

You'll be comparatively safer in case a threat actor gets unauthorized access to your account and tries to scam you.

Two-factor authentication

In today's digital world, just a standalone password isn't a safe bet to protect you from attackers. Two-factor authentication (2FA) or multi-factor authentication provides an extra security layer before users can access their account. For instance, if a hacker has your login credentials, trying to access your account, they won't have all the details for signing in.

A safer option for users (if possible) is to use 2FA via app-generated one-time codes; these are safer than codes sent through SMS, which can be intercepted.

Passkeys

If passwords and 2FA feel like a headache, you can use your phone or PC as a security option, through a passkey.

Passkeys are easy, fast, and simple; you don't have to remember them; you just store them on your device. Unlike passwords, passkeys are linked to the device you've saved them on, this prevents them from getting stolen or misused by hackers. You're done by just using PIN or biometric authentication to allow a passkey use.

Building Robust AI Systems with Verified Data Inputs



 

Technology

AI Artifical Intelligence CyberCrime Cybersecuriti CyberThreat Data data security Technology

Building Robust AI Systems with Verified Data Inputs

Artificial intelligence is inherently dependent on the quality of data that powers it for it to function properly. However, this reliance presents a major challenge to the development of artificial intelligence. There is a recent report that indicates that approximately half of executives do not believe their data infrastructure is adequately prepared to handle the evolving demands of artificial intelligence technologies.

As part of the study, conducted by Dun & Bradstreet, executives of companies actively integrating artificial intelligence into their business were surveyed. As a result of the survey, 54% of these executives expressed concern over the reliability and quality of their data, which was conducted on-site during the AI Summit New York, which occurred in December of 2017. Upon a broader analysis of AI-related concerns, it is evident that data governance and integrity are recurring themes.

Several key issues have been identified, including data security (46%), risks associated with data privacy breaches (43%), the possibility of exposing confidential or proprietary data (42%), as well as the role data plays in reinforcing bias in artificial intelligence models (26%) As organizations continue to integrate AI-driven solutions, the importance of ensuring that data is accurate, secure, and ethically used continues to grow. AI applications must be addressed as soon as possible to foster trust and maximize their effectiveness across industries. In today's world, companies are increasingly using artificial intelligence (AI) to enhance innovation, efficiency, and productivity.

Therefore, ensuring the integrity and security of their data has become a critical priority for them. Using artificial intelligence to automate data processing streamlines business operations; however, it also presents inherent risks, especially in regards to data accuracy, confidentiality, and regulatory compliance. A stringent data governance framework is a critical component of ensuring the security of sensitive financial information within companies that are developing artificial intelligence.

Developing robust management practices, conducting regular audits, and enforcing rigorous access control measures are crucial steps in safeguarding sensitive financial information in AI development companies. Businesses must remain focused on complying with regulatory requirements so as to mitigate the potential legal and financial repercussions. During business expansion, organizations may be exposed to significant vulnerabilities if they fail to maintain data integrity and security.

As long as data protection mechanisms are reinforced and regulatory compliance is maintained, businesses will be able to minimize risks, maintain stakeholder trust, and ensure long-term success of AI-driven initiatives by ensuring compliance with regulatory requirements. As far as a variety of industries are concerned, the impact of a compromised AI system could be devastating. From a financial point of view, inaccuracies or manipulations in AI-driven decision-making, as is the case with algorithmic trading, can result in substantial losses for the company.

Similarly, in safety-critical applications, including autonomous driving, the integrity of artificial intelligence models is directly related to human lives. When data accuracy is compromised or system reliability is compromised, catastrophic failures can occur, endangering both passengers and pedestrians at the same time. The safety of the AI-driven solutions must be maintained and trusted by ensuring robust security measures and continuous monitoring.

Experts in the field of artificial intelligence recognize that there is an insufficient amount of actionable data available to fully support the transforming landscape of artificial intelligence. Because of this scarcity of reliable data, many AI-driven initiatives have been questioned by many people as a result. As Kunju Kashalikar, Senior Director of Product Management at Pentaho points out, organizations often have difficulty seeing their data, since they do not know who owns it, where it originated from, and how it has changed.

Lack of transparency severely undermines the confidence that users have in the capabilities of AI systems and their results. To be honest, the challenges associated with the use of unverified or unreliable data go beyond inefficiency in operations. According to Kasalikar, if data governance is lacking, proprietary information or biased information may be fed into artificial intelligence models, potentially resulting in intellectual property violations and data protection violations. Further, the absence of clear data accountability makes it difficult to comply with industry standards and regulatory frameworks when there is no clear accountability for data.

There are several challenges faced by organizations when it comes to managing structured data. Structured data management strategies ensure seamless integration across various AI-driven projects by cataloguing data at its source in standardized, easily understandable terminology. Establishing well-defined governance and discovery frameworks will enhance the reliability of AI systems. These frameworks will also support regulatory compliance, promoting greater trust in AI applications and transparency.

Ensuring the integrity of AI models is crucial for maintaining their security, reliability, and compliance. To ensure that these systems remain authenticated and safe from tampering or unauthorized modification, several verification techniques have been developed. Hashing and checksums enable organizations to calculate and compare hash values following the training process, allowing them to detect any discrepancies which could indicate corruption.

Models are watermarked with unique digital signatures to verify their authenticity and prevent unauthorized modifications. In the field of simulation, simulation behavior analysis assists with identifying anomalies that could signal system integrity breaches by tracking model outputs and decision-making patterns. Using provenance tracking, a comprehensive record of all interactions, updates, and modifications is maintained, enhancing accountability and traceability. Although these verification methods have been developed over the last few decades, they remain challenging because of the rapidly evolving nature of artificial intelligence.

As modern models are becoming more complex, especially large-scale systems with billions of parameters, integrity assessment has become increasingly challenging. Furthermore, AI's ability to learn and adapt creates a challenge in detecting unauthorized modifications from legitimate updates. Security efforts become even more challenging in decentralized deployments, such as edge computing environments, where verifying model consistency across multiple nodes is a significant issue. This problem requires implementing an advanced monitoring, authentication, and tracking framework that integrates advanced monitoring, authentication, and tracking mechanisms to deal with these challenges.

When organizations are adopting AI at an increasingly rapid rate, they must prioritize model integrity and be equally committed to ensuring that AI deployment is ethical and secure. Effective data management is crucial for maintaining accuracy and compliance in a world where data is becoming increasingly important.

AI plays a crucial role in maintaining entity records that are as up-to-date as possible with the use of extracting, verifying, and centralized information, thereby lowering the risk of inaccurate or outdated information being generated as a result of overuse of artificial intelligence. The advantages that can be gained by implementing an artificial intelligence-driven data management process are numerous, including increased accuracy and reduced costs through continuous data enrichment, the ability to automate data extraction and organization, and the ability to maintain regulatory compliance with the use of real-time, accurate data that is easily accessible.

In a world where artificial intelligence is advancing at a faster rate than ever before, its ability to maintain data integrity will become of even greater importance to organizations. Organizations that leverage AI-driven solutions can make their compliance efforts stronger, optimize resources, and handle regulatory changes with confidence.

Dangers of AI Phishing Scam and How to Spot Them



 

Technology

AI ChatGPT Email Gen AI Phishing scam Technology

Dangers of AI Phishing Scam and How to Spot Them

Supercharged AI phishing campaigns are extremely challenging to notice. Attackers use AI phishing scams with better grammar, structure, and spelling, to appear legit and trick the user. In this blog, we learn how to spot AI scams and avoid becoming victims.

Checking email language

Earlier, it was easier to spot irregularities in an e-mail, all it took was one glance. As Gen AI models use flawless grammar, it is almost impossible to find errors in your mail copy,

Analyze the Language of the Email Carefully

In the past, one quick skim was enough to recognize something is off with an email, typically the incorrect grammar and laughable typos being the giveaways. Since scammers now use generative AI language models, most phishing messages have flawless grammar.

But there is hope. It is easier to identify Gen AI text, and keep an eye out for an unnatural flow of sentences, if everything seems to be too perfect, chances are it’s AI.

Red flags are everywhere, even mails

Though AI has made it difficult for users to find phishing scams, they show some classic behavior. The same tips apply to detect phishing emails.

In most cases, scammers mimic businesses and wish you won’t notice. For instance, instead of an official “info@members.hotstar.com” email ID, you may notice something like “info@members.hotstar-support.com.” You may also get unrequested links or attachments, which are a huge tell. URLs (mismatched) having subtle typos or extra words/letters are comparatively difficult to notice but a huge ti-off that you are on a malicious website or interacting with a fake business.

Beware of Deepfake video scams

The biggest issue these days is combating deepfakes, which are also difficult to spot.

The attacker makes realistic video clips using photo and video prompts and uses video calling like Zoom or FaceTime to trap potential victims (especially elders and senior citizens) to give away sensitive data.

One may think that only old people may fall for deepfakes, but due to their sophistication, even experts fall prey to them. One famous incident happened in Hong Kong, where scammers deepfake a company CFO and looted HK$200 million (roughly $25 million).

AI is advancing, and becoming stronger every day. It is a double-edged sword, both a blessing and a curse. One should tread the ethical lines carefully and hope they don’t fall to the dark side of AI.

AI and Quantum Computing Revive Search Efforts for Missing Malaysia Airlines Flight MH370



 

AI and Quantum Computing Revive Search Efforts for Missing Malaysia Airlines Flight MH370

A decade after the mysterious disappearance of Malaysia Airlines Flight MH370, advancements in technology are breathing new life into the search for answers. Despite extensive global investigations, the aircraft’s exact whereabouts remain unknown. However, emerging tools like artificial intelligence (AI), quantum computing, and cutting-edge underwater exploration are revolutionizing the way data is analyzed and search efforts are conducted, offering renewed hope for a breakthrough.

AI is now at the forefront of processing and interpreting vast datasets, including satellite signals, ocean currents, and previous search findings. By identifying subtle patterns that might have gone unnoticed before, AI-driven algorithms are refining estimates of the aircraft’s possible location.

At the same time, quantum computing is dramatically accelerating complex calculations that would take traditional systems years to complete. Researchers, including those from IBM’s Quantum Research Team, are using simulations to model how ocean currents may have dispersed MH370’s debris, leading to more accurate predictions of its final location. Underwater exploration is also taking a major leap forward with AI-equipped autonomous drones.

These deep-sea vehicles, fitted with advanced sensors, can scan the ocean floor in unprecedented detail and access depths that were once unreachable. A new fleet of these drones is set to be deployed in the southern Indian Ocean, targeting previously difficult-to-explore regions. Meanwhile, improvements in satellite imaging are allowing analysts to reassess older data with enhanced clarity.

High-resolution sensors and advanced real-time processing are helping experts identify potential debris that may have been missed in earlier searches. Private space firms are collaborating with global investigative teams to leverage these advancements and refine MH370’s last known trajectory.

The renewed search efforts are the result of international cooperation, bringing together experts from aviation, oceanography, and data science to create a more comprehensive investigative approach. Aviation safety specialist Grant Quixley underscored the importance of these innovations, stating, “New technologies could finally help solve the mystery of MH370’s disappearance.”

This fusion of expertise and cutting-edge science is making the investigation more thorough and data-driven than ever before. Beyond the ongoing search, these technological breakthroughs have far-reaching implications for the aviation industry.

AI and quantum computing are expected to transform areas such as predictive aircraft maintenance, air traffic management, and emergency response planning. Insights gained from the MH370 case may contribute to enhanced safety protocols, potentially preventing similar incidents in the future.

New Microsoft "Scareware Blocker" Prevents Users from Tech Support Scams



 

Technology

AI Fake Sites Internet Microsoft Scareware Tech Support Scam Technology

New Microsoft "Scareware Blocker" Prevents Users from Tech Support Scams

Scareware is a malware type that uses fear tactics to trap users and trick them into installing malware unknowingly or disclosing private information before they realize they are being scammed. Generally, the scareware attacks are disguised as full-screen alerts that spoof antivirus warnings.

Scareware aka Tech Support Scam

One infamous example is the “tech support scam,” where a fake warning tells the user their device is infected with malware and they need to reach out to contact support number (fake) or install fake anti-malware software to restore the system and clean up things. Over the years, users have noticed a few Microsoft IT support fraud pop-ups.

Realizing the threat, Microsoft is combating the issue with its new Scareware Blockers feature in Edge, which was first rolled out in November last year at the Ignite conference.

Defender SmartScreen, a feature that saves Edge users from scams, starts after a malicious site is caught and added to its index of abusive web pages to protect users globally.

AI-powered Edge scareware blocker

The new AI-powered Edge scareware blocker by Microsoft “offers extra protection by detecting signs of scareware scams in real-time using a local machine learning model,” says Bleeping Computer.

Talking about Scareware, Microsoft says, “The blocker adds a new, first line of defense to help protect the users exposed to a new scam if it attempts to open a full-screen page.” “Scareware blocker uses a machine learning model that runs on the local computer,” it further adds.

Once the blocker catches a scam page, it informs users and allows them to continue using the webpage if they trust the website.

Activating Scareware Blocker

Before activating the blocker, the user needs to install the Microsoft Edge beta version. The version installs along with the main release variant of Edge, easing the user’s headache of co-mingling the versions. If the user is on a managed system, they should make sure previews are enabled admin.

"After making sure you have the latest updates, you should see the scareware blocker preview listed under "Privacy Search and Services,'" Microsoft says. Talking about reporting the scam site from users’ end for the blocker to work, Microsoft says it helps them “make the feature more reliable to catch the real scams.

Beyond just blocking individual scam outbreaks” their Digital Crimes Unit “goes even further to target the cybercrime supply chain directly.”

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

After the Bybit hack, phishing campaigns steal crypto

Malicious free domains used for attacks

Why cyber resilience is needed

The plan forward

Law demanding companies to provide encrypted data

Criminals will exploit backdoors

Use of spyware may be allowed

Antivirus

Password manager

Two-factor authentication

Passkeys

Checking email language

Analyze the Language of the Email Carefully

Red flags are everywhere, even mails

Beware of Deepfake video scams

Scareware aka Tech Support Scam

AI-powered Edge scareware blocker

Activating Scareware Blocker