Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
zealot
Artificial Intelligence Authentication ChatGPT Cisco Security Cyber Security GitHub Phishing zealot

Researchers Show How ChatGPT Summaries Could Be Used for Phishing Attacks

 


Researchers have identified a technique that could allow malicious content embedded within a web page to appear inside ChatGPT responses, creating an opportunity for phishing, tracking, and social-engineering attacks through a platform users generally regard as trustworthy.

The attack method, named "ChatGPhish" by cybersecurity firm Permiso Security, focuses on how ChatGPT handles Markdown-formatted content when summarizing information from external websites. Markdown is a commonly used formatting language that allows web content to include elements such as hyperlinks and images.

According to Permiso Security researcher Andi Ahmeti, ChatGPT's web interface trusts Markdown links and image URLs originating from third-party pages that users ask the assistant to summarize. When a response is generated, the platform can automatically retrieve those images and present hyperlinks as active, clickable elements within the chatbot's interface.

In a scenario outlined by the researchers, an attacker could place a small hidden payload within a web page. If a user later asks ChatGPT to summarize that page, the embedded content may become part of the model's processing context. During response rendering, attacker-controlled images could be automatically requested, potentially exposing information such as the visitor's IP address, browser User-Agent string, and Referer data.

The researchers also found that links embedded in a manipulated page could appear as legitimate clickable items inside the AI-generated summary. Beyond directing users to phishing destinations, attackers could display fabricated security notifications, account-warning messages designed to imitate system alerts, or QR codes hosted on attacker-controlled infrastructure such as an Amazon S3 bucket. A victim scanning such a code with a mobile device could be redirected to a malicious destination, bypassing certain desktop-based URL filtering mechanisms and enterprise security controls.

The research adds to a growing body of evidence showing that AI-powered summarization tools can become unintended delivery channels for attacker instructions. Earlier this year, Permiso Security disclosed a separate attack involving Microsoft Copilot, where specially crafted instructions hidden inside an email influenced the output generated by the AI assistant. That technique was classified as a cross-prompt injection attack, also known as indirect prompt injection.

According to the researchers, the primary issue is not simply that prompt injection is possible. The more significant concern is how the manipulated content is ultimately presented to the user. A standard web page summarized by ChatGPT can cause phishing links, deceptive warnings, QR codes, and remotely hosted content to be displayed directly inside the assistant's interface, giving attacker-controlled material an appearance of legitimacy.

As AI assistants become common tools for workplace research, document review, and information gathering, this behavior introduces a new risk. Any web page processed by an employee could potentially contain hidden instructions or malicious content capable of influencing both the generated summary and the way that information is displayed.

Permiso Security noted that this shifts phishing activity beyond traditional delivery methods. Users no longer need to open a suspicious attachment or interact with an obviously fraudulent email. In some cases, simply asking an AI assistant to summarize a webpage may expose them to attacker-controlled content.

The disclosure arrives alongside research from Adversa AI detailing two attack techniques aimed at AI coding assistants and agentic development tools. The first, known as SymJack, allows a malicious code repository to achieve remote code execution through an AI-powered coding assistant.

According to Adversa AI researcher Rony Utevsky, the attack relies on convincing the AI assistant to perform what appears to be a harmless file-copy operation. The destination, however, is a symbolic link pointing to the assistant's own configuration file. As a result, attacker-controlled content is written into the configuration. When the assistant is restarted, a malicious Model Context Protocol (MCP) server is launched and executes arbitrary code using the victim's privileges.

The second technique, called TrustFall, uses a repository containing a malicious MCP server together with configuration settings that automatically approve its execution. A developer only needs to clone or open the repository in an AI coding environment and accept a folder-trust prompt. Once that action is taken, the attacker-controlled MCP server can start automatically without requiring additional tool approval, running with the same operating-system permissions as the developer.

Adversa AI explained that a victim who clones the repository, launches Claude, and accepts the generic trust prompt effectively allows the malicious MCP server to start as a native process on the machine. The payload executes immediately when the server starts, before additional prompts or tool requests occur.

The ChatGPhish findings emerge amid a steady stream of research examining weaknesses in modern AI systems, coding agents, and autonomous workflows.

Researchers recently described a jailbreak method called Involuntary In-Context Learning (IICL), which exploits the tension between a model's contextual learning behavior and its safety mechanisms to bypass protections in GPT-5.4.

Separate research from Cisco found that many AI security evaluations fail to reflect how real-world attackers operate. Rather than relying on a single prompt, attackers often use multiple interactions, gradually changing their wording, adopting different personas, and breaking objectives into smaller steps. Cisco argued that single-turn testing overlooks these techniques because real attacks frequently unfold across extended conversations.

Additional research has uncovered a vulnerability affecting Anthropic Claude Code in which a user-level configuration file, "~/.claude.json," can be altered through a rogue npm package. The attack enables modification of MCP endpoints and can place an attacker between Claude Code and an OAuth-protected MCP server, creating an opportunity to capture authentication tokens used to access downstream software-as-a-service platforms.

Researchers have also documented a technique involving OpenClaw skills that appear harmless during installation but later retrieve remote updates. In one scenario, attackers can influence an AI agent through workspace files after instructing users to append specific content to a file called HEARTBEAT.md during setup.

Another study demonstrated how hidden text embedded inside phishing emails can manipulate AI-based email security products. Attackers concealed text taken from legitimate newsletters and romance novels to make malicious messages appear benign to automated filtering systems.

LayerX researchers separately disclosed a flaw known as ClaudeBleed affecting Claude's Chrome extension. According to the company, any browser extension, including one without elevated permissions, could communicate with Claude's language model through the extension's content script because the code does not adequately verify the source of incoming instructions. This could allow another extension to issue commands and trigger actions through the AI assistant.

Cisco researchers also examined typographic prompt injection attacks against vision-language models. In these attacks, adversarial text is embedded inside images. The manipulated image may appear unreadable or resemble visual noise to humans and OCR-based filters while remaining interpretable to the target AI model.

Other recently disclosed vulnerabilities include flaws in Microsoft Semantic Kernel, tracked as CVE-2026-25592 and CVE-2026-26030, which researchers said could allow prompt-injection attacks to progress into host-level remote code execution.

Researchers additionally described the Neural Exec attack and abuse of the Unicode right-to-left-override function to bypass safety mechanisms protecting Apple's local AI models. The issue has since been addressed in iOS 26.4 and macOS 26.4.

A separate indirect prompt-injection vulnerability known as WebPromptTrap affected BrowserOS, an open-source agentic browser. The technique relied on hidden instructions embedded in an otherwise legitimate article to influence an AI-generated summary and persuade users to approve an authorization request. The issue was patched in BrowserOS version 0.32.0.

Research into the broader AI-agent ecosystem has uncovered persistent security weaknesses. An audit covering 3,984 skills published through ClawHub and skills.sh found that 534 skills, representing 13.4% of the total, contained at least one critical security issue. Researchers also identified 1,467 skills with broader weaknesses, including malware distribution risks, prompt-injection opportunities, exposed secrets, hard-coded API credentials, insecure handling of authentication data, and unsafe exposure to third-party content.

Additional studies identified attacks against NemoClaw, NVIDIA's reference framework for securing OpenClaw agents. Researchers demonstrated methods for extracting OpenClaw data through the platform's default sandbox configuration using either a malicious GitHub repository or a compromised npm package.

Security researchers are increasingly examining how advances in AI capability could affect offensive cyber operations. According to researchers at Palo Alto Networks Unit 42, more capable AI models could allow attackers to exploit both newly discovered and previously known vulnerabilities at a scale, speed, and level of automation that has traditionally required specialized expertise.

Last month, Unit 42 presented a proof-of-concept AI agent called Zealot that was capable of carrying out cloud attack operations with limited human involvement. The system chained together reconnaissance, exploitation, privilege escalation, and data-exfiltration activities by leveraging known weaknesses and misconfigurations.

Researchers argue that cloud environments are particularly susceptible to this type of automation because most administrative functions are accessible through APIs, multiple discovery mechanisms exist for identifying resources, configuration errors remain common, and access control often depends heavily on credentials.

According to Unit 42 researchers Yahav Festinger and Chen Doytshman, current large language models are already capable of coordinating reconnaissance, exploitation, privilege escalation, and data theft activities with relatively little human guidance. The techniques themselves are not necessarily new. What is changing is the speed and scale at which those established attack patterns can now be executed through AI-assisted automation.

Read more »
Phishing Attacks
Android Malware Android Security APK Fraud Cyber Security Cybercrime Karnataka Digital Fraud Fake APK Apps Mobile Banking Scam Phishing Attacks

Fake APK Apps Fuel 190% Rise in Digital Fraud Across Karnataka

 


Cybercrime is rapidly changing in Karnataka. Threat actors are increasingly shifting their focus from traditional phishing and investment scams to highly sophisticated APK-based attacks designed specifically for Android platforms. It has been reported by security experts and law enforcement agencies that the number of Android Package Kit (APK) fraud cases has increased by 190% during the first four months of 2026, demonstrating how malicious application files are used to intrude smartphones, gather sensitive credentials, and carry out unauthorized financial transactions using malicious applications. 

By April, there were 458 complaints filed, and it is anticipated that the number will surpass 1,300 before the year is up, according to investigators. The misuse of fake APK installers has emerged as an aggressive and technically dangerous form of mobile-enabled financial cybercrime currently affecting users across the state, particularly senior citizens and those without digital experience. 

Cybersecurity experts and investigators continue to find that seniors are disproportionately susceptible to APK-based attacks, primarily due to limited familiarity with Android security architecture and the increasing sophistication of social engineering techniques embedded within fraudulent messages. 

APK installers are increasingly being masked as urgent service notifications involving electricity bill disconnection, pending KYC verification, unclaimed credit card rewards points, courier updates, or even digital wedding invitations distributed through WhatsApp and Telegram platforms. When downloaded and manually installed outside of official app markets, these files can be silently gaining intrusive permissions on a device, allowing threat actors to monitor SMS-based OTPs, capture bank credentials, access contact lists, and manipulate financial applications remotely. 

Exclusive data obtained by DH indicates that Karnataka has experienced a steep 190.46% increase in APK fraud incidents, increasing from 325 reported cases in 2024 to 944 in 2025. 458 complaints have already been filed by April 2026 alone. Authorities estimate that by the end of the year, approximately 1,374 APK-related fraud complaints could occur in the state, based on its current monthly average of 114.5 cases.

The APK fraud campaign differs from the digital arrest scams or investment-linked pig butchering operations that rely heavily on prolonged psychological manipulation. As a result, law enforcement and cybercrime response teams face significant operational challenges resulting from low public awareness and weak digital vigilance. APK fraud campaigns are designed for rapid compromise through deceptive mobile payload delivery. 

Various authorities have urged citizens to avoid downloading APK files from unverified sources, restrict unnecessary application permissions, and report suspicious digital activities as soon as possible to the national cybercrime helpline 1930 or to designated cyber police units. 

It has been attributed that the rapid expansion of APK-enabled fraud networks is due to the widespread penetration of low-cost Android smartphones, the increased use of instant messaging platforms, and the existence of a persistent digital literacy gap among a wide range of user groups. There is an increasing sophistication of cybercriminal operations, with fraudulent APK payloads embedded within region-specific and multilingual communication used to imitate legitimate service providers, financial institutions, delivery platforms, and government verification systems, according to investigators. 

Users are advised to refrain from downloading applications that may have been transmitted via WhatsApp forwards, SMS hyperlinks, Telegram attachments, or unfamiliar third-party websites. Additionally, experts recommend enabling the "Install from Unknown Sources" setting on Android devices only when absolutely necessary for verified enterprise use. 

The security analysts recommend that electricity bills, courier delivery alerts, banking updates, and KYC requests be authenticated through official websites or authorized mobile applications, in recognition of the increasing use of clones and fabricated urgency by attackers to expedite victim responses.

Investigators of cybercrime have also advised against sharing one-time passwords, facilitating screen-sharing sessions, or granting access permissions to individuals who appear to be bank officials, police personnel, or government officials, since such access can facilitate remote surveillance, credential intercept, and unauthorized financial transactions. These campaigns identify seniors as one of the most at risk demographics, and encourage them to verify suspicious communications with trusted family members before engaging in links or application files. 

As a further warning, fraud syndicates are increasingly utilizing emotional manipulation, fear-based narratives, and professionally formatted communication templates for bypassing user suspicions and taking advantage of impulsive behavior. 

Considering the proliferation of APK fraud campaigns in social media ecosystems and regional languages, cybersecurity professionals believe technological safeguards alone are insufficient in the absence of parallel investments in community-driven awareness initiatives, multilingual cyber hygiene education, improved law enforcement coordination and stronger enforcement of mobile application security. 

It is evident that the escalating trend is indicative of how India’s increased adoption of digital technologies has simultaneously led to an increased attack surface for financially motivated cybercrime, according to experts. Through this transformation, cybersecurity is becoming a broader challenge of public awareness and social resilience that requires coordination between authorities, banks, and technology providers. 

As APK-based fraud escalates across Karnataka, it symbolizes a broader shift in the landscape of cyber threats in India, where mobile devices have evolved into both essential digital lifelines and high-value attack surfaces for financially motivated hackers. Social engineering tactics and malicious application delivery methods continue to be refined by cybercriminals. 

The most effective defences, experts believe, will require not only advanced cybersecurity infrastructure but also sustained public awareness, responsible digital behavior, and rapid incident reporting. Increasingly, mobile-first services are being utilized in an ecosystem in which sensitive financial and personal information can be compromised as soon as a single unverified download is completed. Therefore, authorities and cybersecurity professionals stress the importance of vigilance, verification, and informed digital practices as routine parts of everyday online activity rather than reactive measures in response to fraud.
Read more »
Login Credentials
AI in robotics AI password attacks Cyber Security Data protection data security Device Security Login Credentials

Yarbo Robotic Lawnmower Flaw Exposed Thousands of Devices With Shared Passwords

 

A single password opened thousands of Yarbo’s robot mowers worldwide, leaving owners in over thirty nations vulnerable without knowing it. While testing how these smart devices manage login requests, analyst Andreas Makris spotted the weak point - simple as typing “admin” into a forgotten backdoor. Some of these exposed devices operate using Linux platforms, linked straight to the web, depending on camera inputs, location signals, wireless links - also automatic map functions. 

Units across many regions used identical preset login details, investigators found. Remote entry into such hardware could happen without consent, Makris explained. Midway through the review, personal data came into view - email addresses, exact lawn mower locations, and network credentials laid bare. Testing revealed a real-time display pinpointing above 11,000 units active in at least thirty nations. 

While examining traffic patterns, digital trails linked each machine to specific geographic points. Visibility extended beyond basic details once hidden layers were uncovered. Not just limited to leaked information, the dangers included remote hijacking of lawn robots. Through experiments, scientists showed unauthorized users might trigger motion controls, switch on built-in imaging tools, while also probing residential networks for weak spots - all from a distance. 

Operating much like standard web-linked machines, these gadgets may end up pulled into coordinated hacking efforts. Such capabilities raise concern about their role in broader digital threats. A test shown to journalists supposedly let someone in Germany steer a 200-pound lawn mower near a home in New York, though they were separated by thousands of miles. Commands sent from afar took priority over hands-on operation, yet people close by received no warning when shifts occurred.  
Warnings emerged about gadgets placed close to critical infrastructure raising wider safety risks. Not far from power stations or manufacturing zones, fragile automated machines might operate, Makris noted - highlighting growing unease over threats to both physical setups and digital networks. Fixing the problem via firmware patches did not work - systems kept falling back to identical default passwords. 

Even after updates, the same login details resurfaced across devices. Experts pointed out that swapping passwords alone misses larger flaws: built-in factory access remains, while remote management tools stay vulnerable by design. Later, Yarbo admitted the issues once details emerged. Though based openly in New York, it holds ties to Hanyang Tech located in Shenzhen, China. Reports indicate the firm shut down some remote diagnostics pathways following scrutiny. 

Root passwords were reset shortly afterward. Access without authentication saw restrictions applied. Instead of using one password for every machine, new measures shifted toward unique credentials per device. Despite pledges of improved audit mechanisms and stricter controls on remote diagnostics, concerns lingered. Backdoor-style access by manufacturers allegedly persists in the equipment, skeptics noted - undermining claims of real change. Hidden backdoors and minimal built-in safeguards in smart gadgets are drawing sharper scrutiny, according to researchers. 

With households increasingly using AI-powered tools, robotic aids, or connected sensors, vulnerabilities multiply. Instead of isolated digital leaks, failures might now trigger real-world harm - door locks failing, cameras hijacked, entire home networks invaded. Security flaws once seen as minor glitches may now enable intrusions beyond data theft. 

When manufacturers skip strong defaults, everyday convenience turns into risk points across neighborhoods. Because these devices interact physically with environments, weaknesses aren’t just virtual - they can reach into living rooms, garages, even children's bedrooms. So while automation spreads rapidly, oversight lags behind, leaving gaps attackers can exploit.
Read more »
Vehicle Surveillance
Connected cars Cyber Security Data collection Smart Car Privacy Vehicle Surveillance

Your Car Is Spying on You—and It’s About to Get Worse

 

Cars used to be simple machines that carried people from one place to another. Today, they are rolling computers packed with sensors, microphones, cameras, GPS receivers, and internet connections. That shift has turned the modern vehicle into a powerful data collector, often recording far more than location or mileage. For many drivers, the unsettling part is not just that cars gather information, but that the process is now built into the way many features work. 

The data collected can be surprisingly intimate. Depending on the brand and model, cars may track where you go, how fast you drive, when you brake, what entertainment you use, and even physical or behavioral cues such as voice commands, seat settings, facial expressions, or body weight estimates. Some systems can also log passengers and nearby devices, creating a broad picture of who is in the car and how they behave. What makes this especially worrying is that drivers often do not see the full extent of what is being gathered. 

The bigger issue is what happens after the data is collected. Privacy policies can allow manufacturers, service providers, insurers, advertisers, and other third parties to access or share the information. In practice, opting out may be difficult or impossible because many connected features depend on data collection to function. That means consumers may face a trade-off between convenience and privacy, often without realizing how much personal information they are giving away. 

This is why the debate around connected cars is no longer just about safety or convenience. It is also about consent, transparency, and accountability. Drivers may assume their vehicle is a private space, but modern software can turn it into a monitoring platform. As automakers add more digital services, remote controls, and subscription features, the amount of data generated by each trip is likely to grow even further. 

The lesson is simple: buying a car now involves more than checking the engine, fuel economy, or price. It also means understanding the privacy cost of connected technology. Drivers should review data settings, read privacy terms carefully, and think about which features are worth the information they reveal. In the era of smart vehicles, the road ahead is not only about mobility; it is also about who gets to see your life along the way.
Read more »
Cyber Security
Ad Data Privacy AI Chatbot AI Privacy AI Security chatbot security Cyber Privacy Cyber Security

WhatsApp Incognito AI Chats Raise Privacy and Accountability Concerns

 

Private AI chats are now arriving on WhatsApp through a new incognito mode where conversations disappear once they end. Neither users nor Meta will retain copies of these exchanges, according to the company. Executives say the feature was designed for sensitive discussions involving health, finances, relationships, or personal struggles, where users may not want permanent records stored online. 

Unlike most AI systems that retain chat history for moderation, improvements, or future model training, Meta claims these AI conversations will not be saved on company servers at all. CEO Mark Zuckerberg described it as one of the first major AI systems built without maintaining conversation logs. According to Will Cathcart, many users feel uncomfortable sharing private information when companies can later review chat histories. 

To address this, the new setting automatically erases AI discussions after completion, leaving no retrievable record behind. Although WhatsApp says the feature provides protections similar to end-to-end encryption, the company acknowledged the underlying technology differs from the encryption used for regular WhatsApp messages. Meta nevertheless maintains that users should expect comparable privacy safeguards while interacting with AI tools. 

Despite the stronger privacy focus, cybersecurity experts warn the system could create accountability challenges. Alan Woodward from the University of Surrey noted that while the feature is unlikely to weaken WhatsApp’s broader security infrastructure, disappearing AI chats could make it difficult to investigate harmful responses or dangerous recommendations generated by the chatbot. Companies including OpenAI and Google have already faced legal scrutiny tied to allegations that AI conversations contributed to emotional harm, unsafe behavior, or psychological distress. 

If AI chats vanish permanently, neither users nor Meta may be able to review what was said during critical interactions. Experts also warn that disappearing chat histories may reduce transparency around misinformation, moderation failures, or unsafe advice shared privately by AI systems. Without stored records, proving what responses were generated during sensitive moments becomes far more difficult. Meta says additional safety protections are still being developed. 

Initially, the incognito mode will support only text conversations rather than image processing, while stricter moderation guardrails are expected to block prompts considered harmful, illegal, or dangerous. The feature also reflects Meta’s broader push to integrate AI across Instagram, Facebook, and Messenger. Despite criticism from some users after Meta AI was added to WhatsApp without a full removal option, the company continues aggressively expanding its AI ecosystem. 

Industry analysts say Meta’s growing investment in AI infrastructure is tied to intense competition across the technology sector. The company is expected to spend heavily on artificial intelligence throughout 2026 to improve advertising systems, shopping features, and user engagement tools. Investors, however, remain cautious about whether those enormous investments will ultimately generate long-term returns. 

WhatsApp’s disappearing AI conversations highlight an increasingly important debate surrounding privacy and accountability. While users may value confidential AI interactions, experts warn that removing all conversation records could also make it harder to investigate misuse, harmful outcomes, or dangerous AI behavior later on.
Read more »
User Privacy
Cyber Security Meta Meta Glass Smart Glasses User Privacy

Meta Smart Glasses Secretly Film Women: Privacy Invasion Crisis Explained

 

Smart glasses are moving from novelty to mainstream, and Meta’s Ray-Ban model is leading the market. The BBC says Meta accounts for about 80% of sales in the smart-glasses category, helped by the familiar Ray-Ban design and the addition of a built-in camera, speakers, and AI features. That combination has made the product appealing to early adopters who want hands-free music, calls, photos, and information on the go. 

But the same features that make smart glasses attractive also make them controversial. The report describes women being filmed without their knowledge by men wearing the glasses, often in everyday settings such as beaches, shops, and sidewalks. Those videos can later appear online and attract harassment, while the people recorded may not even realize it happened until much later. 

Privacy concerns are not limited to casual misuse. The report says some wearers have been surprised to discover what their glasses were recording, while lawsuits have also been filed over videos captured through the devices and used for AI training. In addition, experts quoted in the report warn that if smart glasses become common, it may become much harder to enforce norms around sensitive places like courthouses, hospitals, museums, and bathrooms. 

Meta says the glasses are designed with privacy in mind and that users should behave responsibly. The company’s spokesperson told the BBC that it has teams focused on limiting misuse, but also argued that the ultimate responsibility lies with individual users. Even so, the report notes that visible indicators like the recording light may be too subtle to reliably alert bystanders, especially in bright outdoor conditions.

Despite the backlash, the commercial momentum is strong, and other major tech firms are preparing their own versions. Apple, Snap, and Google are all reportedly working on smart-glasses products, suggesting this could become a major new consumer category rather than a passing trend. The BBC’s reporting points to a familiar tech dilemma: a device can be genuinely useful while still raising difficult questions about consent, surveillance, and the limits of public privacy.
Read more »
Microsoft security
Credential Security Cyber Phishing Cyber Security Data protection data security Microsoft Microsoft security

Microsoft Warns Users About Rising QR Code Phishing and Quishing Scams

 

Microsoft’s cybersecurity researchers have uncovered a growing wave of phishing scams using QR codes hidden inside emails, PDF files, and fake CAPTCHA pages. Instead of clicking suspicious links, victims scan QR codes that secretly redirect them to fraudulent websites designed to steal login credentials and session data. The attacks spread quickly because they bypass many traditional security filters and often appear harmless at first glance. 

Known as “quishing,” these scams hide malicious links inside QR codes, avoiding the usual warning signs tied to suspicious URLs. Emails often create urgency through fake compliance notices, security alerts, or missed-message warnings, encouraging users to scan the code without carefully checking the sender. According to Microsoft, attackers are impersonating HR teams, IT departments, managers, and office administrators to make messages appear legitimate. 

Once scanned, users are routed through several webpages before landing on counterfeit login portals built to capture usernames, passwords, and even live session tokens capable of bypassing some two-factor authentication protections. Researchers say more than 35,000 users across approximately 13,000 organizations worldwide have already been targeted, with cases continuing to rise. Many people trust QR codes because they are commonly used for menus, payments, and sign-ins, making them less likely to question the risks behind scanning one. 
Cybercriminals are exploiting that familiarity to trick users into exposing sensitive information. A recent case highlighted by Digit.in demonstrated how convincing these scams can be. Employees reportedly received emails appearing to come from an Office 365 administrator claiming several messages were awaiting approval. Instead of links, the email included a QR code directing users elsewhere. Investigators tested the QR code using a freshly wiped mobile device across Android and iOS platforms to minimize potential risks. 

While the QR codes in that case did not install malware or alter device settings, the test showed how easily similar scams could deceive unsuspecting users. Security professionals warn that scanning unfamiliar QR codes on devices containing banking apps, work credentials, personal photos, or confidential files can expose users to serious threats without obvious warning signs. Experts recommend avoiding QR codes sent through unsolicited emails, verifying senders carefully, and checking linked addresses before entering passwords. 

As cybercriminals increasingly rely on social engineering instead of direct hacking, simple actions like scanning a QR code are becoming new entry points for digital attacks.
Read more »
Threat Investigation
AI SOC Alert Overload Cyber Security SOC Security Threat Investigation

SOC Alert Overload: Why More Analysts Won’t Help

 

Security operations centers are facing a problem that hiring alone cannot solve. Alert volumes keep rising, attackers move faster than most human teams can investigate, and many SOCs still rely on workflows built for a much smaller stream of events. The result is a widening gap between the alerts generated by modern systems and the number that can be analyzed with real depth. 

Even when organizations add analysts, the queue often remains crowded because the underlying process still depends on manual triage. That is why security experts argue the issue is not a staffing shortage alone, but an operating-model failure that leaves teams reacting instead of defending. 

Most SOCs have already tried the obvious fixes. They prioritize critical alerts, suppress noisy detections, and tune rules to reduce false positives. Those steps help, but they do not remove the central bottleneck: too many alerts still reach humans for investigation. The article explains that low- and medium-severity events are especially dangerous because attackers often hide inside them, knowing analysts are overwhelmed. When those signals sit in a backlog, the delay becomes a security weakness in itself. 

To test whether a SOC is truly under strain, security experts suggest a quick diagnostic. Leaders should ask how many high-priority alerts were actually investigated, how often detection rules were suppressed without replacement coverage, whether analyst turnover has created a fragile bench, and what task would be sacrificed if alert volume doubled overnight. If the answers reveal gaps, the problem is not effort or discipline. It is capacity, continuity, and architecture. 

The proposed answer is not to push analysts harder, but to change how investigations are handled. AI-based SOC platforms can triage alerts at scale, document reasoning, and free analysts from repetitive work. In the examples cited, teams completed thousands of investigations quickly and recovered large amounts of analyst time. That shift also allowed some organizations to reduce SIEM-related spending by cutting unnecessary ingest and storage. Humans still matter, but their role changes: they focus on insider threats, novel attack patterns, and cases that require business or regulatory judgment. 

The broader lesson is simple. Modern SOCs need a model that matches today’s attack speed and alert volume. If the queue is always full, more people will only slow the pain, not remove it. The stronger answer is to redesign the workflow so that technology handles scale and analysts handle judgment, because that is where security value actually comes from.
Read more »
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
European Union
AI Act AI Deepfakes AI Privacy AI Risks AI Security Cyber Security Deepfake Deepfake Images EU European Union

European Union Agrees to Ban AI Generated Non Consensual Sexualized Deepfakes

 

A temporary deal emerged Thursday between EU lawmakers and national representatives, targeting AI tools that create explicit fake images without consent. Such technology, when applied to produce child exploitation material, will also fall under the new restrictions. Agreement came after extended discussions on digital ethics and public safety concerns. Rules now aim to block deployment of systems designed for these harmful purposes. The move reflects growing attention to misuse of synthetic media across Europe. Final approval processes remain pending among governing bodies. 

Part of wider changes to the EU’s approach on AI, this move fits within the “Omnibus VII” laws meant to streamline digital rule-making. Rules for artificial intelligence across European countries are being aligned through these adjustments, reducing complexity where possible. One goal stands clear - making compliance less fragmented without adding new layers. 

Updates like this reshape how standards apply, slowly shifting the landscape from within. Following talks, officials announced updated guidelines banning artificial intelligence systems from producing private or explicit material about people without their agreement. These measures single out synthetic media depicting minors in sexually abusive scenarios - prompted by rising unease around how machine learning models enable manipulation, harmful behavior, and digital assault. 

Though broad in scope, enforcement hinges on consistent oversight across platforms where such technologies operate. Still, Marilena Raouna noted the deal could ease repeated paperwork demands on firms in the EU's tech industry - so long as safeguards around AI oversight remain intact. Compliance dates shift for high-risk AI under the new version of the framework. Starting December 2, 2027, standalone systems classified as high risk must follow the requirements. 

By August 2, 2028, those integrated into physical products come into scope. The timeline change appears in the current draft deal. Rules apply earlier to independent platforms than built-in ones. Registration of exempted AI tools in the European Union's high-risk database forms part of the deal. Authorities believe tracking these technologies will support clearer monitoring. Oversight gains clarity when deployments become visible through such records. Among updated measures, tighter rules return for handling sensitive personal details via AI aimed at spotting or fixing skewed algorithms. 

Government representatives noted these changes strengthen individual privacy safeguards, yet still require firms to justify extensive data use with concrete need. Now arriving amid global scrutiny, the deal reflects mounting demands on authorities to control tools that craft lifelike false media through artificial intelligence. 

While Europe's officials stress consequences, they point especially at intimate imagery made without permission - citing threats it poses to personal boundaries, digital safety, truth integrity, and public standing. Though not yet legally binding, the agreement advances the EU’s push to shape how artificial intelligence is built and used throughout its countries. Approval must come later, but momentum continues.
Read more »
European Union hacking
Chinese Cyber Threat Chinese Hackers Cyber Security Cyberespionage Cybersecurity EU cybersecurity European Union hacking

Chinese Cyber Threats to Europe Growing Through Silent Espionage Tactics

 

Chinese state-supported hacking groups are becoming one of the most serious cybersecurity concerns for the European Union, with experts cautioning that their activities often go unnoticed due to their discreet nature.

Unlike the highly visible cyberattacks commonly associated with Russia, Chinese-linked operations usually focus on quietly gaining long-term access to systems and collecting intelligence over extended periods.

According to Antonia Hmaidi, a senior analyst at the Mercator Institute for China Studies, one of the major risks involves cyber actors targeting small office devices used across Europe. These include routers, printers, and network equipment that frequently lack strong security protections, making them easier to exploit as entry points into larger systems.

“It’s not like Russian attacks, which are very visible. Therefore, we tend to underestimate it,” Hmaidi said.

Concerns over cyberespionage continue to rise

European authorities have increasingly expressed concerns over cyberespionage activities allegedly linked to China, especially as more incidents involving government agencies and private businesses continue to surface.

Rather than disrupting systems immediately, these cyber campaigns are often aimed at gathering confidential information and monitoring sensitive activity over time.

In response to growing security risks, several European institutions have tightened cybersecurity precautions. Earlier this year, members of the European Parliament travelling to China were reportedly advised to use burner phones and avoid carrying personal electronic devices.

Officials stated that the measures were introduced to minimise the possibility of surveillance or cyber intrusion during overseas visits. Lawmakers and staff members were also provided with security guidance and training before departure.

Similar safety protocols have been adopted by other EU institutions as well. Reports suggest that internal guidelines within the Council of the European Union recommend officials avoid carrying electronic devices to certain countries, including China. If devices must be taken, authorities reportedly advise wiping them completely after returning.

At the same time, staff members of the European Commission travelling abroad have reportedly been issued temporary phones and basic laptops to reduce the risk of espionage.

A stealth-driven cyber strategy

Cybersecurity experts believe Chinese cyber operations differ significantly from more aggressive attacks because they prioritise stealth, persistence, and long-term infiltration.

Instead of causing immediate and visible disruption, attackers quietly enter systems, observe operations, and gradually extract valuable information. This strategy makes detection far more difficult and allows intruders to remain active within networks for long periods without being discovered.

As Europe becomes increasingly dependent on digital infrastructure for governance, business, and communication, analysts warn that failing to recognise these hidden cyber risks could pose serious challenges to the region’s long-term security and technological independence.
Read more »
Meta Privacy Concerns
child online safety laws Cyber Security Digital Security Meta Meta Platforms Meta Privacy Concerns

Meta Challenges Ofcom Over Online Safety Act Fees and Penalties

 

Challenging new rules, Meta - owner of Facebook and Instagram - is taking Ofcom to the High Court amid disputes about charges tied to the Online Safety Act. The legal move stems from disagreements on how costs and fines are set by the UK's communications watchdog. 

July 2025 marked the start of a legal shift meant to curb damaging material on internet services. Funding oversight duties now fall partly on big tech firms, each paying yearly charges based on global earnings. These payments support Ofcom’s work monitoring digital spaces. Rules took effect without delay once enacted. Revenue ties ensure contributions scale with company size. Later in 2025, new rules took effect targeting firms with annual earnings above £250 million. 

These apply specifically to digital spaces like social networks and search tools - any platform allowing user-generated posts falls under scrutiny. While scale matters, the core focus remains on interactive online environments. Revenue size triggers obligation; activity type defines scope. What stands out is how Meta views the regulator's approach to setting operational charges and potential fines as skewed, placing too much burden on just a few major tech players. Shaped by courtroom arguments, legal representatives emphasized that today’s framework demands disproportionate contributions from firms like theirs. 

Though the Online Safety Act applies across a wide range of online services, the cost structure reflects something narrower in practice. One outcome - seen clearly - is that even minor shifts in methodology could alter financial exposure significantly. Behind these figures lies an assumption: larger platforms must pay more simply because they can. Yet the law itself does not single them out for heavier obligations. 

Instead, what emerges is a system where scale becomes a proxy for liability without clear justification. Disputing the method behind calculating eligible international income forms part of the legal argument. Court documents show Meta arguing penalties ought to reflect earnings only from UK-based operations, not total global turnover. Should firms fail to meet online safety duties, penalty amounts might reach 10% of global turnover - or £18 million - whichever figure exceeds the other. 

Another layer emerges where Meta contests methods used to assign sanctions if several units within one corporate family share fault. Later in London, at an early court session, officials heard that Epic Games - creator of Fortnite - and the Computer and Communications Industry Association might ask to join the legal matter. The possibility emerged through statements presented to the High Court. 

Later this year, more sessions will follow after Mr Justice Chamberlain pointed to matters of broad public significance in the case. Come October, a complete hearing should unfold. Following prior disputes over the Online Safety Act by various groups, litigation has now emerged again. Though distinct, last year’s challenge by the Wikimedia Foundation dealt with related rules on age checks - and ended in defeat. 

Despite pushback, Ofcom stood by its method, saying fees and penalties followed directly from how the law is written. Rather than accept Meta's concerns, the authority insisted the system makes sure firms with major online influence support efforts to keep users safe. Still, Meta insists it will keep working alongside Ofcom, though parts of the rollout feel excessive to them. Even with their suggested adjustments, oversight bodies could still hand down penalties among the highest ever seen on British companies.
Read more »
Data Privacy Laws
AI Chatbots AI Model AI Privacy Canada ChatGPT Privacy ChatGPT. OpenAI Cyber Privacy Cyber Security Data Privacy Laws

Canadian Privacy Regulators Say OpenAI Violated Federal and Provincial Privacy Laws

 

After months of scrutiny, Canadian oversight bodies determined OpenAI did not meet several national and regional data protection standards while developing its AI systems. This outcome emerged from a coordinated review spearheaded by federal Privacy Commissioner Philippe Dufresne, working together with counterparts in Alberta, Quebec, and British Columbia. 

What stood out in the findings was a pattern of data handling at OpenAI - massive volumes of personal details gathered, yet lacking strong protections or clear approval from affected people. Because of this approach, authorities concluded it clashed with rules set by Canada’s privacy law, known formally as PIPEDA, guiding how firms manage private data while conducting commercial activities. 

The way ChatGPT and similar artificial intelligence models were developed raised notable questions for oversight bodies. A key point centered on data collection practices - information about people pulled from open internet resources and external databases, often without clear notice to those affected. Officials pointed out that many users remain unaware their details might feed into machine learning processes. 

Another concern emerged around control: few practical options let individuals inspect, update, or request deletion of their data linked to these systems’ training records or responses. Oversight groups stressed that current safeguards fall short in offering real transparency or user agency. Questions arose about how dependable ChatGPT's answers really are. 

Some pointed out that current methods for managing false or confusing replies fall short - especially if private information is at stake. Even so, Canadian privacy authorities observed OpenAI engaging throughout the probe, committing in advance to adjustments meant to bring operations into line with national data rules. Following these steps, it appears older versions of the AI were phased out due to shortfalls in compliance, while new filters emerged - meant to spot and obscure details like contact numbers or full names across both open-access and legally obtained training collections. 

Some time soon, OpenAI will adjust how it explains the role of user chats in training its systems. A new phase involves more noticeable alerts for people using ChatGPT without logging in. These notices aim to guide visitors away from submitting private details. How exchanges help shape upcoming models will also become part of that message. Updates are meant to surface key points earlier in the experience. 

Further changes include streamlining how users access their data, while offering straightforward steps for disputing AI-generated inaccuracies. Officials emphasized protections for young relatives of well-known individuals - models must now avoid revealing personal details like names or birthdays if the child is not publicly recognized. 

Later scrutiny emerged when news surfaced connecting OpenAI to alarms tied to a violent event in Tumbler Ridge during early 2026, reigniting interest in an inquiry first begun in 2023. Though internal signals about the individual's activity were reportedly noticed earlier, officials claimed the firm failed to forward such red flags to Canadian authorities. Because of what followed, oversight bodies emphasized better coordination among artificial intelligence developers, police units, and public health offices whenever physical harm appears likely. 

Rather than wait, expectations now lean toward faster information sharing across these groups. Pressure mounts globally as scrutiny increases on firms using artificial intelligence, pushing them toward stronger safeguards for personal data. How information is gathered and applied in training powerful models now faces closer examination. 

Greater openness about methods has become harder to avoid. Responsibility for outcomes ties directly to practices behind massive data processing. Standards shift under persistent demands for clearer conduct.
Read more »
Tech
Banks Cyber Security Data Data Leak digital scam identity Scam Tech

High Court Squashes Ban for Sim-Swap Fraud, Says Zero Customer Liability


In an important ruling amid surging digital financial fraud attacks, the Bombay HC sided with the customer protection norms. It directed Bank of Baroda to return Rs. 1.24 crore to the victim private firm that lost money in a SIM-swap case. The court stressed that if a consumer reports fraud promptly in time, “zero liability” is ruled, and the bank must reimburse the losses.                 

Private company reported the incident immediately

The order was given by a division bench of the HC, which included Justices Manjusha Deshpande and Bharati Dangre, when private company PNP Polytex (based in Mumbai) submitted a petition. Polytex alleged that Rs.1.24 crore had been stolen from its bank accounts illegally and without knowledge. 

About court proceedings

As per the submissions to the court, the firm informed the bank soon after finding malicious transactions and asked the accounts to be frozen. The bank could only save Rs. 47.8 lakh, the remaining money was already stolen by the hackers. After this, the firm moved to HC for help.

Later, enquiry revealed that the scam was done using a SIM-swap tactic, where hackers get control of the target’s registered contact number. This lets the hackers intercept OTPs and do banking transactions without the account owner's consent and knowledge. The high court found that the scam was done by third-parties, and showed no evidence of negligence on consumer’s end.

What is RBI’s zero liability rule?

During the proceedings, the court referred to the July 6, 2017 statement given by the RBI, which laid down the customer protection guidelines in incidents of illegal electronic banking transactions. According to the circular, the consumers are entitled to zero liability if they report fraud transactions within 72 hours (three days).

In the judgement, the high court stressed that if a customer informs the bank about a scam or fraud, it is the duty of the bank to return the disputed amount back to the victim’s account. The court also said that the burden of proving customer negligence is on the bank too.  

The court rejected the bank's defenses that it had followed the due process and security measures, and the bench  labelled the argument as a “lame excuse,” saying that such mechanisms become powerless when a SIM card is hacked. The court also attributed another ruling in an incident where HDFC bank was held liable under similar situations. 

Bank will return stolen amount with interest

After revising the previously frozen funds, the High Court ordered the bank to return the remaining sum plus 6% interest within eight weeks. 

Read more »
WebSocket Exploits
AI Agent Security AI Runtime Vulnerabilities Browser Session Hijacking Credential Theft Cyber Security OpenClaw Vulnerabilities Privilege Escalation Prompt Injection Attacks WebSocket Exploits

Critical OpenClaw Flaws Allow Persistent Access and Credential Abuse


 

OpenClaw, a self-hosted AI agent runtime which has gained rapid adoption by enterprises, introduces a new type of security exposure for enterprises as dynamically executed content, external skill integrations, and cloud-based authentication mechanisms are convergent without adequate defensive control mechanisms.

The OpenClaw platform is unlike conventional applications that are constructed using fixed execution logic, as it is capable of accepting untrusted inputs, retrieving and executing third-party code modules, and interacting with connected environments with assigned credentials, effectively extending the trust boundary far beyond the application layer itself. These architectural flexibility and the recently disclosed ClawJacked exploitation technique expose critical weaknesses in authentication handling and token protection within browser-based cloud development environments, according to security researchers. 

It has been demonstrated that malicious web content can exploit active developer sessions to extract sensitive access tokens, thereby granting attackers unauthorized access to source repositories, cloud infrastructures, and privileged enterprise resources. Increasingly, organizations are integrating cloud-native development platforms into their engineering workflows. This disclosure highlights concerns regarding privilege scoping, identity isolation, and other security aspects associated with autonomous AI-powered runtime environments.

A coordinated vulnerability chain, collectively known as the "Claw Chain," was identified by Cyera researchers in response to these concerns, demonstrating how multiple vulnerabilities within OpenClaw can be combined to compromise a system, gain unauthorized access to data, and escalate privileges across affected systems. 

In particular, two vulnerabilities have been assigned CVE-2026-44113 and CVE-2026-2026-44112, which contain time-of-check/time-of-use (TOCTOU) race conditions within the OpenShell managed sandbox backend, which could allow attackers to circumvent sandbox enforcement and interact with files outside of the mounted root. 

In contrast to the first issue, which permits arbitrary write operations which can lead to configuration changes, backdoor installations, and long-term control over compromised hosts, the second issue provides a pathway for unauthorized disclosure of system artifacts, credentials, and sensitive internal data through unauthorized file disclosure. 

Researchers also disclosed CVE-2026-44115, a vulnerability resulting from an incomplete denylist implementation that allows adversaries to conceal shell expansion tokens in heredoc payloads and execute commands that bypass runtime restrictions. 

A fourth vulnerability known as CVE-2026-44118 introduces an improper access control condition in which non-owner loopback clients can impersonate privileged users to manipulate gateway configurations, alter scheduled cron operations, and gain greater control of execution environments through unauthorized use of privileged accounts. These flaws collectively demonstrate the possibility of insufficient isolation, weak privilege boundaries, and inadequate runtime validation mechanisms within modern AI agent infrastructures resulting in a full compromise chain which can sustain stealthy and persistent access despite seemingly isolated weaknesses.

OpenClaw's rapid adoption and permissive architecture have contributed to its rapid transformation from a niche automation framework into a widely deployed AI-driven orchestration environment, further amplifying its security implications.

In late 2025, Austrian engineer Peter Steinberger released a public version of the project that gained wide traction because of its unique capability to provide custom automation capabilities outside of tightly controlled commercial ecosystems. The OpenClaw assistant does not rely on vendor-defined integrations, but rather allows users to develop, modify, and distribute executable "skills."

The result is a large repository containing thousands of automation scenarios developed by the community without centrally managing, categorizing, or validating their security. Due to its “self-hackability” design, where configurations, memory stores, and executable logic are maintained using local Markdown-based structures that can be modified by the user, it has attracted both developer interest and growing scrutiny from security researchers concerned about the absence of hardened trust boundaries. 

It was discovered that hundreds of OpenClaw administrative interfaces were accessible over the internet and did not require authentication. These concerns escalated. Investigations revealed that improperly configured reverse proxies could forward external traffic through localhost-trusted channels, causing the platform to mistakenly treat remote requests as privileged local connections. 

Security researcher Jamieson O'Reilly demonstrated the severity of the issue by gaining access to sensitive assets such as credentials for Anthropic APIs, Telegram bot tokens, Slack environments, and archived conversations. Further research revealed that prompt injection attacks could be used to manipulate the agent to perform unintended behavior by embedding malicious instructions in emails, files, or web content processed by the underlying large language model. 

One such scenario was demonstrated by Matvey Kukuy's delivery of crafted email payloads which coerced the bot to provide private cryptographic keys from the host environment upon receiving instructions to review inbox contents. Several independent experiments have demonstrated the system discloses confidential email data, exposes the contents of home directories via automated shell commands, and searches local storage automatically after receiving psychologically manipulative prompts. 

In aggregate, these incidents illustrate an industry concern that autonomous AI agents operating with wide filesystem visibility, persistent memory, and delegated execution privileges may be highly susceptible to indirect command manipulation when deployed in a manner that does not adhere to strict authentication controls, runtime isolation, and contextual validation controls.

Despite the fact that there is no publicly verified link to any known advanced persistent threat group linking the exploitation of the OpenClaw vulnerabilities, security analysts note that the operational characteristics of the attack are in line with tradecraft commonly utilized in credential theft, browser hijacking, and adversary-in-the-middle intrusion campaigns.

MITRE ATT&CK framework techniques, including T1185 related to browser session hijacking as well as T1557 related to man-in-the-middle attacks, have been identified as parallel techniques, and both of these techniques are frequently used in targeted attacks against enterprise authentication systems and cloud-based environments. There has been a growing concern that financially motivated threat actors and state-aligned operators may incorporate the technique into broader intrusion toolsets due to the availability of publicly available proof-of-concept exploit methods and the relatively low complexity required to weaponize these flaws. 

It was discovered that all versions of OpenClaw and Clawdbot before version 2026.2.2, including all builds up to version 2026.2.1, have been vulnerable to the vulnerability. Researchers stated that in the updated version, unauthorized WebSocket interactions are restricted and authentication checks are enforced on the exposed /cdp interface, which previously permitted unsafe assumptions regarding local trust. 

During the deployment of immediate patches, security teams are advised to monitor for suspicious localhost WebSocket activity, unauthorized browser extension behaviors, and attempts to communicate outbound via ws://127.0.0.1:17892/cdp or infrastructure controlled by known attackers. 

When rapid patching is an operational challenge, experts recommend that the OpenClaw browser extension be temporarily disabled, that host-level firewall restrictions be enforced around local WebSocket services, and that browser session telemetry and endpoint indicators of compromise be continuously reviewed to determine if there has been an unauthorized persistence of credentials or credential interception. 

OpenClaw's vulnerability chain is a reflection of an overall security reckoning taking place in the rapidly expanding AI agent ecosystem, in which convenience-driven automation is outpacing the maturation of defensive safeguards designed to contain it in a rapidly expanding ecosystem. There is an increasing tendency for autonomous assistants to gain access to developer environments, authentication tokens, local storage, messaging platforms, and cloud infrastructure, so that the traditional boundaries between trusted execution and untrusted input are being eroded. 

Platforms with the ability to self-modify, delegate command execution, and persist contextual memory present significant security risks that are fundamentally different from conventional software, particularly when deployed with excessive privileges and inadequate isolation during runtime. 

Despite the fact that OpenClaw's vulnerabilities may be mitigated by patching, access restrictions, and stronger authentication enforcement, the incident emphasizes the larger industry concern that artificial intelligence-driven operational tools may become a high value target for both cybercriminals and advanced intrusion groups in the very near future. 

These findings serve as a reminder that, as organizations adopt autonomous AI systems, security architecture, privilege segmentation, and continuous monitoring must no longer be overlooked.
Read more »
UK government
Breaches Cyber Security IT Departments sensitive data UK government

Cybersecurity Can No Longer Be Left to IT Teams Alone, Experts Warn

 



As cyber attacks continue to grow in frequency and complexity, organizations are facing increasing pressure to rethink who should be responsible for protecting their systems, operations, and sensitive data. Security experts say cybersecurity is no longer simply an IT issue. Instead, it has become a business-wide responsibility that requires involvement from leadership teams, employees, and external security partners alike.

The discussion comes at a time when cyber threats are affecting organizations at an alarming scale. According to the UK Government’s Cyber Security Breaches Survey 2025/2026, 43% of businesses and 28% of charities reported experiencing cybersecurity breaches or attacks during the past year. The numbers were considerably higher among medium-sized businesses, where 65% faced incidents, and large enterprises, where the figure rose to 69%. High-income charities were also heavily targeted, with 34% reporting attacks.

Phishing continued to dominate as the most common threat. The survey found that 93% of affected businesses and 95% of impacted charities encountered phishing-related attacks. These scams often involve deceptive emails, fake websites, fraudulent login portals, or impersonation attempts designed to steal credentials and sensitive information. Other cyber threats, including malware infections and digital impersonation schemes, also remain a persistent concern for organizations.

The financial damage linked to cybercrime is equally significant. Research associated with cybersecurity company ESET estimated that cyber attacks cost UK businesses nearly £64 billion annually, highlighting the growing economic impact of digital threats.

With risks continuing to escalate, many organizations are reassessing who should oversee cybersecurity strategy and decision-making. Experts say there is no universal model, as responsibility often depends on a company’s size, structure, industry requirements, and risk exposure.

In smaller businesses, cybersecurity duties are frequently managed by IT managers or internal technology teams. However, industry specialists warn that relying solely on technical departments may create gaps between security planning and broader business objectives. As organizations expand, many experts believe cybersecurity leadership should move closer to executive management.

Durgan Cooper, director at CETSAT, emphasized that cybersecurity accountability should ultimately rest with senior leadership or board-level executives. According to Cooper, effective protection requires coordination between technical teams, company leadership, and third-party partners while ensuring that security priorities align with organizational goals.

Within larger enterprises, cybersecurity responsibilities are commonly led by Chief Information Security Officers, often working alongside Chief Information Officers and other senior executives. Spencer Summons, founder of Opliciti, stated that organizations need cybersecurity leaders capable of understanding evolving threats, communicating risks clearly to boards, and integrating security into long-term business planning. He also noted that sectors such as healthcare and finance face additional regulatory pressure that makes executive oversight even more important.

Cybersecurity professionals increasingly stress that protecting organizations cannot remain the responsibility of a single department. Matthew Riley, European Head of Information Security at Sharp Europe, recommended that businesses establish clear governance frameworks defining who is responsible for different security tasks. Many companies now rely on systems such as RACI matrices, which identify who is responsible, accountable, consulted, and informed during cybersecurity operations and incident response.

Experts caution that assigning cybersecurity entirely to IT departments may leave important business risks overlooked. At the same time, distributing responsibility too broadly can weaken accountability and slow decision-making during critical incidents. Instead, many specialists advocate a shared-responsibility culture where cybersecurity awareness is integrated across the entire organization.

The growing intensity of cyber attacks has also increased pressure on cybersecurity professionals themselves. Security teams are now managing ransomware campaigns, phishing attacks, supply chain compromises, and AI-assisted threats at an unprecedented pace, often with limited staffing and resources. Experts say spreading cybersecurity awareness and responsibilities throughout the organization can help reduce burnout while improving overall resilience.

Thom Langford, EMEA Chief Technology Officer at Rapid7, argued that cybersecurity must become part of every business function rather than remaining isolated within security teams. According to Langford, organizations are more resilient when employees across all levels actively participate in protecting systems and identifying suspicious activity.

Industry leaders also believe executive involvement plays a decisive role in cybersecurity effectiveness. Specialists from Qualys noted that Chief Information Security Officers should ideally report directly to CEOs or boards rather than operating solely under IT leadership. This structure helps organizations approach cybersecurity as a broader business risk issue instead of treating it purely as a technical challenge.

Alongside internal leadership, many businesses are increasingly turning to external cybersecurity providers for additional expertise and support. Outsourcing security operations can help companies address skill shortages and resource limitations, but experts warn that organizations must still maintain strategic oversight. Businesses are advised to conduct thorough vendor assessments, establish strong service-level agreements, and continuously monitor external providers to reduce operational risks.

Security specialists say outsourcing works most effectively when external consultants collaborate closely with internal teams instead of replacing them entirely. Maintaining internal visibility and control remains critical for ensuring cybersecurity strategies stay aligned with company objectives.

As cyber threats continue growing, experts increasingly agree that cybersecurity ownership cannot rest with one person alone. Effective security strategies require executive accountability, technical expertise, employee participation, and continuous collaboration across departments and external partners. Organizations that treat cybersecurity as a company-wide responsibility rather than a siloed IT function are likely to be better prepared for the growing challenges of the modern digital threat environment.

Read more »
Subscribe to: Posts (Atom)