All news with #pii tag

Yemen Cyber Army Hacker Jailed for Massive Data Theft

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.

Analyzing ClickFix: A Rising Click-to-Execute Threat

🛡️ Microsoft Threat Intelligence and Microsoft Defender Experts describe the ClickFix social engineering technique, where attackers trick users into copying and pasting commands that execute malicious payloads. Observed since early 2024 and active through 2025, these campaigns deliver infostealers, RATs, loaders, and rootkits that target Windows and macOS devices. Lures arrive via phishing, malvertising, and compromised sites and often impersonate legitimate services or CAPTCHA verifications. Organizations should rely on user education, device hardening, and Microsoft Defender XDR layered protections to detect and block ClickFix activity.

AWS Achieves Standards Exceeded in NHS DSPT 2024-25

🔒 Amazon Web Services (AWS) has completed the NHS Data Security and Protection Toolkit (NHS DSPT) assessment for 2024–25, achieving Standards Exceeded. The certification is valid until June 30, 2026 and is available via NHS England and AWS Artifact. NHS DSPT measures performance against the National Data Guardian’s 10 data security standards, covering Personal Confidential Data, Continuity Planning, and IT Protection. AWS emphasises that security is a shared responsibility and directs customers to its compliance resources.

Helping Child Bloggers: Practical Safety Guidance for Parents

📸 Parents should engage when children show interest in blogging, using open discussion to build trust and teach online safety. The article recommends creating accounts together, reviewing privacy settings, disabling geolocation, choosing strong unique passwords, and enabling two-factor authentication to reduce account-takeover risk. It also outlines what not to post, how to monitor usernames, and how to spot scams, doxing, and stalker behavior.

AI-powered financial scams flood social media ads now

⚠️ AI-driven deepfake ads on social media are increasingly used to impersonate banks, celebrities and news outlets to lure victims into investment fraud. Campaigns observed in 2024–2025, including the Nomani Trojan activity, use fake or hijacked accounts, localized messaging and deepfake testimonials to harvest credentials or steer targets into scam groups. Reported losses from investment fraud are substantial, so verify offers independently and avoid clicking unsolicited financial ads.

Unexpected parcel scams: brushing, quishing, and more

📦 Delivery scams now include evolved brushing and QR-based "quishing" campaigns that use unsolicited packages or printed postcards to trick recipients into visiting malicious sites, paying fake fees, or installing malware. Scammers may include QR codes, phone numbers, or counterfeit tracking cards to extract payment data, one-time codes, or to prompt app installs. Never scan printed QR codes or call numbers on unexpected parcels; verify shipments via official courier channels and avoid connecting unknown USB devices. Enable two-factor authentication and report suspicious packages to the courier and police.

Defending Against SCATTERED SPIDER with Falcon SIEM

🔒 Falcon Next-Gen SIEM provides real-time, cross-domain detection to help organizations detect and respond to the identity-centric eCrime group SCATTERED SPIDER. The platform correlates identity, cloud, SaaS, network and email telemetry, offering out-of-the-box rule templates for phishing, MFA fatigue, suspicious SSO events and exfiltration. CrowdStrike recommends comprehensive log ingestion and tuning of these templates to improve detection and response across the full attack lifecycle.

Instagram Friend Map Risks: Privacy and Physical Safety

⚠️ Meta’s new Friend Map feature on Instagram is framed as an opt-in way to see friends’ locations and shared hangouts, but it raises serious privacy and safety concerns. Enabling the map can expose precise real‑time or habitual location data that bad actors could exploit for stalking, targeted harassment, or profiling. The feature blurs digital privacy and physical security, so users should carefully review settings, limit audiences, or decline participation if concerned about their safety.

Muddled Libra Strike Teams: Collaborative Cybercrime

🧩 Muddled Libra is not a single organized group but a fluid collaboration of personas that form distinct strike teams with varying objectives and tradecraft. Unit 42 has identified patterns across at least seven teams, from crypto theft and extortion to IP theft and mass data harvesting. Defenders should prioritize protecting high-value data, tighten access controls, and assume evolving tactics rather than a fixed adversary profile.

Langflow Misconfiguration Exposes 97,000 Pakistani Records

🔒 UpGuard secured an internet-exposed Langflow instance leaking data on roughly 97,000 Pakistani insurance customers, including 945 individuals flagged as politically exposed persons (PEPs). The instance—used by Pakistan-based consultants Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue—contained PII, confidential documents, and plaintext credentials. Access was removed after disclosure; UpGuard found no evidence of active exploitation.

Langflow Misconfiguration Exposes Data of Pakistani Insurers

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

How Young People Can Level Up Their Cybersecurity Practices

🔒 Digital natives often spend more time online and maintain large numbers of accounts, which increases exposure to scams, phishing and account takeovers. Research shows Gen Z is less likely to use unique passwords, enable MFA, or install updates regularly, and some admit sharing sensitive data with AI or bypassing corporate security tools. Simple, practical steps — stick to official app stores, keep software updated, deploy trusted security software, review privacy settings and treat unsolicited offers with skepticism — can significantly reduce risk.

TeaOnHer App Replicates Tea's Functionality and Breaches

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.

Android adware: risks, techniques and removal advice

📱 Android adware can range from benign ad‑supported apps to intrusive PUAs that harvest data, perform click fraud, or hide to prevent removal. Detections rose by 160% in H1 2025, and sophisticated campaigns such as Kaleidoscope — which uses identical “evil twin” apps across official and third‑party stores — accounted for a substantial share of incidents. To reduce risk, only install apps from reputable developers and the Google Play Store, keep software updated, enable PUA detection in mobile security tools, and if infected disconnect, reboot to Safe Mode and remove suspicious apps or run a trusted scanner.

Portkey Integrates Prisma AIRS to Secure AI Gateways

🔐 Palo Alto Networks and Portkey have integrated Prisma AIRS directly into Portkey’s AI gateway to embed security guardrails at the gateway level. The collaboration aims to protect applications from AI-specific threats—such as prompt injections, PII and secret leakage, and malicious outputs—while preserving Portkey’s operational benefits like observability and cost controls. A one-time configuration via Portkey’s Guardrails module enforces protections without code changes, and teams can monitor posture through Portkey logs and the Prisma AIRS dashboard.

Arrest in Raid on XSS Forum: Who Was Detained and Why

🔍 Europol and Ukrainian authorities announced the arrest of a 38-year-old suspect tied to the Russian-language XSS crime forum after a July 22, 2025 operation led by French investigators. Authorities say the detainee served as a trusted third party, arbitrating disputes and assuring transaction security for members linked to multiple ransomware groups. Reporting traces forum activity and multiple domain registrations tied to the handle 'Toha', but investigation suggests the arrested man is likely Anton Medvedovskiy rather than alternate identities circulated online. The takedown yielded Jabber server logs and forum backups, prompting a wary, contested relaunch.

Thai Hospital Fined After Patient Records Used as Wrappers

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.

North Korea’s IT worker scheme infiltrating US firms

🔍 Thousands of North Korean IT workers have used stolen and fabricated US identities to secure roles at Western companies, funneling hundreds of millions of dollars annually to Pyongyang’s military programs. They leverage AI for resumes and cultural coaching, faceswap and VPN tools for video calls, and remote-access setups tied to US-based "laptop farms" run by facilitators who launder paychecks and ship company-issued machines abroad. Recent DOJ raids and the 102-month sentence for Christina Marie Chapman highlight legal, financial and national security risks, including potential sanctions violations.

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.

AggregateIQ exposure: Canadian political campaign data

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.