Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hackers. Show all posts
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
vite
Cyber Attacks Hackers Mallicious URLs vite

Security Warning: New Vite Vulnerability Exposes Private Files

 



A serious security issue has been discovered in Vite, a widely used tool for building web applications. This flaw, identified as CVE-2025-30208, allows attackers to access restricted files on a server. If exploited, it could lead to leaks of sensitive data and potential security risks.  


How the Vulnerability Works  

Vite’s development server is designed to block access to certain files, ensuring that only permitted content is available. However, researchers have found a way to bypass these restrictions using specific URL parameters. By adding "?raw??"or "?import&raw??" to a web address, hackers can trick the system into providing access to protected files.  


Who Is at Risk?  

This issue only affects developers who have made their Vite development server accessible over the internet. Normally, this server is used for local testing, but some developers configure it to be available outside their network using options like “–host” or “server.host.” If a server is open in this way, attackers can use the vulnerability to retrieve private information.  


How Hackers Can Exploit This Flaw  

The problem occurs because Vite handles web addresses incorrectly. In some parts of the system, special characters like “?” are removed, while other parts fail to detect these changes. This inconsistency allows hackers to bypass security restrictions and gain access to files they should not be able to see.  

A Proof-of-Concept (PoC) exploit has already been released, showing how attackers can use this flaw to steal sensitive data. For example, one attack method attempts to read the “.bash_history” file, which can contain records of past commands, stored passwords, and other important details.  


Affected Versions  

This security weakness is present in several versions of Vite, including:  

• 6.2.0 to 6.2.2  

• 6.1.0 to 6.1.1  

• 6.0.0 to 6.0.11  

• 5.0.0 to 5.4.14  

• All versions before 4.5.9  


How to Stay Safe  

To protect against this threat, developers using affected versions of Vite should update immediately to a secure version. The patched versions are:  

• 6.2.3 and newer 

• 6.1.2 and newer  

• 6.0.12 and newer  

• 5.4.15 and newer 

• 4.5.10 and newer  

Additionally, it is best to avoid exposing Vite’s development server to the internet unless absolutely necessary. Keeping development environments private reduces the risk of attacks and protects sensitive data.  

This vulnerability is a reminder that keeping software up to date is essential for security. Developers should act quickly to install the latest patches and ensure their applications remain protected from cyber threats.

Read more »
Malwares
Cyber Attacks cybercriminals data security Data Theft Hackers Infostealer Infostealer Malware Malware attacks Malwares

The Growing Threat of Infostealer Malware: What You Need to Know

 

Infostealer malware is becoming one of the most alarming cybersecurity threats, silently stealing sensitive data from individuals and organizations. This type of malware operates stealthily, often going undetected for long periods while extracting valuable information such as login credentials, financial details, and personal data. As cybercriminals refine their tactics, infostealer attacks have become more frequent and sophisticated, making it crucial for users to stay informed and take preventive measures. 

A significant reason for concern is the sheer scale of data theft caused by infostealers. In 2024 alone, security firm KELA reported that infostealer malware was responsible for leaking 3.9 billion passwords and infecting over 4.3 million devices worldwide. Similarly, Huntress’ 2025 Cyber Threat Report revealed that these threats accounted for 25% of all cyberattacks in the previous year. This data highlights the growing reliance of cybercriminals on infostealers as an effective method of gathering personal and corporate information for financial gain. 

Infostealers operate by quietly collecting various forms of sensitive data. This includes login credentials, browser cookies, email conversations, banking details, and even clipboard content. Some variants incorporate keylogging capabilities to capture every keystroke a victim types, while others take screenshots or exfiltrate files. Cybercriminals often use the stolen data for identity theft, unauthorized financial transactions, and large-scale corporate breaches. Because these attacks do not immediately disrupt a victim’s system, they are harder to detect, allowing attackers to extract vast amounts of information over time. Hackers distribute infostealer malware through multiple channels, making it a widespread threat. 

Phishing emails remain one of the most common methods, tricking victims into downloading infected attachments or clicking malicious links. However, attackers also embed infostealers in pirated software, fake browser extensions, and even legitimate platforms. For example, in February 2025, a game called PirateFi was uploaded to Steam and later found to contain infostealer malware, compromising hundreds of devices before it was removed. Social media platforms, such as YouTube and LinkedIn, are also being exploited to spread malicious files disguised as helpful tools or software updates. 

Beyond stealing data, infostealers serve as an entry point for larger cyberattacks. Hackers often use stolen credentials to gain unauthorized access to corporate networks, paving the way for ransomware attacks, espionage, and large-scale financial fraud. Once inside a system, attackers can escalate their access, install additional malware, and compromise more critical assets. This makes infostealer infections not just an individual threat but a major risk to businesses and entire industries.  

The prevalence of infostealer malware is expected to grow, with attackers leveraging AI to improve phishing campaigns and developing more advanced evasion techniques. According to Check Point’s 2025 Cybersecurity Report, infostealer infections surged by 58% globally, with Europe, the Middle East, and Africa experiencing some of the highest increases. The SYS01 InfoStealer campaign, for instance, impacted millions across multiple continents, showing how widespread the issue has become. 

To mitigate the risks of infostealer malware, individuals and organizations must adopt strong security practices. This includes using reliable antivirus software, enabling multi-factor authentication (MFA), and avoiding downloads from untrusted sources. Regularly updating software and monitoring network activity can also help detect and prevent infections. Given the growing threat, cybersecurity awareness and proactive defense strategies are more important than ever.
Read more »
Ransom
Automobile Industry Cyber Attacks Hackers Ransom

Auto Industry Faces Sharp Rise in Cyberattacks, Raising Costs and Risks

 



The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a sudden rise in cyberattacks, many of which are leading to heavy losses.

A recent report by cybersecurity firm Upstream Security shows that these attacks are not only increasing but also affecting much larger groups of vehicles and connected systems. In 2024, nearly 60% of the reported incidents impacted thousands or even millions of assets—this includes vehicles, electric vehicle charging stations, smart driving apps, and other connected tools used in transportation.

Even more worrying is the spike in large-scale cyberattacks. Cases where millions of vehicles were hit at once rose sharply from 5% in 2023 to 19% in 2024. These massive events now account for almost 60% of all attacks recorded in the year.

Experts warn that attackers have changed their approach. Instead of just hacking into a single vehicle’s system, they now aim to cause widespread damage or steal large amounts of data. By doing so, they increase the pressure on companies to pay hefty ransoms to avoid public embarrassment or serious business disruption.

Jason Masker, a cybersecurity specialist from Upstream, explained that hackers often search for the most damaging way to force companies into paying them. If they can gain control of millions of vehicles or access sensitive information, they can easily threaten a company’s image and safety standards.

The report also shared a serious example of how hackers can even manipulate a car’s safety features. Researchers found that the radar used for adaptive cruise control— a system that keeps cars at a safe distance can be tricked. Hackers could make it appear that the vehicle ahead is speeding up when it isn’t, potentially causing a crash.

Several major cyber incidents have already occurred:

• A leading Japanese car company’s U.S. unit was targeted by ransomware, leaking 22GB of vehicle and customer data.

• A Chinese auto supplier suffered a large breach involving 1.2TB of sensitive information, affecting both local and global carmakers.

• In Italy, a German automaker’s branch faced a data breach that exposed private customer details.

The report further explains that traditional cyberattacks— like locking systems and demanding ransom, are slowly becoming less effective, as many companies have backups ready. Now, hackers prefer stealing data and threatening to leak it unless they’re paid.

What’s more concerning is the gap between what cybersecurity rules require and how prepared companies actually are. Many businesses falsely believe they are fully protected, while attackers continue finding new ways to break through.

Upstream Security suggests companies need to act beyond just following regulations. Safety, smooth operations, and protecting customer data must be prioritized.

To help prevent future attacks, Upstream monitors over 25 million vehicles worldwide, tracking billions of data points daily. They also watch online forums where cybercriminals sometimes plan their attacks.

Looking at the bigger picture, experts predict artificial intelligence will become a vital tool in spotting and blocking cyber threats quickly. As vehicles get more connected, the risk of cyberattacks is expected to grow, putting companies, drivers, and users of smart mobility systems at greater risk.


Read more »
Software
Cisco Cyber Security Hackers Software

Cisco Warns of Critical Security Flaw in IOS XR Software – Immediate Update Recommended




Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices.


What Is the Problem?

The issue is found in the Command Line Interface (CLI) of Cisco’s IOS XR Software. If an attacker gains access to a system with limited user privileges, they can exploit this weakness to execute commands with the highest level of control. This would allow them to make major modifications to the system, potentially leading to severe security threats.

The root of the problem is improper validation of user inputs in certain CLI commands. Because the system does not correctly filter these inputs, attackers can manipulate it using carefully crafted commands. If successful, they can obtain full administrative access, giving them total control over the device.


Who Is Affected?

This vulnerability affects all configurations of Cisco IOS XR 64-bit Software. Users should check Cisco’s official security advisory to confirm if their specific version is vulnerable.

However, some Cisco software versions are confirmed to be unaffected, including:

IOS Software

IOS XE Software

IOS XR 32-bit Software

NX-OS Software

No Quick Fixes—Users Must Update Their Software

Cisco has stated that there are no temporary solutions or workarounds for this security flaw. The only way to protect affected systems is to install the latest software updates provided by Cisco.

The company has outlined which versions require updates:

1. Users running Cisco IOS XR Software Release 24.1 or earlier need to switch to a patched version.

2. Those using Release 24.2 should upgrade to version 24.2.21 when it becomes available.

3. Users on Release 24.3 must transition to a secure version.

Release 24.4 is not affected by this issue.

As of now, there have been no reports of hackers exploiting this flaw. However, because of the severity of the issue, users should not delay in updating their devices.

Cisco is urging all users running affected versions of IOS XR Software to review the security advisory and apply the necessary updates as soon as possible. Keeping software up to date is the only way to ensure systems remain protected from potential cyber threats.

Read more »
Ransomware
Cyber Attacks Hackers Microsoft Paragon Software Ransomware

Hackers Exploit Flaw in Microsoft-Signed Driver to Launch Ransomware Attacks

 



Cybercriminals are exploiting a vulnerability in a Microsoft-signed driver developed by Paragon Software, known as BioNTdrv.sys, to carry out ransomware attacks. This driver, part of Paragon Partition Manager, is typically used to manage hard drive space, but hackers have found a way to misuse it for malicious purposes.  


How the Attack Works  

The vulnerability, identified as CVE-2025-0289, allows attackers to use a technique called "bring your own vulnerable driver" (BYOVD). This means they introduce the legitimate but flawed driver into a system and exploit it to gain high-level access. Once they obtain SYSTEM-level privileges, they can execute ransomware, steal data, or disable security software without being detected.  

The alarming part is that the vulnerability can be exploited even on devices that do not have Paragon Partition Manager installed, as long as the driver exists on the system.  


Other Vulnerabilities  

Researchers also found four additional flaws in the driver:  

1. CVE-2025-0288: Allows access to kernel memory, helping attackers gain control.  

2. CVE-2025-0287: Can crash the system using a null pointer error.  

3. CVE-2025-0286: Enables attackers to execute malicious code in kernel memory.  

4. CVE-2025-0285: Allows manipulation of kernel memory, escalating control. 


Response from Microsoft and Paragon  

Microsoft confirmed that hackers are already using this flaw to spread ransomware and has responded by blocking the vulnerable driver through its Vulnerable Driver Blocklist. Meanwhile, Paragon Software has released a security patch and advised users to update their drivers immediately to avoid potential risks.  


How to Stay Safe  

To protect your system from these attacks:  

1. Update your drivers from Paragon Software to the latest version.  

2. Install Windows security updates regularly.  

3. Use reliable antivirus software to detect suspicious activities.  

4. Monitor your system for unexpected crashes or slow performance.    

While Microsoft and Paragon Software have taken steps to contain the damage, users must stay proactive in securing their systems through regular updates and vigilant monitoring.

Read more »
Technology
Energy Hackers Renewable Energy Solar Power Technology

Hackers Can Attack Your Rooftop Solar Panels, With Ease

Hackers Can Attack Your Rooftop Solar Panels, With Ease

Do not set weak passwords for your solar panels

Hackers are attracted to weak passwords like moths to flame. Imagine this: your password is weak enough to be hacked via brute-force attack, or already known because you haven’t reset the factory admin default. 

In that case, it is a win-win for hackers who want to steal your data, as there is no need for advanced infostealer malware campaigns. However, when the case is “energy,” and the entry route is via solar panels installed on your rooftops, the price to pay increases. 

Global shift and security gaps in solar power

The Global move for smart-energy production has added new security gaps to national power grids. German International Broadcaster “Deutsche Welle” (DW) talked with hackers who have revealed flaws in solar power plants and rooftop installations around the world.

DW has alerted that “hackers can easily access solar power plants due to weak passwords and vulnerable software, posing a significant threat to energy security.” Rooftop installations are the main concern because the “ transition to renewable energy relies on digital networks that can be targeted by hackers,” Mathis Richtmann, reporter at Deutsche Welle said.

Security gaps explained

In October 2024, Secura studied the cybersecurity danger to the solar power industry in the Netherlands. The report found 27 different cases where large-scale attacks of solar power panels could be executed. 

Secura researchers described the attack as “disastrous,” involving “severe economic damage, physical damage and even damage to society itself, certainly if the secondary consequences of the cyberattacks are taken into consideration.” The report investigated every aspect, “small domestic rooftop installations” via SME and large-scale “solar farms.” Supply chain attacks, hardware hacking, and web portal attacks were also researched.

The Problem of Password with Solar Panel

DW talked to a U.S hacker Aditya Sood, who showed how easy it was to hack into a remote dashboard for a solar power plant in India’s Tamil Nadu region. “There it goes,” Aditya said, explaining how “People deploy their devices and forget to actually change default passwords”, or “they have configured very weak passwords.”

A German company that looked into the design of the solar control setup in the Tamil Nadu plant told Richtmann that “while it is technically possible for a customer to assign a weak password and provide open access to their network on the internet, we do not recommend this.” Sood agrees with the intent, but hackers with malicious aims will exploit this opportunity, he demonstrated. 

How to be safe?

Takeaways? The answer is simple: change your password, immediately. And make it a strong one. Don’t depend on factory defaults, and never share your login details. A user might think “How is it a big deal? My rooftop solar panel is just a small part in a big machine,” but when attacked, the consequences will be severe.

Read more »
Phishing Attacks
Cyber Attacks CyberCriminal Evasion Tactics Hackers JavaScript Obfuscation Technique Phishing Attacks

Hackers Use Invisible Unicode Trick to Hide Phishing Attacks

 


Cybercriminals have discovered a new way to conceal malicious code inside phishing attacks by using invisible Unicode characters. This technique, identified by Juniper Threat Labs, has been actively used in attacks targeting affiliates of a U.S. political action committee (PAC). By making their scripts appear as blank space, hackers can evade detection from traditional security tools and increase the likelihood of successfully compromising victims. 

The attack, first observed in early January 2025, is more advanced than typical phishing campaigns. Hackers customized their messages using personal, non-public details about their targets, making the emails seem more legitimate. They also implemented various tricks to avoid detection, such as inserting debugger breakpoints and using timing checks to prevent cybersecurity professionals from analyzing the script. 

Additionally, they wrapped phishing links inside multiple layers of Postmark tracking links, making it harder to trace the final destination of the attack. The method itself isn’t entirely new. In October 2024, JavaScript developer Martin Kleppe introduced the idea as an experimental programming technique. However, cybercriminals quickly adapted it for phishing attacks. 

The trick works by converting each character in a JavaScript script into an 8-bit binary format. Instead of using visible numbers like ones and zeros, attackers replace them with invisible Hangul Unicode characters, such as U+FFA0 and U+3164. Since these characters don’t appear on-screen, the malicious code looks completely empty, making it difficult to detect with the naked eye or automated security scans. 

The hidden script is stored as a property inside a JavaScript object, appearing as blank space. A separate bootstrap script then retrieves the hidden payload using a JavaScript Proxy get() trap. When accessed, this proxy deciphers the invisible Unicode characters back into binary, reconstructing the original JavaScript code and allowing the attack to execute. To make detection even more difficult, hackers have layered additional evasion techniques. They use base64 encoding to further disguise the script and implement anti-debugging measures. If the script detects that it’s being analyzed—such as when someone tries to inspect it with a debugger—it will shut down immediately and redirect the user to a harmless website. 

This prevents cybersecurity researchers from easily studying the malware. This technique is particularly dangerous because it allows attackers to blend their malicious code into legitimate scripts without raising suspicion. The invisible payload can be injected into otherwise safe websites, and since it appears as empty space, many security tools may fail to detect it. 

Juniper Threat Labs linked two of the domains used in this campaign to the Tycoon 2FA phishing kit, a tool previously associated with large-scale phishing operations. This connection suggests that the technique could soon be adopted by other cybercriminals. As attackers continue to develop new evasion strategies, cybersecurity teams will need to create better detection methods to counter these hidden threats before they cause widespread damage.
Read more »
Subscribe to: Posts (Atom)