Palo Alto Networks Unit 42 Says That A Chrome CVE Can Allow Hijacking Of The In-Browser AI Assistant 

Posted in Commentary with tags on March 2, 2026 by itnerd

The new wave of agentic browsers brings the promise of transforming the way we use our computers and experience the internet, with AI-driven tools that interact with websites, fill out forms and manage workflows on our behalf. But with these experiential benefits, also come profound new cybersecurity challenges. 

Unit 42 researchers at Palo Alto Networks released new research on a high-severity vulnerability (CVE-2026-0628) they discovered in Google’s new Gemini Live in Chrome feature that could allow malicious extensions with basic permissions to ‘hijack’ the new in-browser AI assistant, granting attackers access to webcams, microphones, and private files

Palo Alto Networks researchers shared the issue with Google in October via coordinated vulnerability disclosure and Google issued a fix in early January. But, this discovery underscores a growing security paradox: as tech giants rush to turn browsers into powerful AI agents, they are inadvertently opening new backdoors to sensitive personal data.

The research is live here: http://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking 

Leave a comment »

AirSnitch: What It Is And Why You Should Care

Posted in Commentary with tags on March 2, 2026 by itnerd

Late last week a report surfaced about a new style of WiFi attack called AirSnitch. In short, this attack allows an attacker to bypass Wi-Fi encryption on most networks in order to access all of the traffic passing through the router. And worst yet, almost all routers are vulnerable to this attack.

Now there’s good news and bad news.

Here’s the bad news. If you are a victim of this attack, and now that this is out there there will be attacks, the attacker can create a full bidirectional man-in-the-middle attack. Meaning that they can view all traffic passing through the router. That even creates vulnerabilities when accessing websites secured with HTTPS which is used by online banking websites for example to secure your data from those who want to get access to it for evil reasons. That of course is very bad. And if you’re using public WiFi, this risk becomes worse. Thus my recommendation for that is to use a VPN when you use public WiFi.

The good news is that an attacker would first have to crack the password on the target WiFi network to pull this attack off. Which means that if you have a suitably complex password, you’ve made it a lot more difficult to be affected by this. So my first piece of advice is to change your password to be complex ASAP. Yes that can be a pain in the you know what, but it’s better to be safe than sorry.

Top tip: Don’t ever use AI to choose a complex password. Trust me on this and read this to understand why.

It will be interesting to see if the vendors named in this report address this new attack. Because if they don’t, my recommendation will be to move your infrastructure to vendors that do address this. Now fixes won’t happen overnight. But it will happen eventually. Thus you will get a very good idea as to who you can trust with this, and who you can’t.

Leave a comment »

Flashpoint update on Middle East conflict

Posted in Commentary with tags , on March 2, 2026 by itnerd

Flashpoint analysts continue to monitor the conflict, which transitioned between March 1-2 from a phase of initial mass exchange to a more complex, globally-attuned escalation involving a significant widening of kinetic and non-kinetic attack domains. New strikes directly targeted economic and logistical critical infrastructure in Gulf States, notably a major Saudi oil facility and an AWS data center in the UAE. A major escalation occurred on the Israel-Lebanon border as Hezbollah launched missile strikes, leading to an immediate and widespread Israeli response across Lebanon. The cyber domain witnessed new, alarming claims of intrusion into industrial control systems (ICS) and national grain supply logistics. The international community, specifically the UK, France, and Germany, signaled a willingness to join military action to destroy Iran’s missile capabilities, indicating a high probability of further conflict expansion.

Key Takeaways 

  1. Critical Economic Infrastructure is Now a Primary Target: Iran’s retaliatory strikes escalated to include direct hits on Saudi Arabia’s Aramco facility at Ras Tanura and a significant AWS data center in the UAE, signaling a shift to severe economic warfare and a higher risk for global energy supply.
  2. Conflict Has Expanded to a New Front: Hezbollah’s launch of missiles from Lebanon has resulted in Israeli strikes across all of Lebanon, including Beirut’s southern suburbs, effectively opening a second major kinetic front that increases the potential for a regional ground war.
  3. Cyberattacks Target Essential Civilian Logistics: Pro-Iranian hacktivist groups claimed successful, highly disruptive intrusions into a major Jordanian grain silo company’s control systems, including alleged manipulation of temperature controls and weighing systems, moving beyond simple defacements and signaling a direct threat to food security.
  4. NATO-Aligned Assets Now at Risk: An unmanned Iranian drone reportedly struck the runway of the RAF Akrotiri base in Cyprus, and Iran has allegedly targeted military assets in 15 countries on March 1. This new level of aggression brings NATO-aligned entities in the Eastern Mediterranean into the immediate crossfire.
  5. International Coalition Formation: The UK, France, and Germany are now actively considering military action to destroy Iran’s missile and drone capabilities, creating a defined coalition ready to intervene militarily and further isolating the Iranian regime.

Key Events

  • Saudi Oil Strike: Iranian Shahed-136 drones reportedly strike the Saudi Aramco facility at Ras Tanura, one of the world’s largest oil refining and export facilities.
  • UAE Infrastructure Strike: Amazon Web Services (AWS) confirmed its data center in the UAE (mec1-az2) was temporarily impacted by physical objects striking the facility, creating sparks and fire, forcing a service disruption.
  • UK Base Strike: An unmanned drone strikes the runway of the UK’s RAF Akrotiri base in Cyprus (later confirmed by the UK Foreign Secretary).
  • Lebanese Front Opens: The Israel Defense Force (IDF) confirmed that Hezbollah fired missiles from Lebanon, prompting immediate and extensive Israeli retaliatory strikes across all of Lebanon.
  • US Readiness for Suicide Attacks: US officials prepare for potential suicide attacks and further retaliatory missile strikes targeting American facilities and personnel, with primary concerns centered around Tel Aviv, Jerusalem, and Qatar.
  • US Strike Volume: US Central Command (CENTCOM) reports that over 1,000 targets were struck across Iran in the first 24 hours of Operation Epic Fury.
  • Interim Leader Targeted (Unconfirmed): Israeli media report the possible killing of Iran’s newly appointed interim supreme leader, Ayatollah Alireza Arafi, in fresh strikes on Tehran.
  • European Response: The UK, France, and Germany issue a statement indicating they are prepared to carry out military action to destroy Iran’s missile and drone launch capabilities.
  • Advanced Weaponry Deployment: Israel reportedly deploys the high-powered “Iron Beam” laser system for the first time in combat to intercept incoming rockets.
  • Cyber Resurgence: Mr Soul, a persona linked to the sanctioned Iran state-linked group CyberAv3ngers, announces their return to operations, although some reports suggest a lull in broader Iranian cyber activity.

Cyber Threats & Attacks

The focus shifted from mass-propaganda operations to high-impact, disruptive attacks on critical infrastructure and defense systems:

  • Industrial Control System (ICS) Targeting: The “Cyber Islamic Resistance Axis” claimed penetration of over 130 remote control systems belonging to Control Applications LTD in Israel and other countries.
  • Logistics Sabotage: Pro-Iranian actors detailed a successful intrusion into the Jordan Silos and Supply General Company, claiming they gained access via phishing.
  • Government/Commercial Disruption: Attacks continued against government and commercial entities in Gulf states, including DDoS and data breach claims against the Bahrain Communications Regulatory Authority, Dubai Medical City, and the Zayed Charitable & Humanitarian Foundation.
  • Threat Actor Status: Mr Soul (CyberAv3ngers-linked) announced a return to operations, while general cyber operations from Iranian groups saw a temporary, noticeable lull.

Physical Threats to Western Entities

The risk profile for Western assets in the region has significantly escalated beyond military installations:

  • Oil Infrastructure: The strike on the Saudi Aramco facility at Ras Tanura demonstrates that key Western-partnered economic infrastructure is now a legitimate, high-value kinetic target.
  • Cloud Infrastructure: The physical strike on the AWS data center in the UAE signifies that commercial technology and data assets are no longer safe from kinetic damage.
  • Contagion Risk: The escalation on the Israel-Lebanon front and the confirmed strike on the RAF Akrotiri base in Cyprus indicates a broadening geographical threat, placing personnel at bases like Souda Naval Base (Crete) and other NATO assets on high alert.
  • Personnel Security: US officials are preparing for the threat of suicide attacks targeting American facilities and personnel abroad, particularly in Tel Aviv, Jerusalem, and Qatar, necessitating a maximum threat posture.

Security Recommendations

  • Elevate Security Posture for Critical Infrastructure (Gulf): Businesses operating energy, logistics, or technology infrastructure in the Persian Gulf (especially Saudi Arabia, UAE, Qatar, and Bahrain) must immediately activate maximum security and contingency protocols and review physical security for assets like oil facilities, data centers, and major ports.
  • Review ICS Security: Organizations with Industrial Control Systems (ICS) and SCADA systems in the region must conduct a priority-one audit of remote access and phishing vulnerabilities, given the demonstrated capability of adversaries to target and claim control over such systems (e.g., Jordanian silos).
  • Implement Anti-Drone/C-UAS Measures: Deploy experienced counter-UAS operators (or partner with the UK to access the promised Ukrainian assistance) to address the persistent and expanding threat from Iranian drones (e.g., Ras Tanura strike, RAF Akrotiri strike).
  • Personnel Threat Assessment: All personnel in the Gulf region, especially in major transit/security hubs (Riyadh, Qatar, UAE), should be advised of the heightened risk of asymmetric attacks (e.g., suicide attacks) and instructed to strictly follow all government security alerts, avoiding public uniform display and high-profile locations.
  • Supply Chain Contingency: Implement Tier 1 contingency planning for global supply chains, assuming an extended closure of the Strait of Hormuz and continuous disruption of major Gulf air and sea hubs.

Strategic Outlook

The strategic outlook is one of maximum instability, marked by a critical escalation where the conflict is spiraling outward both geographically and functionally. Iran’s shift in strategy from purely military retaliation to economic decapitation is evident in the strikes on Saudi Arabia’s Ras Tanura oil facility and an AWS data center in the UAE, signaling a profound threat to global energy and technology supply chains. Furthermore, the conflict has opened a second kinetic front in Lebanon due to Hezbollah’s missile strikes, and is becoming dangerously internationalized as key European powers (UK, France, Germany) signal a readiness for military action to destroy Iran’s missile capabilities. This complex and widening hybrid war now includes high-impact, asymmetric threats like the potential for terror attacks and cyber intrusions against essential civilian logistics, making the de-escalation path extremely challenging.

Though this is slightly late, there is a Flashpoint Community Call Planned for Monday, March 2, 2026 at 11 AM EST: U.S.–Israel Military Strikes on Iran and Tehran’s Regional Retaliation | Flashpoin

Leave a comment »

Iranian Cyber Actions, Threats, Mitigation Recommendations 

Posted in Commentary with tags on March 2, 2026 by itnerd

Given the fact that Iran was attacked by the US and Israel over the weekend, and Iran is a known bad cyber actor, it’s time to have a discussion about what threats that Iran can pose. Thus I have four experts to share their thoughts on this important topic.

Ted Miracco, CEO, Approov:

    “A silent prelude to attacks has been conducted via API probing. While much of the public focus is on the military strikes, the digital battlefield has been simmering for weeks. In the fortnight leading up to this weekend’s events, Approov observed a significant surge in highly sophisticated probing attacks against APIs and mobile applications that provide critical communication links for regional governments. These sophisticated maneuvers were specifically designed to evade initial defenses. We have analytical indications that the presumed Iranian actors were scouting and gauging regional infrastructure vulnerabilities. Fortunately, by deploying over-the-air (OTA) software updates to the apps and new policies to the cloud, we were able to harden these apps before the probes could turn into full-scale service interruptions or data breaches.

   “Groups like the CyberAvengers have already proven that our water and power systems are vulnerable through the hardware and mobile interfaces that control them. Depending on who is in power, we could expect a ‘scorched earth’ approach next. Currently, Iran’s domestic cyber infrastructure is in a defensive crouch following the massive digital blackout. As they regain control, they will likely move from probing or persistence to destruction. This means moving beyond standard DDoS attacks to wiper malware and API-based disruptions that could cripple the mobile apps global users rely on for everything from banking to emergency alerts. The sophistication we saw in the Gulf suggests they are capable of striking once they recover their footing. It will only matter who gives the orders, as whatever penetrations they could pull off were completed before the first strike occurred.”

Jacob Warner, Director of IT, Xcape, Inc.

    “During open conflict, Iran has historically favored asymmetric cyber tactics. These tactics are deniable, disruptive, and psychologically impactful rather than those that are overtly destructive. U.S. critical infrastructure – especially water utilities, energy operators, healthcare systems, telecommunications, the media, and regional government networks – could experience increased attacks.

    “These include DDoS campaigns, ransomware attacks, spear phishing, and disruptive intrusion attempts aimed at undermining public confidence. Groups like CyberAv3ngers have previously targeted poorly secured industrial control systems (ICS). This indicates a continued interest in operational technology (OT) environments with low cybersecurity maturity. We might also observe website defacements, data leaks, or influence operations intended to heighten domestic political and social tensions.

    “The Iranian regime has a history of suppressing pro-democracy communications. They do this by throttling Internet bandwidth, blocking major platforms, and shutting down mobile data networks during unrest. For private sector organizations, resilience should be the priority: patch vulnerable systems, enforce multi-factor authentication, segment operational technology (OT) from information technology (IT) networks, and practice incident response playbooks.

   “Lastly, users everywhere need to be reminded to be aware of unsolicited emails so that they can avoid compromising their organizations through susceptibility to phishing.”

Denis Calderone, Principal and CTO, Suzu Labs 

   “Recent trends have most analysts keeping focus on DDoS and ransomware right now, and those are real concerns. But what’s been concerning us more is the stuff we can’t see. Iran’s most capable espionage group, APT34, has gone completely quiet during the most significant crisis in their country’s modern history. We worry that it might just mean they’re getting ready.

   “Since it appears that conventional military options are looking increasingly to be off the table, cyber is what Iran has left. And even with their own internet down, pre-positioned implants and operators based outside Iran can still execute. If you’re in energy, water, financial services, or defense, assume you’re a target. Start hunting for anomalous access in your environment now. Don’t wait for something to break.

   “European organizations need to pay attention here too. Iran’s cyber operations don’t stop at US borders, and the proxy groups operating on Iran’s behalf are even less predictable in their targeting. When the motivation is retaliation and the conventional military is gone, cyber operators cast a wide net.

   “The immediate concern for European critical infrastructure is wiper malware. We’re already seeing reports of wiper deployments against Western financial and energy firms from Iranian proxy groups, and although many of these have been traditionally against Israeli targets, there’s no reason to suggest that targeting won’t expand with recent developments. If you’re in energy or critical infrastructure, treat this as a heightened threat period. Review your incident response plans, make sure your backups are isolated and tested, and pay close attention to any unusual activity in your OT environments. This is not a drill.”

Hom Bahmanyar, Global Enablement Officer, Ridge Security, Inc.

    “There is a significant possibility that Iran’s Islamic regime would respond to US and Israeli military strikes with large-scale cyberattacks, particularly given its inability to match the conventional military capabilities of the US and Israel. Cyber operations may be viewed by the regime as a more attainable and potentially effective means of retaliation compared to military confrontation.

    “Based on the regime’s past practice of imposing internet shutdown to restrict the flow of information during internal crises or domestic unrest, such as the January crackdown on protesters, the current nationwide internet blackout and reduction in connectivity to 4% as reported by NetBlocks is likely a deliberate government response to make it more difficult for pro-democracy forces to communicate with the outside world, rather than the direct result of Israel’s cyberattacks on their infrastructure.”

Leave a comment »

Incode First to Achieve iBeta’s Highest Level of Independent Identity Security Testing on Both iOS and Android With 0% Error Rate

Posted in Commentary with tags on March 2, 2026 by itnerd

Incode Technologies, Inc., the global leader in identity security and fraud prevention, today announced that iBeta PAD testing confirmed Incode’s face liveness technology achieves Level 3 Presentation Attack Detection (PAD) conformance under ISO/IEC 30107-3.

Face liveness technology is used in digital onboarding and authentication to confirm a real, live person is present during a selfie capture – not a printed photo, video replay, mask, or other spoofing attempt. It enables organizations to defend remote identity verification flows against account takeovers, synthetic identity fraud, and impersonation scams.

Incode’s solution is passive and completes verification with a single selfie, reducing friction compared to challenge-based experiences while maintaining strong resistance to sophisticated presentation attacks.

This level of assurance matters most at scale – where identity decisions impact conversions, fraud losses, and customer trust across millions of users. Incode operates at that scale, powering trusted experiences for 8 of the top 10 U.S. banks, 8 of the top 9 telecom companies, the top 3 global neobanks, and 4 of the top 5 marketplaces worldwide. To date, Incode has processed more than 7.1 billion trust checks.

From Level 1 to Level 3. A clear progression

In 2019, Incode launched a passive liveness model designed to detect common 2D presentation attacks including printed photos and replay attacks. That release led to Incode becoming the first vendor to pass iBeta Level 1 using a passive liveness approach.

By 2022, Incode expanded its defenses to address advanced 3D mask attacks while continuing to strengthen 2D detection. These improvements enabled Incode to pass iBeta PAD Level 2 testing in early 2023.

In 2026, Incode achieved iBeta PAD Level 3 conformance on both iOS and Android, with a perfect score.

Independent validation at the highest PAD level

APCER (Attack Presentation Classification Error Rate) captures whether spoofing attempts are incorrectly accepted, while BPCER (Bona Fide Presentation Classification Error Rate) captures whether legitimate users are incorrectly rejected. Incode reported 0% on both metrics – no presentation attacks were accepted, and no legitimate users were rejected during the evaluation.

Incode’s verification is completed from a single selfie capture, with no challenge prompts (such as turning head, or smiling), helping reduce friction while maintaining strong resistance to sophisticated presentation attacks.

Why this matters now

Digital onboarding has become the primary gateway to financial services, marketplaces, and government platforms – making identity assurance a critical control point for both security and growth.

Organizations face mounting pressure to reduce fraud losses while minimizing false rejections that disrupt user experience and impact revenue. But as attackers become more sophisticated, it’s increasingly difficult for teams to evaluate liveness vendors under the most demanding real-world conditions, especially across devices, environments, and advanced presentation attacks. Independent testing at the highest available PAD level helps buyers cut through claims and identify the solutions that hold up when stakes are highest.

This milestone reflects Incode’s continued commitment to proprietary innovation and world-class engineering talent globally.

Leave a comment »

This Attempt By A Scammer To Steal Your Identity Is Simply Laughable

Posted in Commentary with tags on March 2, 2026 by itnerd

A reader of this blog sent me an email over the weekend that made me burst out laughing because of how laughably bad it was. Let me show you the email so that you can see for yourself:

First of all, the email that is sent from is clearly not from the FBI:

That alone should make you delete it the second that it hits your inbox. But the rest of the email should make you delete it instantly as there is no way that Kash Patel who runs the FBI is going to email you directly asking for your details to them. If this were from the FBI, they would already have your details. Which likely explains why the recipient of this email isn’t named explicitly.

What this email is attempting to do is to get people to hand over their details for use in some sort of identity theft scam. I am also guessing that it attempting to try and get someone who has fallen for a scam in the past as those people tend to be re-victimized about 40% of the time from what I’ve read. Regardless, this is pretty lame and laughable. Not as lame and laughable as this scam involving former Canadian Prime Minister Stephen Harper from many years ago. But still lame and laughable.

Anyway, this is a bit of a laugh to start your Monday morning.

Leave a comment »

Ericsson and Intel collaborate to accelerate the path to commercial AI-native 6G

Posted in Commentary with tags on March 2, 2026 by itnerd

Ericsson and Intel are pooling their next-generation technology leadership to help accelerate ecosystem readiness for seamless transition to AI-native 6G deployments and use cases.

The collaboration – an extension of a decades’ long relationship – was announced at Mobile World Congress Barcelona 2026. It will span mobile connectivity, cloud technologies, and compute capabilities across AI-driven RAN and packet core use cases, and platform level-security and network capabilities to help enhance ecosystem enablement and time-to-market for cloud-native solutions.

A shared commitment

As 6G transitions from the research phase to commercial reality, the industry needs a collaborative, well-prepared ecosystem-aligned with global standards bodies and industry organizations to help turn innovation into deployable infrastructure.

The collaboration will advance future high-performance, and energy-efficient compute architectures designed for both AI for networks and Networks for AI.

AI-native 6G will combine intelligent and programmable networks with advanced compute and real-time sensing, creating a stronger foundation for more responsive, efficient and capable services. Over time, that evolution could bring sensing and compute closer together across the network.

Collaboration results on show

Ericsson and Intel have collectively achieved important milestones across cloud RAN, 5G Core and open network infrastructure. That momentum continues at MWC 2026, where multiple demonstrations – across Ericsson (Ericsson Pavilion, Hall 2), Intel (Hall 3, Stand 3E31) and various ecosystem partner event spaces – showcase innovative collaboration.

Related links:
6G – Follow the journey to the next generation networks – Ericsson

Ericsson pioneers Cloud RAN call with HPE server and Intel

Ericsson’s first Cloud RAN call on Intel Xeon 6 with Dell

Ericsson and Intel hit milestones in Tech Hub collaboration

Ericsson, Intel advance optimized 5G

Leave a comment »

Börje Ekholm opens Ericsson’s MWC 2026

Posted in Commentary with tags on March 2, 2026 by itnerd

Hyperconnectivity driven by huge numbers of sensors, the expansion of AI into applications and devices, and the role of telecoms in national security was center stage in Barcelona today as Ericsson President and CEO, Börje Ekholm, got the company’s Mobile World Congress (MWC) 2026 program underway.

Ekholm said these three “fundamental forces” shaped this year’s Ericsson MWC event theme – Enter New Horizons – and are central to company demos, seminars, panel and round-table discussions, and customer meetings at the Fira Gran Via venue this week.

He said the AI surge and growth in the number of connected devices will drive high-performance connectivity demand as “everything will be connected.”

Ekholm said he was excited about the new era, which he said will also put demands on Ericsson.

Momentum in differentiated connectivity use cases – such as premium fixed wireless access, network slicing, and Network APIs – will also be in focus in Ericsson’s pavilion.

Ericsson’s event space will feature collaborations with more than 120 partners across the industry – comprising more than half of what Ericsson is showing in Barcelona this year.

Ekholm said this was evidence of how the new ecosystem is scaling.

Ekholm referenced the Network APIs-focused joint venture Aduna as an important example of bringing the industry together to form ecosystems to utilize the digital stack.

Ekholm said 5G Standalone would also influence the third ‘fundamental force.’

Ekholm was joined by special guests during the webcast: AT&T CEO, John Stankey, and Singtel CEO, Yuen Kuan Moon.

Stankey and Ekholm discussed the companies’ December 2023 deal aimed at helping the U.S. communications service provider to move to cloud-based architecture and pursue new revenue streams.

Stankey highlighted momentum in fixed wireless access and network slice uptake as being notable and agreed with Ekholm that 5G Standalone is central to the cloud-based and service-based architecture needed for new physical AI services and applications.

Stankey and Ekholm also addressed the importance of collaborating on network security, before discussing the fact that both AT&T and Ericsson celebrate 150-year anniversaries in 2026. While celebrating the landmark they also stressed the need to constantly innovate and think about what is coming next.

Ekholm and Yuen Kuan Moon also discussed the advantages of having 5G Standalone connectivity.

He also highlighted dedicated network slices as new revenue generation opportunities across security, factories, airports and seaports, saying offering applications and gaming network slices was also in focus.

Mobile World Congress Barcelona 2026 runs until March 5. Find out ore about Ericsson’s MWC activities vis this link.

Leave a comment »

Ericsson announces participation in the OCUDU Ecosystem Foundation 

Posted in Commentary with tags on March 2, 2026 by itnerd

Ericsson has announced it has joined the OCUDU Ecosystem Foundation as a founding premier member, underscoring its commitment to open innovation in radio access network (RAN) software. Ericsson will hold a seat on the Foundation’s Board of Directors.

OCUDU, an open-source initiative under the Linux Foundation, aims to accelerate U.S. leadership in wireless innovation through a portable, open-source CU/DU software stack supporting next-generation RAN capabilities.

Ericsson will help shape OCUDU’s direction to enable research, experimentation, and ecosystem development alongside operators, government agencies, academic institutions, and technology partners. Ericsson’s participation will focus on contributing architectural guidance, ensuring technology neutrality, and advancing research-driven use cases, building on its experience in world‑leading solutions deployed globally across governmental, enterprise, and consumer networks. The company remains dedicated to delivering secure, trusted, and high‑performance networks and will leverage its industry-leading expertise to advance an open and interoperable ecosystem defining the progression of 5G and the emergence of 6G toward a 6G/AI intelligent fabric.

OCUDU Ecosystem Foundation will help facilitate dual use of commercial 5G technologies in specific defense applications, meeting the requirements of the U.S. Department of War. Ericsson is dedicated to supporting the U.S. government’s efforts to modernize its infrastructure by transitioning from legacy systems to secure, open, and programmable network architectures. This will ensure technology neutrality, strengthen national security standards, and foster a resilient telecommunications ecosystem where AI‑driven capabilities can be deployed at scale.

Leave a comment »

38 million customers impacted in ManoMano third-party data breach

Posted in Commentary with tags on February 27, 2026 by itnerd

ManoMano, a European online DIY, home improvement marketplace with 50 million visitors per month, is notifying customers about a significant data breach that affected an estimated 38 million individuals after it discovered unauthorized access in January 2026 linked to one of its third-party customer service providers.

Although not confirmed, it is rumored that the compromised organization was a customer support service provider that suffered a Zendesk breach. Investigations found that personal data from customer accounts and interactions were extracted by the attackers. 

A threat actor using the alias “Indra” claimed responsibility on a hacker forum, alleging possession of roughly 37.8 million user records, over 900,000 service tickets, and over 13,000 attachments. The exposed information varied by individual and may include full names, email addresses, phone numbers, and the contents of customer service communications.

The ManoMano stated that account passwords were not accessed and there is no evidence of data being altered within its internal systems. Upon discovering the incident, the company disabled the subcontractor’s access to customer data, strengthened access controls and monitoring, notified relevant authorities, and began informing potentially affected users with guidance on vigilance against phishing and other threats.

Noelle Murata, Sr. Security Engineer, Xcape, Inc.:

   “The data breach at ManoMano allowed the threat actor “Indra” to abscond with almost 38 million user records and close to a million service tickets. Although internal systems were unaffected, this highlights the inherent dangers associated with the “extended enterprise” model and reliance on third parties. This incident is believed to be connected to a broader exploitation of Zendesk. It underscores the sensitivity of customer support communications that frequently contain unmasked personal information and user behavior data.

   “The true prize lies not merely in contact details but also in the 13,000 pilfered attachments and service logs that provide the ideal blueprint for highly targeted phishing attacks. The primary threat isn’t necessarily account hijacking, but rather scams referencing actual past purchases or support interactions. Any communication purporting to be from a support representative should be viewed with suspicion.

   “Retailers should take this event as a strong impetus to enforce stringent vendor security protocols. This includes minimal data sharing, robust access controls, ongoing monitoring, and swift mechanisms to revoke third-party access when suspicious activity is detected.

   “When a contractor gets breached, the fallout belongs to you, not the subcontractor.”

Denis Calderone, CTO, Suzu Labs:

   “ManoMano wasn’t breached directly. Their outsourced customer support provider got compromised, and through that one access point attackers pulled millions of customer records and close to a million support tickets. This is the supply chain problem we keep talking about. You can lock your own house down all you want, but if your subcontractor leaves their door open, your data walks out through their environment.

   “What really caught our attention though is the support ticket data. People don’t think about what lives in support tickets. It’s not just names and emails. It’s conversations, order details, complaints, account issues, file attachments. That’s gold for social engineering. An attacker can reference your specific order, your specific complaint, and suddenly that phishing email doesn’t look like phishing anymore. It looks like a legitimate follow-up from customer support.

   “So, if you’re outsourcing customer support, ask yourself if a single agent account on the provider’s side can export your entire customer database? What kind of export controls exist to minimize the blast radius from a breach such as this? If you don’t know the answers, that’s where you start.”

Outsourcing saves cash, but it introduces a variety of dangers. This is a big one. Thus if I were an organization thinking of outsourcing something, this would make me think twice.

Leave a comment »

« Older Entries