Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Wireless Emergency Alerts
Cyber Security Emergency Alert System FCC cybersecurity Team Telecom undersea cable security Wireless Emergency Alerts

FCC Strengthens Cybersecurity Rules for Emergency Alert Systems and Undersea Cable Networks

 

The Federal Communications Commission (FCC) has approved a series of new regulations aimed at strengthening the cybersecurity of the United States' emergency communication systems while modernizing security requirements for the country's undersea cable infrastructure.

The newly adopted rules introduce stronger safeguards for the nation's two primary public warning platforms—the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA)—to reduce the risk of cyberattacks and unauthorized access.

The EAS is widely used by federal, state and local authorities to broadcast emergency information, including severe weather warnings, AMBER Alerts and other public safety notifications through television and radio networks. Meanwhile, the WEA delivers similar alerts directly to mobile devices through text messages.

According to the FCC, a successful cyberattack on either platform by a foreign government, cybercriminal organization or malicious actor could spread misinformation, create public confusion or disrupt emergency response efforts during critical situations.

Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

As part of the new cybersecurity framework, organizations responsible for operating EAS and WEA systems will be required to adopt stronger cyber hygiene measures. These include implementing robust passwords, promptly installing vendor-issued security updates and patches, and deploying firewalls to restrict unauthorized access to critical systems.

The FCC has also introduced a new authentication identification system that will verify emergency alerts before they are transmitted, helping prevent duplicate, fake or unauthorized alerts from being distributed.

In a separate decision, the Commission also approved its first major overhaul of submarine cable regulations in several decades. The updated framework seeks to enhance cybersecurity oversight for undersea cable infrastructure while simplifying licensing procedures for trusted operators.

Under the revised rules, certain undersea cable providers will no longer be required to undergo the extensive national security licensing review conducted by "Team Telecom" before operating cables connected to U.S. territory.

Team Telecom is an interagency group led by the Department of Justice's Foreign Investment Review Section, along with other federal agencies that evaluate the national security implications of telecommunications infrastructure.

The updated policy allows submarine cable applicants to qualify for an exemption if they can self-certify that they meet high security standards designed to improve certainty, streamline reviews and shorten licensing timelines.

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

The new regulations also expand the FCC's oversight of key operational components within submarine cable systems. Companies responsible for submarine line terminal equipment, which connects undersea cables to U.S.-based terrestrial facilities, will now be required to obtain licenses.

Additionally, the Commission has introduced updated security measures to address risks associated with essential equipment, third-party vendors and vulnerabilities across the broader submarine cable supply chain, further strengthening the resilience of critical communications infrastructure.

Read more »
Cyber Security
AI technology AI tools Anthropic Anthropic AI Anthropic Ban Claude Claude AI Cyber Security

Anthropic Restores Limited Access to Claude Mythos 5 AI Model After US Government Approval

 

Earlier limits on Anthropic’s top-tier AI tools have been eased by U.S. officials, reopening limited availability of the Claude Mythos 5 system to certain approved American institutions. Though only recently barred due to fears about potential misuse threatening national safety, the model is now accessible again under tight conditions. Government oversight in high-level AI deployment continues expanding, especially when such systems involve strong digital defense functions. 

While concerns remain, selective reinstatement suggests a shift toward managed access rather than blanket bans. Now cleared by U.S. authorities, Mythos 5 can be used again by groups managing essential infrastructure operations. Over a hundred entities - some among the largest corporations - are set to reconnect under new guidelines. Though access returns in phases, Anthropic emphasizes steady progress restoring function, even as talks continue with federal agencies on widening reach later. 

One goal remains: bringing back full public availability of the Fable 5 system after further review. One restriction began with an export directive dated June 12, forcing Anthropic to shut off entry points to Mythos 5 along with Fable 5. Not long after, OpenAI revealed a delay in launching GPT-5.6 widely - this pause came by direction from U.S. officials. Rather than open access freely, they handed early permissions only to select collaborators, names already passed to federal agencies.

Oversight like this signals a quiet but steady push from regulators to track how powerful artificial intelligence moves into real-world use. Officials worry powerful AI systems might fall into the hands of rival nations - like those in Beijing or Moscow - despite existing barriers. Because these tools can detect system flaws faster than humans, they may speed up digital attacks when protections fail. While designed for defense, their functions could shift toward offense once access is gained through weak points. 

Even infrastructure meant to resist intrusion becomes a target under such conditions. Surprisingly, Anthropic admitted that authorities questioned whether flaws in its security could allow bypassing controls meant to stop abuse of the Fable 5 system when spotting code weaknesses. Although officials noted improvements in handling those dangers, details about the specific defenses enabling partial revival of Mythos 5 remain undisclosed by public agencies. 

Though some defend the selection method, lawyers and tech executives have raised doubts. Questions emerge over who gets picked - free expression supporters point out unclear criteria behind group approvals. Without clear rules on checks, suspicion grows. Safety tests gain backing even as control worries surface; Sam Altman backs strong evaluations yet hesitates at state influence shaping access paths. Decisions made behind closed doors unsettle those watching closely. 

Now, trusted groups working with Mythros 5 won’t need export permits - this applies also to their staff outside the U.S. - as long as they’re named on the official roster. Still, firms left off the list must follow current licensing rules. A number of listed entities belong to Anthropic’s Project Glasswing, it is said, a collaboration hosting around one hundred tech outfits and study centers. 

Now comes news after Donald Trump issued an executive directive creating a non-mandatory process: creators of cutting-edge artificial intelligence may offer their systems to federal authorities for scrutiny during a thirty-day window prior to wider release. Some say this step offers temporary protection until more complete regulatory structures emerge through policy work. 

Yet concerns rise elsewhere - extended delays in launching powerful AI tools might hinder progress, weakening American firms just as international competitors push forward with their own intelligent technologies.
Read more »
signal
Backup CISA Cyber Security FBI Phishing signal

FBI Warns Russian-Linked Hackers Have Shifted Signal Phishing Campaign to Steal Backup Recovery Keys

 


The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated public service announcement warning that Russian intelligence-linked threat actors have expanded an ongoing phishing campaign targeting Signal users. Rather than attempting to intercept authentication codes alone, the attackers are now seeking victims' Signal Backup Recovery Keys, enabling them to restore encrypted cloud backups and gain access to historical conversations.

The latest advisory builds on an alert released in March 2026, when the agencies disclosed that Russian-backed operators were targeting users of commercial messaging applications, particularly Signal, through carefully crafted phishing campaigns. Those earlier attacks focused on compromising accounts by deceiving users into handing over verification codes, account PINs, or linking unauthorized devices to their Signal accounts, instead of defeating the application's end-to-end encryption.

According to the FBI, the threat actors have refined their social engineering techniques by impersonating automated Signal support accounts and introducing a new objective: convincing users to disclose the recovery keys that protect their encrypted backups.

The agencies said the campaign continues to concentrate on individuals considered to be of intelligence value, including current and former U.S. government officials, government personnel from allied nations, military members, political figures, journalists, and officials located in Ukraine.

The activity has been attributed to Russian Intelligence Services (RIS), including officers associated with Russia's Federal Security Service (FSB) Border Guards and additional actors operating on behalf of the Russian military. Security researchers publicly track the activity under the designations UNC5792 and UNC4221.

Phishing campaign evolves beyond account hijacking

The updated advisory describes a notable change in the attackers' methods. Earlier phishing attempts largely sought one-time verification codes, Signal PINs, or persuaded victims to connect attacker-controlled devices to their accounts. The current campaign instead attempts to obtain the cryptographic recovery key used by Signal's Secure Backups feature.

To begin the attack, the operators pose as Signal's support team and distribute fraudulent messages claiming the messaging platform is introducing mandatory two-factor verification following an alleged increase in attacks carried out by hackers from Iran and post-Soviet countries. The messages falsely state that the security changes require users to configure Signal Backups in order to avoid losing conversations and media files.

Victims are instructed to navigate through the application's backup settings, enable Secure Backups, reveal the Backup Recovery Key, copy it to the clipboard, and complete what appears to be a legitimate setup process.

Signal's Secure Backups feature allows users to store encrypted copies of conversations on the company's cloud infrastructure. Those backups remain protected through end-to-end encryption, with the Backup Recovery Key serving as the only credential capable of decrypting and restoring the archived data. Because Signal does not retain this key, anyone who obtains it can restore the encrypted backup onto another device.

After victims complete the initial steps, the attackers send a second phishing message while continuing to impersonate Signal support. This follow-up communication claims the user's account is experiencing a synchronization problem and warns that stored messages and media could be permanently lost unless immediate action is taken.

The fraudulent notification instructs users to revisit the backup settings, copy the Backup Recovery Key once again, and paste it directly into the conversation under the pretense of preventing data loss.

If victims comply, the attackers obtain the recovery key and use it to restore the encrypted backup on devices under their control. This grants access to previously archived communications, including private conversations and group chats.

The FBI emphasized that these attacks do not compromise Signal's encryption itself. Instead, they rely entirely on social engineering techniques that manipulate users into voluntarily surrendering the credentials needed to decrypt their own backups.

Compromised recovery keys remain a risk even after creating a new account

The updated advisory also highlights a recovery scenario that affected users may easily overlook.

According to the FBI, creating a new Signal account with the same phone number does not invalidate a Backup Recovery Key that has already been stolen. If attackers previously acquired the key, they may still be able to access any encrypted backups downloaded before the compromise was discovered.

To prevent future backup restorations using a compromised credential, users should generate a new Backup Recovery Key through Signal's backup settings. Creating a replacement key invalidates the previous one for subsequent backup downloads. However, the agencies cautioned that this action cannot revoke access to backups that attackers have already restored using the stolen key.

Agencies urge users to remain cautious of unsolicited support messages

The FBI and CISA reminded users that legitimate messaging platform support teams communicate only through official company email channels. They do not request verification codes through the application itself, nor do they send unsolicited messages instructing users to verify accounts, restore backups, or disclose recovery credentials.

Anyone who believes they may have interacted with the phishing campaign is encouraged to report the incident to the FBI's Internet Crime Complaint Center (IC3), a local FBI field office, or CISA.

The advisory accentuates the fact that well-designed encryption remains effective only when the credentials protecting it remain under the user's control. Rather than attempting to break modern cryptography, state-sponsored threat actors are increasingly directing their efforts toward manipulating trusted users into revealing the keys that unlock their own protected data.

Read more »
Infrastructure Security
AI Infrastructure Security AI Security Credential Cyber Security Enterprise AI Security Enterprise security Infrastructure Security

AI Credential Security Emerges as Critical Risk in Modern Enterprise Infrastructure

 

Surprisingly, artificial intelligence alters how companies build their internal systems. Yet warnings emerge - not about flawed code, but about access methods growing more dangerous by the day. Credentials like API keys, login tokens, or automated service IDs now attract attackers as firms adopt more AI tools. 

A new report highlights an odd trend: defenses focus on outer boundaries, though weak identity controls often cause breaches inside AI environments. Investment flows into firewalls, even when real threats hide within permission structures Security breaches lately show a shift: criminals now aim more at login details instead of bugs within AI tools. A known example occurred when hackers gained access to publishing rights for a software library, slipping in harmful updates that collected AI account passwords, cloud keys, and system tokens across infected setups. 

Elsewhere, hidden project files left public helped adversaries grab artificial intelligence API secrets - before any code ran. Attackers succeeded here by abusing leaked authentication data, not defects in the underlying AI frameworks One reason experts point to is deeper issues baked into how AI systems are built. Instead of isolated logins for narrow tools, today’s setups often let one key open doors across many models and platforms. Because of this shift, losing control of login details means much wider exposure. Stolen tokens now offer criminals far greater leverage than before Among recent findings, signs point to an expanding problem with stolen login details.

A study across sectors showed over 1.27 million credentials tied to artificial intelligence services spilled online in 2025 alone - an uptick compared to prior periods. Old access tokens, though outdated, often stayed valid well beyond issue dates; when such keys fell into the wrong hands earlier, risk lingered far longer than expected Still, old-style safeguards like changing passwords, locking secrets away, or running automatic checks hold value - even if they fall short in AI-driven settings. 

Credentials tied to artificial intelligence tend to appear inside container files, system blueprints, build processes, recorded outputs, along with various hosted platforms. Once leaked access keys get found or reset, harm might already be done - copies hidden elsewhere, misuse underway. What worked before now lags behind how fast these systems share and replicate trust tokens Most security experts suggest companies start viewing AI identifiers much like those assigned to people or devices - restricting access based on necessity. 

Instead of using one wide-reaching API key, authorization should match only the needed tools, functions, or tasks. Each environment - whether used for live operations, trials, data review, or public interaction - ought to have distinct login details. This separation helps contain damage if one set gets exposed Security grows sharper when teams watch systems without pause. 

Ownership of access keys must be obvious, someone always accountable. Seeing what runs at any moment helps spot odd behavior early. Frequent checks on user actions reveal risks before they spread. A login seen outside usual patterns? Treat it as breached, just in case. With AI spreading through daily workflows, tracking who can do what matters more each month. Identity rules once tucked behind firewalls now step forward. They anchor defenses instead of trailing behind. Trust shifts only when proof holds firm.
Read more »
Information Security Leadership
AI cybersecurity Chief Information Security Officer CISO Code Of Ethics Cyber Risk Management Cyber Security Information Security Leadership

The Growing Call for a CISO Code of Ethics


CISOs today are no longer measured solely by the effectiveness of an organization's cyber defenses. With the increase of cyber threats, the acceleration of offensive capabilities with artificial intelligence, and increasing regulatory scrutiny, the role of enterprise-wide risk management, strategic decision making, and executive accountability has increased. 

The rapid evolution of the security industry, however, exposes a critical imbalance. Although companies increasingly rely on Chief Information Security Officers to safeguard their business operations, sensitive data, and corporate resilience, many security leaders are still lacking board-level support, clearly defined governance frameworks, or an universally accepted ethical framework. 

With the rise of data breaches and the growing concern about AI-enabled cyber threats, the question is not whether CISOs are equipped to deal with technical security challenges, but whether the profession itself requires a code of ethics that guides high-impact decisions that extend beyond cybersecurity in order to guide high-impact decisions. 

In addition to managing firewalls, security tools, and incident response operations, the CISO position has evolved far beyond managing firewalls and security tools to encompass a strategic role that encompasses more than ethical accountability. It is the chief information security officer's responsibility to design, implement, and enforce enterprise-wide security policies as well as ensuring the organization's long-term business strategy remains infused with cybersecurity. 

A CISO is responsible for overseeing the implementation of security technologies and workforce awareness programs to reduce the risk of data breaches and system compromise, in addition to fostering a security-first culture that strengthens organizational resilience and facilitates compliance with a growing range of regulatory and industry guidelines.

An organization's security posture must first be evaluated, existing controls evaluated, capability gaps identified, and risks prioritized to develop a security roadmap aligned with business objectives. These responsibilities require a combination of cybersecurity expertise, executive leadership, and strategic decision-making to accomplish. 

The modern CISO must have extensive knowledge of risks, threat detection, and response, as well as compliance standards such as GDPR, NIST, and SOC 2. They must also be equipped to manage security teams, budgets, and enterprise resources simultaneously. Board members and executive leadership must also be able to translate complex cyber risks into business-focused insights in order to facilitate informed decision-making and facilitate cross-functional collaboration capable of adapting to an increasingly sophisticated threat landscape, which is equally critical. 

According to recent findings, these challenges in governance translate into measurable risks in the operating environment. In the Voice of the CISO survey, conducted during the first quarter of 2025, 1,600 chief information security officers were surveyed across 16 countries by organizations with over 1,000 employees. 

According to nearly two-thirds of respondents, their organizations have suffered a material loss of sensitive information within the past year—a sharp increase over 46% reported in the previous survey. As a consequence, three quarters of CISOs are concerned that their organizations will be susceptible to material cyberattacks in the next 12 months. As a result of increased regulatory oversight and the demand for greater transparency, security leaders are increasingly willing to disclose security incidents as a result of these rising figures, indicating more than an increase in threat activity. 

Patrick Joyce, Global Resident CISO at Proofpoint, observed that CISOs are increasingly open about cyber risk exposure as a result of evolving governance expectations. The majority of respondents stated that they were confident in their organizations' cybersecurity culture, however six out of ten stated that they were not adequately prepared to handle a major cyber-attack. 

A significant proportion of CISOs indicated that they would consider paying a ransomware demand in order to recover critical data or restore business operations, highlighting the difficulty of making ethical decisions during crisis response. The findings also emphasize the complex balance between business continuity, risk management, and ethical decisions. 

A formal code of ethics for CISOs is gaining renewed relevance in light of this background. It is argued that technical expertise alone is no longer sufficient to fulfill the role of Chief Information Security Officer, which involves high-impact decisions affecting national infrastructure, business continuity, compliance with regulatory requirements, and public trust frequently. This framework is deliberately concise, incorporating four mandatory canons that describe the profession's fundamental ethical obligations rather than replacing individual professional judgment. 

By providing advisory guidance, the framework aims to assist security leaders in navigating complex situations in which competing responsibilities are often not clear on a technical or legal level. The code's preamble emphasizes that the CISO's primary responsibility is to protect society, organizational stakeholders, and critical infrastructure, making compliance with the code a mandatory assignment. 

According to the four core principles, cybersecurity professionals are expected to protect society and essential infrastructure, act with honesty, integrity, and stewardship, serve their organizations competently and diligently, and actively strengthen and safeguard the cybersecurity profession as a whole. 

A practical objective complements these mandatory canons, which encourage cybersecurity research, education, mentoring of future practitioners, and the preservation of professional certification values, while discouraging conduct that could adversely affect public confidence or security. There are many ways a professional can undermine ethical credibility, such as creating unnecessary fear or uncertainty, providing false reassurance, promoting poor security practices, exposing inadequately secured systems to a public network, or participating in professional associations that compromise ethical standards. 

A further requirement of the framework is that compliance with the preamble and four canons be enforced, and any conflicts between ethical obligations are resolved in accordance with the order in which the canons are defined. This ensures that security professionals have a structured hierarchy for resolving complex ethical dilemmas without creating conflicting obligations. 

CISOs continue to assume increasingly extensive legal, operational, and ethical responsibilities, and industry experts emphasize that personal crisis management strategies should also be developed to protect security executives along with the organizations they serve. 

A comprehensive incident response plan should not only prepare for technical incident response, but also consider professional, legal, financial, and reputational risks that may arise following an investigation by the government or a major cyber incident. It is important to maintain comprehensive documentation of security decisions, risk assessments, mitigation strategies, and executive communications, including instances where recommendations for security measures are declined by senior management or the board. 

By maintaining an auditable record of both approved and rejected security recommendations, companies can demonstrate due diligence, compliance with regulations, and informed decision making when faced with legal scrutiny. 

A CISO's security strategies must align with changing compliance obligations as they evolve in cybersecurity legislation, disclosure requirements, and regulatory frameworks by engaging in continuous professional development and consulting with legal counsel regularly. 

In addition, experts recommend that executives take out professional liability insurance specifically designed for executive cybersecurity roles, as standard corporate policies may not cover CISOs who have not been appointed as officers or directors by the organization, potentially leaving them personally liable for the consequences. As an added safeguard, a documented ethical decision-making framework will be developed that will serve as a consistent reference when dealing with incidents involving conflicting legal obligations, executive pressures, or sensitive disclosure decisions. 

The establishment of strong working relationships with legal, finance, public relations, and corporate communications teams is essential to the coordination of incident response, which ensures that regulatory notifications, public disclosures, and stakeholder communication remains both legally compliant and ethically sound during times of crisis. 

In the age of cybersecurity, enterprise resilience and national digital security continue to be shaped by it, which means that CISOs are increasingly responsible for more than just technical oversight. Effective cyber leadership requires strong governance, ethical accountability, transparent risk communication, and executive support.

The organizations that empower security leaders with clear ethical frameworks, documented decision-making processes, and cross-functional collaboration will have better chances of navigating an increasingly complex threat landscape while maintaining trust, regulatory compliance, and long-term operational efficiency.

Read more »
Self-Driving
ADAS Cyber Security India Auto Tech Radar Sensors Road Safety Self-Driving

India Removes Spectrum Barriers to Fast‑Track ADAS and Self‑Driving Tech

 

India has taken a significant step toward modernizing road safety by removing licensing requirements for radar sensors used in crash-avoidance and self-driving technologies. Reuters reports that the move is meant to reduce barriers for automakers and encourage the adoption of systems that can help lower the country’s high road fatality rate.

The issue is important because India’s roads remain among the most dangerous in the world, and vehicle safety technology is still unevenly deployed. By clearing spectrum access for key systems, the government is signaling that it wants advanced driver-assistance features such as emergency braking, blind-spot detection, and adaptive cruise control to become easier and cheaper to install. 

Under the new policy, manufacturers no longer need separate licensing to use radar sensors in the 77 GHz to 81 GHz range, which are central to many safety functions. Reuters also says similar relief was granted for systems operating in the 59 GHz band, which support communication between vehicles and roadside infrastructure. 

The policy shift also brings India closer to the regulatory approach used in the United States and the European Union, where standardized hardware can be deployed more freely. That matters for automakers because it reduces the need to build expensive India-specific alternatives, potentially speeding up launch timelines and lowering costs for consumers. 

At the same time, the report highlights that this is not a full autonomous-driving policy and does not solve India’s broader road safety problems on its own. The real test will be whether these regulatory changes translate into safer vehicles on the road, broader adoption by automakers, and measurable reductions in crashes over time.
Read more »
Microsoft security
Cyber Security Cyber Threats CyberCrime Cybercrime Ecosystem Microsoft Microsoft security

Microsoft, Europol and Industry Partners Disrupt Amadey and StealC Cybercrime Infrastructure

 

Surprisingly, global police forces took down two key cybercrime systems at once - unusual given past efforts typically focused on one threat. Backing came from Microsoft, adding weight to actions targeting Amadey, a program that loads malicious software. 

Meanwhile, StealC was also hit; it specializes in stealing user data. Though often seen working hand-in-hand during digital break-ins, both were struck together this time. Shifting tactics like this disrupted not just the tools but their entire support network. Recovery now becomes harder simply because so much of their foundation is gone. 

With infrastructure damaged across multiple points, launching new attacks will take far longer than before. Microsoft’s Digital Crimes Unit joined forces with law enforcement, cyber defense companies, and intelligence teams to tackle organized digital threats. From the start, findings on Amadey emerged through collaboration between ESET, BitSight, Lumen, and Mitsui Bussan Secure Directions. 

Meanwhile, tracking StealC unfolded thanks to insights from Europol, Germany’s Federal Criminal Police Office, authorities in the Netherlands and Denmark, alongside IBM X-Force and Proofpoint. One thread led to another until distinct probes merged into a clearer picture of an extensive crime network. 

From the start, law enforcement leveraged the RICO Act - typically tied to mob-related prosecutions - to dismantle over 200 command hubs controlling malicious software networks. While not obvious at first glance, patterns uncovered by Microsoft’s Copilot system, driven by artificial intelligence, revealed connections across distinct malware groups. Because of these findings, officials began viewing the threats as branches of one coordinated operation rather than separate incidents. 

Microsoft reported that just in the first week of May, systems tied to Amadey and StealC reached over 140,000 machines globally. Though it appeared only in 2023, StealC functions like a rental-based attack tool - focused on grabbing login details from browsers, crypto wallets, messages, email accounts, even game profiles. 

Those using it adjust their attacks individually, while handling what they collect via online control panels built for ease. First seen in 2018, Amadey operates by delivering malicious software to compromised devices. Because of its design, cybercriminals often leverage it to introduce programs like StealC. One breach may lead - through this tool - to several layers of intrusion. 

Though initially subtle, the consequences multiply quickly once active. Modern cybercrime often works like a factory, experts note, where the link between these tools shows how tasks get split up. One crew might build something, another circulate it, while someone else runs it - yet everything fits. Because pieces snap together smoothly, attackers can stack actions into longer sequences even if they never talk. 

The setup thrives on separation, not teamwork. Targeting entire networks of malicious software could work better than going after single components, Microsoft suggests. Instead of isolated attacks on specific tools, focusing on how these systems connect might weaken criminal infrastructure more deeply. 

When security teams hit several points in an attacker's process simultaneously, it becomes harder, slower, and costlier to bounce back. Disrupting coordination between different parts slows down rebuilding attempts significantly. Each broken link adds friction, making revival less likely or much delayed.
Read more »
Web & App Activity
Cyber Security Google Play privacy Google privacy settings Search Services History Web & App Activity

Google Introduces New Privacy Controls for Search and Play to Give Users More Control Over Data

 

Google is introducing a fresh set of privacy controls for its Search services and Google Play, allowing users to better manage their saved activity and personalized recommendations. The company announced the changes through an email titled "New privacy settings for Search services," stating that the update is designed to offer users greater transparency and control over how their information is stored and used.

According to Google, Search services include Search, Maps, Shopping, Hotels, Flights, Translate and News. The updated settings will begin appearing in users' Google Accounts over the next few days.

Previously, history tracking and personalization for these services were managed through the Web & App Activity setting. With the latest update, Google is separating these functions into two independent controls—Search Services History and Personalized Recommendations.

"Previously, saving history and personalization were managed by Web & App Activity," Google said in the email. "Going forward, you can better tailor your Search services experience using your new Search Services History and Personalized Recommendations settings."

"These settings let you revisit your past searches and decide if you want your experience to be personalized," Google added.

Under the new system, Search Services History will determine whether activity from Google's Search-related services is saved to a user's account. This includes searches, Maps activity, Shopping searches, Flights and Hotels activity, Translate usage, News activity and other interactions.

Google says this change is intended to make it easier for users to revisit previous searches while continuing to access newer interactive Search features.

The company also noted that media generated during Search interactions will now be included in Search Services History.

"As people increasingly search in new ways, like searching a photo with Lens, Search Services History now includes media from your interactions, which you can stop saving at any time," Google noted in the email.

According to Google, saved media may include images, files, audio and videos generated during interactions with Search services.

"Saved media includes your images, files, audio and video from your interactions with Search services to help improve your experience," Google said.

This functionality covers experiences such as Google Lens visual searches and voice-based Search interactions.

"For example, this lets you revisit your past visual searches with Lens or continue a Search Live conversation about a song you heard," Google noted in the email. "To support these types of interactive product experiences, Google will now save your media to your Search Services History, applying robust privacy and security protections."

Google also confirmed that this saved media may contribute to improving its products and technologies, including artificial intelligence systems.

"Like your Search Services History, your saved media is also used to develop and improve Google services and technologies, including AI models and safety measures," Google said.

Users will have the option to disable the Save Media sub-setting whenever they choose. They can also remove individual media files from their history.

Google explained that if Web & App Activity is already enabled, the new Search Services History setting, along with the Save Media option, will automatically be enabled once the transition is complete.

The company further confirmed that users can later disable media saving and "delete individual pieces of media from your history."

Alongside history controls, Google is also introducing a separate Personalized Recommendations setting for Search services. This control determines whether the company uses saved activity to customize recommendations and content shown across Search services.

The separation of history storage and personalization gives users greater flexibility. Those who want the convenience of saved search history can continue storing their activity without necessarily allowing Google to personalize recommendations using that data.

Following the rollout, Web & App Activity will function independently from the new Search settings, meaning changes made to one will not automatically affect the others

Google is extending a similar approach to Google Play by launching dedicated Play History and Personalization in Play settings.

"For Google Play, you'll have new Play History and Personalization in Play settings, even if you’ve never used this service," Google said.

The company said these new settings will reflect users' existing preferences wherever applicable.

"Your prior choice from Web & App Activity for how long your history is saved will also apply to Search Services History and Play History," Google said.

As a result, previously configured auto-delete periods will carry over to the new settings. Users will continue to have the ability to review, delete or modify their saved activity whenever they choose.

Overall, the update provides more granular privacy controls by separating Search history, Search personalization, Play history and Play personalization into distinct settings rather than relying on a single Web & App Activity switch.

Google said the new privacy controls will gradually become available to users through their Google Accounts over the coming days.
Read more »
Job Security
AI automation threats AI Jobs AI technology AI Threat AI workplace automation Cyber Security job displacement Job Security

Opendoor Shuts India Operations as AI Reshapes Offshore Work Economics

 

Surprisingly quiet since its launch, Opendoor's Indian venture now halts - barely twenty-four months after setting up hubs in Bengaluru and Chennai. Though framed as a digital frontier play, the retreat fuels debate: could smarter machines quietly reshape rules once favorable to offshoring? While cost gaps drove past expansions, algorithmic progress may erode those advantages faster than expected. Some argue efficiency gains from automation make remote labor pools less compelling over time. 

Notably, this shift does not unfold through sudden rupture - but by gradual recalibration behind corporate doors. Outlining the move, CEO Kaz Nejajtian explained efforts to align operations more closely with customers across the United States - using compact teams powered by artificial intelligence. While details remain limited on staff numbers or exactly how AI influenced choices, reactions followed fast from tech executives and investors alike. 

Seen by some as hinting at wider shifts, the news sparked discussion despite minimal data being shared. Nowhere else on Earth does such scale of operational support unfold quite like it does across India. Starting as a hub for routine administrative work, its role gradually shifted toward something far broader. 

Today, sprawling networks of Global Capability Centers operate within its cities, serving international firms through tech solutions, financial oversight, product innovation, while also shaping career paths for countless professionals. Revenue streams run deep each year, woven into the fabric of worldwide service delivery. Far from just an outsourcing destination, the nation holds a central position in how modern enterprises function abroad. 

Early in 2024, Opendoor moved into India by forming groups focused on handling daily operations through various platforms. Around then, close to 250 workers were on payroll at its local offices there. Despite that early growth, pulling out of India aligns with wider job cuts happening throughout the business. Records show a sharp drop in staff worldwide during the last twelve months, along with a steep decline in employees outside the home market. 

Even with broad internal reductions, experts warn it might be misleading to see the shutdown just as a move tied to shifting work overseas. Facing strain from downturns in American real estate - hit hard those who buy houses digitally - Opendoor needed ways to spend less. Still, its push toward artificial intelligence for smoother operations has sparked questions about what comes next for jobs handled abroad. 

One reason some investors saw it was because artificial intelligence might lower the need for jobs requiring heavy human effort. As machines take on repetitive tasks, companies could downsize - not due to location but ability. The shift suggests staffing needs may shrink when automation steps in. What stands out now isn’t a shift of roles from India to the U.S., yet a broader drop in workforce needs across operations. 

Because intelligent systems blend deeper into daily workflows, firms often rely on tighter groups supported by tools instead of people. Efficiency reshapes staffing - software handles tasks once managed by many. Structures shrink not due to location changes, but because technology reduces demand. Outcomes stay steady while headcount falls, driven by smart integration behind the scenes. 

Some researchers view this new framework as movement into "services-as-software," where firms lean on AI-driven processes rather than growing teams indefinitely. In practice, results follow more from blending tools with niche skills than cutting costs through workforce choices. Though Opendoor shut down operations in India, drawing attention amid talks on AI and jobs, experts stress it's not a straightforward story. 

Long before smart algorithms gained ground, job cuts were already underway at the firm. Market forces beyond technology played a role too. Still, the move sparked sharper conversation - what part might automation play in moving service tasks overseas? Could entire sectors shift as machines learn faster?
Read more »
VPN security
CISA alert Credential Theft Cyber Security Cybersecurity firewall security FortiBleed Fortinet security VPN security

CISA Warns Organizations to Secure Fortinet Devices Amid Massive FortiBleed Credential Theft Campaign

 

 



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to strengthen the security of internet-facing Fortinet devices following the discovery of a large-scale credential theft operation that may affect more than 86,000 firewalls and VPN systems.

The campaign, known as FortiBleed, was first brought to light earlier this week. Cybersecurity firm SOCRadar initially reported that over 30,000 Fortinet devices had been compromised, potentially putting enterprise networks at risk. The company has since revised its estimate, indicating that more than 86,000 devices may be impacted.

“Discovered in June 2026, the operation has produced a verified database of over 86,644 confirmed working credentials across 194 countries, all collected from internet-facing Fortinet infrastructure,” the company says.

According to researchers, threat actors compiled a large database of usernames and passwords and validated them using automated testing tools. Many of the exposed credentials are believed to have originated from previous security incidents and were never updated or revoked.

Security researcher Kevin Beaumont, in collaboration with Hudson Rock, worked with several affected organizations and confirmed that many of the credentials remain active and recently used.

“The data comprises roughly 50% of all Fortinet firewall devices facing the internet, based on polling from Shodan,” Beaumont says.

Further investigation by security researcher Bob Diachenko suggests that a Russian-speaking threat actor is behind the campaign. Reports indicate that at least four organizations have already experienced complete network compromise.

“They intercept SSL VPN authentication, crack hashes on a 45-GPU cluster managed via Hashtopolis, and pivot into internal Active Directory environments,” Diachenko says.

Researchers estimate that the attackers carried out approximately 1.16 billion credential-stuffing attempts against more than 320,000 FortiGate devices. Additionally, around 2.1 billion brute-force login attempts were directed at over 160,000 Microsoft SQL (MSSQL) servers.

Hudson Rock noted that thousands of organizations have been affected, “including major government entities and critical infrastructure providers”.

Cybersecurity company Huntress also highlighted the scale of the incident. “While the overall campaign is massive, Huntress has cross-referenced the listed IP addresses against their own data corpus and identified 845 partner organizations specifically impacted by this credential dump.”

In response to the growing threat, CISA released an advisory on Thursday urging Fortinet customers to take immediate action. Recommended measures include terminating active user sessions, resetting passwords, adopting the Password-Based Key Derivation Function 2 (PBKDF2) algorithm for storing administrator credentials, reviewing logs for suspicious activity, enabling phishing-resistant multi-factor authentication (MFA), and restricting management access to minimize exposure and reduce the attack surface.

Read more »
Financial Monitoring
Bitcoin Crypto Market crypto market risks cryptocurrency Cryptocurrency news Cyber Security Financial Monitoring

Bitcoin Drops Below $60,000 as Market Selloff and Security Fears Weigh on Crypto

 

Falling further now, Bitcoin dipped under $60,000 again - the first time since early 2024 - amid softness across financial markets and rising unease about digital safety. Around $59,909, it lost close to 6% in one session, almost 18.5% in seven days. This slump stretches beyond just Bitcoin. Ethereum followed closely behind, sliding 23% over the week until reaching approximately $1,555. Meanwhile, Solana saw a similar drop of 22%, settling near $63.75 after sharp downward pressure. 

Bitcoin now trades over 52 percent below its peak of $126,080 set last October. A mix of pressures drives the drop, according to market observers. Attention earlier centered on steady withdrawals from physical Bitcoin ETFs along with Strategy offloading coins for the first time since 2022. Lately, though, shifts in outlook regarding Federal Reserve interest moves have added pressure, alongside fresh unease about digital asset safety. 

Surprising strength marked last month's U.S. labor numbers, as payrolls expanded by 172,000 during May. That outcome ran well ahead of forecasts - almost twice what analysts had predicted - shifting how investors view future rate moves. With inflation concerns lingering, officials may feel less pressure to ease policy soon. Because higher yields often make safer investments more appealing, digital coins typically face headwinds under such conditions. Market participants now weigh whether extended tightening cycles could dampen speculative flows. 

Despite recent gains in employment figures, expectations for lower interest rates have faded, according to Nicolai Søndergaard of Nansen. Having shed roughly 15 percent lately, Bitcoin now faces added strain without any obvious economic trigger to spark rebound. Though digital assets struggle, broader uncertainty lingers due to unrest in the Middle East. That stress shows up in cautious trading behavior worldwide. 

With few positive signals on the horizon, momentum remains fragile. Even as attention grows around blockchain safety, news of a serious weakness in Zcash - a coin built for anonymity - has raised alarms. Though programmers pushed out an update to correct the problem, they stated plainly that tracking past misuse is impossible due to hidden transaction details. Without clear evidence of abuse, doubt spread quickly among investors. 

That hesitation showed in price movements: ZEC plunged over two-fifths in value in just one day. Now worries spread through crypto circles after the event. Because AI tools might detect weak spots in blockchains, investor unease grows. Questions emerge - could similar flaws threaten more digital currencies? As machine learning advances, trust faces new tests. Out of nowhere, a slight uptick appeared for Bitcoin ETFs amid continued market softness. 

On Thursday, U.S. spot Bitcoin funds saw inflows exceeding $3 million - breaking a run of 13 straight days of outflows. While tiny next to the billions pulled so far this year, the shift hinted at changed sentiment, if only briefly. Not long after prolonged pullbacks, investors paused, then edged back in. After tech shares slipped, so did broader market sentiment - Nasdaq dropped sharply amid wider financial strains. 

Not just crypto felt the downturn; traditional assets wavered too, pulled by similar worries. Investors moved carefully through overlapping pressures: shaky economies, global conflicts, threats in digital finance. When equities fell, digital coins followed close behind, mirroring the wariness spreading through capital markets.
Read more »
Usbliter8 Exploit
Apple A12 Security Apple A13 Exploit Apple Device Vulnerability Apple SecureROM Vulnerability BootROM Exploit Cyber Security Cyber Threats Hardware Security Flaw iPhone Security Research Usbliter8 Exploit

Unpatchable BootROM Flaw Exposes Apple A12 and A13 SecureROM Chain


 

The disclosure of a new hardware-level exploit has raised new concerns about the long-term security implications of immutable silicon vulnerabilities across Apple's entire ecosystem. Paradigm Shift researchers have revealed usbliter8, a working SecureROM exploit compromising the boot chain of Apple A12 and A13 processor-based devices. 

In 2019, checkm8 emerged as the first publicly released unpatched attack on these chip generations. By exploiting a flaw within the BootROM, the code that runs before iOS and all higher security controls, the exploit is able to bypass protections at the earliest stage of the initialization process. Physical access, a USB connection, and manual placement of the device into DFU mode are required to perform the attack, but the significance lies in the vulnerability itself. This vulnerability is not able to be remedied by updating firmware, updating operating systems, or restoring devices since it occurs in silicon rather than software.

In addition to the niche jailbreak development impacted by this disclosure, Apple hardware that is still supported, including iPhones, iPads, Apple Watches, and other Apple devices, now carry a permanent hardware weakness that can be exploited throughout the device's operational lifetime. 

Along with presenting a notable research discovery, USBliter8 also presents a significant hardware security incident due to the permanent nature of the vulnerability exploited by it. The affected SecureROM code is therefore physically embedded within the processor while the device is being manufactured, placing it beyond Apple's control once the device leaves the factory. This is in contrast to conventional vulnerabilities that can be mitigated by updating firmware or operating systems. 

During a coordinated engagement with Apple Product Security on June 18, 2026, researchers revealed the exploit and accompanying proof of concept, demonstrating that a successful attack can be carried out in less than two seconds before Apple's trusted boot sequence takes over. There remains a strict physical access requirement for the attack: a target device must be manually placed into Device Firmware Update (DFU) mode and connected to an RP2350-based microcontroller platform using USB. Nevertheless, there is a considerable range of hardware impacted. 

Publicly supported targets include devices built on Apple's A12 and A13 application processors, in addition to the S4 and S5 systems-on-chip used across Apple Watch and HomePod products. There are a number of products, such as the iPhone XS, iPhone XR, iPhone 11, two-generation iPhone SE, multiple iPad models, Apple Watch Series 4 and 5, the first-generation Apple Watch SE, HomePod mini, and others, which continue to see active deployment. 

Research indicates that support for A12X and A12Z processors may be technically achievable in the future, but this has not yet been implemented. The architectural differences in USB memory handling do not seem to affect devices based on A11 silicon, while A14 and newer generations appear to be immune due to improved DART configuration and memory isolation controls within the boot environment.

The disclosure also highlights an aspect of modern device security that is seldom encountered: there are some vulnerabilities that are beyond the reach of all software-based defense mechanisms available to vendors as well as users. The vulnerability can not be eliminated by iOS updates, firmware revisions, factory restores, or standard hardening measures since the vulnerability lies within immutable SecureROM code. It remains imperative to maintain the latest software versions, enforce strong authentication controls, and adhere to sound security practices to protect against conventional threats; however, those measures do not alter the hardware trust anchor targeted by USBliter8. 

In identifying the most practical long-term mitigation strategy for organizations and individuals seeking to reduce exposure, Paradigm Shift identified migration to devices utilizing A14 or newer silicon. While Apple has not publicly addressed the research as of publication, the researchers stated that Apple Product Security has been notified and disclosure procedures have been completed before technical details and exploit code can be released. There is a great deal of variation in the security implications associated with the various operating environments in which affected devices are used. 

For the average consumer, the requirement for physical possession, DFU mode access, and specialized hardware greatly narrows the scope of potential exploitation. Individuals who operate under elevated threat conditions, including journalists, corporate executives, activists, government employees, and others whose devices may be seized, inspected, or held for extended periods, face a significantly different risk profile. In such scenarios, a compromised device based on A12, A13, S4, or S5 could be affected by persistent boot-level intrusions that are anchored underneath the operating system itself, even after software updates are applied. Thus, device lifecycle planning now includes security considerations instead of just procurement, with the newer A14-generation hardware and later platforms posing the most obvious route to avoiding this type of exposure. 

In addition to the immediate technical accomplishments, researchers are closely tracking whether usbliter8 follows a similar path to checkm8 that was established nearly seven years ago. Along with the research, a proof-of-concept code was released that gained significant attention from the security community.

It quickly gained hundreds of GitHub stars and indicated strong interest from researchers and developers alike. It is widely anticipated that jailbreak-focused tools will emerge in the near future, but the more consequential question is whether the exploit will evolve into a mature hardware research and forensic framework for A12 and A13 devices. Ultimately, Checkm8 has become the primary tool for examining and interacting with older Apple hardware in a manner previously not possible for defenders, researchers, and forensic practitioners. 

While USBliter8 has not yet reached that level, its publication provides the first public insight into a generation of Apple silicon which, until now, has been largely beyond the reach of unpatched SecureROM exploits. With the advent of USBliter8, we are reminded that not all security risks originate with software, and not all can be resolved through patching. 

By exposing a hardware-rooted vulnerability that remains widely deployed, this research contributes to a heightened awareness of the long-term security implications of silicon-level trust boundaries. However, organizations and individuals responsible for sensitive data should reassess their device custody practices, hardware refresh strategies, and exposure to high-risk environments as a result of the exploit. 

Usbliter8 remains a significant landmark in Apple security research and is being examined by the security community in order to fully comprehend its impact. It demonstrates how important it is not only to secure the software on a device, but also the device itself.
Read more »
Threat Landscape
Cyber Security Latin America Operation Escaneo Threat Landscape

Operation Escaneo Signals Shift in Latin America Cyber Threat Landscape

 

Operation Escaneo is a warning sign for Latin America’s cybersecurity ecosystem, showing that financially motivated attackers are adopting more advanced intrusion methods. The campaign, uncovered through an exposed attacker server, targeted government, financial, and critical infrastructure organizations across Mexico, with smaller activity in Ecuador and Portugal. Researchers say the operation reflects a shift in the region, where threat actors are increasingly combining opportunistic motives with sophisticated tooling. 

The attackers relied heavily on internet-facing vulnerabilities to gain entry. Reporting links the campaign to Fortinet FortiOS SSL-VPN and Ivanti Connect Secure flaws, along with other exploits involving Apache Tomcat, Windows, and Log4Shell. Rather than depending on a single vulnerability, the group appears to have built a flexible intrusion chain that could adapt to different environments, increasing its chances of success and making defense more difficult. 

Once inside, the operation used multiple layers of persistence and control. CloudSEK’s findings, as summarized by Infosecurity Magazine, describe Neo-reGeorg webshells, Chisel reverse tunnels, and even a compromised Cisco router configured with a GRE tunnel to maintain access. These methods helped the attackers stay connected while blending into normal traffic, a tactic that can evade host-based security tools and delay detection. 

The damage was not limited to access alone. Analysts reported large-scale theft of sensitive data, including personal records, Active Directory maps, SSL private keys, SAP service-account hashes, and browser-stored passwords. That level of exposure creates serious risks for identity abuse, lateral movement, and further compromise, especially in public-sector and financial environments where trust and encryption keys are critical assets.

Operation Escaneo is a reminder that Latin American defenders should prioritize patching perimeter appliances, monitoring for unusual tunneling activity, and limiting the spread of privileged credentials. The campaign’s scale and tradecraft suggest that regional attackers are moving closer to APT-level capability, with the potential to disrupt operations far beyond the initial breach.
Read more »
Data Safety User Data
ai browser AI technology Browser Security Browser Session Hijacking Chrome Extensions Critical Flaws Cyber Security Data Safety User Data

Critical Flaws in SiderAI and MaxAI Chrome Extensions Expose Millions to Browser Hijacking

 

Over ten million people might face major online threats following the discovery of severe weaknesses in two common AI-based Chrome add-ons, SiderAI and MaxAI. Though designed to assist with summaries and automated tasks, these tools were found carrying dangerous bugs - dubbed “Spyder” and “MaXSS” - by analysts at Rebora Security during a routine check of such software. Once exploited, either flaw lets unauthorized parties hijack active browsing activities. 

Information saved on sites, along with files on personal devices, may become reachable without permission. While built for convenience through side panels and smart responses, their broad adoption across Chromium-linked browsers amplifies how far harm could spread. Despite appearing helpful, the underlying structure allows invasive access when misused. One of the leading tools on the Chrome Web Store, SiderAI sits in the top quarter of all extensions by popularity. 

A recent analysis revealed flaws in how SiderAI and MaxAI managed data flow between sites and their inner workings, especially involving content scripts. Although these scripts should serve as controlled messengers - keeping site code apart from backend logic - the boundaries blurred in practice. Messages sent by web pages entered without sufficient checks. Because verification steps were missing, untrusted inputs could move deeper into the system than intended. A flaw in MaxAI allowed harmful sites to transmit manipulated data directly to its content script. 

Though meant to relay information, the system passed these signals onward - into the background process - with little checking. Because of this gap, unauthorized users gained access to powerful functions. Hidden tabs appeared without warning, snapshots of screens were captured, site interactions occurred - all while riding on logged-in accounts. Security weakened when trust was misplaced across internal components. Testing revealed researchers gaining entry to live Gmail and Google Calendar sessions, pulling confidential data while leaving no trace. 

What made the Spyder vulnerability in SiderAI alarming was its ability to mimic real user behavior - clicks, typing - all within integrated browser windows. A compromised site, using this loophole, might load Google Gemini unseen, harvest ongoing AI dialogues, then send them outward. Detection during such an event remained unlikely. What happens because of these flaws goes well past messages or chat tools. 

Through them, hackers might grab login codes, see private correspondence, change files, while acting like the victim on many sites. Sometimes, the broad access given to such add-ons lets intruders reach data saved directly on a person's device. What stands out most is how little effort an attacker needs - just opening a harmful webpage can trigger the flaw. Because of this low barrier, threats can spread fast without clear signs. 

After uncovering the problem, Rebora Security reached out to the creators of the affected tools; silence followed. With no reply, the details eventually appeared online, while a heads-up also went to Google. Should SiderAI or MaxAI appear in a user's browser, removal is urgent. This case brings attention to rising risks tied to artificial intelligence add-ons - especially those collecting sensitive online behavior. 

When apps gain deep access to personal information, careful review of their privileges becomes unavoidable. Security grows more complex as these tools spread across everyday browsing routines.
Read more »
European Union
Cyber Networks cyber resilience Cyber Security Cyberattacks Cybersecurity Precautions EU European Union

Ukraine Joins EU Cybersecurity Reserve to Strengthen Cyber Resilience and Emergency Response

 

Now able to tap into the EU’s emergency cyber network, Ukraine joins a support framework cleared by the Council of the European Union. When overwhelming cyberattacks strike, help may come faster because Kyiv can formally seek aid beyond what it handles alone. Specialized teams and resources from across the bloc stand ready, activated through shared crisis procedures. 

This link strengthens real-time defense options amid severe digital threats. Help arrives via the EU Cybersecurity Reserve, run by ENISA - the European Union’s cybersecurity agency. Born from the Cyber Solidarity Act, it lets member nations turn to vetted private experts if local teams cannot keep up. As attacks grow more complex, ties in tech defense strengthen between the bloc and Ukraine. Their collaboration now includes shared readiness against online risks. 

If a cyberattack overwhelms Ukraine’s internal resources, it can officially trigger emergency support through the framework. When that happens, digital security specialists from various European nations might step in to help control, examine, and recover systems. Officials view this measure as one piece of wider work aimed at boosting readiness, speeding up reactions, and building stronger collaboration amid rising complexity in online attacks. 

Though cyber threats grow more frequent, unity among nations strengthens defenses. Because attacks target government systems, companies, and vital services, joint efforts matter more now. The European Commission views this move as a step toward stronger cooperation. When one country acts alone, risks rise - yet shared knowledge reduces vulnerability. As digital dangers spread, responses must shift from isolated attempts to unified strategies. Now ranking as the second non-EU nation within the reserve, Ukraine follows Moldova’s inclusion during 2024. 

That year, rising cyber threats tied to Russian activity prompted Moldova’s entry. Seen by European authorities as pivotal for regional collaboration on digital security, its involvement highlights ongoing efforts. Resilience in cyberspace continues shaping how the EU engages nearby states. Progress here reflects broader aims, yet depends heavily on real-time readiness. Besides tackling cyber threats, the European Union now works more closely with Moldova on various digital fronts. 

Recently, an accord was reached politically, paving the way for Moldova’s entry into the EU Roaming Zone - pending official approval. Should it pass, people from both regions could make calls, send messages, or access data while traveling, free of extra fees. Now operating within the EU Third Countries’ Trusted List, Moldova streamlines how electronic signatures and digital seals are recognized across entities and individuals. 

Backed by EU funding, a fresh node of the European Digital Media Observatory - named FACT - emerges to counter disinformation and external manipulation efforts. Now comes news on cyber defense, right after fresh progress in how the EU engages Ukraine and Moldova. Talks to join the bloc officially started, backed unanimously by national leaders lately. 

Marking the moment, Commission head Ursula von der Leyen called it a turning point - not just symbolic, but rooted in real changes made amid hardship. Her view: this step shows lasting support for peace, resilience, and shared effort where it matters most. 

Now more shielded, Ukraine taps into the EU Cybersecurity Reserve, linking efforts with European allies when large-scale digital threats emerge. This cooperation builds lasting strength in facing future attacks, not just immediate fixes. Through shared response channels, new stability takes root beyond borders. Long-term readiness grows quietly but steadily from such joint undertakings.
Read more »
iOS security
Ad Blockers Ad Blocking Ads App security Apple Apple security features Cyber Security iOS iOS security

New Apple Ad Blocker Filtr Expands Protection Beyond Browsers on iPhone, iPad and Mac

 

Filtr, a fresh ad-blocking app, extends privacy for Apple device owners. Instead of limiting itself to web browsers, it stops advertisements inside mobile and desktop applications too. Created by Kaylee Serena Calderolla - known for developing Wipr, a tool that blocks ads in Safari - it taps into features unveiled in iOS 26 and macOS 26. Through these updates, the software intercepts ad-related data directly within the system’s network layer. Beyond the usual add-ons confined to Safari alone, Filtr taps into Apple’s updated method for handling web traffic. 

With that foundation, it intercepts connections aimed at known ad networks long before content appears - stopping trackers and pop-ups not just in browsers but throughout compatible apps. Blocking happens earlier, silently, cutting down unwanted surveillance along with cluttered visuals wherever digital activity occurs. Filtr comes as a premium feature inside Wipr, an often-used tool that stops ads in Safari. 

Its creator, Calderolla, claims it runs without gathering any personal details or needing entry to sensitive user content. Updates to a custom blocklist - kept current by the maker - allow the filter system to work effectively. Working begins with an initial screening done locally on the device. This step uses a built-in catalog of sites that often serve ads. When uncertainty remains, a follow-up check occurs using a fuller database kept by Calderolla. Communication moves through Apple’s infrastructure, which keeps individual users anonymous to service creators. 

Only matching results trigger deeper analysis, limiting exposure of personal activity. Some people trying the function notice fewer commercials when opening certain programs, though a few show blank spaces instead of promotions. Enabling the link blocker just one time lets the software manage changes on its own, making preparation straightforward. Not every application behaves the same way - some skip ads entirely, others leave gaps. Updates happen in the background after initial activation, reducing ongoing effort. Filtr cannot stop all ads - some slip through when they come straight from an app’s built-in servers. 

Since cutting those might break how the app works, certain promotions stay visible. So, while using platforms like Facebook, Google, or Reddit, users may still spot occasional banners. Even with its constraints, progress shows clearly in how Wipr tackles ads across Apple devices. Priced at five dollars, it works on any device, whereas Filtr adds yearly fees unless users opt to pay twenty-five upfront inside the app.
Read more »
Zcash
Bitcoin Cyber Security Orchard Privacy Zcash

Peter Todd Warns Zcash Privacy Tech Is Too Risky for Bitcoin Consensus Layer

 

Bitcoin developer Peter Todd has warned that Zcash-style privacy technology is too risky to integrate into Bitcoin’s consensus layer, arguing that the cryptographic complexity behind Zcash’s shielded transactions introduces unacceptable operational risk for Bitcoin’s base protocol. His comments erupted after the Zcash Open Development Lab disclosed a critical issue in Zcash’s Orchard shielded pool on June 1, 2026, which temporarily paralyzed the network and required an emergency hard fork to fix. 

The vulnerability affected Orchard, Zcash’s most widely used shielded pool for private transactions, and was discovered during routine security auditing on May 29 by researcher Taylor Hornby using an AI-assisted tool. The flaw centered on just two lines of code in the Orchard circuit, the cryptographic core that processes Zcash’s private transactions, and dated back to when Orchard launched in May 2022. CoinDesk reported that the issue could theoretically have allowed an attacker to mint counterfeit ZEC without leaving any on-chain evidence, though the bug was identified before any known exploitation occurred. 

Fixing it demanded a coordinated hard fork that forced nodes, wallets, and block explorers to update simultaneously, with Orchard transactions suspended during the upgrade window until re-enabled around 23:00 EDT on June 1. Nodes that failed to upgrade quickly became desynchronized, leaving the network paralyzed for several hours and exposing a major coordination problem unique to complex privacy protocols. Todd’s argument centers on the difference between visible and hidden failures in blockchain systems. In Bitcoin’s transparent accounting model, counterfeit coins or invalid outputs are immediately visible on-chain, making it relatively straightforward to detect bugs, identify affected coins, and reverse the chain if necessary. 

He cited Bitcoin’s 2010 value overflow incident and 2013 chain split as examples where rollback was feasible because only a small fraction of coins were affected and the exploit was trivial to notice. In Zcash’s shielded system, however, privacy cryptography using Halo 2 zk-SNARKs allows transaction validation without revealing sender, recipient, or amount, creating a dangerous blind spot where a bug could destroy shielded funds without developers being able to quantify the damage in real time. 

Todd emphasized that approximately 30% of Zcash’s total supply is already shielded in the Orchard pool, meaning a catastrophic failure would wipe out holdings for a high percentage of all Zcash users. He rejected comparisons to Bitcoin’s historical bugs, stating that neither the 2010 overflow nor CVE-2018-17144 could destroy the currency because counterfeit coins were trivially visible and easily rolled back. 

He argued that different types of cryptography have different levels of risk, and that Zcash-style cryptography carries a very high risk level reflected in Zcash having experienced much more serious issues than Bitcoin. The debate reflects a fundamental divide in crypto between innovation and protocol conservatism, with Todd favoring maintaining Bitcoin’s deliberately simple core design. 

Privacy advocates seeking Bitcoin improvements without consensus-layer changes point to Silent Payments, an application-layer solution that generates unique addresses for each transaction without exposing payment history. Unlike Zcash’s approach, Silent Payments does not modify Bitcoin’s base protocol, though adoption remains limited to wallets like Sparrow Wallet and Cake Wallet. At press time after the incident, ZEC traded around $532 following a 37.8% slide before recovering, demonstrating market volatility tied to Orchard’s technical stability.
Read more »
Subscribe to: Posts (Atom)