Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Website. Show all posts

Combatting Counterfeit Drugs Online: BrandShield's Success in Dismantling Illicit Websites

 

In the rapidly evolving landscape of online pharmaceuticals, the proliferation of counterfeit drugs poses a significant threat to consumer safety. Cybersecurity firm BrandShield has emerged as a stalwart defender in this battle, successfully dismantling over 250 websites selling counterfeit weight-loss and diabetes medications. Led by CEO Yoav Keren, BrandShield's efforts represent a concerted endeavor to combat the scourge of counterfeit pharmaceuticals and protect consumers from the dangers of fraudulent medications. 

The counterfeit drugs targeted by BrandShield predominantly belong to the GLP-1 class, including popular medications like Novo Nordisk's Ozempic and Wegovy, as well as Eli Lilly's Mounjaro and Zepbound. Originally developed to manage type 2 diabetes, these medications have garnered attention for their additional benefits in weight loss, with patients experiencing significant reductions in body weight. Unfortunately, the efficacy and popularity of these drugs have also made them lucrative targets for counterfeiters seeking to exploit the growing demand. 

According to Reuters, the majority of the illicit websites shut down by BrandShield were purveyors of counterfeit GLP-1 drugs, indicating the scale of the problem. Alarmingly, studies suggest that an estimated 95% of all online pharmacies operate unlawfully, highlighting the pervasive nature of the issue. 

Moreover, reported cases of harm linked to fake GLP-1 drugs have emerged in at least nine countries, underscoring the urgent need for action. BrandShield's recent crackdown on counterfeit drug websites represents a significant victory in the ongoing battle against online pharmaceutical fraud. The company's efforts have resulted in the closure of 90% of the identified pharmacy websites selling counterfeit GLP-1 medications. This operation accounts for just over 15% of the total counterfeit drug websites reported by BrandShield last year, emphasizing the scale of the challenge. 

Collaborating closely with the Pharmaceutical Security Institute (PSI), BrandShield employs rigorous evidence collection and intelligence gathering to identify and target illicit websites. By providing actionable intelligence to service providers hosting these websites, BrandShield facilitates their removal from the internet, effectively disrupting the operations of counterfeiters. Furthermore, the company coordinates with law enforcement agencies to investigate and prosecute criminal networks involved in the production and distribution of counterfeit drugs. 

In addition to targeting counterfeit drug websites, BrandShield's efforts extend to social media platforms, where it has removed nearly 4,000 fake drug listings. Notably, a significant portion of these listings—almost 60%—was found on Facebook, highlighting the need for vigilance across all online platforms. BrandShield's global reach ensures that illegal drug listings are eradicated from marketplaces in countries around the world, including India, Indonesia, China, and Brazil. 

Contrary to concerns raised earlier, the EMA found no evidence linking these medications to an increased risk of suicidal thoughts or self-injury. This reaffirmation of safety aligns with previous findings by the US Food and Drug Administration (FDA), providing reassurance to patients and healthcare providers alike. 

Overall, BrandShield's relentless efforts to combat counterfeit drugs online serve as a beacon of hope in the fight against pharmaceutical fraud. By dismantling illicit websites, removing fake drug listings, and collaborating with industry partners and law enforcement agencies, BrandShield is making significant strides towards safeguarding consumers and upholding the integrity of the pharmaceutical industry.

Ransomware Strikes Tarrant Appraisal District

 



Tarrant Appraisal District (TAD) finds itself grappling with a major setback as its website falls prey to a criminal ransomware attack, resulting in a disruption of its essential services. The attack, which was discovered on Thursday, prompted swift action from TAD, as the agency collaborated closely with cybersecurity experts to assess the situation and fortify its network defences. Following a thorough investigation, TAD confirmed that it had indeed fallen victim to a ransomware attack, prompting immediate reporting to relevant authorities, including the Federal Bureau of Investigation and the Texas Department of Information Resources.

Despite concerted efforts to minimise the impact, TAD continues to work towards restoring full functionality to its services. Presently, while the TAD website remains accessible, the ability to search for records online has been temporarily suspended. Moreover, disruptions extend beyond the digital realm, with phone and email services also facing temporary outages. This development comes hot on the heels of a recent database failure experienced by TAD, which necessitated the expedited launch of a new website. Originally intending to run both old and new sites concurrently for a fortnight, the agency was compelled to hasten the transition following the database crash.

Chief Appraiser Joe Don Bobbitt has moved seamlessly to reassure the public, asserting that no sensitive information was compromised during the disruption. However, TAD remains vigilant and committed to addressing any lingering concerns. The agency is poised to provide further updates during an upcoming board meeting.

These recent challenges encountered by TAD underscore the critical importance of robust cybersecurity measures and organisational resilience in the face of unforeseen disruptions. Against the backdrop of escalating property values across North Texas, scrutiny of appraisal processes has intensified, with TAD having previously grappled with website functionality issues. Nevertheless, the agency remains steadfast in its commitment to enhancing user experience and fostering transparency.

In light of recent events, TAD remains resolute in prioritising the integrity of its operations and the safeguarding of sensitive data. The deliberate response to the ransomware attack prompts the agency's unwavering dedication to addressing emerging threats and maintaining public trust. As TAD diligently works towards restoring full operational capacity, stakeholders are urged to remain careful and report any suspicious activity promptly.

The resilience demonstrated by TAD in navigating these challenges serves as a testament to its dedication to serving the community and upholding the highest standards of accountability and transparency in property valuation processes.


Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress

 

In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. 

The vulnerability was initially disclosed in November 2023, raising alarm bells in the cybersecurity community. Despite this disclosure, many site administrators failed to promptly update their systems, leaving them vulnerable to exploitation by hackers. Now, the consequences of this oversight are becoming apparent, with Sucuri, a prominent cybersecurity firm, reporting a recent surge in attacks targeting WordPress sites through this vulnerability. 

At the core of the exploit is the injection of malicious code into the Custom JavaScript or Custom CSS sections of the WordPress admin interface. This injected code is then stored within the 'wp_postmeta' database table, allowing hackers to manipulate the behavior of the Popup Builder plugin. By leveraging event handlers within the plugin, such as popup open or close events, hackers can execute various malicious actions, including redirecting unsuspecting visitors to phishing pages or malware-dropping sites. Sucuri's analysis has revealed that the attacks originate from domains such as "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com." 

As a proactive measure, site owners are advised to block access to these domains to mitigate the risk of infection. However, blocking domains alone may not be sufficient to fully protect websites from exploitation. To effectively safeguard against this threat, website owners must update to the latest version of the Popup Builder plugin, currently version 4.2.7. 

This updated version addresses CVE-2023-6000 and other security vulnerabilities, providing enhanced protection against malicious attacks. Despite the availability of patches, WordPress statistics indicate that a significant number of active sites continue to use outdated versions of the plugin, leaving them vulnerable to exploitation. 

In the unfortunate event of a website being infected, swift action is necessary to mitigate further damage. Site administrators should immediately remove any malicious entries injected into the Popup Builder's custom sections and conduct thorough scans to detect and eliminate any hidden backdoors that could facilitate reinfection. The prevalence of this vulnerability underscores the importance of maintaining robust cybersecurity practices for WordPress sites. 

By staying vigilant, promptly applying software updates, and implementing proactive security measures, website owners can better protect their sites and mitigate the risk of falling victim to malicious attacks. As the threat landscape continues to evolve, proactive security measures are essential to safeguarding the integrity and security of WordPress websites.

This Website Wants to Use AI to Make Models Redundant

 

Deep Agency is an AI photo studio and modelling agency founded by a Dutch developer. For $29 per month, you can get high-quality photos of yourself in a variety of settings, as well as images generated by AI models based on a given prompt. “Hire virtual models and create a virtual twin with an avatar that looks just like you. Elevate your photo game and say goodbye to traditional photo shoots,” the site reads. 

 According to the platform's creator, Danny Postma, the platform utilises the most recent text-to-image AI models, implying a model similar to DALL-E 2, and is available anywhere in the world. You can personalize your photo on the platform by selecting the model's pose and writing various definitions of what you want them to do. This website does the opposite of making models, photographers, and creatives obsolete.

Postma does state on Twitter that the site is "in open beta" and that "things will break," and using it does feel almost silly, like a glorified version of DALL-E 2 but only with female models. The site then reminds us of AI's limitations, showing how AI-generated images are not only stiff and easy to spot, but also biassed in a variety of ways.

So far, the prompt requires you to include "sks female" in it for the model to work, meaning the site only generates images of women unless you purchase a paid subscription, which unlocks three other models, one woman and two men, and allows you to upload your own images to create a "AI twin".

To create an image, you type a prompt, select a pose from the site's existing catalogue of images, and choose from a variety of settings such as "time & weather," "camera," "lens & aperture," "shutterspeed," and "lighting." Most generated images appear to be the same brightly lit female portrait, pictured in front of a very blurred background, indicating that none of those settings have been keyed in yet.
When you say "sks female," it generates an image of a blonde white woman, even if you chose an image of a woman of a different race or likeness from the catalogue. If you want to change the model's appearance, you must add additional words denoting race, age, and other demographic characteristics.

When Motherboard chose one of the site's pre-existing images and corresponding prompts of a person of colour wearing a religious headscarf to generate an image based on it, the result was a white woman wearing a fashion headscarf. The DALL-E 2 text-to-image generator from OpenAI has already been shown to have biases baked in. When asked to generate an image of "a flight attendant," for example, the generator only produces images of women, whereas when asked to generate an image of "a CEO," it mostly displays images of white men. 

Though examples like these are common, it has been difficult for OpenAI to determine the precise origins of the biases and fix them, despite the company's acknowledgement that it is working to improve its system. The deployment of a photo studio based on a biassed model will inevitably result in the same problems.

This AI model generator is being released at a time when the modelling industry is already under pressure to diversify its models. After massive public backlash, what was once a unique industry with a single body and image standard has now become more open to everyday models, including people cast from the street and platforms like Instagram and TikTok.  Though there is still a long way to go in the world of high fashion representation, people have taken to creating their own style-inclusive content on social media, proving that people prefer the more personable, casual "model"—in the form of influencers.

Simon Chambers, director at modelling agency Storm Management, told Motherboard in an email that “AI avatars could also be used instead of models but the caveat here is that compelling imagery needs creativity & emotion, so our take, in the near future, is that AI created talent would work best on basic imagery used for simple reference purposes, rather than for marketing or promoting where a relationship with the customer needs to be established.”

“That said, avatars also represent an opportunity as well-known talent will, at some point, be likely to have their own digital twins which operate in the metaverse or different metaverses. An agency such as Storm would expect to manage the commercial activities of both the real talent and their avatar. This is being actively discussed but at present, it feels like the metaverse sphere needs to develop further before it delivers true value to users and brands and becomes a widespread phenomenon,” he added. Chambers also said their use has implications under the GDPR, the European Union’s data protection law. 

It's difficult to predict what Deep Agency's AI-generated models will be used for, given that models cannot be generated to wear specific logos or hold branded products. When Motherboard attempted to generate an image of a woman eating a hotdog, the hotdog appeared on the woman's head, and she had her finger to her lips, looking ponderous.

An AI model has been in the works for several years. In 2020, model Sinead Bovell wrote in Vogue that she believes artificial intelligence will soon take over her job. She was referring to the rise of CGI models, rather than AI-generated models, such as Miquela Sousa, also known as Lil Miquela on Instagram, who has nearly 3 million followers. She has her own character story and has collaborated with brands like Prada and Samsung. Bovell stated that AI models that can walk, talk, and act are the next step after CGI models, citing a company called DataGrid, which created a number of models using generative AI in 2019.

Deep Agency's images, on the other hand, are significantly less three-dimensional, bringing us back to the issue of privacy in AI images. In its Terms and Conditions, Deep Agency claims to use an AI system trained on public datasets. As a result, these images are likely to resemble the likenesses of real women in existing photographs. As per Motherboard, the LAION-5B dataset, which was utilized by train systems such as DALL-E and Stable Diffusion, included many images of real people, ranging from headshots to medical images, without permission.

Lensa A.I., a viral app that used AI to generate images of people on different backgrounds, has since come under fire for a variety of privacy and copyright violations. Many artists pointed to the LAION-5B dataset, where they discovered their work was used without their knowledge or permission and claimed that the app, which used a model trained on LAION-5B, was thus infringing on their copyright. People complained that the app's images included mangled artist signatures and questioned the app's claims that the images were made from scratch. 

Deep Agency appears to be experiencing a similar issue, with muddled white text appearing in the bottom right corner of many of the images generated by Motherboard. The site claims that users can use the generated photos anywhere and for anything, which appears to be part of its value proposition of being an inexpensive way to create realistic images when many photography websites, such as Getty, charge hundreds of dollars for a single photo.

OpenAI CEO Sam Altman has repeatedly warned about the importance of carefully considering what AI is used for. Last month, Altman tweeted that  “although current-generation AI tools aren’t very scary, I think we are potentially not that far away from potentially scary ones. having time to understand what’s happening, how people want to use these tools, and how society can co-evolve is critical.”

In this case, it's interesting to see how an AI tool actually pushes us backwards and closer to a limited set of models.Deep Agency creator Danny Postma did not respond to Motherboard's request for comment.

NordVPN Identifies the Most Risky Websites for Users' Privacy and Security

When you browse the web on a regular basis, it can be quite dangerous, but it becomes even more dangerous when you access certain types of sites. It should come as no surprise that porn, streaming, and video hosting websites top the list of services posing the greatest risk to users' privacy and security. 

Malware attacks, invasive ads, and heavy web tracking were among the threats. That is the exclusive data gathered by NordVPN, one of the best VPN services available. In December 2022 alone, the VPN provider was able to block over 344 million web trackers, 341 million intrusive ads, and 506,000 malware infections thanks to its Threat Protection tool.

"The online world is challenging people in every single move they make," said NordVPN cybersecurity advisor Adrianus Warmenhoven.

"Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it."

NordVPN researchers wanted to know how these cyber threats were getting to users. They did this by analysing aggregated data collected by their Threat Protection system. While this did not include any personally identifiable information about users, it did assist them in depicting the scenario that everyone faces on a daily basis online.

Malware is perhaps the most concerning of these threats. This is due to the ease with which such malicious software can infiltrate a device and damage or compromise tonnes of users' sensitive data. Adult content sites contain the most malware, including viruses, ransomware, spyware, and other threats. During the coverage period, over 60,000 domains were blocked. Cloud storage and entertainment platforms are next in line, with approximately 70,000 infected platforms discovered between the two categories.

Intrusive ads are any pop-ups or other ad pages that appear without being requested. These not only annoy people's online experiences, but they are also excellent at gathering information about users without their knowledge. As expected, free streaming platforms are the most involved, with more than 55 minion domains affected. Adult content and shopping websites appear to be close behind.

These findings highlight the importance of using a reliable ad-blocker every time you browse the web, especially when visiting certain types of websites.

"Ad blockers are essential for both security - because they block ads that can infect people’s devices - and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy," explains Warmenhoven. "Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster.” 

Web trackers are another major cyber threat because they compromise users' online anonymity. Video hosting services were the sites with the most web trackers. The NordVPN Threat protection tool blocked over two billion domains. Tracking was also high in cloud storage, web email, and information technology sites. As per Nord, Hong Kong and Singapore have the most web trackers in the world, with an average of 45 and 33 trackers per website. Other countries with high tracking rates include the United States, Australia, the United Kingdom, Spain, and France.

NordVPN Threat Protection is a system that safeguards users from the aforementioned online threats. It accomplishes this by scanning all files you download and blocking all sites containing malware and dangerous ads before you open them.

Threat Protection is available on all NordVPN apps. This means that there is no additional cost to enjoy a safer online experience. All you have to do is follow these simple steps:
  • Launch the latest NordVPN app on your preferred device.
  • Click the shield icon on the left side of your screen.
  • Activate the Threat Protection toggle.

Mousetrapping: What is it & how to Safeguard Against it?

 

Mousetrapping works in the identical way that a traditional mousetrap does: you unknowingly walk into a trap designed to keep you trapped for as long as possible. Operators who utilize mousetraps actively market their products or services. They may even attempt to steal your personal details. So, how do you know when you've stepped into a trap? 

Mousetrapping is an unethical practice used by some website operators to keep you on their site for longer than necessary. It is a technique that traps you in an endless loop of pages and pop-ups, preventing you from leaving a website.

Some operators will even open the new page you've been redirected to in a new window. You can't access the taskbar, toolbar, or browser menu while in this window, making it difficult to close. These websites may even deactivate the web browser's back or exit buttons, trapping you on the page until you exit the browser. In such cases, the only actionable buttons that work are those in pop-ups that force you to perform whatever action the website owner dictates.

"Your phone is hacked. Download this Antivirus Software Now.
99% of android users have this app on their phone.
Your government is tracking your phone. Install this VPN."

When you visit a website with mousetraps, you will encounter a lot of messages like this: pop-ups requesting you to download an app, visit another site, or even enter your phone number. Clicking the exit button on these pop-ups usually results in more call-to-action messages. Executing these actions and downloading the files will almost certainly result in the installation of malware on your computer and the theft of sensitive information.

How to Recognize a Mousetrap

The first step in making a mousetrap is to closely mimic the URL of a legitimate popular website. It could be a celebrity's official website or your favorite newspaper. The malicious site could end up on a search engine with a simple misspelling and a line of code. Because the code and content closely resemble that of the authentic website, the link to the site ends up on search engines.

It is sometimes difficult to tell if a website is legitimate until you click on a link. Fortunately, there are methods for determining whether a website is genuine. The mousetraps are designed by the owners of these websites in order to capture as many clicks as possible from unwitting visitors. When you realize you've been duped, you immediately attempt to exit the site by clicking on a broken back button.

The logical next step would be to press the forward button or search the toolbar for an escape route. It is already too late at this point. It is nearly impossible to leave this way because the site owner has included lines of code that will open one ad banner after another for every click you make.

That isn't all. Because pop-ups appear quickly, you may need to open multiple windows in order to evade them. You must close each pop-up one by one, and the more clicks you have, the more benefit the site owner receives. The close button on pop-ups does not always work, resulting in more ads, banners, and redirects.

Mousetrapping isn't just for clicks. Some threat actors use these traps to keep their victims occupied. The pop-ups and windows are designed to keep you on the page while malware is downloaded onto your system.

How to Get Out of a Mousetrap

The obvious escape, like most traps, will most likely lead you deeper into the trap. The back button you rush to click will simply open an ad in another window or launch a barrage of banners, further frustrating you. Despite this, there are a few ways to get out of mousetraps.

1. Input Another URL Address
2. Disable JavaScript
3. Use Keyboard Shortcuts

It's difficult to spot a malicious website, especially if it's a carbon copy of a popular platform. When you realize you've been trapped and windows and pop-ups are appearing with every click, go to the URL bar and enter a new address. You should be able to close the opened windows using keyboard shortcuts.

However, prevention is always preferable to cure. Use web browsers that have add-ons and plug-ins that prevent redirects, advertisements, and unauthorized window openings. Another option is to disable JavaScript. Many site features, including pop-ups and banners, would be disabled.

Neopets Hacked, 69 Million Accounts Potentially Breached

 

The virtual pet website Neopets has announced that it has been hacked. JumpStart Games, as announced yesterday on Twitter and the official forums, is requesting that all 69 million accounts reset their passwords. 

"Neopets recently became aware that customer data may have been stolen," reads the official Twitter announcement. "We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data." 

The hacker responsible, as first reported by Neopets community site JellyNeo (via Polygon), has been found offering the whole Neopets database and source code for 4 Bitcoins (approximately $100,000). For an extra cost, the hacker would provide live access to the database. It's unclear whether this hack involves credit card information. Neopets charges a fee to eliminate adverts from the site and gain access to the forums and other premium services. In-game cash called NeoCash is also utilised for numerous microtransactions. 

Neopets, which debuted in 1999, were a brief phenomenon. Neopets, a website where players take care of a virtual pet, soon grew to millions of users, with original developer Adam Powell selling the service to Viacom for $160 million in 2005. Viacom eventually sold the site to JumpStart Games, which still owns it. The Neopets themselves require frequent food and care, yet even if neglected, they will not perish. 

One may also take them on a tour to Neopia (the Neopets world), where they and their Neopet can participate in a variety of minigames and enjoy the site's comprehensive social features. Although it is no longer at its peak, Neopets still has a committed user base. This isn't the first time that Neopets has been compromised. In 2016, a similar data breach compelled all Neopets users to change their passwords. 

This current attack is also unlikely to help the site's tattered reputation, especially in light of the recent announcement of the Neopets Metaverse Collection, a new NFT initiative that fans have slammed as a brazen cash grab.

Swissport Ransomware Attack Delays Flights, Disturbs Operations

 

Swissport International, a supplier of aviation services, was struck by a ransomware attack that disrupted its operations. 

Swissport International Ltd. is an aviation services firm controlled by an international group of investors that provides airport ground, lounge hospitality, and cargo handling services. On behalf of 850 aviation clients, the corporation manages over 282 million passengers and 4.8 million tonnes of cargo each year. Swissport employs over 66,000 people at 307 locations across 50 countries and has combined operating revenue of EUR 2.8 billion. 

Swissport International was the victim of a ransomware assault that disrupted company operations and prompted aircraft delays. As per the German website Spiegel, the ransomware attack only affected a minor section of the corporation's global IT infrastructure, and a company spokesperson verified that the security breach occurred at 6 a.m. on Thursday. 

The attack has been substantially contained, according to the company, which is attempting to rectify the situation as swiftly as possible. 

A spokeswoman for Zurich Airport added, “Due to system problems at our airport partner Swissport, 22 flights were delayed by 3 to 20 minutes yesterday.”

The company spokesman added, “The attack has now been contained and everything is being done to solve the problem as quickly as possible and limit the impact on flight operations. Swissport can continue to provide ground services for airlines safely, but there may be delays in some cases.” 

On Friday afternoon, the Swissport website was unavailable. The organisation has not yet revealed information regarding the attack, such as the ransomware family that attacked its systems or if the attack resulted in a data leak. The attack on their leak sites was not claimed by any ransomware group. 

Other recent attacks in Europe have affected key infrastructure, such as the one that crippled Oiltanking GmbH, a German petrol distributor that supplies Shell gas stations across the country. The oil provider Mabanaft GmbH was also impacted by the attack, according to the media. The Marquard & Bahls group owns both companies. As per local media, the attacks could have compromised the country's fuel supplies. 

A cyberattack was launched this week on some of the main oil terminals in Western Europe's largest ports. The Amsterdam-Rotterdam-Antwerp oil trading centre, as well as the SEA-Tank Terminal in Antwerp, are among the affected port infrastructure.

Due to a Cyber Attack, MangaDex Website Taken Down for 2 Weeks

 

A few days ago, on 17th March, MangaDex found that a malicious actor, who already had access to an administrative account, had hacked the site. They said a malicious player has been able to access an administrative account by using a session token in an older database leak via flawed session management configuration. They further moved on to locate and patch the vulnerable section of code, also sweeping session data worldwide to prevent further attempts at, using the same technique. 

After the breach, they spent several hours analyzing the code and began patching. This occurred alongside the opening of the site following the breach, as we mistakenly believed that the actor could not access it. As a precaution, their infrastructure has been monitored in case the assailant is returned. 

Afterward, the attacker even sent an email with the "MangaDex has a DB leak. I suggest you tell their staff about it,” message to a few users according to the website's official notice. Since then, MangaDex has been maintaining the website and its users to prevent further disruption and security problems. 

Fortunately, MangaDex was pretty transparent regarding the violation and was providing information via Twitter instead of trying to hush up the details. However, the team recommends taking immediate actions to secure one’s online identity. Further, a database breach is also yet to be verified by them. So, if one uses the same password for all sites, they may want to change their passwords on other sites also. 

That being said, MangaDex affirmed that the new website — MangaDex v5 — will stay offline for a full rewrite that can take two weeks to complete. This decision took into consideration many other alternatives, such as the reintroduction of the website in its present state which could be vulnerable under MangaDex to further attacks. The new website will only have the basic features. This implies that only when MangaDex v5 is launched, users can read and upload and follow – like the website of the OG. 

The team confirmed that MangaDex v3 is back, though with several features that allow users to export bookmarks. A bug bounty program may also be developed for the team for v5. This helps MangaDex to patch all exploits in the code so that attackers will not be able to break the website.