Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Cyber Security. Show all posts

Centre Orders Blocking of Battery Management Apps Exploited to Disable E-Rickshaws


After the Central Government discovered that seven battery management system (BMS) mobile applications were being misused to remotely disable batteries in electric vehicles and e-rickshaws, the Central Government has ordered the blocking of those applications. In multiple locations across India, this disruption disrupted services and enabled extortion. 


MeitY Secretary S. has directed Google and Apple to remove seven identified applications from their respective app stores on Android and iOS by the Ministry of Electronics and Information Technology (MeitY). In order to ensure applications that may threaten public safety or facilitate unlawful activities are not made available to users, Krishnan said app marketplaces must exercise due diligence. 

In response to reports that battery management apps primarily developed by Chinese companies for monitoring lithium-ion battery packs were being exploited by e-rickshaw drivers to shut down the vehicles while passengers were aboard. Authorities stated that while the applications are designed for proper battery management, they can be misused if battery systems are not properly protected by passwords or PINs. 

In the government's view, removing these apps from digital platforms will not eliminate the vulnerability completely, since Bluetooth connectivity is required in place of internet access to exploit this vulnerability. Thus, even after apps are blocked, unsecured battery management systems remain vulnerable to unauthorized access. Video clips circulated on social media showing e-rickshaws suddenly stopping on public roads attracted nationwide attention to this issue. 

The existing certification standards for e-rickshaws in India do not include cybersecurity requirements, which can result in potential misuse of connected battery systems. This vulnerability has already led to criminal activity. Police in Ujjain, Madhya Pradesh, arrested a suspect who has been accused of remotely disabling batteries from e-rickshaws and demanding compensation from their drivers. 

Local authorities claim the accused abused the flaw by deliberately immobilizing vehicles and charging drivers for assistance. A criminal offence involving intentionally disabling vehicles is considered to be an offence and can be prosecuted under applicable provisions of the Bharatiya Nyaya Sanhita (BNS) relating to criminal mischief. 

Concerns have been raised regarding the cybersecurity risk associated with connected electric vehicles and battery management systems following the incident. In order to prevent such misuse and safeguard public transportation operations, observers say stronger security controls are needed to prevent similar misuse, including authentication mechanisms and cybersecurity standards for electric vehicle components. 

A government intervention highlights the challenges facing connected electric mobility in terms of cybersecurity. Since software increasingly controls the functions of critical vehicle systems, stronger security standards, authenticated access controls, and continuous oversight will be critical in protecting drivers, passengers, and public infrastructure.

India Considers Separate AI Regulatory Framework as Government Signals Policy Shift

 

The Indian government is considering a law to govern artificial intelligence (AI) systems, signaling a shift from its previous approach of relying solely on existing information technology laws. Senior officials from the Ministry of Electronics and Information Technology (MeitY) stated that the current developments in this space are so significant that they require legislation. 

Speaking at an industry event this week, MeitY Secretary S. Krishnan said that consultations on laws governing AI had already begun. Both Krishnan and Union IT minister Ashwini Vaishnaw had previously stated that the government would consider separately legislating for AI at an appropriate time, and he added that the moment appeared to be now. 

Existing laws were largely sufficient to address deepfakes or AI-manipulated media, as well as misinformation, fraud, and other issues, he argued, but this was no longer the case as AI became more sophisticated and started to be integrated into critical industries. The new framework would provide guidance on the development of these systems while also protecting citizens, businesses, and critical infrastructure. 

While the government did not set a deadline for legislation, Krishnan noted that MeitY could begin drafting proposals for approval, with the framework then being debated and approved by Parliament. India is not alone in this endeavor as policymakers globally are considering steps to govern AI. A growing number of countries have been looking at laws and policies that seek to address potential risks to privacy, national security, intellectual property, and more while also encouraging innovation. 

The move also marks a notable shift in approach for India, which has largely promoted a lax regulatory environment for technology and adopted a voluntary approach to AI governance, with laws and policies focusing on promoting innovation and adopting existing frameworks for oversight. 

A separate law could add another layer of oversight while also supporting India’s broader ambitions in this space, including IndiaAI Mission, as it looks to promote and bolster its AI ecosystem alongside its digital transformation initiatives. 

Industry stakeholders will also be able to contribute to the process as the government considers its proposals. The law would promote responsible innovation and address risks posed by increasingly ubiquitous and sophisticated AI systems, officials added.

Sovereign File Architecture Gains Importance as Enterprises Rethink Cloud Data Control

 

Cloud computing changed enterprise IT by enabling organizations to achieve significant storage scalability and cost savings. Companies quickly embraced the idea of storing data in the cloud because of its flexibility and accessibility. However, because information remains on physical servers, companies are discovering that data is stored in a specific location subject to local legislation. 

This led to the concept of sovereign file architecture, one of the strategies by which organizations seek to store information considering jurisdiction as a critical factor. The data storage strategy is now focused on achieving file sovereignty and residency rather than convenience. Data sovereignty differs from privacy in that the former concerns the primary authority that possesses the right to store and access information, while the latter relates to its geographic location. 

While the early cloud computing innovators placed their data with the most accessible and cost-effective infrastructure, there was little information on where exactly it was stored. This created a sovereignty gap, as the organizations had limited insight into who could access the information and the applicable legal frameworks. At the same time, there are more data residency and sovereignty risks today as countries impose strict regulations and trade barriers while dealing with cybersecurity threats and geopolitical tensions. 

Data residency is a crucial consideration for many organizations, particularly those dealing with sensitive data and operating at a multinational level. Disasters, government restrictions, or geopolitical tensions may render some servers inaccessible, thus necessitating the need to store data in different jurisdictions. Enterprises are now prioritizing storage solutions that give them the most control by allowing them to migrate or place their information as they see fit. 

These factors are driving companies to adopt sovereign file architecture, which is designed to decouple file management from storage. By doing so, organizations satisfy the need to store data in several jurisdictions and maintain flexibility regarding where to store sensitive or non-sensitive information. Enterprises can also utilize a hybrid strategy consisting of private and public storage methods, thus balancing costs and file security. 

Sovereign file architecture allows organizations to remain compliant with the increasingly stringent data residency and sovereignty laws enforced by governments worldwide. Consequently, there is now a growing preference for sovereign file architectures over other options when considering factors such as transparency, legal protection, and control.

Free VPNs and Streaming Apps Turn Your Device Into a Criminal Proxy

 

Free VPNs and streaming apps are quietly transforming everyday devices into tools for cybercriminals. Unwitting users are allowing their internet connections to be hijacked and used to mask illegal activity, exposing them to serious security and legal risks. While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times. 

Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month. Criminals exploit these proxies for activities like fraud, online ad fraud, fake account creation, unauthorized data scraping, and bypassing regional restrictions on streaming platforms. Because their traffic blends in with legitimate user requests, businesses often struggle to identify and block these threats until real damage has occurred. 

Most users are unaware that their devices are being weaponized. Permission is either buried in the fine print of end-user license agreements or never properly obtained at all. Once inside a network, these apps can silently forward requests from threat actors, who benefit from the anonymity of a residential IP. Victims may later face issues such as flagged accounts, CAPTCHA overload, or extra verification steps, as their IP addresses get tagged by reputation systems for suspicious behavior. 

Certain categories of software are higher risk. Free VPNs, cheap IoT devices from unknown manufacturers, screen-recording or streaming software, and browser extensions can all serve as entry points for residential proxy abuse. These tools often lack transparency about their data and traffic practices, prioritizing monetization over user safety. 

Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network. To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.

North Korean PolinRider Campaign Spreads Malicious Packages Across npm, Go, Chrome, and Packagist

 

North Korean threat actors behind the Contagious Interview campaign have been observed persistently targeting software supply chains by distributing more than 100 malicious packages and browser extensions. Researchers note that the PolinRider campaign is targeting software developers and those in the cryptocurrency space by leveraging popular open-source repositories and developer tools. 

The cybersecurity researchers at Socket have discovered 108 unique malicious packages and browser extensions, resulting in 162 release artifacts. Within the discovered malicious code, the researchers have identified 19 npm packages, 10 Packagist (Composer) libraries, 61 Go modules, and one Google Chrome extension. Researchers note that the threat actors continue to compromise developer accounts and push out malicious code updates each time they gain access to a software repository. 

Researchers have linked the PolinRider campaign to the Contagious Interview supply chain attack, which has been actively targeting developers since at least 2023. In most cases, North Korean hackers impersonate recruiters or business partners on social media platforms and code repositories, luring targets into installing malicious software during the interview process. 

The PolinRider threat group was first detected this year when cybersecurity analysts identified hundreds of GitHub repositories with hidden JavaScript code that downloads an updated version of the BeaverTail malware. According to the researchers, almost 2000 GitHub repositories and 1000+ unique owners have been compromised by the PolinRider campaign as of April 2026. 

Researchers suggest that attackers are not compromising the GitHub servers directly but rather hijacking developer accounts on the platform. The initial access to the developer accounts is achieved through either the domain takeover or account recovery process. Attackers compromise the developers’ Visual Studio Code accounts or npm account, where they then install a malicious Visual Studio Code extension or an npm package. 

After the initial compromise, the attackers’ BeaverTail malware searches the project directory for the most common JavaScript configuration files and other relevant files such as Tailwind CSS, Next.js, Babel, and ESLint files. It then stealthily inserts malicious code into the files. Additionally, the malware tampers with the Git commit history to hide its tracks by overwriting commit messages and timestamps. 

The latest updates to the BeaverTail malware now download the second stage of encrypted payloads from the blockchain network. Attackers have been observed using TRON, Aptos, and BNB Smart Chain blockchain networks to host the payloads. The decrypted payloads then deploy remote access malware, including DEV#POPPER RAT and OmniStealer, to exfiltrate data from the compromised systems. Researchers recommend that developers who have installed any of the compromised packages should treat their systems as compromised.

The users should update their compromised accounts, including SSH keys and tokens, from a different machine if possible. Additionally, the developers should delete the malicious versions of the packages and re-install the project dependencies using a trusted package manager lock file. Lastly, the developers should review their commits, tasks, and files for any suspicious activities or unauthorized changes.

AI-Powered Antivirus: How Next-Gen Software Predicts and Stops Threats

 

Antivirus software has undergone a profound transformation, shifting from reactive signature matching to proactive behavior prediction. Where traditional tools once relied on databases of known malware fingerprints, modern solutions now leverage machine learning, behavioral analysis, and real-time monitoring to identify suspicious activity before an attack fully unfolds. This evolution is essential as cybercriminals deploy polymorphic code, fileless malware, and zero-day exploits faster than legacy defenses can adapt. 

Historically, antivirus programs functioned like a bouncer checking IDs against a blacklist of known troublemakers. If a file matched a stored signature, it was blocked; if not, it slipped through undetected. This model worked when malware evolved slowly, but today’s threat landscape moves at lightning speed. Polymorphic malware mutates its code with each infection, metamorphic variants rewrite themselves entirely, and zero-day attacks exploit freshly discovered vulnerabilities before patches exist. Signature databases, while still useful, increasingly lag behind the pace of malicious innovation, leaving systems exposed to novel or rapidly changing threats. 

Modern antivirus flips the script by focusing on behavior rather than identity. It monitors API calls, memory access patterns, encryption bursts, and unusual network traffic to spot anomalies. For instance, a process that suddenly begins locking files across a network, disabling security services, or contacting unfamiliar servers at odd hours raises red flags—even if it has no known signature. This behavior-first approach is critical against ransomware and fileless attacks that operate in memory or hijack legitimate tools to avoid detection. Anomaly detection establishes a baseline of “normal” system activity and alerts on deviations, enabling early intervention before damage spreads. 

Machine learning supercharges this capability by training models on vast datasets of both clean and malicious files. These algorithms learn subtle patterns linked to malware—suspicious code structures, odd execution paths, or risky permission requests—and assign risk scores to files and processes. Decision trees, support vector machines, and neural networks each contribute to layered evaluations that reduce false negatives for unseen threats. Companies like Microsoft, CrowdStrike, and SentinelOne deploy such models at scale, continuously refining them with telemetry from millions of endpoints. The result is a system that generalizes from past attacks to catch new ones, even without an exact signature match. 

The ultimate aim is prediction: intercepting malware in its earliest stages using sandboxing, dynamic analysis, and integration with broader security stacks like endpoint detection and response (EDR). Suspicious files are detonated in isolated environments to observe their behavior safely, while EDR tools trace attack chains across networks. Yet AI is a double-edged sword—attackers also use it to craft evasive malware that adapts to detection systems. False positives and privacy concerns from heavy telemetry remain challenges. For most users, built-in tools like Microsoft Defender and Apple’s XProtect offer strong baseline protection, but layered security and user vigilance against phishing are still essential.

Massive Azure CLI Password Spray Campaign Targets Microsoft 365, Over 81 Million Login Attempts Detected

 

Cybersecurity company Huntress has uncovered a large-scale password spray campaign targeting Microsoft 365 environments through the Azure CLI, resulting in millions of malicious login attempts and multiple account compromises.

According to the company, between June 12 and June 21, attackers carried out more than 81 million login attempts against customer environments. The campaign led to the compromise of 78 user accounts across 64 organizations.

During the two-week period, threat actors were found compromising between two and four accounts each day. However, activity surged around June 22, when 23 organizations were reportedly affected in a single spike.

Huntress' investigation revealed that the majority of the login attempts originated from Autonomous System (AS) 32167, which is associated with internet hosting provider LSHIY LLC.

“These attacks are part of a large wave of credential spray attacks across a few different ASNs. In the past six months, Huntress has observed the volume of credential spray attacks increase by over 155 times across our customer base,” the cybersecurity company says.

The company also observed a sharp increase in password spray attacks during late May and early June, impacting multiple organizations. Huntress believes the campaign primarily relied on previously compromised username-password combination lists.

As part of the attack, the threat actors exploited the OAuth Resource Owner Password Credentials (ROPC) authentication flow to validate user credentials. Although this authentication method has been deprecated in OAuth 2.1, it still allows attackers to obtain a new user-delegated access token when valid credentials are provided.

Because of this authentication flow, attackers were able to compromise accounts even when multi-factor authentication (MFA) was enabled, provided that MFA policies were not configured to protect the OAuth ROPC authentication process.

“ROPC is considered problematic for several reasons, but one of those reasons is that it doesn’t offer support for modern auth flows like MFA or SSO. That means, as we saw in this campaign, ROPC sends the password straight to the /token endpoint with no interactive MFA prompt,” Huntress explains.

Further analysis of the affected environments showed several weaknesses in MFA implementation. In some organizations, MFA was applied only to specific cloud applications or user groups. Others enforced MFA only for logins from untrusted locations, while some had deployed MFA policies that were never actively enforced.

“It’s worth noting that eight businesses impacted by the campaign had no MFA policy at all. While threat actors in this campaign were able to get in despite MFA being set up, the takeaway should not be that MFA doesn’t work at all; instead, organizations should ensure that their MFA policies are properly configured to address the authorization flow used across these incidents,” the cybersecurity firm notes.

Huntress also traced the attack traffic to IPv6 address ranges linked to LSHIY, an internet infrastructure provider registered in Hong Kong, Wuhan, China, and New York. Previous reports have also associated IPv6 ranges operated under AS32167 and AS955 with infrastructure originating from China.

The cybersecurity firm said it reported the malicious activity to LSHIY through the provider's abuse reporting mechanism but did not receive any response.

Apple Expands AI in iOS 27 with Smarter Everyday Features Beyond Siri

 

Apple is expanding its artificial intelligence strategy beyond Siri with iOS 27 by integrating AI across its apps and services instead of relying on a standalone chatbot. The new features are designed to simplify everyday tasks through automation while giving users control and maintaining Apple’s privacy-first approach. 

One of the key additions is Bill Splitting, which uses Apple Cash to divide restaurant bills. After scanning or uploading a receipt, Apple Intelligence identifies ordered items, quantities, taxes, tips, and the total amount. Through Messages, users can select what they ordered, allowing everyone to pay their share without manually calculating costs. Apple is also enhancing account security with its Passwords app. 

The feature can detect compromised or weak credentials exposed in data breaches, recommend stronger passwords, and securely update them on supported websites without requiring users to manually log in and change each password. The Messages app is gaining AI-powered suggestions that help users complete common tasks. It can recommend photos when someone asks about a past event, suggest creating reminders when someone requests an item, and prompt users to add meetings or dinner plans to their Calendar without leaving the conversation. 

A new Call Context feature will display useful information, such as booking confirmation numbers stored in Mail, during customer service calls. Apple says all processing happens on the device, ensuring personal information remains private. The Shortcuts app is also becoming easier to use by allowing users to create automations using natural language. Instead of manually building workflows, users can simply describe what they want, such as updating their calendar, controlling smart home devices, or sharing their ETA with family members.  

Additional iOS 27 features include AI-powered tab organization in Safari, which groups related webpages by topic, and smarter Home app notifications that combine multiple smart home events into a single alert. Apple has also improved search within the Home app to help users quickly find important camera clips, such as package deliveries. Together, these updates highlight Apple’s broader AI vision of embedding intelligence throughout its software rather than limiting it to Siri. 

By integrating AI into familiar apps, the company aims to make daily tasks faster, simpler, and more secure while continuing to prioritize user privacy.