The Safety Detectives team has discovered an unprotected database containing approximately 7,000 records linked to DomeWatch, the U.S. House Democrats’ official online resume bank.
The exposed data included names, email addresses, phone numbers, security clearance levels, political affiliations, congressional experience, and more.
Among the records, 469 individuals were listed with “top secret” federal security clearance, and over 4,000 indicated prior congressional experience.
This kind of exposure poses significant privacy and security risks, including potential identity theft, phishing, and social engineering targeting individuals connected to U.S. government operations.
The Media Trust have some insights in regards to the increase in cybercrime activity during the government shutdown. Showing that the government shutdown is having an effect that I bet nobody planned for.
Specifically, the researchers at The Media Trust have observed cybercrime activities for the past couple of weeks since the threat of a government shutdown through to two weeks into the shutdown.
The company’s malware desk is projecting more than 555M cyberattacks on the US Federal government in the month of October. This is an 85% increase over the month prior.
They observed a spike in malware activity at the end of September as the threat of a federal shutdown was being projected in the media. (see chart)
The day of the shutdown (October 1st) researchers saw a significant increase in phishing attacks. More than 90% of the attacks against the Federal government from the end of September through today have been phishing attacks. (see chart)
October is now trending toward being the second-highest month of 2025 for cyberattacks on the Federal Government.
The top US Federal government agencies that have seen the most cyberattacks through the Federal Government shutdown (see chart) include, in order:
Posted in Commentary with tags GM on October 24, 2025 by itnerd
Well, I guess that GM vehicles will be off my list when it is time to buy my next time. I say that because I just read this article from The Verge where GM is going to phase out Android Auto and Apple CarPlay in ALL of their vehicles. You might recall that GM started doing this in their EVs some time ago. And that was met with a fair amount of backlash. But clearly that backlash has not deterred them.
Here’s what was said by GM’s CEO Mary Barra:
Let me ask you the second part of that question again, because, again, we’re talking so much about the future, and I understand the argument about the future you’re making, but you still have the smartphone projection in the gas cars. Why is it still in the gas cars?
A lot of it depends on when you do an update to that vehicle. When you look at the fact that we have over 40 models across our portfolio, you don’t just do this and they all update. As we move forward with each new vehicle and major new vehicle launch, I think you’re going to see us consistent on that. We made a decision to prioritize our EV vehicles during this timeframe, and as we go forward, we’ll continue across the portfolio.
So we should expect new gas cars will not have smartphone projection?
As we get to a major rollout, I think that’s the right expectation. Yes.
What GM is going to do is to use Android Automotive. Not to be confused with Android Auto. The former can be best described as a full operating system for cars that GM basically controls. And by control, I mean that they can make money off of it. The thing is, I just recently reviewed a Ford Expedition and it uses Android Automotive complete with Android Auto and Apple CarPlay. And Ford went out of their way to emphasize that while they want Ford owners to use their system, they do not want to remove choice from Ford owners. And I did press them on that and they stood firm on that, even going to the point of walking up to line to call out GM for being the opposite of Ford without actually doing so. Ford has clearly read the room and made the right call because so many people are used to Android Auto and Apple CarPlay that by removing the, Ford would risk alienating their loyal customers.
Now at the start of this article I said that GM would be off my list of vehicles to buy should I need a new car. GM isn’t reading the room here. And given how many cars they sell, this can easily come back to bite them. After all, they aren’t Tesla who can get away with not having Android Auto and Apple CarPlay in their cars. They might want to keep that in mind and reconsider their life choices accordingly.
Qatar Airways has unveiled a first-of-its-kind global partnership with GRAMMY-Award winning artist, entrepreneur, and cultural visionary Swizz Beatz, founder of the prestigious art collective The Dean Collection. Together, they introduced The Qatar Airways “Creative 100,” a bold new platform celebrating and connecting the world’s most influential and inspiring creatives shaping global culture today.
The announcement took place during Art Basel Paris, where Qatar Airways serves as a Premium Partner, marking the beginning of a multi-year collaboration that unites art, travel, and innovation under one creative movement.
A global movement for creativity, each year, the “Creative 100” will spotlight 100 visionaries whose work transcends borders and inspires progress across art, design, music, fashion, sport, and technology.
The first creatives announced are: Black Coffee, the GRAMMY-Award winning South African DJ and producer; Miles Chamley-Watson, Olympic fencing champion and style innovator; Kristian Teär, CEO of Danish high-end electronics company Bang & Olufsen; Yoon Ahn, American fashion designer, co-founder of AMBUSH; Jewelry Director for Dior Homme; and Flavio Manzoni, Ferrari’s Chief Design Officer.
From the world of art, honorees include Kennedy Yanko, a sculptor known for fusing salvaged metal with paint skin, and Patrick Eugene, a visual artist whose work explores identity, culture, and the human experience.
A flagship gala will be held in Doha in February 2026 during Art Basel Doha, where the first inductees will be officially honored and the full list of the “Creative 100” revealed. Throughout the year, the initiative will activate at Art Basel’s global events in Paris, Miami, Hong Kong, and Basel, transforming Qatar Airways’ worldwide network into a cultural bridge connecting creative communities across continents.
A Transformational Partnership This collaboration marks the first time an airline has partnered directly with a global artist and creative entrepreneur to develop a long-term cultural platform. Through this partnership, Qatar Airways and Swizz Beatz will reimagine how creativity travels, transforming global movement into cultural exchange and storytelling that inspires.
Key experiences will include:
Flagship galas and cultural activations hosted by Qatar Airways and The Dean Collection in Doha and at Art Basel events worldwide.
Collaborative projects across art, music, design, and sport that include limited-edition merchandise to creative in-flight experiences and special aircraft liveries.
Exclusive access for Qatar Airways Privilege Club members to attend private masterclasses, cultural events, and behind-the-scenes sessions with inductees.
A Digital Home for Global Creativity Qatar Airways will also debut a dedicated digital hub for The “Creative 100,” featuring films, interviews, podcasts, and curated city guides shaped by the voices of these global creators. The interactive platform will span six content pillars: Art & Design, Music & Performance, Fashion & Style, Film & Entertainment, Sport & Influence, and Innovation & Ideas spotlighting the people and places fueling creative progress worldwide.
Users will be able to explore a rotating map of inductees’ home cities and inspirations, along with artist profiles, imagery, short films, and personal travel stories. Exclusive Privilege Club member content will include extended interviews, masterclasses, and event invitations.
The partnership will lend its impact to the Qatar Airways passenger journey through bespoke merchandise and immersive onboard experiences. As the first expression of creativity from the Qatar Airways “Creative 100,” the two collaborative forces revealed renderings of a special-edition Formula 1® livery, celebrating the airline’s role as Global Airline Partner. An additional livery commemorating Qatar Airways’ partnership with the FIFA World Cup 2026™ will be revealed at a later stage.
Surfshark has launched a new feature called the web content blocker that focuses on safeguarding every household when browsing online. It allows you to filter various websites based on categories provided, lock them using 2FA (Two-factor Authentication), and help protect family members from potential online threats caused by curiosity or carelessness.
Unlike traditional tracking applications, the web content blocker helps you protect family members from seeing malicious content and websites — without snooping on their browsing activity or monitoring the actual websites they visit. With this new feature, you can filter various websites by category and lock specific content across all family mobile devices.
To extend this protection to your household, install and open the Surfshark app on the device you’d like to add, log in using the same account, enable Web content blocker, and lock with 2FA if needed. Then, under the Web content blocker feature on the Surfshark website app, you can find the Your devices section, where you can select content categories and ensure a safe online environment for your loved ones.
The web content blocker is now available on Android and iOS platforms for Surfshark One or One+ plan users — more platforms are coming soon.
Additionally, Surfshark announces that its server count has surpassed 4,500. Over the years, Surfshark has continually upgraded its server network to enhance performance and reliability, and this figure reflects its growth.
Posted in Commentary with tags OpenAI on October 24, 2025 by itnerd
Recently, researchers uncovered that OpenAI’s newly launched Atlas browser is vulnerable to indirect prompt injection, allowing malicious web pages to embed hidden commands that the browser’s AI agent may follow. The flaw is also observed in other AI-powered browsers like Comet and Fellou, according to Brave Software and highlights a systemic security risk where AI models treat untrusted web content as valid instructions, potentially exposing sensitive data and compromising user sessions.
The CTO of DryRun Security, Ken Johnson had this to say:
“In corporate environments, I would not allow Comet, Atlas, or any AI-powered browser on company devices at this time. Browser security is already difficult even for the companies that make them, and robust privacy controls require immense care. AI is new to both fronts. Granting these tools unprecedented access to personal and corporate data, combined with the inherent risks of AI systems and existing security concerns, is a time bomb.”
Many companies have restrictions on how AI can be used. If your organization hasn’t looked at this, now would be a good time to do so. Because the risk of having sensitive data leak out to the outside world is to great to ignore.
Posted in Commentary with tags ESET on October 24, 2025 by itnerd
ESET researchers have recently observed a new instance of Operation DreamJob — a campaign that ESET tracks under the umbrella of North Korea-aligned Lazarus group — in which several European companies active in the defense industry were targeted. Some of these are heavily involved in the unmanned aerial vehicle (UAV / drones) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its drone program. The in-the-wild attacks successively targeted three companies active in the defense sector in Central and Southeastern Europe. Initial access was almost certainly achieved via social engineering. The main payload deployed to the targets was ScoringMathTea, a remote-access trojan (RAT) that offers the attackers full control over the compromised machine. The suspected primary goal of the attackers was exfiltration of proprietary information and manufacturing know-how.
In Operation DreamJob, the dominant theme of social engineering is a lucrative, but faux, job offer served with a side of malware: The target usually receives a decoy document with a job description and a trojanized PDF reader to open it. ESET Research attributes this activity with a high level of confidence to Lazarus, particularly because of its campaigns related to Operation DreamJob, and because the targeted sectors, located in Europe, align with the targets of the previous instances of Operation DreamJob (aerospace, defense, engineering).
The three targeted organizations manufacture different types of military equipment (or parts thereof), many of which are currently deployed in Ukraine as a result of European countries’ military assistance. At the time of Operation DreamJob’s observed activity, North Korean soldiers were deployed in Russia, reportedly to help Moscow repel Ukraine’s offensive in the Kursk region. It is thus possible that Operation DreamJob was interested in collecting sensitive information on some Western-made weapons systems currently employed in the Russia-Ukraine war. More generally, these entities are involved in the production of types of materiel that North Korea also manufactures domestically, and for which it might be hoping to perfect its own designs and processes. The interest in UAV-related know-how is notable, as it echoes recent media reports indicating that Pyongyang is investing heavily in domestic drone manufacturing capabilities. North Korea has relied heavily on reverse engineering and intellectual property theft to develop its domestic UAV capabilities.
Generally, Lazarus attackers are highly active and deploy their backdoors against multiple targets. This frequent use exposes these tools and enables their detection. As a countermeasure, the group’s tools are preceded in the execution chain by a series of droppers, loaders, and simple downloaders. The attackers decided to incorporate their malicious loading routines into open-source projects available on GitHub.
The main payload, ScoringMathTea, is a complex RAT that supports around 40 commands. Its first appearance can be traced back to VirusTotal submissions from Portugal and Germany in October 2022, where its dropper posed as an Airbus-themed job offer lure. The implemented functionality is the usual required by Lazarus: manipulation of files and processes, exchanging the configuration, collecting the victim’s system info, opening a TCP connection, and executing local commands or new payloads downloaded from the C&C server. Regarding ESET telemetry, ScoringMathTea was seen in attacks against an Indian technology company in January 2023, a Polish defense company in March 2023, a British industrial automation company in October 2023, and an Italian aerospace company in September 2025. It seems that it is one of the flagship payloads for Operation DreamJob campaigns.
The group’s most significant evolution is the introduction of new libraries designed for DLL proxying and the selection of new open-source projects to trojanize for improved evasion. “For nearly three years, Lazarus has maintained a consistent modus operandi, deploying its preferred main payload, ScoringMathTea, and using similar methods to trojanize open-source applications. This predictable, yet effective, strategy delivers sufficient polymorphism to evade security detection, even if it is insufficient to mask the group’s identity and obscure the attribution process,” concludes Kálnai.
The Lazarus group (also known as HIDDEN COBRA) is an APT group linked to North Korea that has been active since at least 2009. It is responsible for high-profile incidents. The diversity, number, and eccentricity in implementation of Lazarus campaigns define this group, as well as the fact that it performs all three pillars of cybercriminal activities: cyberespionage, cybersabotage, and pursuit of financial gain.
Operation DreamJob is a codename for Lazarus campaigns that rely primarily on social engineering, specifically using fake job offers for prestigious or high-profile positions (the “dream job” lure). Targets are predominantly in the aerospace and defense sectors, followed by engineering and technology companies, and the media and entertainment sector.
For a more detailed analysis of the latest Lazarus DreamJob campaign against the UAV sector, check out the latest ESET Research blogpost “Gotta fly: Lazarus targets the UAV sector” on WeLiveSecurity.com.
Posted in Commentary with tags Hacked on October 23, 2025 by itnerd
Researchers have uncovered a new privacy risk with Shadow Escape that exploits the Model Context Protocol (MCP) businesses use to connect to LLMs. The attack enables hackers to steal volumes of data such as Social Security Numbers, medical records, and business information that use AI assistants without the user ever clicking a suspicious link or making a mistake.
Roger Grimes, CISO Advisor at KnowBe4, provided the following comments:
“I’m familiar with at least one other similar attack involving another, more popular AI tool, that the research plans to publicly release soon after practicing responsible disclosure with the vendor. They seem to be coming out of the woodwork so to speak. This zero-click attack is just going to be one of thousands coming out over the next few years. These initial reports are just the beginning stages of what promises to be years and years of new types of exploits. That’s because AI and the way they interact with other AIs and humans are just starting to be discovered and explored. The sheer amount of ways that any AI can interact with something else makes it far harder, if not impossible, for the vendor or a cyber defender to test before the AI is released.
“We didn’t do a great job at testing non-AI, more deterministic software and systems, to make sure they didn’t have vulnerabilities. Heck, we had over 40K separate publicly announced vulnerabilities last year and we are on our way to having over 47K this year. Non-deterministic AIs with the ability to have thousands of different types of interactions is just going to make that number explode. We are just now opening pandora’s box, and we are definitely not going to like what we see. I thought stuff was complex in the past. We will think of the past decades of vulnerabilities as the “good times” before AI everywhere arrived. It’s getting ready to be very stormy.”
Organizations need to look at the use of AI by their employees. They need to ensure that they are using only company approved AI tools and making sure that anything that connects to an LLM is secure. Otherwise, they are wide open to this sort of attack.
Posted in Commentary with tags Hacked on October 23, 2025 by itnerd
Hackers are actively exploiting a critical vulnerability (CVE-2025-54236, CVSS 9.1) in Adobe Commerce and Magento Open Source, known as SessionReaper. The flaw, stemming from improper input validation, allows attackers to bypass security features and potentially take over customer accounts via the Commerce REST API. Although Adobe released a hotfix on September 9, exploitation began after the patch was leaked early, and only 38% of affected sites have applied the fix. Sansec has observed roughly 250 attacks already, with exploitation expected to escalate rapidly following the public release of technical details by Searchlight Cyber. Adobe has confirmed the vulnerability is now being exploited in the wild.
Dale Hoak, CISO, RegScale had this to say:
“The rapid exploitation of SessionReaper underscores how compliance and security controls must operate continuously, not periodically. Many organizations treat patch management and vulnerability response as checklist items, but real resilience comes from continuous monitoring of control drift and evidence of remediation. When technical writeups go public, automation and compliance-as-code can make the difference between being patched in hours versus weeks.”
We are now in an age of patch everything ASAP before the bad guys try to pwn you. This illustrates how bad things have become and why things need to change ASAP.
Posted in Commentary with tags Nelson on October 23, 2025 by itnerd
Nelson will focus on addressing a gap in education with a keynote from its President and CEO Steve Brown at the Canadian EdTech Leadership Summit in Toronto, and an upcoming launch of resources related to Artificial Intelligence (AI) for educators.
According to a recent study from KPMG, Canada is lagging global peers in AI literacy and trust, ranking among the least AI literate nations globally. To help address that gap, Nelson is taking steps to support educators as they look to understand and navigate AI in education. The company will offer trusted resources in Edwin, including lessons and activities, to provide educators and students with information to better understand AI; to learn how it can be used appropriately; to see how AI literacy can be integrated into cross-curricular learning experiences; and more.
For example, one lesson will provide educators with an overview of how to provide an introduction to AI, giving students basic shared vocabulary and a conceptual understanding of what AI is, examples of AI in our world, and options for further learning about AI, including bias, ethics, and responsible usage. Educators will find these resources in Edwin beginning in mid-November.
Nigel Romany, a Grade 6 and 7 teacher from Brant Haldimand Norfolk Catholic District School Board (BHNCDSB) and an avid Edwin user, talked about how he complements the use of Edwin with AI in his teaching. He explained that he started using Edwin in lessons that were outside of his core subjects, such as science. Edwin provides rich curriculum-aligned materials, which he said allows him to provide the proper information for his students in an effective forum. Within the first week of using Edwin, he was able to guide students to develop a commercial on biodiversity. Now, he said he uses AI to complement and assist in his teaching practice. For example, AI helps him narrow down vast amounts of information and gives him alternatives in his lesson planning. Additionally, we know students use AI in some capacity to do their assignments. He said that as educators, we have to find different ways to assess our students, review the work and educate them to use AI properly. He noted that teaching has always been more of an art form than an exact science and AI, in his opinion, cannot replace the interaction between student and teacher but rather enhances it. He is looking forward to using the new resources on Edwin to help him engage in conversations with his students about AI, helping them develop skills to question, analyze and use AI responsibly.
dTech: Sharing AI Insights and Trends Taking place on October 29 and 30, 2025 at the state-of-the-art Innovation Complex at the University of Toronto Mississauga, the theme of this year’s EdTech Leadership Summit is “Empowering Human-Centered Sustainable Learning in an AI-Inspired World.” Brown will present his keynote, “The Intersection of Human and Artificial Intelligence,” on October 30 at 11 a.m., during which he’ll share a perspective on the rise of AI in education, its opportunities and challenges, and the importance on focusing on the right learning pathways to drive human intelligence.
The 16th annual event is targeted at senior level leadership in K-12, post secondary and EdTech industry partners, policymakers, teacher leaders, investors, students, parents, and EdTech startups who are passionate about refining the future of learning to help all students thrive. It will provide attendees an opportunity to access evidence-based research, success stories, and best practices to future-proof their learning environment and empower every learner in an AI-powered age. Attendees will also gain insider knowledge on the latest global and national trends, from AI adoption in classrooms to digital equity strategies, with concrete case studies they can quickly apply.
Supporting Teachers to Succeed in the Classroom Nelson continues to support educators across the country with current curriculum-aligned materials they need for their classrooms. For example, resources and content in Edwin were updated for the 2025/2026 school year based on the renewed K-12 curriculum in Manitoba.
The company also recently launched the Edwin Academy, where teachers can not only access classroom resources, but also training and just-in-time support. The Academy is designed to empower educators, curriculum leads and administrators with the tools they need to succeed when they use Edwin. It helps educators with common teaching and learning challenges, whether they’re integrating Edwin into lessons, supporting teachers in schools, or scaling professional learning across a district. While resources are available to all Edwin users, the Edwin Academy is available to all teachers. Additionally, parents can now access the same engaging educational resources to be used at home to complement and support their children’s learning journey. Learn more here.
Edwin AI resources will be available for educators from Nelson on edwin.app beginning mid-November 2025.
Government Job Seekers’ PII Exposed in House Democrats Resume Bank’s Data Breach
Posted in Commentary with tags Safety Detectives on October 27, 2025 by itnerdThe Safety Detectives team has discovered an unprotected database containing approximately 7,000 records linked to DomeWatch, the U.S. House Democrats’ official online resume bank.
The exposed data included names, email addresses, phone numbers, security clearance levels, political affiliations, congressional experience, and more.
Among the records, 469 individuals were listed with “top secret” federal security clearance, and over 4,000 indicated prior congressional experience.
This kind of exposure poses significant privacy and security risks, including potential identity theft, phishing, and social engineering targeting individuals connected to U.S. government operations.
The full report can be found here: https://www.safetydetectives.com/news/domewatch-breach-report/
Leave a comment »