Archive for June 18, 2025

A Number Of Companies Have Been Pwned Via A Supply Chain Attack

Posted in Commentary with tags on June 18, 2025 by itnerd

UBS Group, Pictet and Implenia said they were among the companies affected by a cyberattack on procurement firm Chain IQ. Here’s the details:

Swiss banks UBS and Pictet said on Wednesday they had suffered a data leak due to a cyber attack on a provider in Switzerland that did not compromise client information, although a report said thousands of UBS workers’ data was affected.

Swiss newspaper Le Temps said that files containing details of tens of thousands of UBS employees were stolen from the Baar-based business service company Chain IQ, whose website lists KPMG and Mizuho among its clients.

A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS said.

“As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”

The leaked cache also included the number of a direct internal line to UBS CEO Sergio Ermotti, Le Temps reported.

Chain IQ said it and 19 other companies were targeted in the attack, resulting in leaked data being published online on the darknet – a part of the internet not accessible through standard search engines.

Ensar Seker, CISO at SOCRadar had this to say:

“The Chain IQ breach underscores the persistent and growing risk of third-party exposure in today’s interconnected enterprise ecosystem. When suppliers hold sensitive operational or financial data, even in the absence of client PII, they become a highly attractive target for threat actors seeking leverage, intelligence, or access pathways into high-value organizations.

“What’s notable here is that the breach impacted major financial and consulting institutions, which typically maintain rigorous internal security controls. This demonstrates that the weakest link often lies outside the perimeter.

From a threat intelligence perspective, leaks involving executive or employee-level data, especially those of high-profile individuals like UBS’s CEO, increase the likelihood of targeted phishing, social engineering, or even impersonation attempts. Even when no client data is compromised, operational metadata like invoice histories, consultant relationships, or IT supplier engagements can provide adversaries with useful insights for crafting sophisticated campaigns. This is a classic case where traditional third-party risk management needs to mature into continuous fourth-party visibility and active vendor monitoring. Organizations must go beyond one-time assessments and require vendors to maintain threat detection telemetry, incident reporting SLAs, and breach simulation exercises. Additionally, platforms that provide real-time breach alerts on vendors such as DRP and supply chain intelligence solutions are no longer optional but essential to reduce response lag.

“Chain IQ’s breach serves as yet another reminder that “trust, but verify” is not just a saying, it should be embedded into every enterprise’s third-party governance model.”

James McQuiggan, Security Awareness Advocate at KnowBe4 follows with this:

“Trust alone isn’t enough when it comes to third-party risk and cybersecurity. Organizations need to manage third-party risk actively. Don’t rely on a one-time assessment or questionnaire. It’s crucial to consider regularly reviewing vendors’ protection of their data and systems. Keep checking in, especially with vendors that handle sensitive information. When a vendor is compromised, a quick response can be significant.

“Organizations should have a well-documented and repeatable plan for handling a third-party incident or breach. Consider how to isolate the issue, who to contact, and how to communicate with employees and partners. Rate your vendors based on risk levels: one that has strong security programs versus one that does not. Higher risk vendors require additional oversight and tighter security controls.”

You’re only as secure as your suppliers are. Organizations need to start buying into that by acting accordingly when it comes to their security. If a significant amount of organizations did that, supply chain attacks would be greatly reduced.

Leave a comment »

Appdome is the First to Detect Agentic AI Malware on Mobile Devices

Posted in Commentary with tags on June 18, 2025 by itnerd

Appdome has announced the availability of new dynamic defense plugins to detect and defend against Agentic AI Malware and unauthorized AI Assistants controlling Android & iOS devices and applications. The new Detect Agentic AI Malware plugins allow mobile brands and enterprises to know when Agentic AI applications interact with their mobile apps and use the data to prevent sensitive data leaks and block unvetted on-device AI Agents from accessing transaction, account, or enterprise data and services.

Agentic AI Assistants – such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same capabilities that make AI Assistants useful to consumers and employees can also be used by Agentic AI Malware and Trojans. Good and bad AI Assistants can gain broad runtime access to screen content, UI overlays, activity streams, user interactions, and contextual data. Malicious AI Assistants can exploit this access to perform data harvesting, session hijacking, and account takeovers—often under the guise of legitimate AI functionality. On Android, this risk is amplified by more permissive APIs. On iOS, threats extend to mirroring-based leaks (e.g., via AirPlay) and enterprise-targeted surveillance. 

Agentic AI assistants have wide appeal in internal enterprise and public-facing consumer use cases. However, in consumer use cases—like banking, eWallet, and healthcare applications—some brands might take the view that, for now, the risks outweigh the benefits. Currently, whatever a good AI assistant can do, a bad AI Assistant can do. Both can access, extract or input credentials, intercept transactions, and send messages to other users. In enterprise environments, malicious AI Assistants could perform actions as the employee, accessing proprietary systems, leak sensitive documents, or create entry points for lateral compromise. Wrapped or re-skinned AI apps—especially unofficial or third-party clones of tools like ChatGPT—further increase the attack footprint, often requesting dangerous (overreaching) permissions and quietly transmitting captured data to external servers. Without real-time detection and control, mobile brands remain exposed to surveillance, compliance failures, and data loss at scale. 

Security researchers have observed that malicious AI Assistants can extract session data, cryptographic tokens, or decrypted content by analyzing on-screen information in real time. These apps often masquerade as legitimate voice assistants, and once granted access, can silently monitor users’ activity. Furthermore, when coupled with generative AI models, attackers can script automated reconnaissance, tampering, or replay of sensitive operations inside apps. 

Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time. This includes official, third-party, or wrapped AI apps that impersonate trusted tools or gain elevated permissions. Mobile brands and enterprises can use Appdome to monitor AI Assistant use or detect and defend against Agent AI Assistants using multiple evaluation, enforcement and mitigation options. Mobile brands and enterprises can also specify any number of Trusted AI Assistants, to guarantee that users have access to approved and legitimate Agentic AI Assistants.

To learn more about Appdome malware protection, including Detect Agentic AI Malware, please visit https://www.appdome.com/mobile-malware-prevention/.

Leave a comment »

The Most Common Offensive Words Used In Passwords Revealed

Posted in Commentary with tags on June 18, 2025 by itnerd

The Cybernews research team have conducted a comprehensive study of over 19B passwords from over 200 cybersecurity incidents and uncovered several 2025 password creation trends. Not only out of 19B passwords only around 1.1B were unique, but according to the researchers, offesive words are popular choice — many people choose to use fuck, ass, hell and many other in their passwords.

Profane or offensive words are a widespread practice

Cybernews researchers discovered that profanity in passwords is a common trend — the top entry was “ass”, and it was used in almost 1% of all passwords, or over 165M times. However, this can be partly explained by using “pass” or “password.” 

Surprisingly, people more often chose to use hell (19.9M) as their password than Jesus (16.6M) and the word tit (23.4M) was chosen almost the same amount of times as god (23.9M). According to researchers, the chance of a successful attack rate against users with passwords from the swearwords wordlist (p.19) in brute-forcing or hash-cracking scenarios is 1.65%.

Cybernews research team found that the ten most popular swearwords used in passwords were these:

  1. ass (165M)
  2. god (23.9M)
  3. tit (23.4M)
  4. hell (19.9M)
  5. jesus (16.6M)
  6. fuck (16.5M)
  7. sex (9.5M)
  8. shit (6.5M)
  9. butt (5.6M)
  10. arse (5M)

Similar research was done by the Cybernews research team back in 2022. The most popular swearwords haven’t changed much: “ass”, “fuck”, “god”, “tit”, and “shit” were used the most in 2022. However, researchers found that people often used such words as “git” and “xxx”, and in 2025, these words weren’t even in the TOP 30.

The US topped the list of countries that swear the most

According to a study that analyzed which countries swear the most online, the United States came out first, followed by the United Kingdom and Australia. Another study found, that the typical American uses up to 90 swearwords a day and the country even shows the highest rates for using “fuck”. 

Using positive words makes it even more likely to be successfully hacked

Many people also choose to use words that they associate with positivity. Researchers found that the most popular positive words were love (87M), win (34M), and star (30M). The chance of a successful attack against users who choose words from the positive words list (p. 12) is 2.12%.

Some people might recognise patterns discussed here in their personal experience. If so, several easily accessible tools can help people review their data. One of them is Cybernews Password leak checker, where you can enter your password and check if it has leaked.

Methodology

Cybernews research team analyzed data from leaks and breaches in 12 months starting in April 2024. The original leaks contained over 3TB of data and were loaded with information that could be used to steal accounts or impersonate affected people in identity theft attacks. The data included leaked databases, combolists, and stealer logs originating from around 200 cybersecurity incidents. Only data that became publicly available was analyzed. The analysed dataset contained 213 GB of leaked passwords.

Leave a comment »

Scania Pwned And The Threat Actors Are Looking To Get Paid

Posted in Commentary with tags on June 18, 2025 by itnerd

Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents. Bleeping Computer has the details:

Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ who is selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.

Scania confirmed the breach to BleepingComputer, stating that their systems were breached on May 28, 2025, using an external IT partner’s credentials stolen by infostealer malware.

“We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner,” stated a Scania spokesperson.

“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”

“Using the compromised account, documents related to insurance claims were downloaded.”

Commenting on this news is Erich Kron, Security Awareness Advocate at KnowBe4

“Stolen credentials continue to be a significant security concern and were used in this attack. This outlines the need for additional account security such as MFA to help protect accounts. While it’s not a perfect solution, MFA, especially the type that is phishing resistant, can improve account security greatly. This is important not only for internal accounts, but also for external vendors and those outside of the organization that may occasionally need access. Victims whose information was stolen should be on high alert for the potential of social engineering scams that may reference this data and use it against them.”

This is yet another example where credential theft has led to something really bad happening. Things have to change so that these attacks are harder to pull off. And that change needs to happen quickly.

Leave a comment »

Zoho Launches Zia Hubs

Posted in Commentary with tags on June 18, 2025 by itnerd

Zoho Corporation today launched Zia Hubs, a solution within Zoho WorkDrive, that exposes new forms of unstructured business data to the company’s broad portfolio of applications and AI services. Using Zia Hubs, organizations can now present any type of business content to Zoho’s powerful capabilities and services, including agentic AI, comprehensive analysis, and accurate, unified search, regardless of file format or structure.

Deeper Intelligence Accessing More Customer Data

Today, Zia Hubs launches as part of Zoho WorkDrive, bringing content intelligence to the company’s unified content management and collaboration platform. Designed with a high level of user control over what content AI is allowed to access, Zia Hubs enables users to organize project or task-specific content into dedicated hubs within WorkDrive. Each hub serves as a focused space where Zia, Zoho’s flagship AI, can understand and act on the content stored within. This includes a wide range of content formats such as PDFs, documents, videos, and audio files. 

Zia Hubs automatically organizes the uploaded content in each hub by grouping related information such as section headings, supporting text, and visuals to preserve context. For video and audio files, Zia generates transcripts and links key moments to relevant topics, making it easy to pinpoint exactly where something was said. 

With Zia Hubs, users are able to:

  1. Have Zia surface the most relevant answers when asked a question, even across different content formats. Each response includes clear citations that link back to the original content, whether it’s a document, spreadsheet, image, or a specific moment in an audio or video file.
  • Create custom workflows with Zoho Flow, automating document storage process for particular projects or pertaining to specific teams within an organization, ensuring that Zia always has access to the latest necessary documents, automatically. 
  • Utilize the full spectrum of an organization’s software suite: content from third-party software, such as Docusign PDFs, RingCentral call logs, Zoom video files, and more, are all readable by Zia, and can automatically be placed into a hub by building a workflow with Zoho Flow.

From Intelligent Content to Intelligent Action with Zia

Zia Hubs is a foundational element of Zoho’s long-term AI strategy, laying the groundwork for a future where intelligent agents can act contextually on content across the company’s entire product suite. With full ownership of its technology stack spanning more than 55 products, Zoho is uniquely positioned to help organizations unlock deeper value from their business content compared to competitors.

Future updates to Zia Hubs will allow it to identify structured information within unstructured files and trigger specialized agents tailored to specific business needs, further utilizing Zia Hubs as the central content intelligence layer that activates AI-native workflows across the full Zoho ecosystem.

Availability and Pricing

Zia Hubs launches in early access today for selected users of Zoho Workdrive in the United States, with a general release for both US and international users scheduled for the end of Q3 2025.

Leave a comment »

Starburst Named a Leader & Fast Mover in 2025 GigaOm Radar for Data Lakes & Lakehouses

Posted in Commentary with tags on June 18, 2025 by itnerd

Starburst today announced it has been recognized as a Leader and Fast Mover in the newly released 2025 GigaOm Radar for Data Lakes and Lakehouses report. This marks the third consecutive year that Starburst has earned a leadership position in this influential industry benchmark.

The GigaOm report highlights Starburst’s dominance across key evaluation categories, including:

●        Product capabilities: Recognition for deep integration across modern cloud ecosystems and robust support for data federation and hybrid architectures.

●        Market execution: Acknowledgement of Starburst’s momentum and continued adoption as a distributed SQL engine built on open standards.

●        Innovation trajectory: Commended roadmap execution, leadership in the open lakehouse movement, and readiness for future AI-driven analytics workloads.

The GigaOm Radar evaluates vendors on a combination of feature richness, usability, performance, market strategy and innovation roadmap. Positioning Starburst in the Leader and Fast Mover affirms its ability to deliver high-performance federated querying and scalability, support for diverse open table and file formats, hybrid and multi-cloud deployments, and a consolidated and governed data stack that supports analytics and AI workloads.

Download and explore the report here: https://starburst.io/info/gigaom-radar-for-data-lakes-and-lakehouses-2025/

Leave a comment »

Cybernews Researchers Have Discovered 16-Billion-Record Data Breach

Posted in Commentary with tags on June 18, 2025 by itnerd

Cybernews researchers have uncovered what may be the largest unreported credential leak in history — a staggering 16 billion login records exposed across 30 separate datasets. The data most likely originates from various infostealers and was briefly exposed in unsecured cloud storage systems.

Key research findings:

  • The datasets that the team uncovered differ widely. The smallest, named after malicious software, had over 16 million records.
  • The largest dataset, most likely related to the Portuguese-speaking population, had over 3.5 billion records.
  • On average, one dataset with exposed credentials had 550 million records.
  • 455 million records in a dataset referencing the Russian Federation, suggesting possible links to regional malware or data operations.
  • 60 million records in a dataset labeled “Telegram.”
  • Many datasets followed a uniform structure: URL — username/email — password, suggesting the use of modern infostealers as the primary data source.
  • Numerous datasets contained tokens, cookies, and metadata, increasing the risk of bypassing multi-factor authentication and launching advanced phishing attacks.
  • New datasets continue to surface every few weeks, highlighting how prevalent and persistent infostealer malware is in the wild.

Alarmingly, ownership remains unknown. The Cybernews team believes that some collections may have been curated by cybercriminals seeking to scale attacks.

Leak significance

Even with a low success rate, these massive collections enable phishing, identity theft, and unauthorized access at a global scale — and offer users very limited ways to defend themselves once exposed.

The exposure of 16 billion login credentials represents not just a security lapse but a critical turning point in how credential data is accumulated, stored, and exploited.

These findings raise urgent concerns about account security, data aggregation risks, and the lack of safeguards in credential management ecosystems.

To read the full research report, please click here.

Leave a comment »

Trump Musk Feud Drives Malicious Domain Surge for Crypto Scams, Phishing, Fake Betting Sites

Posted in Commentary with tags on June 18, 2025 by itnerd

BforeAI has revealed that they identified a total of 39 malicious domains, all newly registered on June 5 and 6, being used across a variety of scams as threat actors exploit the recent, notable, and escalating public trade policy feud between Elon Musk and Donald Trump.

Multiple domains related to hypothetical Trump vs. Elon conflicts have surfaced, often mimicking betting platforms, fake giveaways, or crypto multipliers. Threat actors are using a wide range of low-cost and under-regulated top-level domains (TLDs), indicating abuse-friendly zones. Such TLDs are also known for their ongoing malicious use for hosting and conducting phishing campaigns.

BeforeAI’s research provides a domain breakdown and threat types, including crypto scams, gaming and engagement lures (fake game, fraudulent mobile app, engagement farming), betting and merchandise, disinformation and reputation abuse, and telegram bot automation. 

Malicious infrastructure trends identified include the rise of threat actors taking advantage of a geopolitical event to launch new meme coins, fake betting sites, and phishing lures tied to online games and merchandise, and cybercriminals leveraging games to attract supporters to a phishing site.

You can read the report here.

Leave a comment »