CySecurity News - Latest Information Security and Hacking Incidents: data security

AT&T cloud storage services CyberCrime cybercriminal arrests Data Breach Data Hackers data security Data Theft

Connor Moucka Extradited to U.S. for Snowflake Data Breaches Targeting 165 Companies

Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies like AT&T and Ticketmaster, resulted in the exposure of hundreds of millions of sensitive records.

Moucka, also known by online aliases such as “Waifu,” “Judische,” and “Ellyel8,” was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities. Last Friday, he signed a written agreement before the Superior Court of Justice in Kitchener, consenting to his extradition without the standard 30-day waiting period. The 26-year-old faces 20 charges in the U.S., including conspiracy to commit computer fraud, unauthorized access to protected systems, wire fraud, and aggravated identity theft. Prosecutors allege that Moucka, along with co-conspirator John Binns, extorted over $2.5 million from victims by stealing and threatening to expose their sensitive information.

The data breaches tied to this cybercrime operation have had widespread consequences. In May 2024, Ticketmaster’s parent company, Live Nation, confirmed that data from 560 million users had been compromised and put up for sale on hacking forums. Other companies affected include Santander Bank, Advance Auto Parts, and AT&T, among others. Moucka and Binns are believed to be linked to “The Com,” a cybercriminal network involved in various illicit activities, including cyber fraud, extortion, and violent crimes.

Another alleged associate, Cameron Wagenius, a 21-year-old U.S. Army soldier, was arrested in December for attempting to sell stolen classified information to foreign intelligence agencies. Wagenius has since indicated his intent to plead guilty. U.S. prosecutors claim Moucka and his associates launched a series of cyberattacks on Snowflake customers, gaining unauthorized access to corporate environments and exfiltrating confidential data.

These breaches, described as among the most extensive cyberattacks in recent history, compromised sensitive

records from numerous enterprises. While the exact date of Moucka’s extradition remains undisclosed, his case underscores the growing threat of cyber extortion and the increasing international cooperation in tackling cybercrime. His legal representatives have not yet issued a statement regarding the extradition or upcoming trial proceedings.

Arcane Malware Steals VPN, Gaming, and Messaging Credentials in New Cyber Threat



 

Malwares

Arcane Cyber Attacks Data Safety User Data data security Data Stealer Discord Infostealer Infostealer Malware Kaspersky Malwares

Arcane Malware Steals VPN, Gaming, and Messaging Credentials in New Cyber Threat

A newly identified malware strain, Arcane, is making headlines for its ability to steal a vast range of user data. This malicious software infiltrates systems to extract sensitive credentials from VPN services, gaming platforms, messaging apps, and web browsers. Since its emergence in late 2024, Arcane has undergone several modifications, increasing its effectiveness and expanding its reach.

Unlike other cyber threats with long-established histories, Arcane is not linked to previous malware versions carrying a similar name. Analysts at Kaspersky have observed that the malware primarily affects users in Russia, Belarus, and Kazakhstan. This is an unusual pattern, as many Russian-based cybercriminal groups tend to avoid targeting their home region to steer clear of legal consequences.

Additionally, communications linked to Arcane’s operators suggest that they are Russian-speaking, reinforcing its likely origin. The malware spreads through deceptive content on YouTube, where cybercriminals post videos promoting game cheats and cracked software. Viewers are enticed into downloading files that appear legitimate but contain hidden malware. Once opened, these files initiate a process that installs Arcane while simultaneously bypassing Windows security settings.

This allows the malware to operate undetected, giving hackers access to private information. Prior to Arcane, the same group used a different infostealer known as VGS, a modified version of an older trojan. However, since November 2024, they have shifted to distributing Arcane, incorporating a new tool called ArcanaLoader. This fake installer claims to provide free access to premium game software but instead delivers the malware.

It has been heavily marketed on YouTube and Discord, with its creators even offering financial incentives to content creators for promoting it. Arcane stands out because of its ability to extract detailed system data and compromise various applications. It collects hardware specifications, scans installed software, and retrieves login credentials from VPN clients, communication platforms, email services, gaming accounts, and cryptocurrency wallets. Additionally, the malware captures screenshots, which can expose confidential information visible on the victim’s screen.

Though Arcane is currently targeting specific regions, its rapid evolution suggests it could soon expand to a broader audience. Cybersecurity experts warn that malware of this nature can lead to financial theft, identity fraud, and further cyberattacks. Once infected, victims must reset all passwords, secure compromised accounts, and ensure their systems are thoroughly cleaned.

To reduce the risk of infection, users are advised to be cautious when downloading third-party software, especially from unverified sources. Game cheats and pirated programs often serve as delivery methods for malicious software, making them a significant security threat. Avoiding these downloads altogether is the safest approach to protecting personal information.

The Growing Threat of Infostealer Malware: What You Need to Know



 

Malwares

Cyber Attacks cybercriminals data security Data Theft Hackers Infostealer Infostealer Malware Malware attacks Malwares

The Growing Threat of Infostealer Malware: What You Need to Know

Infostealer malware is becoming one of the most alarming cybersecurity threats, silently stealing sensitive data from individuals and organizations. This type of malware operates stealthily, often going undetected for long periods while extracting valuable information such as login credentials, financial details, and personal data. As cybercriminals refine their tactics, infostealer attacks have become more frequent and sophisticated, making it crucial for users to stay informed and take preventive measures.

A significant reason for concern is the sheer scale of data theft caused by infostealers. In 2024 alone, security firm KELA reported that infostealer malware was responsible for leaking 3.9 billion passwords and infecting over 4.3 million devices worldwide. Similarly, Huntress’ 2025 Cyber Threat Report revealed that these threats accounted for 25% of all cyberattacks in the previous year. This data highlights the growing reliance of cybercriminals on infostealers as an effective method of gathering personal and corporate information for financial gain.

Infostealers operate by quietly collecting various forms of sensitive data. This includes login credentials, browser cookies, email conversations, banking details, and even clipboard content. Some variants incorporate keylogging capabilities to capture every keystroke a victim types, while others take screenshots or exfiltrate files. Cybercriminals often use the stolen data for identity theft, unauthorized financial transactions, and large-scale corporate breaches. Because these attacks do not immediately disrupt a victim’s system, they are harder to detect, allowing attackers to extract vast amounts of information over time. Hackers distribute infostealer malware through multiple channels, making it a widespread threat.

Phishing emails remain one of the most common methods, tricking victims into downloading infected attachments or clicking malicious links. However, attackers also embed infostealers in pirated software, fake browser extensions, and even legitimate platforms. For example, in February 2025, a game called PirateFi was uploaded to Steam and later found to contain infostealer malware, compromising hundreds of devices before it was removed. Social media platforms, such as YouTube and LinkedIn, are also being exploited to spread malicious files disguised as helpful tools or software updates.

Beyond stealing data, infostealers serve as an entry point for larger cyberattacks. Hackers often use stolen credentials to gain unauthorized access to corporate networks, paving the way for ransomware attacks, espionage, and large-scale financial fraud. Once inside a system, attackers can escalate their access, install additional malware, and compromise more critical assets. This makes infostealer infections not just an individual threat but a major risk to businesses and entire industries.

The prevalence of infostealer malware is expected to grow, with attackers leveraging AI to improve phishing campaigns and developing more advanced evasion techniques. According to Check Point’s 2025 Cybersecurity Report, infostealer infections surged by 58% globally, with Europe, the Middle East, and Africa experiencing some of the highest increases. The SYS01 InfoStealer campaign, for instance, impacted millions across multiple continents, showing how widespread the issue has become.

To mitigate the risks of infostealer malware, individuals and organizations must adopt strong security practices. This includes using reliable antivirus software, enabling multi-factor authentication (MFA), and avoiding downloads from untrusted sources. Regularly updating software and monitoring network activity can also help detect and prevent infections. Given the growing threat, cybersecurity awareness and proactive defense strategies are more important than ever.

North Korean Spyware Disguised as Android Apps Found on Google Play



 

North Korean

Android App Safety Android Apps Android Spyware data security Fake Apps Google Play Google Play fake apps Mobile Security North Korean

North Korean Spyware Disguised as Android Apps Found on Google Play

Researchers have discovered at least five Android apps on Google Play that secretly function as spyware for the North Korean government. Despite passing Google Play’s security checks, these apps collect personal data from users without their knowledge. The malware, dubbed KoSpy by security firm Lookout, is embedded in utility apps that claim to assist with file management, software updates, and even device security.

However, instead of providing real benefits, these apps function as surveillance tools, gathering a range of sensitive information. KoSpy-infected apps can collect SMS messages, call logs, location data, files, nearby audio, keystrokes, Wi-Fi details, and installed apps. Additionally, they can take screenshots and record users’ screens, potentially exposing private conversations, banking credentials, and other confidential data. All collected information is sent to servers controlled by North Korean intelligence operatives, raising serious cybersecurity concerns.

Lookout researchers believe with “medium confidence” that two well-known North Korean advanced persistent threat (APT) groups, APT37 (ScarCruft) and APT43 (Kimsuki), are behind these spyware apps. These groups are known for conducting cyber espionage and targeting individuals in South Korea, the United States, and other countries. The malicious apps have been found in at least two app stores, including Google Play and Apkpure. The affected apps include 휴대폰 관리자 (Phone Manager), File Manager, 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility.

On the surface, these apps appear legitimate, making it difficult for users to identify them as threats. According to Ars Technica, the developer email addresses are standard Gmail accounts, and the privacy policies are hosted on Blogspot, which does not raise immediate suspicions. However, a deeper analysis of the IP addresses linked to these apps reveals connections to North Korean intelligence operations dating back to 2019. These command-and-control servers have been used for previous cyberespionage campaigns.

Google responded to the findings by stating that the “most recent app sample” was removed from Google Play before any users could download it. While this is reassuring, it highlights the ongoing risk of malicious apps bypassing security measures. Google also emphasized that its Play Protect service can detect certain malicious apps when installed, regardless of the source.

This case serves as another reminder of the risks associated with installing apps, even from official sources like Google Play. Users should always scrutinize app permissions and avoid installing unnecessary applications. A file manager, for example, should not require access to location data. By staying cautious and using reputable security tools, Android users can better protect their personal information from spyware threats.

How Data Removal Services Protect Your Online Privacy from Brokers



 

Privacy

Data Brokers Data collection Data Mining Data Privacy Data Removal data security Online Privacy Privacy

How Data Removal Services Protect Your Online Privacy from Brokers

Data removal services play a crucial role in safeguarding online privacy by helping individuals remove their personal information from data brokers and people-finding websites. Every time users browse the internet, enter personal details on websites, or use search engines, they leave behind a digital footprint. This data is often collected by aggregators and sold to third parties, including marketing firms, advertisers, and even organizations with malicious intent. With data collection becoming a billion-dollar industry, the need for effective data removal services has never been more urgent.

Many people are unaware of how much information is available about them online. A simple Google search may reveal social media profiles, public records, and forum posts, but this is just the surface. Data brokers go even further, gathering information from browsing history, purchase records, loyalty programs, and public documents such as birth and marriage certificates. This data is then packaged and sold to interested buyers, creating a detailed digital profile of individuals without their explicit consent.

Data removal services work by identifying where a person’s data is stored, sending removal requests to brokers, and ensuring that information is deleted from their records. These services automate the process, saving users the time and effort required to manually request data removal from hundreds of sources. Some of the most well-known data removal services include Incogni, Aura, Kanary, and DeleteMe. While each service may have a slightly different approach, they generally follow a similar process. Users provide their personal details, such as name, email, and address, to the data removal service.

The service then scans databases of data brokers and people-finder sites to locate where personal information is being stored. Automated removal requests are sent to these brokers, requesting the deletion of personal data. While some brokers comply with these requests quickly, others may take longer or resist removal efforts. A reliable data removal service provides transparency about the process and expected timelines, ensuring users understand how their information is being handled. Data brokers profit immensely from selling personal data, with the industry estimated to be worth over $400 billion.

Major players like Experian, Equifax, and Acxiom collect a wide range of information, including addresses, birth dates, family status, hobbies, occupations, and even social security numbers. People-finding services, such as BeenVerified and Truthfinder, operate similarly by aggregating publicly available data and making it easily accessible for a fee. Unfortunately, this information can also fall into the hands of bad actors who use it for identity theft, fraud, or online stalking.

For individuals concerned about privacy, data removal services offer a proactive way to reclaim control over personal information. Journalists, victims of stalking or abuse, and professionals in sensitive industries particularly benefit from these services. However, in an age where data collection is a persistent and lucrative business, staying vigilant and using trusted privacy tools is essential for maintaining online anonymity.

DeepSeek AI: Benefits, Risks, and Security Concerns for Businesses



 

enterprise cybersecurity

AI Chatbots AI Risks AI technology Chatbots ChatGPT. OpenAI Cyber Security data security DeepSeek enterprise cybersecurity

DeepSeek AI: Benefits, Risks, and Security Concerns for Businesses

DeepSeek, an AI chatbot developed by China-based High-Flyer, has gained rapid popularity due to its affordability and advanced natural language processing capabilities. Marketed as a cost-effective alternative to OpenAI’s ChatGPT, DeepSeek has been widely adopted by businesses looking for AI-driven insights.

However, cybersecurity experts have raised serious concerns over its potential security risks, warning that the platform may expose sensitive corporate data to unauthorized surveillance. Reports suggest that DeepSeek’s code contains embedded links to China Mobile’s CMPassport.com, a registry controlled by the Chinese government. This discovery has sparked fears that businesses using DeepSeek may unknowingly be transferring sensitive intellectual property, financial records, and client communications to external entities.

Investigative findings have drawn parallels between DeepSeek and TikTok, the latter having faced a U.S. federal ban over concerns regarding Chinese government access to user data. Unlike TikTok, however, security analysts claim to have found direct evidence of DeepSeek’s potential backdoor access, raising further alarms among cybersecurity professionals. Cybersecurity expert Ivan Tsarynny warns that DeepSeek’s digital fingerprinting capabilities could allow it to track users’ web activity even after they close the app.

This means companies may be exposing not just individual employee data but also internal business strategies and confidential documents. While AI-driven tools like DeepSeek offer substantial productivity gains, business leaders must weigh these benefits against potential security vulnerabilities. A complete ban on DeepSeek may not be the most practical solution, as employees often adopt new AI tools before leadership can fully assess their risks. Instead, organizations should take a strategic approach to AI integration by implementing governance policies that define approved AI tools and security measures.

Restricting DeepSeek’s usage to non-sensitive tasks such as content brainstorming or customer support automation can help mitigate data security concerns. Enterprises should prioritize the use of vetted AI solutions with stronger security frameworks. Platforms like OpenAI’s ChatGPT Enterprise, Microsoft Copilot, and Claude AI offer greater transparency and data protection. IT teams should conduct regular software audits to monitor unauthorized AI use and implement access restrictions where necessary.

Employee education on AI risks and cybersecurity threats will also be crucial in ensuring compliance with corporate security policies. As AI technology continues to evolve, so do the challenges surrounding data privacy. Business leaders must remain proactive in evaluating emerging AI tools, balancing innovation with security to protect corporate data from potential exploitation.

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft



 

Sensitive Data Leak

Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January.

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts.

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims.

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya.

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.

Microsoft MUSE AI: Revolutionizing Game Development with WHAM and Ethical Challenges



 

Privacy

AI Gaming AI Model AI Systems AI technology Data Privacy data security Data Technology Microsoft Privacy

Microsoft MUSE AI: Revolutionizing Game Development with WHAM and Ethical Challenges

Microsoft has developed MUSE, a cutting-edge AI model that is set to redefine how video games are created and experienced. This advanced system leverages artificial intelligence to generate realistic gameplay elements, making it easier for developers to design and refine virtual environments. By learning from vast amounts of gameplay data, MUSE can predict player actions, create immersive worlds, and enhance game mechanics in ways that were previously impossible. While this breakthrough technology offers significant advantages for game development, it also raises critical discussions around data security and ethical AI usage.

One of MUSE’s most notable features is its ability to automate and accelerate game design. Developers can use the AI model to quickly prototype levels, test different gameplay mechanics, and generate realistic player interactions. This reduces the time and effort required for manual design while allowing for greater experimentation and creativity. By streamlining the development process, MUSE provides game studios—both large and small—the opportunity to push the boundaries of innovation.

The AI system is built on an advanced framework that enables it to interpret and respond to player behaviors. By analyzing game environments and user inputs, MUSE can dynamically adjust in-game elements to create more engaging experiences. This could lead to more adaptive and personalized gaming, where the AI tailors challenges and story progression based on individual player styles. Such advancements have the potential to revolutionize game storytelling and interactivity.

Despite its promising capabilities, the introduction of AI-generated gameplay also brings important concerns. The use of player data to train these models raises questions about privacy and transparency. Developers must establish clear guidelines on how data is collected and ensure that players have control over their information. Additionally, the increasing role of AI in game creation sparks discussions about the balance between human creativity and machine-generated content.

While AI can enhance development, it is essential to preserve the artistic vision and originality that define gaming as a creative medium. Beyond gaming, the technology behind MUSE could extend into other industries, including education and simulation-based training. AI-generated environments can be used for virtual learning, professional skill development, and interactive storytelling in ways that go beyond traditional gaming applications.

As AI continues to evolve, its role in shaping digital experiences will expand, making it crucial to address ethical considerations and responsible implementation. The future of AI-driven game development is still unfolding, but MUSE represents a major step forward.

By offering new possibilities for creativity and efficiency, it has the potential to change how games are built and played. However, the industry must carefully navigate the challenges that come with AI’s growing influence, ensuring that technological progress aligns with ethical and artistic integrity.

Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data



 

Ransomware group

Cyber Attacks Data Leak data security Genea Healthcare Breach Patient Data Ransomware attack Ransomware group

Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data

One of Australia’s leading fertility providers, Genea Pty Ltd, has been targeted in a cyberattack allegedly carried out by the Termite ransomware group. On February 26, 2025, the group claimed responsibility for breaching Genea’s systems and stated that they had stolen 700GB of data from 27 company servers. The stolen information reportedly includes financial documents, invoices, medical records, personal identification data, and detailed patient questionnaires.

Among these files are Protected Health Information (PHI), which contains personal medical histories and sensitive patient details. The cyberattack was first confirmed by Genea on February 19, 2025, when the company disclosed that its network had been compromised. The breach caused system outages and disrupted operations, leading to an internal investigation supported by cybersecurity experts. Genea moved quickly to assess the extent of the damage and reassure patients that the incident was being addressed with urgency.

In an update released on February 24, 2025, the company acknowledged that unauthorized access had been detected within its patient management systems. By February 26, 2025, Genea confirmed that some of the stolen data had been leaked online by the attackers. In a public statement, the company expressed deep regret over the breach, acknowledging the distress it may have caused its patients. In response, Genea took immediate legal action by securing a court-ordered injunction to prevent further distribution or use of the stolen information.

This measure was part of the company’s broader effort to protect affected individuals and limit the potential damage caused by the breach. To assist those impacted, Genea partnered with IDCARE, Australia’s national identity and cyber support service. Affected individuals were encouraged to seek help and take necessary steps to safeguard their personal information. The company urged patients to remain alert for potential fraud or identity theft attempts, particularly unsolicited emails, phone calls, or messages requesting personal details.

The attack was initially detected on February 14, 2025, when suspicious activity was observed within Genea’s network. Upon further investigation, it was revealed that unauthorized access had occurred, and patient data had been compromised. The attackers reportedly targeted Genea’s patient management system, gaining entry to folders containing sensitive information. The exposed data includes full names, contact details, medical histories, treatment records, Medicare card numbers, and private health insurance information.

However, as of the latest update, there was no evidence that financial data, such as bank account details or credit card numbers, had been accessed. Despite the severity of the breach, Genea assured patients that its medical and administrative teams were working tirelessly to restore affected systems and minimize disruptions to fertility services. Ensuring continuity of patient care remained a top priority while the company simultaneously focused on strengthening security measures to prevent further incidents.

In response to the breach, Genea has been collaborating with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to investigate the full extent of the attack. The company is committed to keeping affected individuals informed and taking all necessary precautions to enhance its cybersecurity framework. Patients were advised to monitor their accounts and report any suspicious activity to authorities.

As a precaution, Genea recommended that affected individuals follow security guidelines issued by official government agencies such as the Australian Cyber Security Centre and the ACCC’s Scamwatch. For those concerned about identity theft, IDCARE’s experts were made available to provide support and guidance on mitigating risks associated with cybercrime. The incident has highlighted the growing risks faced by healthcare providers and the importance of implementing stronger security measures to protect patient data.

The Need for Unified Data Security, Compliance, and AI Governance



 

GDPR

AI governance AI Security AI technology CCPA Compliance Cyber Security Data Privacy data security GDPR

The Need for Unified Data Security, Compliance, and AI Governance

Businesses are increasingly dependent on data, yet many continue to rely on outdated security infrastructures and fragmented management approaches. These inefficiencies leave organizations vulnerable to cyber threats, compliance violations, and operational disruptions. Protecting data is no longer just about preventing breaches; it requires a fundamental shift in how security, compliance, and AI governance are integrated into enterprise strategies. A proactive and unified approach is now essential to mitigate evolving risks effectively.

The rapid advancement of artificial intelligence has introduced new security challenges. AI-powered tools are transforming industries, but they also create vulnerabilities if not properly managed. Many organizations implement AI-driven applications without fully understanding their security implications. AI models require vast amounts of data, including sensitive information, making governance a critical priority. Without robust oversight, these models can inadvertently expose private data, operate without transparency, and pose compliance challenges as new regulations emerge.

Businesses must ensure that AI security measures evolve in tandem with technological advancements to minimize risks. Regulatory requirements are also becoming increasingly complex. Governments worldwide are enforcing stricter data privacy laws, such as GDPR and CCPA, while also introducing new regulations specific to AI governance. Non-compliance can result in heavy financial penalties, reputational damage, and operational setbacks. Businesses can no longer treat compliance as an afterthought; instead, it must be an integral part of their data security strategy. Organizations must shift from reactive compliance measures to proactive frameworks that align with evolving regulatory expectations.

Another significant challenge is the growing issue of data sprawl. As businesses store and manage data across multiple cloud environments, SaaS applications, and third-party platforms, maintaining control becomes increasingly difficult. Security teams often lack visibility into where sensitive information resides, making it harder to enforce access controls and protect against cyber threats. Traditional security models that rely on layering additional tools onto existing infrastructures are no longer effective. A centralized, AI-driven approach to security and governance is necessary to address these risks holistically.

Forward-thinking businesses recognize that managing security, compliance, and AI governance in isolation is inefficient. A unified approach consolidates risk management efforts into a cohesive, scalable framework. By breaking down operational silos, organizations can streamline workflows, improve efficiency through AI-driven automation, and proactively mitigate security threats. Integrating compliance and security within a single system ensures better regulatory adherence while reducing the complexity of data management.

To stay ahead of emerging threats, organizations must modernize their approach to data security and governance. Investing in AI-driven security solutions enables businesses to automate data classification, detect vulnerabilities, and safeguard sensitive information at scale. Shifting from reactive compliance measures to proactive strategies ensures that regulatory requirements are met without last-minute adjustments. Moving away from fragmented security solutions and adopting a modular, scalable platform allows businesses to reduce risk and maintain resilience in an ever-evolving digital landscape. Those that embrace a forward-thinking, unified strategy will be best positioned for long-term success.

Google Report Warns Cybercrime Poses a National Security Threat



 

Safety

Cyber Security Data Data Safety data security Google Safety

Google Report Warns Cybercrime Poses a National Security Threat

When discussing national security threats in the digital landscape, attention often shifts to suspected state-backed hackers, such as those affiliated with China targeting the U.S. Treasury or Russian ransomware groups claiming to hold sensitive FBI data. However, a recent report from the Google Threat Intelligence Group highlights that financially motivated cybercrime, even when unlinked to state actors, can pose equally severe risks to national security.

“A single incident can be impactful enough on its own to have a severe consequence on the victim and disrupt citizens' access to critical goods and services,” Google warns, emphasizing the need to categorize cybercrime as a national security priority requiring global cooperation.

Despite cybercriminal activity comprising the vast majority of malicious online behavior, national security experts predominantly focus on state-sponsored hacking groups, according to the February 12 Google Threat Intelligence Group report. While state-backed attacks undoubtedly pose a critical threat, Google argues that cybercrime and state-sponsored cyber warfare cannot be evaluated in isolation.

“A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care,” Google analysts assert. “Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be.”

The escalation of cyberattacks on healthcare providers underscores the severity of this threat. Millions of patient records have been stolen, and even blood donor supply chains have been affected. “Healthcare's share of posts on data leak sites has doubled over the past three years,” Google notes, “even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year.”

The report highlights how Russia has integrated cybercriminal capabilities into warfare, citing the military intelligence-linked Sandworm unit (APT44), which leverages cybercrime-sourced malware for espionage and disruption in Ukraine. Iran-based threat actors similarly deploy ransomware to generate revenue while conducting espionage. Chinese spy groups supplement their operations with cybercrime, and North Korean state-backed hackers engage in cyber theft to fund the regime. “North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims’ crypto wallets,” Google states.

These findings illustrate how nation-states increasingly procure cyber capabilities through criminal networks, leveraging cybercrime to facilitate espionage, data theft, and financial gain. Addressing this challenge requires acknowledging cybercrime as a fundamental national security issue.

“Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty,” Google explains. Therefore, any solution must involve international cooperation between law enforcement and intelligence agencies to track, arrest, and prosecute cybercriminals effectively.

Lee Enterprises Confirms Ransomware Attack Impacting 75+ Publications



 

Ransomware attack

cyber attack Cybersecurity Breach Data Breach data security Lee Enterprises newspaper hack Ransomware attack

Lee Enterprises Confirms Ransomware Attack Impacting 75+ Publications

Lee Enterprises, a major newspaper publisher and the parent company of The Press of Atlantic City, has confirmed a ransomware attack that disrupted operations across at least 75 publications. The cybersecurity breach caused widespread outages, impacting the distribution of printed newspapers, subscription services, and internal business operations.

The attack, first disclosed to the Securities and Exchange Commission (SEC) on February 3, led to significant technology failures, affecting essential business functions. In an official update to the SEC, Lee Enterprises reported that hackers gained access to its network, encrypted key applications, and extracted files—common tactics associated with ransomware incidents.

As a result of the attack, the company's ability to deliver newspapers, process billing and collections, and manage vendor payments was severely affected. “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments,” Lee Enterprises stated in its SEC filing.

With a vast portfolio of 350 weekly and specialty publications spanning 25 states, Lee Enterprises is now conducting a forensic investigation to assess the extent of the data breach. The company aims to determine whether hackers accessed personal or sensitive information belonging to subscribers, employees, or business partners.

By February 12, the company had successfully restored distribution for its core publications. However, weekly and ancillary publications are still facing disruptions, accounting for approximately five percent of the company's total operating revenue. While recovery efforts are underway, full restoration of all affected services is expected to take several weeks.

Cybersecurity experts have warned that ransomware attacks targeting media organizations can have severe consequences, including financial losses, reputational damage, and compromised data security. The increasing frequency of such incidents highlights the urgent need for media companies to strengthen their cybersecurity defenses against evolving cyber threats.

Growing Cybersecurity Threats in the Media Industry

The publishing industry has become an attractive target for cybercriminals due to its reliance on digital infrastructure for content distribution, subscription management, and advertising revenue. Recent high-profile cyberattacks on media organizations have demonstrated the vulnerability of traditional and digital publishing operations.

While Lee Enterprises has not yet disclosed whether a ransom demand was made, ransomware attacks typically involve hackers encrypting critical data and demanding payment for its release. Cybersecurity experts caution against paying ransoms, as it does not guarantee full data recovery and may encourage further attacks.

As Lee Enterprises continues its recovery process, the company is expected to implement stronger cybersecurity measures to prevent future breaches. The incident serves as a reminder for organizations across the media sector to enhance their security protocols, conduct regular system audits, and invest in advanced threat detection technologies.

LightSpy Malware Attacks Users, Launches Over 100 Commands to Steal Data



 

Windows

data security LightSpy Linux Mac malware Windows

LightSpy Malware Attacks Users, Launches Over 100 Commands to Steal Data

Cybersecurity researchers at Hunt.io have found an updated version of LightSpy implant, a modular surveillance framework for data collection and extraction. Famous for attacking mobile devices initially, further enquiry revealed it can attack macOS, Windows, Linux, and routers.

LightSpy has been executed in targeted attacks, it uses watering hole techniques and exploit-based delivery, coupled with an infrastructure that swiftly escapes detection. LightSpy was first reported in 2020, targeting users in Hong Kong.

History of LightSpy

LightSpy has been historically famous for attacking messaging apps like WeChat, Telegram, QQ, Line, and WhatsApp throughout different OS. According to ThreatFabric report, the framework can extract payment data from WeChat, remove contacts, wipe out messaging history, and alot of other things.

The compromised things include WiFi network details, iCloud Keychain, screenshots, location, browser history, photos, call history, and SMS texts.

Regarding server analysis, the LightSpy researcher said they "share similarities with prior malicious infrastructure but introduce notable differences in the command list."

Further, "the servers analyzed in this research As previously observed, the cmd_list endpoint is at /ujmfanncy76211/front_api. Another endpoint, command_list, also exists but requires authentication, preventing direct analysis."

LightSpy Capabilities

In 2024, ThreatFabric reported about an updated malware version that has destructive capability to stop compromised device from booting up, in addition to the number of supported plugins from 12 to 28.

Earlier research has disclosed potential overlaps between an Android malware called "DragonEgg" and LightSpy, showing the threat's cross-platform nature.

Hunt.io's recent analysis study of the malicious command-and-control (C2) infrastructure linked with the spyware has found support for more than 100 commands spread across iOS, macOS, Linux, routers, and Windows.

Expert insights

Commenting on the overall impact of the malware, Hunt.io experts believe “LightSpy's infrastructure reveals previously unreported components and administrative functionality.” However, the experts remain unsure if it symbolizes new growths or earlier versions not publicly reported. “Command set modifications and Windows-targeted plugins suggest that operators continue to refine their data collection and surveillance approach across multiple platforms,” concludes

To stay safe, experts suggest users to:

Limit app permissions to avoid unwanted access to important data. “On Android, use Privacy Dashboard to review and revoke permissions; on iOS, enable App Privacy Reports to monitor background data access.”

Turn on advanced device security features that restrict the exploitability of devices. iOS users can enable Lockdown Mode and Android users can turn on Enhanced Google Play Protect and use protection features to identify and block suspicious activities.

DM Clinical Research Database Exposed Online, Leaking 1.6M Patient Records



 

Patient Data

Data Breach data security Data Sets Data Theft Healthcare Data healthcare data breach Patient Data

DM Clinical Research Database Exposed Online, Leaking 1.6M Patient Records

A clinical research database containing over 1.6 million patient records was discovered publicly accessible online without encryption or password protection. Security researcher Jeremiah Fowler found the dataset, linked to DM Clinical Research, exposing sensitive information such as names, medical histories, phone numbers, email addresses, medications, and health conditions.

The unprotected database, totaling 2TB of data, put those affected at risk of identity theft, fraud, and social engineering scams. While the database name suggests it belongs to DM Clinical Research, it remains unclear whether the firm directly managed it or if a third party was responsible. Fowler immediately sent a disclosure notice, and the database was taken offline within hours.

However, it is unknown how long it remained exposed or whether threat actors accessed the data before its removal. Only a thorough forensic audit can determine the extent of the breach. DM Clinical Research responded to the disclosure, stating that they are reviewing the findings to ensure a swift resolution. They emphasized their commitment to data security and compliance with legal regulations, highlighting the importance of protecting sensitive patient information.

However, this incident underscores the growing risks facing the healthcare industry, which remains a prime target for cyberattacks, including ransomware and data breaches. Healthcare data is among the most valuable for cybercriminals, as it contains detailed personal and medical information that cannot be easily changed, unlike financial data.

In recent years, hackers have aggressively targeted medical institutions. In 2024, a cyberattack compromised the records of 190 million Americans, and UnitedHealth suffered a ransomware attack that leaked customer information onto the dark web. The exposure of sensitive medical conditions—such as psychiatric disorders, HIV status, or cancer—could lead to discrimination, scams, or blackmail. Attackers often use exposed medical data to craft convincing social engineering scams, posing as doctors, insurance companies, or medical professionals to manipulate victims.

Fowler warns that health records, unlike financial data, remain relevant for a lifetime, making breaches particularly dangerous. Organizations handling sensitive data must take proactive measures to protect their systems. Encryption is critical to safeguarding customer information, as unprotected datasets could lead to legal consequences and financial losses. Real-time threat detection, such as endpoint security software, helps identify intrusions and suspicious activity before damage is done.

In the event of a breach, transparency is essential to maintaining consumer trust and mitigating reputational harm. For individuals affected by data breaches, vigilance is key. Regularly monitoring financial accounts and bank statements for suspicious transactions can help detect fraudulent activity early. Social engineering attacks are also a major risk, as scammers may exploit exposed medical data to impersonate trusted professionals.

Be cautious of unexpected emails, phone calls, or messages requesting personal information, and avoid opening attachments from unfamiliar sources. Using strong, unique passwords—especially for financial and healthcare accounts—adds an extra layer of security.

This breach is yet another reminder of the urgent need for stronger cybersecurity measures in the healthcare sector. As cybercriminals continue to exploit vulnerabilities, both organizations and individuals must remain proactive in safeguarding sensitive data.

Building Robust AI Systems with Verified Data Inputs



 

Technology

AI Artifical Intelligence CyberCrime Cybersecuriti CyberThreat Data data security Technology

Building Robust AI Systems with Verified Data Inputs

Artificial intelligence is inherently dependent on the quality of data that powers it for it to function properly. However, this reliance presents a major challenge to the development of artificial intelligence. There is a recent report that indicates that approximately half of executives do not believe their data infrastructure is adequately prepared to handle the evolving demands of artificial intelligence technologies.

As part of the study, conducted by Dun & Bradstreet, executives of companies actively integrating artificial intelligence into their business were surveyed. As a result of the survey, 54% of these executives expressed concern over the reliability and quality of their data, which was conducted on-site during the AI Summit New York, which occurred in December of 2017. Upon a broader analysis of AI-related concerns, it is evident that data governance and integrity are recurring themes.

Several key issues have been identified, including data security (46%), risks associated with data privacy breaches (43%), the possibility of exposing confidential or proprietary data (42%), as well as the role data plays in reinforcing bias in artificial intelligence models (26%) As organizations continue to integrate AI-driven solutions, the importance of ensuring that data is accurate, secure, and ethically used continues to grow. AI applications must be addressed as soon as possible to foster trust and maximize their effectiveness across industries. In today's world, companies are increasingly using artificial intelligence (AI) to enhance innovation, efficiency, and productivity.

Therefore, ensuring the integrity and security of their data has become a critical priority for them. Using artificial intelligence to automate data processing streamlines business operations; however, it also presents inherent risks, especially in regards to data accuracy, confidentiality, and regulatory compliance. A stringent data governance framework is a critical component of ensuring the security of sensitive financial information within companies that are developing artificial intelligence.

Developing robust management practices, conducting regular audits, and enforcing rigorous access control measures are crucial steps in safeguarding sensitive financial information in AI development companies. Businesses must remain focused on complying with regulatory requirements so as to mitigate the potential legal and financial repercussions. During business expansion, organizations may be exposed to significant vulnerabilities if they fail to maintain data integrity and security.

As long as data protection mechanisms are reinforced and regulatory compliance is maintained, businesses will be able to minimize risks, maintain stakeholder trust, and ensure long-term success of AI-driven initiatives by ensuring compliance with regulatory requirements. As far as a variety of industries are concerned, the impact of a compromised AI system could be devastating. From a financial point of view, inaccuracies or manipulations in AI-driven decision-making, as is the case with algorithmic trading, can result in substantial losses for the company.

Similarly, in safety-critical applications, including autonomous driving, the integrity of artificial intelligence models is directly related to human lives. When data accuracy is compromised or system reliability is compromised, catastrophic failures can occur, endangering both passengers and pedestrians at the same time. The safety of the AI-driven solutions must be maintained and trusted by ensuring robust security measures and continuous monitoring.

Experts in the field of artificial intelligence recognize that there is an insufficient amount of actionable data available to fully support the transforming landscape of artificial intelligence. Because of this scarcity of reliable data, many AI-driven initiatives have been questioned by many people as a result. As Kunju Kashalikar, Senior Director of Product Management at Pentaho points out, organizations often have difficulty seeing their data, since they do not know who owns it, where it originated from, and how it has changed.

Lack of transparency severely undermines the confidence that users have in the capabilities of AI systems and their results. To be honest, the challenges associated with the use of unverified or unreliable data go beyond inefficiency in operations. According to Kasalikar, if data governance is lacking, proprietary information or biased information may be fed into artificial intelligence models, potentially resulting in intellectual property violations and data protection violations. Further, the absence of clear data accountability makes it difficult to comply with industry standards and regulatory frameworks when there is no clear accountability for data.

There are several challenges faced by organizations when it comes to managing structured data. Structured data management strategies ensure seamless integration across various AI-driven projects by cataloguing data at its source in standardized, easily understandable terminology. Establishing well-defined governance and discovery frameworks will enhance the reliability of AI systems. These frameworks will also support regulatory compliance, promoting greater trust in AI applications and transparency.

Ensuring the integrity of AI models is crucial for maintaining their security, reliability, and compliance. To ensure that these systems remain authenticated and safe from tampering or unauthorized modification, several verification techniques have been developed. Hashing and checksums enable organizations to calculate and compare hash values following the training process, allowing them to detect any discrepancies which could indicate corruption.

Models are watermarked with unique digital signatures to verify their authenticity and prevent unauthorized modifications. In the field of simulation, simulation behavior analysis assists with identifying anomalies that could signal system integrity breaches by tracking model outputs and decision-making patterns. Using provenance tracking, a comprehensive record of all interactions, updates, and modifications is maintained, enhancing accountability and traceability. Although these verification methods have been developed over the last few decades, they remain challenging because of the rapidly evolving nature of artificial intelligence.

As modern models are becoming more complex, especially large-scale systems with billions of parameters, integrity assessment has become increasingly challenging. Furthermore, AI's ability to learn and adapt creates a challenge in detecting unauthorized modifications from legitimate updates. Security efforts become even more challenging in decentralized deployments, such as edge computing environments, where verifying model consistency across multiple nodes is a significant issue. This problem requires implementing an advanced monitoring, authentication, and tracking framework that integrates advanced monitoring, authentication, and tracking mechanisms to deal with these challenges.

When organizations are adopting AI at an increasingly rapid rate, they must prioritize model integrity and be equally committed to ensuring that AI deployment is ethical and secure. Effective data management is crucial for maintaining accuracy and compliance in a world where data is becoming increasingly important.

AI plays a crucial role in maintaining entity records that are as up-to-date as possible with the use of extracting, verifying, and centralized information, thereby lowering the risk of inaccurate or outdated information being generated as a result of overuse of artificial intelligence. The advantages that can be gained by implementing an artificial intelligence-driven data management process are numerous, including increased accuracy and reduced costs through continuous data enrichment, the ability to automate data extraction and organization, and the ability to maintain regulatory compliance with the use of real-time, accurate data that is easily accessible.

In a world where artificial intelligence is advancing at a faster rate than ever before, its ability to maintain data integrity will become of even greater importance to organizations. Organizations that leverage AI-driven solutions can make their compliance efforts stronger, optimize resources, and handle regulatory changes with confidence.

Hidden Bluetooth Security Threats and How to Protect Your Devices



 

Mobile Security

Bluetooth Bluetooth Hackers Bluetooth-enabled devices data security Device Security Mobile Hacking Mobile Security

Hidden Bluetooth Security Threats and How to Protect Your Devices

Bluetooth technology has made wireless connectivity effortless, powering everything from headphones and smartwatches to home automation systems. However, its convenience comes with significant security risks. Many users unknowingly leave their devices vulnerable to cyber threats that can steal personal data, track their movements, or even take control of their devices.

As Bluetooth technology continues to evolve, so do the techniques hackers use to exploit its weaknesses. One common attack is BlueJacking, where attackers send unsolicited messages to Bluetooth-enabled devices. While generally harmless, this tactic can be used to trick users into clicking malicious links or downloading harmful files. More serious is BlueSnarfing, where hackers gain access to personal data such as contacts, photos, and messages. Devices with weak security settings or outdated software are particularly at risk.

Another major threat is MAC address spoofing, where attackers disguise their device as a trusted one by imitating its unique Bluetooth identifier. This allows them to intercept communications or gain unauthorized access. Similarly, PIN cracking exploits weak pairing codes, allowing hackers to connect to devices without permission. Once access is gained, they can steal sensitive data or install malicious software. Some attacks involve deception and manipulation.

BlueBump is a method where an attacker tricks a victim into establishing a trusted Bluetooth connection. By convincing the user to delete a security key, the hacker maintains ongoing access to the device without needing to reauthenticate. BluePrinting is another technique where attackers gather detailed information about a device, including its manufacturer and software version, using its unique Bluetooth address.

This data can then be used to exploit known vulnerabilities. More advanced threats include BlueBugging, which allows hackers to take full control of a device by exploiting Bluetooth communication protocols. Once inside, they can send messages, make calls, or access stored information without the owner’s knowledge.

Even more dangerous is BlueBorne, a collection of vulnerabilities that enable attackers to hijack a device’s Bluetooth connection without the need for pairing. This means a hacker can take over a device simply by being within Bluetooth range, gaining complete control and spreading malware. Some attacks focus on overwhelming devices with excessive data requests.

Bluetooth fuzzing is a technique where attackers send corrupted data packets to a device, causing it to crash or reveal weaknesses in its security protocols. Reflection attacks allow hackers to impersonate a trusted device by intercepting authentication data and using it to gain unauthorized access. Distributed Denial of Service (DDoS) attacks target Bluetooth-enabled devices by flooding them with requests, causing them to slow down, drain their battery, or crash entirely.

These disruptions can serve as distractions for more severe data breaches. Protecting against Bluetooth threats requires proactive security measures. One of the simplest steps is to turn off Bluetooth when it’s not in use, reducing exposure to potential attacks. Keeping devices updated with the latest security patches is also crucial, as manufacturers frequently release fixes for known vulnerabilities.

Setting Bluetooth to “Non-discoverable” mode prevents unauthorized devices from detecting it. Using strong, unique PINs during pairing adds another layer of security, making it harder for attackers to crack the connection. Avoiding unknown pairing requests, regularly reviewing connected devices, and removing unrecognized ones can also reduce risks.

Additionally, security software can help detect and block Bluetooth-related threats before they cause harm. Bluetooth security is often overlooked, but the risks are real. Taking simple precautions can prevent hackers from exploiting these vulnerabilities, keeping personal data safe from cyber threats.

Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations



 

Ransomwares

Cyber Attacks Cybersecurity data security Media Industry News Corporation Ransomware attack Ransomwares

Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations

Lee Enterprises, one of the largest newspaper publishers in the United States, is facing an ongoing ransomware attack that has severely disrupted its operations for over three weeks. The company confirmed the attack in a filing with the U.S. Securities and Exchange Commission (SEC), revealing that hackers illegally accessed its network, encrypted critical applications, and exfiltrated certain files.

The publishing giant is now conducting a forensic investigation to determine whether sensitive or personal data was stolen. The attack has had widespread consequences across Lee’s business, affecting essential operations such as billing, collections, vendor payments, and the distribution of print newspapers. Many of its 72 publications have experienced significant delays, with some print editions not being published at all.

The Winston-Salem Journal in North Carolina reported that it was unable to print several editions, while the Albany Democrat-Herald and Corvallis Gazette-Times in Oregon faced similar disruptions, preventing the release of at least two editions. Digital services have also been affected. On February 3, Lee Enterprises notified affected media outlets that one of its data centers, which supports applications and services for both the company and its customers, had gone offline.

This outage has prevented subscribers from logging into their accounts and accessing key business applications. Several Lee-owned newspaper websites now display maintenance messages, warning readers that subscription services and digital editions may be temporarily unavailable. The full impact of the attack is still being assessed, but Lee has acknowledged that the incident is “reasonably likely” to have a material financial impact. With print and digital disruptions continuing, the company faces potential revenue losses from advertising, subscription cancellations, and operational delays.

Law enforcement has been notified, though the company has not disclosed details about the perpetrators or whether it is considering paying a ransom. Ransomware attacks typically involve cybercriminals encrypting a company’s data and demanding payment in exchange for its release. If Lee refuses to negotiate, it may take weeks or months to fully restore its systems.

Cyberattacks targeting media organizations have become increasingly common, as newspapers and digital publications rely on complex networks that can be vulnerable to security breaches. The Freedom of the Press Foundation is currently tracking the scope of the attack and compiling a list of affected newspapers. For now, Lee Enterprises continues its recovery efforts while its newspapers work to restore regular operations.

Until the attack is fully resolved, readers, advertisers, and employees may continue to face disruptions across print and digital platforms. The incident highlights the growing threat of ransomware attacks on critical infrastructure and the challenges companies face in securing their networks against cyber threats.

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation



 

South Korea

AI Apps AI technology Data Privacy data security DeepSeek Privacy privacy laws South Korea

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation

South Korea has taken a firm stance on data privacy by temporarily blocking downloads of the Chinese AI app DeepSeek. The decision, announced by the Personal Information Protection Commission (PIPC), follows concerns about how the company collects and handles user data.

While the app remains accessible to existing users, authorities have strongly advised against entering personal information until a thorough review is complete. DeepSeek, developed by the Chinese AI Lab of the same name, launched in South Korea earlier this year. Shortly after, regulators began questioning its data collection practices.

Upon investigation, the PIPC discovered that DeepSeek had transferred South Korean user data to ByteDance, the parent company of TikTok. This revelation raised red flags, given the ongoing global scrutiny of Chinese tech firms over potential security risks. South Korea’s response reflects its increasing emphasis on digital sovereignty. The PIPC has stated that DeepSeek will only be reinstated on app stores once it aligns with national privacy regulations.

The AI company has since appointed a local representative and acknowledged that it was unfamiliar with South Korea’s legal framework when it launched the service. It has now committed to working with authorities to address compliance issues. DeepSeek’s privacy concerns extend beyond South Korea. Earlier this month, key government agencies—including the Ministry of Trade, Industry, and Energy, as well as Korea Hydro & Nuclear Power—temporarily blocked the app on official devices, citing security risks.

Australia has already prohibited the use of DeepSeek on government devices, while Italy’s data protection agency has ordered the company to disable its chatbot within its borders. Taiwan has gone a step further by banning all government departments from using DeepSeek AI, further illustrating the growing hesitancy toward Chinese AI firms.

DeepSeek, founded in 2023 by Liang Feng in Hangzhou, China, has positioned itself as a competitor to OpenAI’s ChatGPT, offering a free, open-source AI model. However, its rapid expansion has drawn scrutiny over potential data security vulnerabilities, especially in regions wary of foreign digital influence. South Korea’s decision underscores the broader challenge of regulating artificial intelligence in an era of increasing geopolitical and technological tensions.

As AI-powered applications become more integrated into daily life, governments are taking a closer look at the entities behind them, particularly when sensitive user data is involved. For now, DeepSeek’s future in South Korea hinges on whether it can address regulators’ concerns and demonstrate full compliance with the country’s strict data privacy standards. Until then, authorities remain cautious about allowing the app’s unrestricted use.

Hackers Leak 15,000 FortiGate Device Configs, IPs, and VPN Credentials



 

Hackers

CVE CVEs Cybersecurity Dark Web Data Breach Data Leak data security FortiGate devices Hackers

Hackers Leak 15,000 FortiGate Device Configs, IPs, and VPN Credentials

A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials, significantly increasing security risks for affected organizations.

Emerging on cybercrime forums and social media just this month, the Belsen Group has been actively promoting itself. As part of its efforts, the group launched a Tor website where it released the stolen FortiGate data, seemingly as a way to establish its presence in the hacking community. In a post on an underground forum, the group claimed responsibility for breaching both government and private-sector systems, highlighting this operation as its first major attack.

The exposed data is structured within a 1.6 GB archive, organized by country. Each country’s folder contains multiple subfolders corresponding to specific FortiGate device IP addresses. Inside, configuration files such as configuration.conf store FortiGate system settings, while vpn-passwords.txt holds various credentials, some of which remain in plaintext.

Cybersecurity researcher Kevin Beaumont examined the leak and confirmed that these files include firewall rules, private keys, and other highly sensitive details that could be exploited by attackers. Further analysis suggests that the breach is linked to a known vulnerability from 2022—CVE-2022-40684—which was actively exploited before Fortinet released a security patch.

According to Beaumont, evidence from a forensic investigation into a compromised device revealed that this zero-day vulnerability provided attackers with initial access. The stolen data appears to have been gathered in October 2022, around the same time this exploit was widely used. Fortinet had previously warned that CVE-2022-40684 was being leveraged by attackers to extract system configurations and create unauthorized super-admin accounts under the name fortigate-tech-support.

Reports from the German news site Heise further confirm that the leaked data originates from devices running FortiOS firmware versions 7.0.0-7.0.6 or 7.2.0-7.2.2. The fact that FortiOS 7.2.2 was specifically released to address this vulnerability raises questions about whether some systems remained compromised even after the fix was made available.

Although the leaked files were collected over two years ago, they still pose a significant threat. Configuration details, firewall rules, and login credentials could still be exploited if they were not updated after the original breach. Given the scale of the leak, cybersecurity experts strongly recommend that administrators review their FortiGate device settings, update passwords, and ensure that no outdated configurations remain in use.

Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users



 

Private Data

Android Apps Android Spyware Data Breach data security Data Theft Lookout Malicious Apps Private Data

Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users

SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed. Late last year, a security researcher provided TechCrunch with three Android apps, alleging they were government spyware used in Italy.

Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals. Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders.

In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications. Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information.

Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that none of the infected apps were available on the Play Store, asserting that Android security measures have protected users from this malware since 2022.

However, a 2024 Kaspersky report suggested that earlier versions of Spyrtacus were distributed via Google Play in 2018 before shifting to fake websites mimicking major Italian internet providers. Italy has a long history of government spyware development, with companies such as Hacking Team, Cy4Gate, and RCS Lab selling surveillance tools to international law enforcement agencies. Spyrtacus is the latest example of this trend, with Lookout identifying command-and-control servers registered to ASIGINT, an SIO subsidiary specializing in wiretapping software.

The SIO, Italian government and the Ministry of Justice have reportedly declined to comment. Lookout has also discovered references to Naples in the malware’s source code, suggesting a possible connection to developers from the region.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for