Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Password Security
Account security Account Takeover Compromised Passwords Credential stealing Cyber Security Cyberattacks data security Password Security

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025

 

As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials. 

The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed. 

Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem. 

The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts. 

This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens. 

For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers. 

These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts. 

Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential. 

As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.
Read more »
US Security
ByteDance Sale Cyber Security Data Privacy TikTok Deal TikTok Investors US Security

TikTok US Deal: ByteDance Sells Majority Stake Amid Security Fears

 


TikTok’s Chinese parent company, ByteDance, has finalized a landmark deal with US investors to restructure its operations in America, aiming to address longstanding national security concerns and regulatory pressures. The agreement, signed in late December 2025, will see a consortium of American investors take a controlling stake in TikTok’s US business, effectively separating it from ByteDance’s direct management. This move comes after years of scrutiny by US lawmakers, who have raised alarms about data privacy and potential foreign influence through the popular social media platform.

Under the new arrangement, TikTok US will operate as an independent entity, with its own board and leadership team. The investors involved are said to include major US financial firms and technology executives, signaling strong confidence in the platform’s future growth prospects. The deal is expected to preserve TikTok’s core features and user experience for its more than 170 million American users, while ensuring compliance with US data protection laws and national security standards.

Critics and privacy advocates have welcomed the move as a step toward greater transparency and accountability, but some remain skeptical about whether the separation will be deep enough to truly mitigate risks. National security experts argue that as long as ByteDance retains any indirect influence or access to user data, the underlying concerns may persist. 

US regulators have indicated they will continue to monitor the situation closely, with potential further oversight measures possible in the coming months.The deal is also expected to impact TikTok’s global expansion strategy. With its US operations now under American control, TikTok may find it easier to negotiate partnerships and investments in other Western markets where similar regulatory hurdles exist. However, challenges remain, especially in regions where geopolitical tensions could complicate business operations.

For users, the immediate effect is likely to be minimal. TikTok’s content, features, and community guidelines are expected to remain unchanged in the short term. Over the longer term, the separation could lead to new product innovations and business models tailored specifically to the US market. The deal marks a significant shift in the global tech landscape, reflecting the growing importance of data sovereignty and regulatory compliance in the digital age.
Read more »
data sovereignty
Aerospace Cloud Cloud Security Corporate Security cyber resilience Cyber Security data security data sovereignty

Airbus Signals Shift Toward European Sovereign Cloud to Reduce Reliance on US Tech Giants

 

Airbus, the aerospace manufacturer in Europe is getting ready to depend less on big American technology companies like Google and Microsoft. The company wants to rethink how and where it does its important digital work. 

Airbus is going to put out a request for companies to help it move its most critical systems to a European cloud that is controlled by Europeans. This is a change in how Airbus handles its digital infrastructure. Airbus is doing this to have control over its digital work. The company wants to use a cloud, for its mission-critical systems. Airbus uses a lot of services from Google and Microsoft. The company has a setup that includes big data centers and tools like Google Workspace that help people work together. 

Airbus also uses software from Microsoft to handle money matters.. When it comes to very secret and military documents these are not allowed to be stored in public cloud environments. This is because Airbus wants to be in control of its data and does not want to worry about rules and regulations. Airbus has had these concerns for a time. 

The company wants to make sure it can keep its information safe. Airbus is careful, about where it stores its documents, especially the ones that are related to the military. The company is now looking at moving its applications from its own premises to the cloud. This includes things like systems for planning and managing the business platforms for running the factories tools for managing customer relationships and software for managing the life cycle of products which's where the designs for the aircraft are kept. 

These systems are really important to Airbus because they hold a lot of information and are used to run the business. So it is very important to think about where they are hosted. The people in charge have said that the information, in these systems is a matter of European security, which means the systems need to be kept in Europe. Airbus needs to make sure that the cloud infrastructure it uses is controlled by companies. The company wants to keep its aircraft design data safe and secure which is why it is looking for a solution that meets European security standards. 

European companies are getting really worried about being in control of their digital stuff. This is a deal for them especially now that people are talking about how different the rules are in Europe and the United States. Some big American companies like Microsoft, Google and Amazon Web Services are trying to make European companies feel better by offering services that deal with these worries.. European companies are still not sure if they can really trust these American companies. 

The main reason they are worried is because of a law in the United States called the US CLOUD Act. This law lets American authorities ask companies for access to data even if that data is stored in other countries. European companies do not like this because they think it means American authorities have much power over their digital sovereignty. Digital sovereignty is a concern for European companies and they want to make sure they have control, over their own digital stuff. 

For organizations that deal with sensitive information related to industry, defense or the government this set of laws is a big problem. Digital sovereignty is about a country or region being in charge of its digital systems the way it handles data and who gets to access that data. This means that the laws of that country decide how information is taken care of and protected. The way Airbus is doing things shows that Europe, as a whole is trying to make sure its cloud operations follow the laws and priorities of the region. European organizations and Europe are working on sovereignty and cloud operations to keep their information safe. 

People are worried about the CLOUD Act. This is because of things that happened in court before. Microsoft said in a court in France that it cannot promise to keep people from the United States government getting their data. This is true even if the data is stored in Europe. Microsoft said it has not had to give the United States government any data from customers yet.. The company admitted that it does have to follow the law. 

This shows that companies, like Microsoft that are based in the United States and provide cloud services have to deal with some legal problems. The CLOUD Act is a part of these problems. Airbus’ reported move toward a sovereign European cloud underscores a growing shift among major enterprises that view digital infrastructure not just as a technical choice, but as a matter of strategic autonomy. 

As geopolitical tensions and regulatory scrutiny increase, decisions about where data lives and who ultimately controls access to it are becoming central to corporate risk management and long-term resilience.
Read more »
Unauthorized Surveillance
Airspace Cyber Risk Critical Component Ban Cyber Security Data Exfiltration Threat FCC Covered List Homeland Network Protection Supply Chain Risk UAS Regulation Unauthorized Surveillance

FCC Rules Out Foreign Drone Components to Protect National Networks

 


A decisive step in federal oversight on unmanned aerial technology has been taken by the United States Federal Communications Commission, in a move that is aimed at escalating federal control over unmanned aerial technology. Specifically, the FCC has prohibited the sale of newly manufactured foreign drones and their essential hardware components in the United States, citing the necessity for national security. 

According to the FCC's regulatory action, which was revealed on Monday, drone manufacturers such as DJI and Autel, as well as other overseas drone manufacturers, have been placed on the FCC's "Covered List," which means that they cannot obtain the agency's mandatory authorization to sell, market, or market new drone models and critical parts to consumers.

The decision follows a directive issued by the U.S. Congress in December 2024, which required DJI and Autel to go on the list within a year of being notified if the government did not validate the continued sale of these systems under government monitoring. 

A ban on foreign drone systems and components has been imposed by the Federal Communications Commission without approval as it indicates that there are perceived risks associated with them-especially those originating from Chinese manufacturers-that are incompatible with the security thresholds established to protect U.S. technology infrastructure and communication networks, as well as the security standards in place to obtain such clearances, which are incompatible with the security thresholds. 

The decision adds unmanned aerial technology to the Federal Communications Commission's "Covered List", which is a list of technologies that cannot be imported or sold commercially in the United States for the sake of safety reasons. DJI and other foreign drone manufacturers will not be able to obtain the equipment authorization required for importing and selling drones. 

A statement issued by the agency on Monday emphasized the security rationale for its decision, stating that the ban is meant to mitigate risk associated with potential drone disruption, unauthorized surveillance operations, data extraction, and other airborne threats that could threaten the nation's infrastructure. 

In spite of the fact that the rule does not impact the current drone ecosystem in the country in any significant way, the rule does not seem to have any significant impact on it. During the Commission's meeting, it was clarified that the restrictions were only affecting future product approvals and were not affecting drones or drone components currently being sold in the United States; thus, previously authorized drone models still remain operational and legal in operation. 

Neither the FCC nor the FCC's spokesperson have responded to media inquiries regarding whether such actions are being contemplated, and the agency has not indicated any immediate plans to revoke past approvals or to impose retroactive prohibitions. 

For now, the regulatory scope remains forward-looking, leaving thousands of unmanned aircraft, manufactured by foreign companies, already deployed in the commercial, civilian, and industrial sectors, unaffected by this ruling. Though drones manufactured by foreign companies which were previously authorized to be purchased and sold can still be owned and sold, the FCC has incorporated critical parts into the scope of the ban, causing new uncertainty regarding long-term maintenance, repair, and supply chain security. 

The industry observers warn that replacement batteries, controllers, sensors, and other components that are crucial to the operation of drone fleets will become more difficult to source in the future as well as more expensive, thus potentially threatening operational uptime for these drones. 

A strong opposition has been raised within the U.S. commercial drone industry, which is composed of almost 500,000 FAA-licensed pilots, who are dependent on imported aircraft for a variety of day-to-day business functions including mapping, surveys, inspections of infrastructure, agricultural monitoring, and assistance in emergency situations. 8,000 commercial pilots were surveyed by the Pilot Institute last year, according to the Wall Street Journal, and 43 percent expect the ban to have an “extremely negative” impact on their companies, or even end the businesses altogether. 

This further emphasizes the concerns that this policy could have as disruptive an economic impact as its security motivations are preventative, reinforcing concerns about its economic impacts. In anticipation of the ruling, a number of operators had already begun stockpiling drones and spare parts, which was indicative of the market's expectation that procurement bottlenecks would soon take place. 

It is clear that the level of foreign dependency is profound, as evidenced by DJI, the Shenzhen-based drone manufacturer, which alone accounts for 70 to 90 percent of the commercial, government, and consumer drone market in the United States. 

A common example of this type of reliance is in the geospatial data industry, where firms like Spexi, whose headquarters is based in Vancouver, deploy large freelance pilot networks to scan regions looking for maps and mapping intelligence. 

According to CEO Bill Lakeland of Spexi, their pilots primarily operate DJI aircraft, such as the widely used DJI Mini series, and acknowledge the company's dependence on imported hardware. He stated that the company's operations have been mostly "reliant on the DJI Minis" however he did confirm that the company is in the process of exploring diversification strategies, as well as developing proprietary hardware solutions in the future. 

Although there are significant costs associated with domestically manufactured drones, resulting in firms like Spexi deciding to build their own alternatives despite the engineering and financial overhead entailed by such a move, cost is a significant barrier. This is a factor that is driving firms like Spexi to consider building their own alternatives. 

In Lin's words, “The U.S. should correct its erroneous practices and protect Chinese businesses by providing them an environment that is fair, just, and non-discriminatory,” this is a confirmation of Beijing’s view that exclusion is more appropriate than risk-based regulation. Accordingly, the recent dispute mirrors previous actions taken by the FCC, in which the FCC has previously added several Chinese enterprises to the same Covered List due to similar security concerns, effectively preventing those firms from getting federal equipment authorizations. 

However, there has been an air of unease around Chinese-manufactured drones since long before the current regulatory wave of legislation was instituted. The U.S. Army has banned the use of DJI drones since 2017 because it believes that there are cyber security vulnerabilities posed to operational risks. 

In that same year, the Department of Homeland Security circulated an internal advisory warning that Chinese-built unmanned aerial systems may be transmitting sensitive data such as flight logs and geolocations back to the manufacturers. Before Congress and federal agencies began formalizing import controls, there was a growing concern about cross-border data exposure. 

The FCC explained the rationale behind its sweeping drone restrictions in detail, pointing out that unmanned aerial systems and their associated components manufactured overseas are extremely vulnerable to being exploited by the federal government. This includes data transmission modules, communication systems, flight controllers, ground control stations, navigation units, batteries, and smart power systems. 

Various techniques, including persistent surveillance, unauthorized extraction of sensitive data, and even destructive actions within the U.S., can be manipulated to facilitate such activities. Nevertheless, the agency indicated that specific drones or parts of drones made by foreign nations could be exempted from the ban if the Department of Homeland Security deemed them to not pose such risks, underlining that the restrictions are not blanket exclusions but rather are based on assessed security vulnerabilities. 

A new rule passed by the FCC today also preserves continuity for current owners as well as the retail sector. Consumers can continue to use drones that have already been purchased, and authorized retailers are still eligible to sell, import, and market the models that have been approved by the Government in the current year. 

A regulatory development that follows a larger national security policy development is a result of President Donald Trump signing the National Defense Authorization Act for Fiscal Year 2026 last week, which included enhanced measures intended to protect the nation's airspace from unmanned aircraft that pose a threat to public safety or critical infrastructure. 

There have been prior moves taken by the FCC to tighten technological controls, and this latest move is reminiscent of those prior to it. Earlier this year, the agency announced that it had expanded its "Covered List" to include Russian cybersecurity firm Kaspersky, effectively barring the company from offering its software directly or indirectly to Americans on the basis of the same concerns over data integrity and national security. 

This decision of the FCC is one of the most significant regulatory interventions that have ever been made in the U.S. drone industry, reinforcing a broader federal strategy that continues to connect supply-chain sovereignty, aviation security, and communications infrastructure.

However, while the ban has been limited to future approvals, it has caused a significant shift in the policy environment where market access is now highly dependent on geopolitical risk assessments, hardware traceability, and data governance transparency, among other things. 

A critical point that industry analysts point out is that these rulings may accelerate domestic innovation by incentivizing domestic manufacturers to expand production, increase cost efficiencies, and strengthen standards for cybersecurity at component levels. 

Additionally, commercial operators are advised to prepare for short-term constraints by reevaluating their vendor reliance, maintaining maintenance inventories where technically viable, and optimizing modular platforms to facilitate interoperability between manufacturers should they arise in the near future. 

During the same time, policymakers may have to balance national security and economic continuity, making sure safeguards don't unintentionally obstruct critical services such as disaster response, infrastructure monitoring, and geospatial intelligence in the process. As a result of the ruling, the world's largest commercial UAS market could be transformed into a revolutionary one, defining a new way for drones to be built, approved, deployed, and secured.
Read more »
Government attacks
Cyber Security Cyberattacks cybersecurity risks Data Breaches Data Theft Digital Risk Digital Security Government attacks

A Year of Unprecedented Cybersecurity Incidents Redefined Global Risk in 2025

 

The year 2025 marked a turning point in the global cybersecurity landscape, with the scale, frequency, and impact of attacks surpassing anything seen before. Across governments, enterprises, and critical infrastructure, breaches were no longer isolated technical failures but events with lasting economic, political, and social consequences. The year served as a stark reminder that digital systems underpinning modern life remain deeply vulnerable to both state-backed and financially motivated actors. 

Government systems emerged as some of the most heavily targeted environments. In the United States, multiple federal agencies suffered intrusions throughout the year, including departments responsible for financial oversight and national security. Exploited software vulnerabilities enabled attackers to gain access to sensitive systems, while foreign threat actors were reported to have siphoned sealed judicial records from court filing platforms. The most damaging episode involved widespread unauthorized access to federal databases, resulting in what experts described as the largest exposure of U.S. government data to date. Legal analysts warned that violations of established security protocols could carry long-term legal and national security ramifications. 

The private sector faced equally severe challenges, particularly from organized ransomware and extortion groups. One of the most disruptive campaigns involved attackers exploiting a previously unknown flaw in widely used enterprise business software. By silently accessing systems months before detection, the group extracted vast quantities of sensitive employee and executive data from organizations across education, healthcare, media, and corporate sectors. When victims were finally alerted, many were confronted with ransom demands accompanied by proof of stolen personal information, highlighting the growing sophistication of data-driven extortion tactics. 

Cloud ecosystems also proved to be a major point of exposure. A series of downstream breaches at technology service providers resulted in the theft of approximately one billion records stored within enterprise cloud platforms. By compromising vendors with privileged access, attackers were able to reach data belonging to some of the world’s largest technology companies. The stolen information was later advertised on leak sites, with new victims continuing to surface long after the initial disclosures, underscoring the cascading risks of interconnected software supply chains. 

In the United Kingdom, cyberattacks moved beyond data theft and into large-scale operational disruption. Retailers experienced outages and customer data losses that temporarily crippled supply chains. The most economically damaging incident struck a major automotive manufacturer, halting production for months and triggering financial distress across its supplier network. The economic fallout was so severe that government intervention was required to stabilize the workforce and prevent wider industrial collapse, signaling how cyber incidents can now pose systemic economic threats. 

Asia was not spared from escalating cyber risk. South Korea experienced near-monthly breaches affecting telecom providers, technology firms, and online retail platforms. Tens of millions of citizens had personal data exposed due to prolonged undetected intrusions and inadequate data protection practices. In one of the year’s most consequential incidents, a major retailer suffered months of unauthorized data extraction before discovery, ultimately leading to executive resignations and public scrutiny over corporate accountability. 

Collectively, the events of 2025 demonstrated that cybersecurity failures now carry consequences far beyond IT departments. Disruption, rather than data theft alone, has become a powerful weapon, forcing governments and organizations worldwide to reassess resilience, accountability, and the true cost of digital insecurity.
Read more »
telecom fraud warning
caller name presentation CNAP India Cyber Security DoT advisory silent calls India telecom fraud warning

India Warns on ‘Silent Calls’ as Telecom Firms Roll Out Verified Caller Names to Curb Fraud

 

India’s telecom authorities have issued a fresh advisory highlighting how ordinary phone calls are increasingly being used as entry points for scams, even as a long-discussed caller identity system begins to take shape as a countermeasure.

For many users, the pattern is familiar: the phone rings, the call is picked up, and no one responds. According to the Department of Telecommunications (DoT), these “silent calls” are intentional rather than technical faults.

Officials explain that such calls are designed to check whether a number is active. Once answered, the number is marked as live and becomes more valuable to fraud networks. It can then be circulated within scam databases and later targeted for phishing, impersonation or financial fraud. The DoT has advised users to block these numbers immediately and report them via the government’s Sanchar Saathi portal, which aims to gather public inputs to identify and disrupt telecom abuse.

The warning signals a broader concern within the government: many frauds today begin not with advanced hacking tools, but with simple behavioural triggers that rely on users answering calls out of habit.

At the same time, India’s telecom ecosystem is seeing a gradual but significant change. Reliance Jio has started deploying Caller Name Presentation (CNAP), a feature that shows the registered name of the caller on the recipient’s screen.

Unlike third-party caller-ID applications that depend on user-generated labels, CNAP pulls data directly from subscriber details submitted during SIM registration. Since this information is document-verified, authorities argue it is harder to falsify on a large scale.

Supporters believe this could help restore confidence in voice calls, which have become a weak link in the digital security chain. Seeing a verified name, they say, may discourage users from engaging with unknown or spoofed callers. However, the initiative also revives concerns around privacy, data accuracy and the risk of misuse—issues regulators and telecom companies say they are addressing through a phased rollout.

Regulators Push for a Unified Approach

The Telecom Regulatory Authority of India (TRAI) has instructed other major operators—Airtel, Vodafone-Idea (Vi) and BSNL—to implement CNAP, aiming to make it a nationwide standard rather than a single-network feature.

Progress varies by operator. Jio’s CNAP is already active across several regions in eastern, northern and southern India, including West Bengal, Kerala, Bihar, Rajasthan and Odisha. Airtel has introduced the feature in select circles such as West Bengal, Gujarat and Madhya Pradesh. Vodafone-Idea has rolled it out primarily in Maharashtra, with limited testing in Tamil Nadu, while BSNL is still conducting pilot trials.

Industry executives note that the rollout is technically demanding, involving upgrades to older network infrastructure and coordination between operators. Regulators view CNAP as one layer in a broader anti-spam strategy that also includes call filtering, identification of bulk callers and tighter controls on telemarketers.

The rise of silent calls alongside verified caller names reflects a larger shift: phone calls are no longer inherently trustworthy. Scammers thrive on anonymity and volume, while authorities are responding with greater emphasis on identity and traceability.

Whether CNAP will significantly reduce fraud remains uncertain. Experts point out that fake or improperly verified SIM registrations still exist, and user trust in displayed names will depend on data quality and enforcement.

For now, the official guidance is cautious. Silent calls should be treated as red flags, not harmless glitches. Caller names, even when verified, should be assessed carefully. In a country handling billions of calls daily, small changes in how people respond to their phones could meaningfully influence the fight between fraud and vigilance.
Read more »
typosquatting attack
Cyber Security fake Microsoft emails Microsoft account security Password Theft Phishing emails typosquatting attack

Microsoft Users Warned as Hackers Use Typosquatting to Steal Login Credentials

 

Microsoft account holders are being urged to stay vigilant as cybercriminals increasingly target them through a deceptive tactic known as typosquatting. Attackers are registering look-alike websites and email addresses that closely resemble legitimate Microsoft domains, with the goal of tricking users into revealing their passwords.

Harley Sugarman, CEO of Anagram Security, recently highlighted this risk by sharing a screenshot of a phishing email he received that used this method. In the sender’s address, the letter “m” was cleverly replaced with an “r” and an “n,” creating a nearly identical visual match. Because the difference is subtle, many users may not notice the change and could easily be misled.

Typosquatting itself is not a new cybercrime technique. For years, hackers and online fraudsters have relied on it to exploit small typing errors or momentary lapses in attention. The strategy involves purchasing domains or email addresses that closely mimic real ones, hoping users will accidentally visit or click them. Once there, victims are often presented with fake login pages designed to look authentic. Any credentials entered are then captured and sent directly to the attackers.

A major reason this tactic continues to succeed is that many people don’t take time to carefully inspect URLs or sender addresses. A single incorrect character in a link or email can redirect users to a convincing replica of a legitimate site, where usernames and passwords are harvested without suspicion.

To reduce the risk of falling victim, security experts recommend switching to passkeys wherever possible, as they are significantly more secure than traditional passwords. Microsoft and other tech companies have been actively encouraging this shift. For users who can’t yet adopt passkeys, strong and unique passwords—or long passphrases—are essential, ideally stored and autofilled using a reputable password manager.

Additional protection measures include enabling browser safeguards. Both Microsoft Edge and Google Chrome can flag suspicious or mistyped URLs if these features are turned on. Bookmarking frequently used websites, such as email services, banking platforms, shopping portals, and social media accounts, can also help ensure you’re visiting the correct destination.

Standard phishing precautions remain just as important. Be skeptical of unexpected emails claiming there’s an issue with your account. Instead of clicking links, log in through a trusted, independent method to verify any alerts. Avoid downloading attachments or replying to unsolicited messages, as engagement can signal to scammers that your account is active.

Carefully reviewing sender email addresses, hovering over links to preview their destinations, and watching for messages that create urgency—such as demands to immediately reset a password—can help identify phishing attempts. Using reliable antivirus software adds another layer of defense against malware and other online threats.

Although typosquatting is one of the oldest scams in cybersecurity, it continues to resurface because it preys on simple mistakes. Staying alert while browsing unfamiliar websites or checking your inbox remains one of the most effective ways to stay safe
Read more »
Malwares
AI cybersecurity AI tools Cyber Security Cyber Security Tool GitHub GitHub Actions vulnerability GitHub Bug Malware Attack Malwares

Webrat Malware Targets Students and Junior Security Researchers Through Fake Exploits

 

In early 2025, security researchers uncovered a new malware family dubbed Webrat, which at that time was predominantly targeting ordinary users through fake distribution methods. The first propagation involved masking malware as cheats for online games-like Rust, Counter-Strike, and Roblox-but also as cracked versions of some commercial software. By the second half of that year, though, the Webrat operators had indeed widened their horizons, shifting toward a new target group that covered students and young professionals seeking careers in information security. 

This evolution started to surface in September and October 2025, when researchers discovered a campaign spreading Webrat through open GitHub repositories. The attackers embedded the malicious payloads as proof-of-concept exploits of highly publicized software vulnerabilities. Those vulnerabilities were chosen due to their resonance in security advisories and high severity ratings, making the repositories look relevant and credible for people searching for hands-on learning materials.  

Each of the GitHub repositories was crafted to closely resemble legitimate exploit releases. They all had detailed descriptions outlining the background of the vulnerability, affected systems, steps to install it, usage, and the most recommended ways of mitigation. Many of the repository descriptions have a similar or almost identical structure; the defensive advice offered is often strikingly similar, adding strong evidence that they were generated through automated or AI-assisted tools rather than various independent researchers. Inside each repository, users were instructed to fetch an archive with a password, labeled as the exploit package. 

The password was hidden in the name of one of the files inside the archive, a move intended to lure users into unzipping the file and researching its contents. Once unpacked, the archive contains a set of files meant to masquerade or divert attention from the actual payload. Among those is a corrupted dynamic-link library file meant as a decoy, along with a batch file whose purpose was to instruct execution of the main malicious executable file. The main executable, when run, executed several high-risk actions: It tried to elevate its privileges to administrator level, disabled the inbuilt security protections such as Windows Defender, and then downloaded the Webrat backdoor from a remote server and started it.

The Webrat backdoor provides a way to attackers for persistent access to infected systems, allowing them to conduct widespread surveillance and data theft activities. Webrat can steal credentials and other sensitive information from cryptocurrency wallets and applications like Telegram, Discord, and Steam. In addition to credential theft, it also supports spyware functionalities such as screen capture, keylogging, and audio and video surveillance via connected microphones and webcams. The functionality seen in this campaign is very similar to versions of Webrat described in previous incidents. 

It seems that the move to dressing the malware up as vulnerability exploits represents an effort to affect hobbyists rather than professionals. Professional analysts normally analyze such untrusted code in a sandbox or isolated environment, where such attacks have limited consequences. 

Consequently, researchers believe the attack focuses on students and beginners with lax operational security discipline. It ranges in topic from the risks in running unverified code downloaded from open-source sites to the need to perform malware analysis and exploit testing in a sandbox or virtual machine environment. 

Security professionals and students are encouraged to be keen in their practices, to trust only known and reputable security tools, and to bypass protection mechanisms only when this is needed with a clear and well-justified reason.
Read more »
Password Security
Compromised Passwords Cyber Security Cyberattacks CyberCrime Data Theft FBI FBI Alert Password Security

FBI Discovers 630 Million Stolen Passwords in Major Cybercrime Investigation

 

A newly disclosed trove of stolen credentials has underscored the scale of modern cybercrime after U.S. federal investigators uncovered hundreds of millions of compromised passwords on devices seized from a single suspected hacker. The dataset, comprising approximately 630 million passwords, has now been integrated into the widely used Have I Been Pwned (HIBP) database, significantly expanding its ability to warn users about exposed credentials. 

The passwords were provided to HIBP by the Federal Bureau of Investigation as part of ongoing cybercrime investigations. According to Troy Hunt, the security researcher behind the service, this latest contribution is particularly striking because it originates from one individual rather than a large breach aggregation. While the FBI has shared compromised credentials with HIBP for several years, the sheer volume associated with this case highlights how centralized and extensive credential theft operations have become. 

Initial analysis suggests the data was collected from a mixture of underground sources, including dark web marketplaces, messaging platforms such as Telegram, and large-scale infostealer malware campaigns. Not all of the passwords were previously unknown, but a meaningful portion had never appeared in public breach repositories. Roughly 7.4% of the dataset represents newly identified compromised passwords, amounting to tens of millions of credentials that were previously undetectable by users relying on breach-monitoring tools. 

Security experts warn that even recycled or older passwords remain highly valuable to attackers. Stolen credentials are frequently reused in credential-stuffing attacks, where automated tools attempt the same password across multiple platforms. Because many users continue to reuse passwords, a single exposed credential can provide access to multiple accounts, amplifying the potential impact of historical data leaks. 

The expanded dataset is now searchable through the Pwned Passwords service, which allows users to check whether a password has appeared in known breach collections. The system is designed to preserve privacy by hashing submitted passwords and ensuring no personally identifiable information is stored or associated with search results. This enables individuals and organizations to proactively block compromised passwords without exposing sensitive data. 

The discovery has renewed calls for stronger credential hygiene across both consumer and enterprise environments. Cybersecurity professionals consistently emphasize that password reuse and weak password creation remain among the most common contributors to account compromise. Password managers are widely recommended as an effective countermeasure, as they allow users to generate and store long, unique passwords for every service without relying on memory. 

In addition to password managers, broader adoption of passkeys and multi-factor authentication is increasingly viewed as essential. These technologies significantly reduce reliance on static passwords and make stolen credential databases far less useful to attackers. Many platforms now support these features, yet adoption remains inconsistent. 

As law enforcement continues to uncover massive credential repositories during cybercrime investigations, experts caution that similar discoveries are likely in the future. Each new dataset reinforces the importance of assuming passwords will eventually be exposed and building defenses accordingly. Regular password audits, automated breach detection, and layered authentication controls are now considered baseline requirements for maintaining digital security.
Read more »
Vibe Crime
agentic AI AI threats Cyber Security Cybercrime Automation Trend Micro Vibe Crime

Trend Micro Warns: 'Vibe Crime' Ushers in Agentic AI-Driven Cybercrime Era

 

Trend Micro, a cybersecurity firm, has sounded the alarm over what it calls the rise of "vibe crime": fully automated cybercriminal operations powered by agentic AI, which marks a fundamental turn away from traditional ransomware and phishing campaigns. The report from the company forecasts a massive increase in attack volume as criminals take advantage of autonomous AI agents to perform continuous, large-scale operations. 

From service to servant model 

The criminal ecosystem is evolving from "Cybercrime as a Service" to "Cybercrime as a Servant," where chained AI agents and autonomous orchestration layers manage end-to-end criminal enterprises. Robert McArdle, director of forward-looking threat research at Trend Micro, stressed that the real risk does not come from sudden explosive growth but rather from the gradual automation of attacks that previously required a lot of skill, time, and effort.

"We will see an optimization of today's leading attacks, the amplification of attacks that previously had poor ROI, and the emergence of brand new 'Black Swan' cybercrime business models," McArdle stated. 

Researchers expect enterprise cloud and AI infrastructure to be increasingly targeted in the future, as criminals use these platforms as sources of scalable computing power, AI, storage, and potentially valuable data to run their agentic infrastructures. This transformation is supposed to bring with it new, previously unthinkable types of attacks as well as shake up the entire criminal ecosystem, introducing new revenue streams and business models.

Industry-wide alarm bells 

Trend Micro's alert echoes other warnings about an “agentic” AI threat in cyberspace. Anthropic acknowledged that its AI tools had been “weaponized” by hackers in September, criminals employed Claude Code to automate reconnaissance, gather credentials, and breach networks at 17 organizations in the fields of healthcare, emergency services, and government.

In a similar vein, the 2025 State of Malware report from Malwarebytes warned that agentic AI would “continue to dramatically change cyber criminal tactics” and accelerate development of even more dangerous malware. The researchers further stressed that defensive platforms must deploy their own autonomous agents and orchestrators to counter this evolution or face being overwhelmed. Organizations need to reassess security strategies immediately and invest in AI-driven defense before criminals industrialize their AI capabilities, or risk falling behind in an exponential arms race.
Read more »
Network Security
AI cyberattacks AI Risks AI technology Cyber Security Cyberattacks Network Detection and Response Network Security

Network Detection and Response Defends Against AI Powered Cyber Attacks

 

Cybersecurity teams are facing growing pressure as attackers increasingly adopt artificial intelligence to accelerate, scale, and conceal malicious activity. Modern threat actors are no longer limited to static malware or simple intrusion techniques. Instead, AI-powered campaigns are using adaptive methods that blend into legitimate system behavior, making detection significantly more difficult and forcing defenders to rethink traditional security strategies. 

Threat intelligence research from major technology firms indicates that offensive uses of AI are expanding rapidly. Security teams have observed AI tools capable of bypassing established safeguards, automatically generating malicious scripts, and evading detection mechanisms with minimal human involvement. In some cases, AI-driven orchestration has been used to coordinate multiple malware components, allowing attackers to conduct reconnaissance, identify vulnerabilities, move laterally through networks, and extract sensitive data at machine speed. These automated operations can unfold faster than manual security workflows can reasonably respond. 

What distinguishes these attacks from earlier generations is not the underlying techniques, but the scale and efficiency at which they can be executed. Credential abuse, for example, is not new, but AI enables attackers to harvest and exploit credentials across large environments with only minimal input. Research published in mid-2025 highlighted dozens of ways autonomous AI agents could be deployed against enterprise systems, effectively expanding the attack surface beyond conventional trust boundaries and security assumptions. 

This evolving threat landscape has reinforced the relevance of zero trust principles, which assume no user, device, or connection should be trusted by default. However, zero trust alone is not sufficient. Security operations teams must also be able to detect abnormal behavior regardless of where it originates, especially as AI-driven attacks increasingly rely on legitimate tools and system processes to hide in plain sight. 

As a result, organizations are placing renewed emphasis on network detection and response technologies. Unlike legacy defenses that depend heavily on known signatures or manual investigation, modern NDR platforms continuously analyze network traffic to identify suspicious patterns and anomalous behavior in real time. This visibility allows security teams to spot rapid reconnaissance activity, unusual data movement, or unexpected protocol usage that may signal AI-assisted attacks. 

NDR systems also help security teams understand broader trends across enterprise and cloud environments. By comparing current activity against historical baselines, these tools can highlight deviations that would otherwise go unnoticed, such as sudden changes in encrypted traffic levels or new outbound connections from systems that rarely communicate externally. Capturing and storing this data enables deeper forensic analysis and supports long-term threat hunting. 

Crucially, NDR platforms use automation and behavioral analysis to classify activity as benign, suspicious, or malicious, reducing alert fatigue for security analysts. Even when traffic is encrypted, network-level context can reveal patterns consistent with abuse. As attackers increasingly rely on AI to mask their movements, the ability to rapidly triage and respond becomes essential.  

By delivering comprehensive network visibility and faster response capabilities, NDR solutions help organizations reduce risk, limit the impact of breaches, and prepare for a future where AI-driven threats continue to evolve.
Read more »
VPNS
Age Verification Cyber Security privacy laws User Privacy VPNS

VPN Surge: Americans Bypass Age Verification Laws

 

Americans are increasingly seeking out VPNs as states enact stringent age verification laws that limit what minors can see online. These regulations compel users to provide personal information — like government issued IDs — to verify their age, leading to concerns about privacy and security. As a result, VPN usage is skyrocketing, particularly in states such as Missouri, Florida, Louisiana, Utah and more where VPN searches have jumped by a factor of four following the new regulations. 

How age verification laws work 

Age verification laws require websites and apps that contain a substantial amount of "material harmful to minors" to verify users' age prior to access. This step frequently entails submitting photographs or scans of ID documents, potentially exposing personal info to breaches. Even though laws forbid companies from storing this information, there is no assurance it will be kept secure, not with the record of massive data breaches at big tech firms. 

The vague definition of "harmful content" suggests that age verification could be required for many other types of digital platforms, such as social media, streaming services, and video games. The expansion raises questions about digital privacy and identity protection for all users, minors not excluded. From the latest Pew Research Center finding, 40% of Americans say government regulation of business does more harm than good, illustrating bipartisan wariness of these laws. 

Bypassing restrictions with VPNs 

VPN services enable users to mask their IP addresses and circumvent these age verification policies, allowing them to maintain their anonymity and have their sensitive information protected. Some VPNs are available on desktop and mobile devices, and some can be used on Amazon Fire TV Stick, among other platforms. To maximize privacy and security, experts suggest opting for VPN providers with robust no-logs policies and strong encryption.

Higher VPN adoption has fueled speculation on whether the US lawmakers will attempt to ban VPNs outright, which would be yet another blow to digital privacy and freedom. For now, VPNs are still a popular option for Americans who want to keep their online activity hidden from nosy age verification schemes.
Read more »
US Department Of Justice
ATM hacking scheme ATM jackpotting Cyber Security Ploutus malware Tren de Aragua US Department Of Justice

US DoJ Charges 54 Linked to ATM Jackpotting Scheme Using Ploutus Malware, Tied to Tren de Aragua

 

The U.S. Department of Justice (DoJ) has revealed the indictment of 54 people for their alleged roles in a sophisticated, multi-million-dollar ATM jackpotting operation that targeted machines across the United States.

According to authorities, the operation involved the use of Ploutus malware to compromise automated teller machines and force them to dispense cash illegally. Investigators say the accused individuals are connected to Tren de Aragua (TdA), a Venezuelan criminal group that the U.S. State Department has classified as a foreign terrorist organization.

The DoJ noted that in July 2025, the U.S. government imposed sanctions on TdA’s leader, Hector Rusthenford Guerrero Flores, also known as “Niño Guerrero,” along with five senior members. They were sanctioned for alleged involvement in crimes including “illicit drug trade, human smuggling and trafficking, extortion, sexual exploitation of women and children, and money laundering, among other criminal activities.”

An indictment returned on December 9, 2025, charged 22 individuals with offenses such as bank fraud, burglary, and money laundering. Prosecutors allege that TdA used ATM jackpotting attacks to steal millions of dollars in the U.S. and distribute the proceeds among its network.

In a separate but related case, another 32 defendants were charged under an indictment filed on October 21, 2025. These charges include “one count of conspiracy to commit bank fraud, one count of conspiracy to commit bank burglary and computer fraud, 18 counts of bank fraud, 18 counts of bank burglary, and 18 counts of damage to computers.”

If found guilty, the defendants could face sentences ranging from 20 years to as much as 335 years in prison.

“These defendants employed methodical surveillance and burglary techniques to install malware into ATM machines, and then steal and launder money from the machines, in part to fund terrorism and the other far-reaching criminal activities of TDA, a designated Foreign Terrorist Organization,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.

Officials explained that the scheme relied on recruiting individuals to physically access ATMs nationwide. These recruits reportedly carried out reconnaissance to study security measures, tested whether alarms were triggered, and then accessed the machines’ internal components.

Once access was obtained, the attackers allegedly installed Ploutus either by swapping the ATM’s hard drive with a preloaded one or by using removable media such as a USB drive. The malware can send unauthorized commands to the ATM’s Cash Dispensing Module, causing it to release money on demand.

“The Ploutus malware was also designed to delete evidence of malware in an effort to conceal, create a false impression, mislead, or otherwise deceive employees of the banks and credit unions from learning about the deployment of the malware on the ATM,” the DoJ said. “Members of the conspiracy would then split the proceeds in predetermined portions.”

Ploutus first surfaced in Mexico in 2013. Security firms later documented its evolution, including its exploitation of vulnerabilities in Windows XP-based ATMs and its ability to control Diebold machines running multiple Windows versions.

“Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes,” researchers noted. “A money mule must have a master key to open the top portion of the ATM (or be able to pick it), a physical keyboard to connect to the machine, and an activation code (provided by the boss in charge of the operation) in order to dispense money from the ATM.”

The DoJ estimates that since 2021, at least 1,529 jackpotting incidents have occurred in the U.S., resulting in losses of approximately $40.73 million as of August 2025.

“Many millions of dollars were drained from ATM machines across the United States as a result of this conspiracy, and that money is alleged to have gone to Tren de Aragua leaders to fund their terrorist activities and purposes,” said U.S. Attorney Lesley Woods
Read more »
UK Fraud
BritCard Cyber Security Digital ID Identity Wallet UK Fraud

£1.8bn BritCard: A Security Investment Against UK Fraud

 

The UK has debated national ID for years, but the discussion has become more pointed alongside growing privacy concerns. Two decades ago Tony Blair could sing the praises of ID cards and instead of public hysteria about data held by government, today Keir Starmer’s digital ID proposal – initially focused on proving a right to work – meets a distinctly more sceptical audience.

That scepticism has been turbocharged by a single figure: the projected £1.8bn cost laid out in the Autumn Budget. Yet the obsession with the initial cost may blind people to the greater scandal: the cost of inaction. Fraud already takes a mind-boggling toll on the UK economy – weighed in at over £200bn a year by recent estimates – while clunky, paper-based ID systems hobble everything from renting a home to getting services. That friction isn’t just annoying, it feeds a broader productivity problem by compelling organizations to waste time and money verifying the same individuals, time and again.

Viewed in that context, £1.8bn should be considered as an investment in security, not a political luxury. The greater risk is not that government over-spend, but that it under spends — or rushes — and winds up with a brittle system that became an embarrassment to the nation. A BritCard deployment at “cut-price” that ends in a breach would cost multiples of what the original outlay was and would cause irreparable damage to public trust. If it is the state’s desire that citizens adopt a new layer of identity, it must prove that the system is reliable as well as restrained.

The good news is that the core design can, in principle,support both goals. BritCard is akin to a digital version of a physical ID card, contained within a secure, government-issued wallet. Most importantly, the core identity data would stay on the user’s device, enabling people to prove certain attributes — like being over 18 — without revealing personal details such as a date of birth or passport number. This model of “sharing what is necessary,” is a practical approach to privacy concerns as it is designed to limit the amount of sensitive information that will be routinely disclosed.

However, none of this eliminates risk. Critics will reasonably worry about any central verification component becoming a lucrative “honeypot.” That is why transparency is non-negotiable: the government should publish how data is stored, accessed and shared, what protections exist, and how citizens opt in and control disclosure.
Read more »
Microsoft
AI recruitment India AI technology Amazon Artifcial Intelligence Cyber Security Data Center Indian Market Microsoft

Amazon and Microsoft AI Investments Put India at a Crossroads

 

Major technology companies Amazon and Microsoft have announced combined investments exceeding $50 billion in India, placing artificial intelligence firmly at the center of global attention on the country’s technology ambitions. Microsoft chief executive Satya Nadella revealed the company’s largest-ever investment in Asia, committing $17.5 billion to support infrastructure development, workforce skills, and what he described as India’s transition toward an AI-first economy. Shortly after, Amazon said it plans to invest more than $35 billion in India by 2030, with part of that funding expected to strengthen its artificial intelligence capabilities in the country. 

These announcements arrive at a time of heightened debate around artificial intelligence valuations globally. As concerns about a potential AI-driven market bubble have grown, some financial institutions have taken a contrarian view on India’s position. Analysts at Jefferies described Indian equities as a “reverse AI trade,” suggesting the market could outperform if global enthusiasm for AI weakens. HSBC has echoed similar views, arguing that Indian stocks offer diversification for investors wary of overheated technology markets elsewhere. This perspective has gained traction as Indian equities have underperformed regional peers over the past year, while foreign capital has flowed heavily into AI-centric companies in South Korea and Taiwan. 

Against this backdrop, the scale of Amazon and Microsoft’s commitments offers a significant boost to confidence. However, questions remain about how competitive India truly is in the global AI race. Adoption of artificial intelligence across the country has accelerated, with increasing investment in data centers and early movement toward domestic chip manufacturing. A recent collaboration between Intel and Tata Electronics to produce semiconductors locally reflects growing momentum in strengthening AI infrastructure. 

Despite these advances, India continues to lag behind global leaders when it comes to building sovereign AI models. The government launched a national AI mission aimed at supporting researchers and startups with high-performance computing resources to develop a large multilingual model. While officials say a sovereign model supporting more than 22 languages is close to launch, global competitors such as OpenAI and China-based firms have continued to release more advanced systems in the interim. India’s public investment in this effort remains modest when compared with the far larger AI spending programs seen in countries like France and Saudi Arabia. 

Structural challenges also persist. Limited access to advanced semiconductors, fragmented data ecosystems, and insufficient long-term research investment constrain progress. Although India has a higher-than-average concentration of AI-skilled professionals, retaining top talent remains difficult as global mobility draws developers overseas. Experts argue that policy incentives will be critical if India hopes to convert its talent advantage into sustained leadership. 

Even so, international studies suggest India performs strongly relative to its economic stage. The country ranks among the top five globally for new AI startups receiving investment and contributes a significant share of global AI research publications. While funding volumes remain far below those of the United States and China, experts believe India’s advantage may lie in applying AI to real-world problems rather than competing directly in foundational model development. 

AI-driven applications addressing agriculture, education, and healthcare are already gaining traction, demonstrating the technology’s potential impact at scale. At the same time, analysts warn that artificial intelligence could disrupt India’s IT services sector, a long-standing engine of economic growth. Slowing hiring, wage pressure, and weaker stock performance indicate that this transition is already underway, underscoring both the opportunity and the risk embedded in India’s AI future.
Read more »
OpenAI
AI Model AI Models AI Systems ChatGPT ChatGPT. OpenAI Cyber Defenses Cyber Security cybersecurity risks OpenAI

OpenAI Warns Future AI Models Could Increase Cybersecurity Risks and Defenses

 

Meanwhile, OpenAI told the press that large language models will get to a level where future generations of these could pose a serious risk to cybersecurity. The company in its blog postingly admitted that powerful AI systems could eventually be used to craft sophisticated cyberattacks, such as developing previously unknown software vulnerabilities or aiding stealthy cyber-espionage operations against well-defended targets. Although this is still theoretical, OpenAI has underlined that the pace with which AI cyber-capability improvements are taking place demands proactive preparation. 

The same advances that could make future models attractive for malicious use, according to the company, also offer significant opportunities to strengthen cyber defense. OpenAI said such progress in reasoning, code analysis, and automation has the potential to significantly enhance security teams' ability to identify weaknesses in systems better, audit complex software systems, and remediate vulnerabilities more effectively. Instead of framing the issue as a threat alone, the company cast the issue as a dual-use challenge-one in which adequate management through safeguards and responsible deployment would be required. 

In the development of such advanced AI systems, OpenAI says it is investing heavily in defensive cybersecurity applications. This includes helping models improve particularly on tasks related to secure code review, vulnerability discovery, and patch validation. It also mentioned its effort on creating tooling supporting defenders in running critical workflows at scale, notably in environments where manual processes are slow or resource-intensive. 

OpenAI identified several technical strategies that it thinks are critical to the mitigation of cyber risk associated with increased capabilities of AI systems: stronger access controls to restrict who has access to sensitive features, hardened infrastructure to prevent abuse, outbound data controls to reduce the risk of information leakage, and continuous monitoring to detect anomalous behavior. These altogether are aimed at reducing the likelihood that advanced capabilities could be leveraged for harmful purposes. 

It also announced the forthcoming launch of a new program offering tiered access to additional cybersecurity-related AI capabilities. This is intended to ensure that researchers, enterprises, and security professionals working on legitimate defensive use cases have access to more advanced tooling while providing appropriate restrictions on higher-risk functionality. Specific timelines were not discussed by OpenAI, although it promised that more would be forthcoming very soon. 

Meanwhile, OpenAI also announced that it would create a Frontier Risk Council comprising renowned cybersecurity experts and industry practitioners. Its initial mandate will lie in assessing the cyber-related risks that come with frontier AI models. But this is expected to expand beyond this in the near future. Its members will be required to offer advice on the question of where the line should fall between developing capability responsibly and possible misuse. And its input would keep informing future safeguards and evaluation frameworks. 

OpenAI also emphasized that the risks of AI-enabled cyber misuse have no single-company or single-platform constraint. Any sophisticated model, across the industry, it said, may be misused if there are no proper controls. To that effect, OpenAI said it continues to collaborate with peers through initiatives such as the Frontier Model Forum, sharing threat modeling insights and best practices. 

By recognizing how AI capabilities could be weaponized and where the points of intervention may lie, the company believes, the industry will go a long way toward balancing innovation and security as AI systems continue to evolve.
Read more »
Threat Intelligence
Cyber Security Hybrid Threats SOC SOC Visibility Threat Intelligence

Fix SOC Blind Spots: Real-Time Industry & Country Threat Visibility

 

Modern SOCs are now grappling with a massive visibility problem, essentially “driving through fog” but now with their headlights dimming rapidly. The playbook for many teams is still looking back: analysts wait for an alert to fire, investigate the incident, and then try to respond. 

While understandable due to the high volume of noise and alert fatigue, this reactive attitude leaves the organization exposed. It induces a clouded vision from structural level, where teams cannot observe threat actors conducting attack preparations, they do not predict campaign sequences aimed at their own sector, and are not capable of modifying the defense until after an attack has been launched.

Operational costs of delay 

Remaining in a reactive state imposes severe penalties on security teams in terms of time, budget, and risk profile. 

  • Investigation latency: Without broader context, analysts are forced to research every suspicious object from scratch, significantly slowing down response times.
  • Resource drain: Teams often waste cycles chasing false positives or threats that are irrelevant to their geography or vertical because they lack the intelligence to filter them out.
  • Increased breach risk: Attackers frequently reuse infrastructure and target specific industries; failing to spot these patterns early hands the advantage to the adversary. 

According to security analysts, the only way out is the transition from the current reactive SOC model to an active SOC model powered by Threat Intelligence (TI). Tools like the ANY.RUN Threat Intelligence Lookup serve as a "tactical magnifying glass," converting raw data into operational assets .The use of TI helps the SOC understand the threats currently present in their environment and which alerts must be escalated immediately. 

Rise of hybrid threats 

One of the major reasons for this imperative change is the increased pace of change in attack infrastructure, specifically hybrid threats. The use of multiple attacks together has now been brought to the fore by recent investigations by the researchers, including Tycoon 2FA and Salty attack kits combining together as one kill chain attack. In these scenarios, one kit may handle the initial lure and reverse proxy, while another manages session hijacking. These combinations effectively break existing detection rules and confuse traditional defense strategies.

To address this challenge, IT professionals need behavioral patterns and attack logic visibility in real time, as opposed to only focusing on signatures. Finally, proactive protection based on industry and geo context enables SOC managers to understand the threats that matter to them more effectively while predicting attacks rather than reacting to them.
Read more »
cybersecurity vulnerability
Critical security flaw critical vulnerabilities Cyber Security cybersecurity risks cybersecurity vulnerability

Critical FreePBX Vulnerabilities Expose Authentication Bypass and Remote Code Execution Risks

 

Researchers at Horizon3.ai have uncovered several security vulnerabilities within FreePBX, an open-source private branch exchange platform. Among them, one severity flaw could be exploited to bypass authentication if very specific configurations are enabled. The issues were disclosed privately to FreePBX maintainers in mid-September 2025, and the researchers have raised concerns about the exposure of internet-facing PBX deployments.  

According to Horizon3.ai's analysis, the disclosed vulnerabilities affect several FreePBX core components and can be exploited by an attacker to achieve unauthorized access, manipulate databases, upload malicious files, and ultimately execute arbitrary commands. One of the most critical finding involves an authentication bypass weakness that could grant attackers access to the FreePBX Administrator Control Panel without needing valid credentials, given specific conditions. This vulnerability manifests itself in situations where the system's authorization mechanism is configured to trust the web server rather than FreePBX's own user management. 

Although the authentication bypass is not active in the default FreePBX configuration, it becomes exploitable with the addition of multiple advanced settings enabled. Once these are in place, an attacker can create HTTP requests that contain forged authorization headers as a way to provide administrative access. Researchers pointed out that such access can be used to add malicious users to internal database tables effectively to maintain control of the device. The behavior greatly resembles another FreePBX vulnerability disclosed in the past and that was being actively exploited during the first months of 2025.  

Besides the authentication bypass, Horizon3.ai found various SQL injection bugs that impact different endpoints within the platform. These bugs allow authenticated attackers to read from and write to the underlying database by modifying request parameters. Such access can leak call records, credentials, and system configuration data. The researchers also discovered an arbitrary file upload bug that can be exploited as part of having a valid session identifier, thus allowing attacks to upload a PHP-based web shell and use command execution against the underlying server. 

This can be used for extracting sensitive system files or establishing deeper persistence. Horizon3.ai noted that the vulnerabilities are fairly low-complexity to exploit and may enable remote code execution by both authenticated and unauthenticated attackers, depending on which endpoint is exposed and how the system is configured. It added that the PBX systems are an attractive target because such boxes are very exposed to the internet and also often integrated deeply into critical communications infrastructure. The FreePBX project has made patches available to address the issues across supported versions, beginning the rollout in incremental fashion between October and December 2025.

In light of the findings, the project also disabled the ability to configure authentication providers through the web interface and required administrators to configure this setting through command-line tools. Temporary mitigation guidance issued by those impacted encouraged users to transition to the user manager authentication method, limit overrides to advanced settings, and reboot impacted systems to kill potentially unauthorized sessions. Researchers and FreePBX maintainers have called on administrators to check their environments for compromise-especially in cases where the vulnerable authentication configuration was enabled. 

While several vulnerable code paths remain, they require security through additional authentication layers. Security experts underscored that, whenever possible, legacy authentication mechanisms should be avoided because they offer weaker protection against exploitation. The incident serves as a reminder of the importance of secure configuration practices, especially for systems that play a critical role in organizational communications.
Read more »
Subscribe to: Comments (Atom)