CySecurity News - Latest Information Security and Hacking Incidents: Cyber Security

Chatbot Surveillance Chrome Extensions Cyber Security Data Harvesting Urban VPN Proxy

Chrome ‘Featured’ Urban VPN Extension Caught Harvesting Millions of AI Chats

A popular browser extension called Urban VPN Proxy, available for users of Google’s Chrome browser, has been discovered secretly sniffing out and harvesting confidential AI conversation data of millions of users across sites such as ChatGPT, Claude, Copilot, Gemini, Grok, Meta AI, and Perplexity.

The browser extension, known for providing users with a safe and private manner of accessing any blocked website through a virtual private network, was recently upgraded in July of 2025 and has an added function enabling it to fish out all conversation data between users and AI chat bot systems by injecting specific JavaScript code into these sites.

By overriding browser network APIs, the extension is able to collect prompts, responses, conversation IDs, timestamps, session metadata, and the particular AI model in use. The extension's developer, Urban Cyber Security Inc., which also owns BiScience, a company well-known for gathering and profiting from user browsing data, then sends the collected data to remote servers under their control.

The privacy policy of Urban VPN, which was last updated in June 2025, confesses to collecting AI queries and responses for the purposes of "Safe Browsing" and marketing analysis, asserting that any personal data is anonymized and pooled. However, BiScience shares raw, non-anonymized browsing data with business partners, using it for commercial insights and advertising.

Despite the extension offering an “AI protection” feature that warns users about sharing personal information, the data harvesting occurs regardless of whether this feature is enabled, raising concerns about transparency and user consent.The extension and three other similar ones—1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker—all published by Urban Cyber Security Inc., collectively have over eight million installations.

Notably, these extensions bear the “Featured” badge on Chrome and Edge marketplaces, which is intended to signal high quality and adherence to best practices. This badge may mislead users into trusting the extensions, underlining the risk of data misuse through seemingly legitimate channels.

Koi Security’s research highlights how extension marketplaces’ trust signals can be abused to collect sensitive data at scale, particularly as users increasingly share personal details and emotions with AI chatbots. The researcher calls attention to the vulnerability of user data, even with privacy-focused tools, and underscores the need for vigilance and stricter oversight on data collection practices by browser extensions.

Online Retail Store Coupang Suffers South Korea's Worst Data Breach, Leak Linked to Former Employee



 

South Korea

AI Cloud Coupang Cyber Security Data Leak Retail Store South Korea

Online Retail Store Coupang Suffers South Korea's Worst Data Breach, Leak Linked to Former Employee

33.7 million customer data leaked

Data breach is an unfortunate attack that businesses often suffer. Failing to address these breaches is even worse as it costs businesses reputational and privacy damage.

A breach at Coupang that leaked the data of 33.7 million customers has been linked to a former employee who kept access to internal systems after leaving the organization.

About the incident

The news was reported by the Seoul Metropolitan Police Agency with news agencies after an inquiry that involved a raid on Coupang's offices recently. The firm is South Korea's biggest online retailer. It employs 95,000 people and generates an annual revenue of more than $30 billion.

Earlier in December, Coupang reported that it had been hit by a data breach that leaked the personal data of 33.7 million customers such as email IDs, names, order information, and addresses.

The incident happened in June, 2025, but the firm found it in November and launched an internal investigation immediately.

The measures

In December beginning, Coupang posted an update on the breach, assuring the customers that the leaked data had not been exposed anywhere online.

Even after all this, and Coupang's full cooperation with the authorities, the officials raided the firm's various offices on Tuesday to gather evidence for a detailed enquiry.

Recently, Coupang's CEO Park Dae-Jun gave his resignation and apologies to the public for not being able to stop what is now South Korea's worst cybersecurity breach in history.

Police investigation

In the second day of police investigation in Coupang's offices, the officials found that the main suspect was a 43-year old Chinese national who was an employee of the retail giant. The man is called JoongAng, who joined the firm in November 2022 and overlooked the authentication management system. He left the firm in 2024. JoongAng is suspected to have already left South Korea.

What next?

According to the police, although Coupang is considered the victim, the business and staff in charge of safeguarding client information may be held accountable if carelessness or other legal infractions are discovered.

Since the beginning of the month, the authorities have received hundreds of reports of Coupang impersonation. Meanwhile, the incident has caused a large amount of phishing activity in the country, affecting almost two-thirds of its population.

AI-Powered Shopping Is Transforming How Consumers Buy Holiday Gifts



 

Online Shopping Safety

AI Chatbot AI Powered AI technology Chatbots Cyber Security gift cards Online Shopping Online Shopping Safety

AI-Powered Shopping Is Transforming How Consumers Buy Holiday Gifts

Artificial intelligence is emerging with a new dimension in holiday shopping for consumers, going beyond search capabilities into a more proactive role in exploration and decision-making. Rather than endlessly clicking through online shopping sites, consumers are increasingly turning to AI-powered chatbots to suggest gift ideas, compare prices, and recommend specialized products they may not have thought of otherwise. Such a trend is being fueled by the increasing availability of technology such as Microsoft Copilot, ChatGPT from OpenAI, and Gemini from Google. With basic information such as a few elements of a gift receiver’s interest, age, or hobbies, personalized recommendations can be obtained which will direct such a person to specialized retail stores or distinct products.

Such technology is being viewed increasingly as a means of relieving a busy time of year with thoughtfulness in gift selection despite being rushed. Industry analysts have termed this year a critical milestone in AI-enabled commerce. Although figures quantifying expenditures driven by AI are not available, a report by Salesforce reveals that AI-enabled activities have the potential to impact over one-twentieth of holiday sales globally, amounting to an expenditure in the order of hundreds of billions of dollars. Supportive evidence can be derived from a poll of consumers in countries such as America, Britain, and Ireland, where a majority of them have already adopted AI assistance in shopping, mainly for comparisons and recommendations.

Although AI adoption continues to gain pace, customer satisfaction with AI-driven retail experiences remains a mixed bag. With most consumers stating they have found AI solutions to be helpful, they have not come across experiences they find truly remarkable. Following this, retailers have endeavored to improve product representation in AI-driven recommendations. Experts have cautioned that inaccurate or old product information can work against them in AI-driven recommendations, especially among smaller brands where larger rivals have an advantage in resources.

The technology is also developing in other ways beyond recommenders. Some AI firms have already started working on in-chat checkout systems, which will enable consumers to make purchases without leaving the chat interface. OpenAI has started to integrate in-checkout capabilities into conversations using collaborations with leading platforms, which will allow consumers to browse products and make purchases without leaving chat conversations.

However, this is still in a nascent stage and available on a selective basis to vendors approved by AI firms. The above trend gives a cause for concern with regards to concentration in the market. Experts have indicated that AI firms control gatekeeping, where they get to show which retailers appear on the platform and which do not. Those big brands with organized product information will benefit in this case, but small retailers will need to adjust before being considered. On the other hand, some small businesses feel that AI shopping presents an opportunity rather than a threat. Through their investment in quality content online, small businesses hope to become more accessible to AI shopping systems without necessarily partnering with them.

As AI shopping continues to gain popularity, it will soon become important for a business to organize information coherently in order to succeed. Although AI-powered shopping assists consumers in being better informed and making better decisions, overdependence on such technology can prove counterproductive. Those consumers who do not cross-check the recommendations they receive will appear less well-informed, bringing into focus the need to balance personal acumen with technology in a newly AI-shaped retail market.

Trump Approves Nvidia AI Chip Sales to China Amid Shift in U.S. Export Policy



 

Semiconductor Export Controls

Advanced Computing Risks AI Chip Regulation Artificial Intelligence Security Cyber Security Cybersecurity Governance Global Supply Chain Security National Security Policy Semiconductor Export Controls

Trump Approves Nvidia AI Chip Sales to China Amid Shift in U.S. Export Policy

It was the Trump administration's decision to permit Nvidia to regain sales of one of its more powerful artificial intelligence processors to Chinese buyers that sparked a fierce debate in Washington, underscoring the deep tensions between national security policy and economic strategy.

It represents one of the most significant reversals of U.S. technology export controls in recent history, as the semiconductor giant has been allowed to export its H200 artificial intelligence chips to China, which are the second most advanced chips in the world.

The decision was swiftly criticized by China hardliners and Democratic lawmakers, who warned that Beijing could exploit the advanced computing capabilities of the country to speed up military modernization and surveillance.

It was concluded by administration officials, however, that a shift was justified after months of intensive negotiations with industry executives and national security agencies. Among the proposed measures, the U.S. government agreed that economic gains from the technology outweighed earlier fears that it would increase China's technological and military ambitions, including the possibility that the U.S. government would receive a share of its revenues resulting from the technology.

A quick response from the financial markets was observed when former President Donald Trump announced the policy shift on his Truth Social platform on his morning show. Shares of Nvidia soared about 2% after hours of trading after Trump announced the decision, adding to a roughly 3% gain that was recorded earlier in the session as a result of a Semafor report.

The president of China, Xi Jinping, said he informed him personally that the move was being made, noting that Xi responded positively to him, a particularly significant gesture considering that Nvidia's chips are being scrutinized by Chinese regulators so closely.

Trump also noted that the U.S. Commerce Department has been in the process of formalizing the deal, and that the same framework is going to extend to other U.S. chip companies as well, including Advanced Micro Devices and Intel.

As part of the deal, the United States government will be charged a 25 percent government tax, a significant increase from the 15 percent proposed earlier this year, which a White House official confirmed would be collected as an import tax from Taiwan, where the chips are manufactured, before they are processed for export to China, as a form of security.

There was no specific number on how many H200 chips Trump would approve or detail what conditions would apply to the shipment, but he said the shipment would proceed only under safeguards designed to protect the national security of the US.

Officials from the administration described the decision as a calculated compromise, in which they stopped short of allowing exports of Nvidia's most advanced Blackwell chips, while at the same time avoiding a complete ban that could result in a greater opportunity for Chinese companies such as Huawei to dominate the domestic AI chip market.

NVIDIA argued that by offering H200 processors to vetted commercial customers approved by the Commerce Department, it strikes a “thoughtful balance” between American interests and the interests of the companies. Intel declined to comment and AMD and the Commerce Department did not respond to inquiries.

When asked about the approval by the Chinese foreign ministry, they expressed their belief that the cooperation should be mutually beneficial for both sides. Among the most important signals that Trump is trying to loosen long-standing restrictions on the sale of advanced U.S. artificial intelligence technology to Chinese countries is his decision, which is widely viewed as a clear signal of his broader efforts. During this time of intensifying global competition, it is a strategic move aimed at increasing the number of overseas markets for American companies.

In an effort to mend relations among the two countries, Washington has undergone a significant shift in the way it deals with Beijing's controls on rare earth minerals, which provide a significant part of the raw materials for high-tech products in the United States and abroad.

Kush Desai, a White House spokesperson, said that the administration remains committed to preserving American dominance in artificial intelligence, without compromising national security, as Chinese Embassy spokesperson Liu Pengyu urged the United States to take concrete steps to ensure that global supply chains are stable and work efficiently.

Despite requests for comment, the Commerce Department, which oversees export controls, did not respond immediately to my inquiries. Trump’s decision marks a sharp departure from his first term, when he aggressively restricted Chinese access to U.S. technology, which received international attention.

China has repeatedly denied allegations that it has misappropriated American intellectual property and repurposed commercial technology for military purposes-claims which Beijing has consistently denied. There is now a belief among senior administration officials that limiting the export of advanced AI chips could slow down the rise of domestic Chinese rivals because it would reduce companies such as Huawei's incentive to develop competing processors, thus slowing their growth.

According to David Sacks, the White House's AI policy lead, the approach is a strategic necessity, stating that if Chinese chips start dominating global markets, it will mean a loss of U.S. technological leadership.

Although Stewart Baker, a former senior official at the Department of Homeland Security and the National Security Agency, has argued this rationale is extremely unpopular across Washington, it seems unlikely that China will remain dependent on American chips for years to come. According to Baker, Beijing will inevitably seek to displace American suppliers by developing a self-sufficient industry.

Senator Ron Wyden, a democratic senator who argued that Trump struck a deal that undermined American security interests, expressed similar concerns in his remarks and Representative Raja Krishnamoorthi, who called it a significant national security mistake that benefits America’s foremost strategic rival.

There are, however, those who are China hawks who contend that the practical impact may be more limited than others. For example, James Mulvenon, a longtime Chinese military analyst, who was consulted by the U.S. government when the sanctions against Chinese chipmakers SMIC were imposed. In total, the decision underscores the fact that artificial intelligence hardware has become an important tool in both economic diplomacy and strategic competition.

The administration has taken a calibrated approach to exports by opening a narrow channel while maintaining strict limits on the most advanced technologies. Even though the long-term consequences of this move remain uncertain, it has maintained a balanced approach that seeks to balance commercial interest with security considerations.

In order for U.S. policymakers to ensure that well-established oversight mechanisms keep pace with rapid advances in chip capabilities, it will be important to ensure that they prevent the use of such devices for unintended reasons such as military or spying, while maintaining the competitiveness of American firms abroad.

There is no doubt that the episode demonstrates the growing need to take geopolitical risks into account when planning and executing product, supply chain, and investment decisions in the industry. It also signals that lawmakers are having a broader conversation about whether export controls alone can shape technological leadership in an era of rapid technological advances.

The outcome of the ongoing battle between Washington and Beijing is unlikely to simply affect the development of artificial intelligence, but it is likely to also determine the rules that govern how strategic technologies are transferred across borders—a matter that will require sustained attention beyond the immediate reaction of the market.

Cybercriminals Exploit Law Enforcement Data Requests to Steal User Information



 

Personal Data

Cyber Security cybercriminals Data Privacy data security data stealing Discord user data leak Impersonation Personal Data

Cybercriminals Exploit Law Enforcement Data Requests to Steal User Information

While most of the major data breaches occur as a result of software vulnerabilities, credit card information theft, or phishing attacks, increasingly, identity theft crimes are being enacted via an intermediary source that is not immediately apparent. Some of the biggest firms in technology are knowingly yielding private information to what they believe are lawful authorities, only to realize that the identity thieves were masquerading as such.

Technology firms such as Apple, Google, and Meta are mandated by law to disclose limited information about their users to the relevant law enforcement agencies in given situations such as criminal investigations and emergency situations that pose a threat to human life or national security. Such requests for information are usually channeled through formal systems, with a high degree of priority since they are often urgent. All these companies possess detailed information about their users, including their location history, profiles, and gadget data, which is of critical use to law enforcement.

This process, however, has also been exploited by cybercriminals. These individuals try to evade the security measures that safeguard data by using law enforcement communication mimicking. One of the recent tactics adopted by cyber criminals is the acquisition of typosquatting domains or email addresses that are almost similar to law enforcement or governmental domains, with only one difference in the characters. These malicious parties then send sophisticated emails to companies’ compliance or legal departments that look no different from law enforcement emails.

In more sophisticated attacks, the perpetrators employ business email compromise to break into genuine email addresses of law enforcement or public service officials. Requests that appear in genuine email addresses are much more authentic, which in turn multiplies the chances of companies responding positively. Even though this attack is more sophisticated, it is also more effective since it is apparently coming from authentic sources. These malicious data requests can be couched in the terms of emergency disclosures, which could shorten the time for verification.

This emergency request is aimed at averting real damage that could occur immediately, but the attacker takes advantage of the urgency in convincing companies to disclose information promptly. Using such information, identity theft, money fraud, account takeover, or selling on dark markets could be the outcome. Despite these dangers, some measures have been taken by technology companies to ensure that their services are not abused. Most of the major companies currently make use of law enforcement request portals that are reviewed internally before any data sharing takes place. Such requests are reviewed for their validity, authority, and compliance with the law before any data is shared.

This significantly decreased the number of cases of data abuse but did not eradicate the risk. As more criminals register expertise in impersonation schemes that exploit trust-based systems, it is evident that the situation also embodies a larger challenge for the tech industry. It is becoming increasingly difficult to ensure a good blend of legal services to law-enforcement agencies with the need to safeguard the privacy of services used by users. Abuse of law-enforcement data request systems points to the importance of ensuring that sensitive information is not accessed by criminals.

Gartner Warns: Block AI Browsers to Avert Data Leaks and Security Risks



 

Security Risks

Agentic Browsers AI Threat Business Security Cyber Security Cybersecurity Security Risks

Gartner Warns: Block AI Browsers to Avert Data Leaks and Security Risks

Analyst company Gartner has issued a recommendation to block AI-powered browsers to help organizations protect business data and cybersecurity. The company says most of these agentic browsers—browsers using autonomous AI models for interacting with web content and automating tasks by default—are designed to provide good user experiences at the cost of compromising security.

These, the company warns, may leak sensitive information, such as credentials, bank details, or emails, to malicious websites or unauthorized parties. While browsers like OpenAI's ChatGPT Atlas can summarize content, gather data, and automatically navigate users between different websites, the cloud-based back ends commonly used by such browsers handle and store user data, leaving it exposed unless their security settings are carefully managed and appropriate measures implemented.

What Gartner analysts mean here is that agentic browsers can be deceived into collecting and sending sensitive data to unauthorized parties, especially when workers have confidential data open in browser tabs while using an AI assistant. Furthermore, even if the backend of a browser conforms to the cybersecurity policies of a firm, improper use or configuration may turn the situation very risky.

The analysts highlight that in all cases, the responsibility lies squarely with each organization to determine the compliance and risks involved with backend services for any AI browser. Besides, Gartner cautions that workers will be tempted to automate mundane or mandated activities, such as cybersecurity training, with the browsers, which could circumvent basic security protocols.

Safety tips

To mitigate these risks, Gartner suggests organizations train users on the hazards of exposing sensitive data to AI browser back ends and ensure users do not use these tools while viewing highly confidential information.

"With the rise of AI, there is a growing tension between productivity and security, as most AI browsers today err toward convenience over safety. I would not recommend complete bans but encourage organizations to perform risk assessments on specific AI services powering the browsers," security expert Javvad Malik of KnowBe4 commented.

Tailored playbooks for the adoption, oversight, and management of risk for AI agents should be developed to enable organizations to harness the productivity benefits of AI browsers while sustaining appropriate cybersecurity postures.

AI Browsers Raise Privacy and Security Risks as Prompt Injection Attacks Grow



 

online privacy concerns

AI Browser Security AI Browsers AI cyberattacks AI technology Cyber Security Data Theft online privacy concerns

AI Browsers Raise Privacy and Security Risks as Prompt Injection Attacks Grow

A new wave of competition is stirring in the browser market as companies like OpenAI, Perplexity, and The Browser Company aggressively push to redefine how humans interact with the web. Rather than merely displaying pages, these AI browsers will be engineered to reason, take action independently, and execute tasks on behalf of end users. At least four such products, including ChatGPT's Atlas, Perplexity's Comet, and The Browser Company's Dia, represent a transition reminiscent of the early browser wars, when Netscape and Internet Explorer battled to compete for a role in the shaping of the future of the Internet.

Whereas the other browsers rely on search results and manual navigation, an AI browser is designed to understand natural language instructions and perform multi-step actions. For instance, a user can ask an AI browser to find a restaurant nearby, compare options, and make a reservation without the user opening the booking page themselves. In this context, the browser has to process both user instructions and the content of each of the webpages it accesses, intertwining decision-making with automation.

But this capability also creates a serious security risk that's inherent in the way large language models work. AI systems cannot be sure whether a command comes from a trusted user or comes with general text on an untrusted web page. Malicious actors may now inject malicious instructions within webpages, which can include uses of invisible text, HTML comments, and image-based prompts. Unbeknownst to them, that might get processed by an AI browser along with the user's original request-a type of attack now called prompt injection.

The consequence of such attacks could be dire, since AI browsers are designed to gain access to sensitive data in order to function effectively. Many ask for permission to emails, calendars, contacts, payment information, and browsing histories. If compromised, those very integrations become conduits for data exfiltration. Security researchers have shown just how prompt injections can trick AI browsers into forwarding emails, extracting stored credentials, making unauthorized purchases, or downloading malware without explicit user interaction. One such neat proof-of-concept was that of Perplexity's Comet browser, wherein the researchers had embedded command instructions in a Reddit comment, hidden behind a spoiler tag. When the browser arrived and was asked to summarise the page, it obediently followed the buried commands and tried to scrape email data. The user did nothing more than request a summary; passive interactions indeed are enough to get someone compromised.

More recently, researchers detailed a method called HashJack, which abuses the way web browsers process URL fragments. Everything that appears after the “#” in a URL never actually makes it to the server of a given website and is only accessible to the browser. An attacker can embed nefarious commands in this fragment, and AI-powered browsers may read and act upon it without the hosting site detecting such commands. Researchers have already demonstrated that this method can make AI browsers show the wrong information, such as incorrect dosages of medication on well-known medical websites. Though vendors are experimenting with mitigations, such as reinforcement learning to detect suspicious prompts or restricting access during logged-out browsing sessions, these remain imperfect.

The flexibility that makes AI browsers useful also makes them vulnerable. As the technology is still in development, it shows great convenience, but the security risks raise questions of whether fully trustworthy AI browsing is an unsolved problem.

Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft



 

Hacking Attack

Asus Cyber Defence Cyber Security Cybersecurity Breach Everest Ransomware Hackers Hacking Attack

Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft

Asus has confirmed a security breach via one of its third-party suppliers after the Everest ransomware group claimed it had accessed internal materials belonging to the company. In its statement, Asus confirmed that a supply chain vendor "was hacked," and the intrusion impacted portions of the source code relating to cameras for Asus smartphones. The company emphasized that no internal systems, products, or customer data were impacted. It refused to name the breached supplier or detail exactly what was accessed, but it said it is shoring up supply chain defenses to align with cybersecurity best practices.

The disclosure comes amid brazen claims from the Everest ransomware gang, an established extortion outfit that has traditionally targeted major technology firms. Everest claimed it had pilfered around 1 TB of data related to Asus, ArcSoft, and Qualcomm, leaking screenshots online as evidence of the breach. The group said on its dark-web leak site that it was offering an array of deep technical assets, from segmentation modules to source code, RAM dumps, firmware tools, AI model weights, image datasets, crash logs, and test applications. The cache supposedly also contained calibration files, dual-camera data, internal test videos, and performance evaluation reports, the gang said.

As it is, Asus hasn't verified the broader claims of Everest and has called the incident isolated to a single external supplier that holds camera-related resources. The company hasn't provided an explanation of whether material that was supposedly exfiltrated by the attackers included its proprietary code or information from the other organizations named by the group. Requests for additional comment from the manufacturer went unreturned, thus leaving various aspects of the breach unexplained. The timing is problematic for Asus, coming just weeks after new research highlighted yet another security issue with the company's consumer networking hardware. Analysts in recent weeks said about 50,000 Asus routers were compromised in what observers believe is a China-linked operation.

That campaign involved attackers exploiting firmware vulnerabilities to build a relatively large botnet that's able to manipulate traffic and facilitate secondary infections. Although the router exploitation campaign and the supplier breach seem unrelated, taken together the two incidents raise the temperature on Asus' overall security posture. With attackers already targeting its networking devices en masse, the discovery of a supply chain intrusion-one that may have entailed access to source code-only adds to the questions about the robustness of the company's development environments.

As supply chain compromises remain one of the biggest risks facing the tech sector, the incident serves as a reminder of the need for far better oversight, vetting of vendors, and continuous monitoring to ensure malicious actors do not penetrate upstream partners. For Asus, the breach raises pressure on the company to reassure customers and partners that its software and hardware ecosystems remain secure amid unrelenting global cyberthreat activity.

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes



 

Microsoft

Critical Flaws Critical security flaw CVE CVEs CVSS Cyber Security Fortinet Ivanti Ivanti security flaws Microsoft

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes

While December's Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation and two others that were publicly disclosed. Notably, critical security updates also came from Notepad++, Ivanti, and Fortinet this cycle, making it particularly important for system administrators and enterprise security teams alike.

The most critical of Microsoft's disclosures this month is CVE-2025-62221, a Windows Cloud Files Mini Filter Driver bug rated 7.8 on the CVSS scale. It allows for privilege escalation: an attacker who has code execution rights can leverage the bug to escalate to full system-level access. Researchers say this kind of bug is exploited on a regular basis in real-world intrusions, and "patching ASAP" is critical. Microsoft hasn't disclosed yet which threat actors are actively exploiting this flaw; however, experts explain that bugs like these "tend to pop up in almost every big compromise and are often used as stepping stones to further breach".

Another two disclosures from Microsoft were CVE-2025-54100 in PowerShell and CVE-2025-64671, impacting GitHub Copilot for JetBrains. Although these are not confirmed to be exploited, they were publicly disclosed ahead of patching. Graded at 8.4, the Copilot vulnerability would have allowed for remote code execution via malicious cross-prompt injection, provided a user is tricked into opening untrusted files or connecting to compromised servers. Security researchers expect more vulnerabilities of this type to emerge as AI-integrated development tools expand in usage.

But one of the more ominous developments outside Microsoft belongs to Notepad++. The popular open-source editor pushed out version 8.8.9 to patch a weakness in the way updates were checked for authenticity. Attackers were managing to intercept network traffic from the WinGUp update client, then redirecting users to rogue servers, where malicious files were downloaded instead of legitimate updates. There are reports that threat groups in China were actively testing and exploiting this vulnerability. Indeed, according to the maintainer, "Due to the improper update integrity validation, an adversary was able to manipulate the download"; therefore, users should upgrade as soon as possible.

Fortinet also patched two critical authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, in FortiOS and several related products. The bugs enable hackers to bypass FortiCloud SSO authentication using crafted SAML messages, which only works if SSO has been enabled. Administrators are advised to disable the feature until they can upgrade to patched builds to avoid unauthorized access. Rounding out the disclosures, Ivanti released a fix for CVE-2025-10573, a severe cross-site scripting vulnerability in its Endpoint Manager. The bug allows an attacker to register fake endpoints and inject malicious JavaScript into the administrator dashboard. Viewed, this could serve an attacker full control over the session without credentials. There has been no observed exploitation so far, but researchers warn that it is likely attackers will reverse engineer the fix soon, making for a deployment environment of haste.

UK Cyber Agency says AI Prompt-injection Attacks May Persist for Years



 

United Kingdom

AI prompt injection attack Artificial Intelligence Cyber Security NCSC SQL United Kingdom

UK Cyber Agency says AI Prompt-injection Attacks May Persist for Years

The United Kingdom’s National Cyber Security Centre has issued a strong warning about a spreading weakness in artificial intelligence systems, stating that prompt-injection attacks may never be fully solved. The agency explained that this risk is tied to the basic design of large language models, which read all text as part of a prediction sequence rather than separating instructions from ordinary content. Because of this, malicious actors can insert hidden text that causes a system to break its own rules or execute unintended actions.

The NCSC noted that this is not a theoretical concern. Several demonstrations have already shown how attackers can force AI models to reveal internal instructions or sensitive prompts, and other tests have suggested that tools used for coding, search, or even résumé screening can be manipulated by embedding concealed commands inside user-supplied text.

David C, a technical director at the NCSC, cautioned that treating prompt injection as a familiar software flaw is a mistake. He observed that many security professionals compare it to SQL injection, an older type of vulnerability that allowed criminals to send harmful instructions to databases by placing commands where data was expected. According to him, this comparison is dangerous because it encourages the belief that both problems can be fixed in similar ways, even though the underlying issues are completely different.

He illustrated this difference with a practical scenario. If a recruiter uses an AI system to filter applications, a job seeker could hide a message in the document that tells the model to ignore existing rules and approve the résumé. Since the model does not distinguish between what it should follow and what it should simply read, it may carry out the hidden instruction.

Researchers are trying to design protective techniques, including systems that attempt to detect suspicious text or training methods that help models recognise the difference between instructions and information. However, the agency emphasised that all these strategies are trying to impose a separation that the technology does not naturally have. Traditional solutions for similar problems, such as Confused Deputy vulnerabilities, do not translate well to language models, leaving large gaps in protection.

The agency also stressed upon a security idea recently shared on social media that attempted to restrict model behaviour. Even the creator of that proposal admitted that it would sharply reduce the abilities of AI systems, showing how complex and limiting effective safeguards may become.

The NCSC stated that prompt-injection threats are likely to remain a lasting challenge rather than a fixable flaw. The most realistic path is to reduce the chances of an attack or limit the damage it can cause through strict system design, thoughtful deployment, and careful day-to-day operation. The agency pointed to the history of SQL injection, which once caused widespread breaches until better security standards were adopted. With AI now being integrated into many applications, they warned that a similar wave of compromises could occur if organisations do not treat prompt injection as a serious and ongoing risk.

How Retailers Should Harden Accounts Before the Holiday Rush



 

third party access

CAPTCHA Credential Stuffing Cyber Security MFA Online Retailers Passwords third party access

How Retailers Should Harden Accounts Before the Holiday Rush

Retailers rely heavily on the year-end shopping season, but it also happens to be the period when online threats rise faster than most organizations can respond. During the rush, digital systems handle far more traffic than usual, and internal teams operate under tighter timelines. This combination creates a perfect opening for attackers who intentionally prepare their campaigns weeks in advance and deploy automated tools when stores are at their busiest.

Security analysts consistently report that fraudulent bot traffic, password-testing attempts, and customer account intrusions grow sharply during the weeks surrounding Black Friday, festive sales, and year-end shopping events. Attackers time their operations carefully because the chance of slipping through undetected is higher when systems are strained and retailers are focused on maintaining performance rather than investigating anomalies.

A critical reason criminals favor this season is the widespread reuse of passwords. Large collections of leaked usernames and passwords circulate on criminal forums, and attackers use automated software to test these combinations across retail login pages. These tools can attempt thousands of logins per minute. When one match succeeds, the attacker gains access to stored payment information, saved addresses, shopping histories, loyalty points, and in some cases stored tokenized payment methods. All of these can be exploited immediately, which makes the attack both low-effort and highly profitable.

Another layer of risk arises from the credentials of external partners. Many retailers depend on vendors for services ranging from maintenance to inventory support, which means third-party accounts often hold access to internal systems. Past retail breaches have shown that attackers frequently begin their intrusion not through the company itself but through a partner whose login rights were not secured with strong authentication or strict access controls. This amplifies the impact far beyond a single compromised account, highlighting the need for retailers to treat vendor and contractor credentials with the same seriousness as internal workforce accounts.

Balancing security with customer experience becomes especially challenging during peak seasons. Retailers cannot introduce so much friction that shoppers abandon their carts, yet they also cannot ignore the fact that most account takeovers begin with weak, reused, or compromised passwords.

Modern authentication frameworks recommend focusing on password length, screening new passwords against known breach data, and reducing reliance on outdated complexity rules that frustrate users without meaningfully improving security. Adaptive multi-factor authentication is viewed as the most practical solution. It triggers an additional verification step only when something unusual is detected, such as a login from an unfamiliar device, a significant change to account settings, or a suspicious location. This approach strengthens security without slowing down legitimate customers.

Internal systems require equal attention. Administrative dashboards, point-of-sale backends, vendor portals, and remote-access platforms usually hold higher levels of authority, which means they must follow a stricter standard. Mandatory MFA, centralized identity management, unique employee credentials, and secure vaulting of privileged passwords significantly reduce the blast radius of any single compromised account.

Holiday preparedness also requires a layered approach to blocking automated abuse. Retailers can deploy tools that differentiate real human activity from bots by studying device behavior, interaction patterns, and risk signals. Rate limits, behavioral monitoring for credential stuffing, and intelligence-based blocking of known malicious sources help limit abuse without overwhelming the customer experience. Invisible or background challenge mechanisms are often more effective than traditional CAPTCHAs, which can hinder sales during peak traffic.

A final but critical aspect of resilience is operational continuity. Authentication providers, SMS delivery routes, and verification systems can fail under heavy demand, and outages during peak shopping hours can have direct financial consequences. Retailers should run rehearsals before the season begins, including testing failover paths for sign-in systems, defining emergency access methods that are short-lived and fully auditable, and ensuring there is a manual verification process that stores can rely on if digital systems lag or fail. Running load tests and tabletop exercises helps confirm that backup procedures will hold under real stress.

Strengthening password policies and monitoring for compromised credentials also plays a vital role. Tools that enforce password screenings against known breach databases, encourage passphrases, restrict predictable patterns, and integrate directly with directory services allow retailers to apply consistent controls across both customer-facing and internal systems. Telemetry from these tools can reveal early signs of suspicious behavior, providing opportunities to intervene before attackers escalate their actions.

With attackers preparing earlier each year and using highly automated methods, retailers must enter the holiday season with defenses that are both proactive and adaptable. By tightening access controls, reinforcing authentication, preparing for system failures, and using layered detection methods, retailers can significantly reduce the likelihood of account takeovers and fraud, all while maintaining smooth and reliable shopping experiences for their customers.

AI IDE Security Flaws Exposed: Over 30 Vulnerabilities Highlight Risks in Autonomous Coding Tools



 

data security

AI Platform AI Security AI security flaw AI technology Critical security flaw Cyber Security data security

AI IDE Security Flaws Exposed: Over 30 Vulnerabilities Highlight Risks in Autonomous Coding Tools

More than 30 security weaknesses in various AI-powered IDEs have recently been uncovered, raising concerns as to how emerging automated development tools might unintentionally expose sensitive data or enable remote code execution. A collective set of vulnerabilities, referred to as IDEsaster, was termed by security researcher Ari Marzouk (MaccariTA), who found that such popular tools and extensions as Cursor, Windsurf, Zed.dev, Roo Code, GitHub Copilot, Claude Code, and others were vulnerable to attack chains leveraging prompt injection and built-in functionalities of the IDEs. At least 24 of them have already received a CVE identifier, which speaks to their criticality.

However, the most surprising takeaway, according to Marzouk, is how consistently the same attack patterns could be replicated across every AI IDE they examined. Most AI-assisted coding platforms, the researcher said, don't consider the underlying IDE tools within their security boundaries but rather treat long-standing features as inherently safe. But once autonomous AI agents can trigger them without user approval, the same trusted functions can be repurposed for leaking data or executing malicious commands.

Generally, the core of each exploit chain starts with prompt injection techniques that allow an attacker to redirect the large language model's context and behavior. Once the context is compromised, an AI agent might automatically execute instructions, such as reading files, modifying configuration settings, or writing new data, without the explicit consent of the user. Various documented cases showed how these capabilities could eventually lead to sensitive information disclosure or full remote code execution on a developer's system. Some vulnerabilities relied on workspaces being configured for automatic approval of file writes; thus, in practice, an attacker influencing a prompt could trigger code-altering actions without any human interaction.

Researchers also pointed out that prompt injection vectors may be obfuscated in non-obvious ways, such as invisible Unicode characters, poisoned context originating from Model Context Protocol servers, or malicious file references added by developers who may not suspect a thing. Wider concerns emerged when new weaknesses were identified in widely deployed AI development tools from major companies including OpenAI, Google, and GitHub.

As autonomous coding agents see continued adoption in the enterprise, experts warn these findings demonstrate how AI tools significantly expand the attack surface of development workflows. Rein Daelman, a researcher at Aikido, said any repository leveraging AI for automation tasks-from pull request labeling to code recommendations-may be vulnerable to compromise, data theft, or supply chain manipulation. Marzouk added that the industry needs to adopt what he calls Secure for AI, meaning systems are designed with intentionality to resist the emerging risks tied to AI-powered automation, rather than predicated on software security assumptions.

Palo Alto GlobalProtect Portals Face Spike in Suspicious Login Attempts



 

Vulnerability and Exploits

Cyber Security Cyber Threat Surge Enterprise security GlobalProtect Security Network Intrusion Palo Alto Networks Remote Access Risks Threat Intelligence VPN Attacks Vulnerability and Exploits

Palo Alto GlobalProtect Portals Face Spike in Suspicious Login Attempts

Among the developments that have disturbed security teams around the world, threat-intelligence analysts have detected a sudden and unusually coordinated wave of probing of Palo Alto Networks' GlobalProtect remote access infrastructure. This activity appears to be influenced by the presence of well-known malicious fingerprints and well-worn attack mechanisms.

It has been revealed in new reports from GreyNoise that the surge began on November 14 and escalated sharply until early December, culminating in more than 7,000 unique IP addresses trying to log into GlobalProtect portals through the firm's Global Observation Grid monitored by GlobalProtect. This influx of hostile activity has grown to the highest level in 90 days and has prompted fresh concerns among those defending the computer system from attempts to hack themselves, who are watching for signs that such reconnaissance is likely to lead to a significant breach of their system.

In general, the activity stems mostly from infrastructure that operates under the name 3xK GmbH (AS200373), which accounts for approximately 2.3 million sessions which were directed to the global-protect/login.esp endpoint used by Palo Alto's PAN-OS and GlobalProtect products. The data was reported by GreyNoise to reveal that 62 percent of the traffic was geolocated in Germany, with 15 percent being traced to Canada.

In parallel, AS208885 contributed a steady stream of probing throughout the entire network. As a result of early analysis, it is clear that this campaign requires continuity with prior malicious campaigns that targeted Palo Alto equipment, showing that recurring TCP patterns were used, repeated JA4T signatures were seen, and that infrastructure associated with known threat actors was reused.

Despite the fact that the scans were conducted mainly in the United States, Mexico, and Pakistan regions, all of them were subjected to a comparable level of pressure, which suggested a broad, opportunistic approach as opposed to a narrowly targeted campaign, and served as a stark reminder of the persistent attention adversaries pay to remote-access technologies that are widely deployed.

There has been a recent increase in the activity of this campaign, which is closely related to the pattern that was first observed between late September and mid-October, when three distinct fingerprints were detected among more than nine million nonspoofable HTTP sessions, primarily directed towards GlobalProtect portals, in an effort to track the attacks.

There is enough technical overlap between four autonomous systems that originate those earlier scans to raise early suspicion, even though they had no prior history of malicious behavior. At the end of November, however, the same signatures resurfaced from 3xK Tech GmbH’s infrastructure in a concentrated burst. This event generated about 2.3 million sessions using identical TCP and JA4t indicators, with the majority of the traffic coming from IP addresses located in Germany.

In the present, GreyNoise is highly confident that both phases of activity are associated with a single threat actor. It has now been reported that fingerprints of the attackers have reapplied on December 3, this time in probing attempts against SonicWall's SonicOS API, suggesting more than a product-specific reconnaissance campaign, but a more general reconnaissance sweep across widely deployed perimeter technologies. According to security analysts, GlobalProtect remains a high-profile target because of its deep penetration into enterprise networks and its history of high-impact vulnerabilities.

It is important to note, however, that CVE-2024-3400 is still affecting unremedied systems despite being patched in April 2024 with a 9.8 rating due to a critical command-injection flaw, CVE-2024-3400. During recent attacks, malicious actors have used pre-authentication access as a tool for enumerating endpoints, brute-forcing credentials, and deploying malware to persist by exploiting misconfigurations that allow pre-authentication access, such as exposed administrative portals and unchanged default credentials.

They have also developed custom tools modeled on well-known exploitation frameworks. Although researchers caution that no definitive attribution has been established for the current surge of activity, Mandiant has observed the same methods being used by Chinese state-related groups like UNC4841 in operations linked to those groups. A number of indicators of confirmed intrusions have included sudden spikes in UDP traffic to port 4501, followed by HTTP requests to "/global-protect/login.urd," from which attackers have harvested session tokens and gotten deeper into victim environments by harvesting session tokens.

According to a Palo Alto Networks advisory dated December 5, administrators are urged to harden exposed portals with multi-factor authentication, tighten firewall restrictions, and install all outstanding patches, but noted that properly configured deployments remain resilient despite the increased scrutiny. Since then, CISA has made it clear that appropriate indicators have been added to its Catalog of Known Exploited Vulnerabilities and that federal agencies must fix any issues within 72 hours.

The latest surge in malicious attacks represents a stark reminder of how quickly opportunistic reconnaissance can escalate into compromise when foundational controls are neglected, so organizations should prepare for the possibility of follow-on attacks. Security experts have highlighted that these recent incidents serve as a warning to organizations about potential follow-on attacks. A number of security experts advise organizations to adopt a more disciplined hardening strategy rather than rely on reactive patching, which includes monitoring the attack surface continuously, checking identity policies regularly, and segmenting all remote access paths as strictly as possible.

According to analysts, defenders could also benefit from closer alignment between security operations teams and network administrators in order to keep an eye on anomalous traffic spikes or repeated fingerprint patterns and escalate them before they become operationally relevant. Researchers demonstrate the importance of sharing indicators early and widely, particularly among organizations that operate internet-facing VPN frameworks, as attackers have become increasingly adept at recycling infrastructure, tooling, and products across many different product families.

Even though GlobalProtect and similar platforms are generally secure if they are configured correctly, recent scan activity highlights a broader truth that is not obvious. In order to remain resilient to adversaries who are intent on exploiting even the slightest crack in perimeter defenses, sustained vigilance, timely remediation, and a culture of proactive security hygiene remain the most effective barriers.

NATO Concludes Cyber Coalition Exercise in Estonia, Preparing for Future Digital Threats



 

NATO Concludes Cyber Coalition Exercise in Estonia, Preparing for Future Digital Threats

NATO has wrapped up its annual Cyber Coalition exercise in Estonia after a week of intensive drills focused on protecting networks and critical infrastructure from advanced cyberattacks.

More than 1,300 cyber defenders joined the 2025 exercise. Participants represented 29 NATO countries, 7 partner nations, as well as Austria, Georgia, Ireland, Japan, South Korea, Switzerland, Ukraine, the European Union, industry experts, and universities.

The goal of the training was to strengthen cooperation and improve the ability to detect, deter, and respond to cyber threats that could affect military and civilian systems.

Commander Brian Caplan, the Exercise Director, said that Cyber Coalition brings countries together to learn how they would operate during a cyber crisis. He highlighted that cyber threats do not stay within borders and that sharing information is key to improving global defence.

This year’s exercise presented seven complex scenarios that mirrored real-world challenges. They included attacks on critical national infrastructure, cyber disruptions linked to space systems, and a scenario called “Ghost in the Backup,” which involved hidden malware inside sensitive data repositories.

Multiple simulated threat actors carried out coordinated digital operations against a NATO mission. The drills required participants to communicate continuously, share intelligence, and use systems such as the Virtual Cyber Incident Support Capability.

The exercise also tested the ability of teams to make difficult decisions. Participants had to identify early warning signs like delayed satellite data, irregular energy distribution logs, and unexpected power grid alerts. They were also challenged to decide when to escalate issues to civilian authorities or NATO headquarters and how to follow international law when sharing military intelligence with law enforcement.

A British officer taking part in the event said cyber warfare is no longer limited to watching computers. Participants must also track information shared by media and social networks, including sources that may be run by hostile groups.

Over the years, Cyber Coalition has evolved based on new technologies, new policies, and new threats. According to Commander Caplan, the exercise helps NATO and its partners adjust together before a real crisis takes place.

Cyber defence is now a major pillar in NATO’s training efforts. Leaders say large-scale drills like Cyber Coalition are necessary as cyber threats continue to grow in both sophistication and frequency.

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones



 

SMS

Compliance Cyber Security Employee Data Google Google RCS security SMS

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones

A recent Android update has marked a paradigm shifting change in how text messages are handled on employer-controlled devices. This means Google has introduced a feature called Android RCS Archival, which lets organisations capture and store all RCS, SMS, and MMS communications sent through Google Messages on fully managed work phones. While the messages remain encrypted in transport, they can now be accessed on the device itself once delivered.

This update is designed to help companies meet compliance and record-keeping requirements, especially in sectors that must retain communication logs for regulatory reasons. Until now, many organizations had blocked RCS entirely because of its encryption, which made it difficult to archive. The new feature gives them a way to support richer messaging while still preserving mandatory records.

Archiving occurs via authorized third-party software that integrates directly with Google Messages on work-managed devices. Once enabled by a company's IT, the software will log every interaction inside of a conversation, including messages received, sent, edited, or later deleted. Employees using these devices will see a notification when archiving is active, signaling their conversations are being logged.

Google's indicated that this functionality only refers to work-managed Android devices, personal phones and personal profiles are not impacted, and the update doesn't allow employers access to user data on privately-owned devices. The feature must also be intentionally switched on by the organisation; it is not automatically on.

The update also brings to the surface a common misconception about encrypted messaging: End-to-end encryption protects content only while it's in transit between devices. When a message lands on a device that is owned and administered by an employer, the organization has the technical ability to capture it. It does not extend to over-the-top platforms - such as WhatsApp or Signal - that manage their own encryption. Those apps can expose data as well in cases where backups aren't encrypted or when the device itself is compromised.

This change also raises a broader issue: one of counterparty risk. A conversation remains private only if both ends of it are stored securely. Screenshots, unsafe backups, and linked devices outside the encrypted environment can all leak message content. Work-phone archiving now becomes part of that wider set of risks users should be aware of.

For employees, the takeaway is clear: A company-issued phone is a workplace tool, not a private device. Any communication that originates from a fully managed device can be archived, meaning personal conversations should stay on a personal phone. Users reliant on encrypted platforms have reason to review their backup settings and steer clear of mixing personal communication with corporate technology.

Google's new archival option gives organisations a compliance solution that brings RCS in line with traditional SMS logging, while for workers it is a further reminder that privacy expectations shift the moment a device is brought under corporate management.

Growing Concerns Over Wi-Fi Router Surveillance and How to Respond



 

Wireless Threats

Cyber Security Data Privacy digital surveillance Encryption Standards Malware Defense Network Safety Router Protection Wifi security Wireless Threats

Growing Concerns Over Wi-Fi Router Surveillance and How to Respond

A new report from security researchers warns that a humble Wi-Fi router has quietly become one of the most vulnerable gateways into home and work in an era where digital dependency is becoming more prevalent each day. Despite being overlooked and rarely reconfigured after installation, these routers remain one of the most vulnerable gateways to cybercrime.

It is becoming increasingly clear that stalkers, hackers, and unauthorized users can easily infiltrate networks that are prone to outdated settings or weak protections as cyberattacks become more sophisticated. Various studies have shown that encryption standards like WPA3, when combined with strong password hygiene practices, can serve as the first line of defense in the fight against cybercrime. However, these measures can be undermined when users neglect essential security practices, such as safe password practices.

Today, comprehensive security strategies require much more than just a password to achieve the desired results: administrators need to regularly check router-level security settings, such as firewall rules, guest network isolation, administrative panel restrictions, tracking permissions, and timely firmware updates. This is particularly true for routers that can support hundreds, or even thousands of connected devices in busy offices and homes.

Modern wireless security relies on layers of defenses that combine to repel unauthorized access through layered defenses. WPA2 and WPA3 encryption protocols scramble data packets, ensuring that intercepted information remains unreadable by anyone outside of the network.

A user's legitimacy is verified by an authentication prompt prior to any device being permitted on to the network, and granular access-control rules determine who can connect, what they can view, and how deeply they can communicate with the network.

By maintaining secure endpoints—such as updating operating systems, antivirus applications, and restricting administrator access—we further decrease the chances of attackers exploiting weak links in the system. In addition to monitoring traffic patterns constantly, intrusion detection and prevention systems also recognize anomalies, block malicious attempts in real time, and respond to threats immediately.

In conjunction with these measures, people have the capability of creating a resilient Wi-Fi defense architecture that protects both the personal and professional digital environments alike. According to researchers, although it seems trivial to conceal the physical coordinates of a Wi-Fi router, concealing this information is essential both for the safety of the individual and for the security of the organization.

It is possible for satellite internet terminals such as Starlink to unwittingly reveal the exact location of a user-an issue particularly important in conflicting military areas and disaster zones where location secrecy is critical. Mobile hotspots present similar issues as well. In the event that professionals frequently travel with portable routers, their movement can reveal travel patterns, business itineraries, or even extended stays in specific areas of the country.

People who have relocated to escape harassment or domestic threats may experience increased difficulties with this issue, as an old router connected by acquaintances or adversaries may unintentionally reveal their new address to others. It is true that these risks exist, but researchers note that the accuracy of Wi-Fi Positioning System (WPS) tracking is still limited.

There is typically only a short period of time between a router appearing in location databases—usually several days after it has been detected repeatedly by multiple smartphones using geolocation services—conditions that would not be likely to occur in isolated, sparsely populated, or transient locations.

Furthermore, modern standards allow for BSSID randomization, a feature that allows a router's broadcast identifier to be rotated regularly. This rotation, which is similar to the rotation of private MAC addresses on smartphones, disrupts attempts at mapping or re-identifying a given access point over time, making it very difficult to maintain long-term surveillance capabilities.

The first line of defense remains surprisingly simple: strong, unique passwords. This can be accomplished by reinforcing the basic router protections that are backed by cybersecurity specialists. Intruders continue to exploit weak or default credentials, allowing them to bypass security mechanisms with minimal effort and forging secure access keys with minimal effort.

Experts recommend long, complex passphrases enriched with symbols, numbers, and mixed character cases, along with WPA3 encryption, as a way to safeguard data while it travels over the internet. Even so, encryption alone cannot cover up for outdated systems, which is why regular firmware updates and automated patches are crucial to closing well-documented vulnerabilities that are often ignored by aging routers.

A number of features that are marketed as conveniences, such as WPS and UPnP, are widely recognized as high-risk openings which are regularly exploited by cybercriminals. Analysts believe that disabling these functions drastically reduces one's exposure to targeted attacks. Aside from updating the default administrator usernames, modern routers come with a number of security features that are often left untouched by organizations and households alike.

As long as a guest network is used, you can effectively limit unauthorized access and contain potential infections by changing default administrator usernames, enabling two-step verification, and segmenting traffic. As a general rule, firewalls are set to block suspicious traffic automatically, while content filters can be used to limit access to malicious or inappropriate websites.

Regular checks of device-level access controls ensure that only recognized, approved hardware may be connected to the network, in addition to making sure that only approved hardware is allowed access. The combination of these measures is one of the most practical, yet often neglected, frameworks available for strengthening router defenses, preventing attackers from exploiting breaches in digital hygiene, and limiting the opportunities available to attackers.

As reported by CNET journalist Ry Crist in his review of major router manufacturers' disclosures, the landscape of data collection practices is fragmented and sometimes opaque. During a recent survey conducted by the companies surveyed, we found out that they gathered a variety of information from users, ranging from basic identifiers like names and addresses to detailed technical metrics that were used to evaluate the performance of the devices.

Despite the fact that most companies justify collecting operational data as an essential part of maintenance and troubleshooting, they admit that this data is often incorporated into marketing campaigns as well as shared with third parties. There remains a large amount of ambiguity in the scope and specificity of the data shared by CommScope.

In its privacy statement, which is widely used by consumers to access the Internet, CommScope notes that the company may distribute "personal data as necessary" to support its services or meet business obligations. Nevertheless, the company does not provide sufficient details about the limits of the sharing of this information. However, it is somewhat clearer whether router makers harvest browsing histories when we examine their privacy policies.

It is explicitly stated by Google that its systems do not track users' web activity. On the other hand, both Asus and Eero have expressed a rejection of the practice to CNET directly. TP-Link and Netgear both maintain that browsing data can only be collected when customers opt into parental controls or similar services in addition to that.

The same is true of CommScope, which claimed that Surfboard routers do not access individuals' browsing records, though several companies, including TP-Link and CommScope, have admitted that they use cookies and tracking tools on their websites. There is no definitive answer provided by public agreements or company representatives for other manufacturers, such as D-Link, which underscores the uneven level of transparency throughout the industry.

There are also inconsistencies when it comes to the mechanisms available to users who wish to opt out of data collection. In addition, some routers, such as those from Asus and Motorola managed by Minim, allow customers to disable certain data sharing features in the router’s settings. Nest users, on the other hand, can access these controls through a privacy menu that appears on the mobile app.

Some companies, on the other hand, put heavier burdens on their customers, requiring them to submit e-mails, complete online forms, or complete multi-step confirmation processes, while others require them to submit an email. Netgear's deletion request form is dedicated to customers, whereas CommScope offers opt-out options for targeted advertising on major platforms such as Amazon and Facebook, where consumers can submit their objections online.

A number of manufacturers, including Eero, argue that the collection of selected operational data is essential for the router to function properly, limiting the extent to which users can turn off this tracking. In addition, security analysts advise consumers that routers' local activity logs are another privacy threat that they often ignore.

The purpose of these logs is to collect network traffic and performance data as part of diagnostic processes. However, the logs can inadvertently reveal confidential browsing information to administrators, service providers, or malicious actors who gain access without authorization. There are several ways to review and clear these records through the device's administration dashboard, a practice which experts advise users to adhere to on a regular basis.

It is also important to note that the growing ecosystem of connected home devices, ranging from cameras and doorbells to smart thermostats and voice assistants, has created more opportunities to be monitored, if they are not appropriately secured. As users are advised to research the data policies of their IoT hardware and apply robust privacy safeguards, they must acknowledge that routers are just one part of a much larger and deeper digital ecosystem.

It has been suggested by analysts that today's wireless networks require an ecosystem of security tools that play a unique role within a larger defensive architecture in order to safeguard them, as well as a number of specialized security tools. As a result of the layered approach modern networks require, frameworks typically categorize these tools into four categories: active, passive, preventive, and unified threat management.

Generally speaking, active security devices function just like their wired counterparts, but they are calibrated specifically to handle the challenges of wireless environments, for example. It includes firewalls that monitor and censor incoming and outgoing traffic in order to block intrusions, antivirus engines that continuously scan the airwaves for malware, and content filtering systems designed to prevent access to dangerous or noncompliant websites. This type of tool is the frontline mechanism by which a suspicious activity or a potential threat can be identified immediately and key controls enforced at the moment of connection.

Additionaly, passive security devices, in particular wireless intrusion detection systems, are frequently used alongside them. In addition to monitoring network traffic patterns for anomalies, they also detect signs of malware transmission, unusual login attempts or unusual data spikes. These tools do not intervene directly. Administrators are able to respond to an incident swiftly through their monitoring capabilities, which allows them to isolate compromised devices or adjust configurations prior to an incident escalate, which allows administrators to keep a close eye on their network.

A preventive device, such as a vulnerability scanner or penetration testing appliance, also plays a crucial role. It is possible for these tools to simulate adversarial behaviors, which can be used to probe network components for weaknesses that can be exploited without waiting for an attack to manifest. By using preventive tools, organizations are able to uncover misconfigurations, outdated protections, or loopholes in the architecture of the systems, enabling them to address deficiencies well before attackers are able to exploit them.

In a way, the Unified Threat Management system provides a single, manageable platform at the edge of the network, combining many of these protections into one. Essentially, UTM devices are central gateways that integrate firewalls, anti-malware engines, intrusion detection systems, and other security measures, making it easier to monitor large or complex environments.

A number of UTM solutions also incorporate performance-monitoring capabilities, which include bandwidth, latency, packet loss, and signal strength, essential metrics for ensuring a steady and uninterrupted wireless network. There are several ways in which administrators can receive alerts when irregularities appear, helping them to identify bottlenecks or looming failures before they disrupt operations.

In addition to these measures, compliance-oriented tools exist to audit network behavior, verify encryption standards, monitor for unauthorized access, and document compliance with regulations. With these layered technologies, it becomes clear that today's wireless security opportunities extend far beyond passwords and encryption to cover a broad range of threats and requires a coordinated approach that includes detection, prevention, and oversight to counter today's fast-evolving digital threats.

As far as experts are concerned, it is imperative to protect the Wi-Fi router so that it may not be silently collected and accessed by unauthorized individuals. As cyberthreats grow increasingly sophisticated, simple measures such as updating firmware, enabling WPA3 encryption, disabling remote access, and reviewing connected devices can greatly reduce the risk.

Users must be aware of these basic security principles in order to protect themselves from tracking, data theft, and network compromise. It is essential that router security is strengthened because it is now the final line of defense for making sure that personal information, online activities, and home networks remain secure and private.

Balancing Rapid Innovation and Risk in the New Era of SaaS Security



 

Threat Intelligence

agentic AI AI Risk Management Cloud Governance Cyber defense Cyber Security Data Resilience Identity Protection SaaS security security automation Threat Intelligence

Balancing Rapid Innovation and Risk in the New Era of SaaS Security

The accelerating pace of technological innovation is leaving a growing number of organizations unwittingly exposing their organization to serious security risks as they expand their reliance on SaaS platforms and experiment with emerging agent-based AI algorithms in an effort to thrive in the age of digital disruption. Businesses are increasingly embracing cloud-based services to deliver enterprise software to their employees at breakneck speed.

With this shift toward cloud-delivered services, it has become necessary for them to adopt new features at breakneck speed-often without pausing to implement, or even evaluate, the basic safeguards necessary to protect sensitive corporate information. There has been an unchecked acceleration of the pace of adoption of SaaS, creating a widening security gap that has renewed the urgent need for action from the Information Security community to those who are responsible for managing SaaS ecosystems.

Despite the fact that frameworks such as the NIST Cybersecurity Framework (CSF) have served as a guide for InfoSec professionals for many years, many SaaS teams are only now beginning to use its rigorously defined functions—Govern, Identify, Protect, Detect, Respond, and Recover—particularly considering that NIST 2.0 emphasizes identity as the cornerstone of cyber defenses in a manner unparalleled to previous versions.

Silverfort's identity-security approach is one of many new approaches emerging to help organizations meet these ever-evolving standards against this backdrop, allowing them to extend MFA to vulnerable systems, monitor lateral movements in real-time, and enforce adaptive controls more accurately. All of these developments are indicative of a critical moment for enterprises in which they need to balance relentless innovation with uncompromising security in a SaaS-driven, AI-driven world that is increasingly moving towards a SaaS-first model.

The enterprise SaaS architecture is evolving into expansive, distributed ecosystems built on a multitenant infrastructure, microservices, and an ever-expanding web of open APIs, keeping up with the sheer scale and fluidity of modern operations is becoming increasingly difficult for traditional security models.

The increasing complexity within an organization has led to enterprises focusing more on intelligent and autonomous security measures, making use of behavioral analytics, anomaly detection, and artificial intelligence-driven monitoring to identify threats much in advance of them becoming active.

As opposed to conventional signature-based tools, advanced systems can detect subtle deviations from user behavior in real-time, neutralize risks that would otherwise remain undetected, and map user behavior in a way that will never be seen in the future. Innovators in the SaaS security space, such as HashRoot, are leading the way by integrating AI into the core of SaaS security workflows.

A combination of predictive analytics and intelligent misconfiguration detection in HashRoot's AI Transformation Services can be used to improve aging infrastructures, enhance security postures, and construct proactive defense mechanisms that can keep up with the evolving threat landscape of 2025 and the unpredictable threats ahead of us.

During the past two years, there has been a rapid growth in the adoption of artificial intelligence within enterprise software, which has drastically transformed the SaaS landscape at a rapid pace. According to new research, 99.7 percent of businesses rely on applications with AI capabilities built into them, which demonstrates how the technology is proven to boost efficiency and speed up decision-making for businesses.

There is a growing awareness that the use of AI-enhanced SaaS tools is becoming increasingly common in the workplace, and that these systems have become increasingly integrated in every aspect of the work process. However, as organizations begin to grapple with the sweeping integration of AI into their businesses, a whole new set of risks emerge.

As one of the most pressing concerns arises, a loss of control of sensitive information and intellectual property is a significant concern, raising complex concerns about confidentiality and governance, as well as long-term competitive exposure, as AI models often consume sensitive data and intellectual property.

Meanwhile, the threat landscape is shifting as malicious actors are deploying sophisticated impersonator applications to mimic legitimate SaaS platforms in an attempt to trick users into granting them access to confidential corporate data through impersonation applications. It is even more challenging because AI-related vulnerabilities are traditionally identified and responded to manually—an approach which requires significant resources as well as slowing down the speed at which fast-evolving threats can be countered.

Due to the growing reliance on cloud-based AI-driven software as a service, there has never been a greater need for automated, intelligent security mechanisms. It is also becoming increasingly apparent to CISOs and IT teams that disciplined SaaS configuration management is a critical priority. This is in line with CSF's Protect function under Platform Security, which has a strong alignment with the CSF's Protect function. In the recent past, organizations were forced to realize that they cannot rely solely on cloud vendors for secure operation.

A significant share of cloud-related incidents can be traced back to preventable misconfigurations. Modern risk governance has become increasingly reliant on establishing clear configuration baselines and ensuring visibility across multiple platforms. While centralized tools can simplify oversight, there are no single solutions that can cover the full spectrum of configuration challenges. As a result of the recent development of multi-SaaS management systems, native platform controls and the judgment of skilled security professionals working within the defense-in-depth model, effective protection has become increasingly important.

It is important to recognize that SaaS security is never static, so continuous monitoring is indispensable to protect against persistent threats such as authorized changes, accidental modifications, and gradual drifts from baseline security. It is becoming increasingly apparent that Agentic AI is playing a transformative role here.

By detecting configuration drift at scale, correcting excessive permissions, and maintaining secure settings at a pace that humans alone can never match, it has begun to play a transformative role. In spite of this, configuration and identity controls are not all that it takes to secure an organization. Many organizations continue to rely on what is referred to as an “M&M security model” – a hardened outer shell with a soft, vulnerable center.

Once a valid user credential or API key is compromised, an attacker may be able to pass through perimeter defenses and access sensitive data without getting into the system. A strong SaaS data governance model based on the principles of identifying, protecting, and recovering critical information, including SaaS data governance, is essential to overcoming these challenges. This effort relies on accurate classification of data, which ensures that high-value assets are protected from unauthorised access, field level encryption, and adequate protection when they are copied into environments that are of lower security.

There is now a critical role that automated data masking plays in preventing production data from being leaked into these environments, where security controls are often weak and third parties often have access to the data. In order to ensure compliance with evolving privacy regulations when personal information is used in testing, the same level of oversight is required as it is with production data. This evaluation must also be repeated periodically as policies and administrative practices change in the future.

Within SaaS ecosystems, it is equally important to ensure that data is maintained in a manner that is both accurate and available. Although the NIST CSF emphasizes the need to implement a backup strategy that preserves data, allows precise recovery, and maintains uninterrupted operation, the service provider is responsible for maintaining the reliability of the underlying infrastructure.

Modern SaaS environments require the ability to recover only the affected data without causing a lot of disruption, as opposed to traditional enterprise IT, which often relies on broad rollbacks to previous system states. It is crucial to maintain continuity in an enterprise-like environment by using granular resilience, especially because in order for agentic AI systems to function effectively and securely, they must have accurate, up-to-date information.

Together, these measures demonstrate that safeguarding SaaS environments has evolved into a challenging multidimensional task - one that requires continuous coordination between technology teams, information security leaders, and risk committees in order to ensure that innovation can take place in a secure and scalable manner.

Organizations are increasingly relying on cloud applications to conduct business, which means that SaaS risk management is becoming a significant challenge for security vendors hoping to meet the demands of enterprises. Businesses nowadays need more than simple discovery tools that identify which applications are being used to determine which application is being used.

There is a growing expectation that platforms will be able to classify SaaS tools accurately, assess their security postures, and take into consideration the rapidly growing presence of artificial intelligence assistants, large language model-based applications, which are now able to operate independently across corporate environments, as well as the growing presence of AI assistants. A shift in SaaS intelligence has led to the need for enriched SaaS intelligence, an advanced level of insight that allows vendors to provide services that go beyond basic visibility.

The ability to incorporate detailed application classification, function-level profiling, dynamic risk scoring, and the detection of shadow SaaS and unmanaged AI-driven services can provide security providers with a more comprehensive, relevant and accurate platform that will enable a more accurate assessment of an organization's risks.

Vendors that are able to integrate enriched SaaS application insights into their architectures will be at an advantage in the future. Vendors that are able to do this will be able to gain a competitive edge as they begin to address the next generation of SaaS and AI-related risks. Businesses can close persistent blind spots by using enriched SaaS application insights into their architectures.

In an increasingly artificial intelligence-enabled world, which will essentially become a machine learning-enabled future, it will be the ability of platforms to anticipate emerging vulnerabilities, rather than just responding to them, that will determine which platforms will remain trusted partners in safeguarding enterprise ecosystems in the future.

A company's path forward will ultimately be shaped by its ability to embrace security as a strategic enabler rather than a roadblock to innovation. Using continuous monitoring, identity-centric controls, SaaS-enhanced intelligence, and AI-driven automation as a part of its operational fabric, enterprises are able to modernize at a speed without compromising trust or resilience in their organizations.

It is imperative that companies that invest now, strengthening governance, enforcing data discipline, and demanding greater transparency from vendors, will have the greatest opportunity to take full advantage of SaaS and agentic AI, while also navigating the risks associated with an increasingly volatile digital future.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Chrome ‘Featured’ Urban VPN Extension Caught Harvesting Millions of AI Chats

Online Retail Store Coupang Suffers South Korea's Worst Data Breach, Leak Linked to Former Employee

33.7 million customer data leaked

About the incident

The measures

Police investigation

What next?

AI-Powered Shopping Is Transforming How Consumers Buy Holiday Gifts

Trump Approves Nvidia AI Chip Sales to China Amid Shift in U.S. Export Policy

Cybercriminals Exploit Law Enforcement Data Requests to Steal User Information

Gartner Warns: Block AI Browsers to Avert Data Leaks and Security Risks

AI Browsers Raise Privacy and Security Risks as Prompt Injection Attacks Grow

Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes

UK Cyber Agency says AI Prompt-injection Attacks May Persist for Years

How Retailers Should Harden Accounts Before the Holiday Rush

AI IDE Security Flaws Exposed: Over 30 Vulnerabilities Highlight Risks in Autonomous Coding Tools

Palo Alto GlobalProtect Portals Face Spike in Suspicious Login Attempts

NATO Concludes Cyber Coalition Exercise in Estonia, Preparing for Future Digital Threats

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones

Growing Concerns Over Wi-Fi Router Surveillance and How to Respond

Balancing Rapid Innovation and Risk in the New Era of SaaS Security

Footer About

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Menu Item

33.7 million customer data leaked

About the incident

The measures

Police investigation

What next?