Forcepoint X-Labs Post –> Sharp Rise: Obfuscated JavaScript & Steganography Enabling Malware Delivery

Posted in Commentary with tags on October 8, 2025 by itnerd

This morning, the researchers at Forcepoint X-Labs have released new findings confirming that in Q3, organizations across industries have seen a steep increase in JavaScript-attachment-based campaigns that deliver a variety of information-stealing and RAT malware, such as DarkCloud, Remcos, Agent Tesla, and Formbook.

Authored by Senior Security Researcher Mayur Sewani, the post discusses (with supporting images and code) how attackers are cloaking their lures in everyday business communications with fake quotes, purchase orders, shipment alerts and even WeTransfer-style links to slip past conventional filters and take advantage of recipient’s trust. For this analysis, the X-labs team reviewed thousands of email subject lines and found similar social engineering tactics being used repeatedly.

These scripts act as downloaders, using PowerShell and steganography to deliver .NET-based RATs and Infostealers. Advanced obfuscation, sandbox evasion, and process hollowing highlight the increasing sophistication of these attacks. 

Sewani recommends that organizations combine advanced email filtering, endpoint protection, and user awareness to mitigate these threats.

The full post can be found at: https://www.forcepoint.com/blog/x-labs/q3-2025-threat-brief-obfuscated-javascript-steganography

Leave a comment »

Canadian solar software company announces seed financing

Posted in Commentary with tags on October 8, 2025 by itnerd

Enurgen today announced it has secured $4.1M USD in new financing. The round was co-led by BDC, Brightspark, and Diagram, with participation from MaRS IAF.

The investment will accelerate the global expansion of Enurgen’s flagship software platform. Enurgen’s novel energy yield modelling software leverages advanced, physics-based models across the lifecycle of solar assets to deliver breakthrough rates of returns.

Meeting Market Momentum

This investment meets a critical moment in the solar industry. Global adoption is surging, but the sector is grappling with intense growing pains. Key incentives are disappearing, designs are becoming more complex, and Power Purchase Agreement (PPA) prices are under constant pressure. This puts downward pressure on PPA prices and exacerbates the challenge of systemic underperformance, where projects often fail to meet their financial expectations. As a result, there is a surging demand for more accurate models that can maximize returns and ensure long-term cash flows are realized.

Enurgen’s novel, physics-based approach is well-positioned to solve the model-to-field accuracy problem. It drives new energy yield performance gains across the entire asset lifecycle, from early-stage design into day-to-day operations, closing the critical gap between budgeted, expected, and realized energy yields.

Product and Market Impact

Enurgen’s DUET model, backed by over a decade of research and development, delivers high-resolution, 3D solar irradiance modelling. This novel approach enables incident light calculations to scale from an individual solar cell to gigawatt-scale ($1Bn+) power plants. As a result, it introduces new ways to:

  • Optimize energy yields (rates of return) for solar power plants,
  • Accelerate capacity and performance testing, ensuring power plants come online faster, and
  • Automate PV performance in operations, allowing small teams to effectively manage large portfolios of solar assets and quickly address the most critical issues.

By combining detailed simulations with real-world performance data, the gap between budgeted, expected, and actual production can be solved, turning energy yield into a predictable, bankable metric.

Next Phase of Growth

The funding will enable Enurgen to:

  • Expand customer deployments across key global markets,
  • Grow its technical and commercial teams to meet global demand,
  • Accelerate its product roadmap and release of next generation models, and
  • Strengthen customer support and partnerships to drive larger portfolio deployments.

Leave a comment »

Bolo Program Unveils New Top 25 of Canada’s Most Wanted Fugitives

Posted in Commentary with tags on October 8, 2025 by itnerd

The faces of Canada’s most wanted fugitives filled a Vancouver news conference today as the latest iteration of the Bolo Program’s Top 25 list was unveiled, along with new incentives for members of the public to call in tips about the fugitives’ whereabouts.

Twenty-five ‘models’ filled a Vancouver Club ballroom clad in ‘spoof masks’ bearing the faces of fugitives wanted by 15 police agencies across the country, a one-of-a-kind innovative concept deployed for the first time by Bolo.

At the top of the list unveiled during the news conference is Quebec man Bryan Fuentes Gramajo, wanted by Toronto Police Service for a brazen and deadly shooting outside a north Toronto mall July 17, 2025. Fuentes Gramajo is believed to be a member of Zone 43 street gang, which operates heavily in Ontario and Quebec, with strong ties to British Columbia.

More than half a million dollars in rewards are being offered for information leading to the arrests of various suspects on the Top 25 list, an initiative that has seen great success in the past. The previous iteration of the list, unveiled in December 2024, saw nine of the 25 fugitives arrested. Of the 78 suspects featured in Bolo campaigns since the program’s inception in 2018, 42 have been located.

The latest iteration of the Top 25 list includes fugitives wanted by the Lévis Police Service, Montréal Police Service, Sûreté du Québec, Ottawa Police Service, Toronto Police Service, York Regional Police, Greater Sudbury Police Service, OPP ROPE Squad, Ontario Provincial Police, Winnipeg Police Service, Calgary Police Service, Edmonton Police Service, Delta Police Department, and Vancouver Police Department.

Top 25 List

  1. Bryan Fuentes Gramajo
    Wanted by Toronto Police Service for Murder
    Reward up to $100,000
  2. All Boivin
    Wanted by Sûreté du Québec for Drug Trafficking
    Reward up to $100,000
  3. Tamah McLean
    Wanted by Toronto Police Service for Murder
    Reward up to $100,000
  4. Tresor Horimbere
    Wanted by Winnipeg Police Service for Murder
    Reward up to $100,000
  5. Dylan Denis
    Wanted by Montréal Police Service for Murder
    Reward up to $100,000
  6. Pierry Philogène
    Wanted by Montréal Police Service for Murder
  7. Chad Dandan
    Wanted by Winnipeg Police Service for Murder
  8. Katherine Bergeron-Pinzarrone
    Wanted by York Regional Police for Murder
  9. Saed Osman
    Wanted by Edmonton Police Service for Murder
    Reward up to $50,000
  10. Noah Singh
    Wanted by Greater Sudbury Police Service for Murder
  11. Mohamed Shire
    Wanted by Ottawa Police Service for Murder
    Reward up to $50,000
  12. Dellano Robertson-Berry
    Wanted by Toronto Police Service for Murder
  13. Omid Mashinchi
    Wanted by Vancouver Police Department for Conspiracy
  14. Adrian Walker
    Wanted by Toronto Police Service for Murder
  15. Nicholas Singh
    Wanted by Ontario Provincial Police ROPE Squad for Being Unlawfully at Large
  16. Gurkirat Singh
    Wanted by Delta Police Department for Sexual Interference (Person under 16)
  17. Yusuf Ali
    Wanted by Winnipeg Police Service for Attempted Murder
  18. Joshua Grey
    Wanted by Ontario Provincial Police ROPE Squad for Being Unlawfully at Large
  19. Gibriil Bakal
    Wanted by Ottawa Police Service for Murder
  20. Christian Cuxum
    Wanted by Toronto Police Service for Murder
  21. Dharam Dhaliwal
    Wanted by Peel Regional Police for Murder
  22. Tommy Bernier-Thibault
    Wanted by Service de police de la Ville de Lévis for Assault
  23. Kiarash Parzham
    Wanted by Toronto Police Service for Murder
  24. Talal Amer
    Wanted by Calgary Police Service for Manslaughter
  25. Danick Miguel Bourgeois
    Wanted by Ontario Provincial Police for Murder

For information on each case, visit boloprogram.org.

Leave a comment »

Inspired Go announces partnership with Haven Greens to deliver year-round greenhouse-grown lettuce for ready-to-eat meals in Canada

Posted in Commentary with tags on October 8, 2025 by itnerd

Inspired Go announced today that it has partnered with Haven Greens, Canada’s first fully automated greenhouse, to source 100 percent of the leafy greens used in its ready-to-eat meals. The agreement reflects a shared commitment to sustainability, innovation and building a more reliable food supply to Canadians.

Haven Greens, a Canadian, climate-controlled, touchless greenhouse, produces approximately 10,000 pounds of lettuce per day, 365 days a year, using AI-driven monitoring, robotics, and mobile gutter systems to oversee every step of production, from seeding to harvest. The closed-loop hydroponic system uses 90 percent less water than field farming, recycles nutrients, composts growth media, and is on track to achieve net-zero operations by 2027 with a 3 MW solar field under development.

Inspired Go integrates Haven Greens’ greenhouse harvests with its patented hexagon packaging, validated through third-party shelf-life testing to keep meals fresh for 5–7 days. The hexagon design not only protects ingredients from mingling but also stacks securely, reinforcing freshness and quality for customers.

To ensure delivery at peak condition, Inspired Go manages a network of 500+ trained contract drivers who operate optimized weekly routes across Canada’s major cities. Supported by dispatchers and guided by Inspired Go’s routing app, the drivers maintain predictable coverage and freshness for a highly perishable product category.

The company was recently named Champion winner of the Recharge Tomorrow Brand Challenge, a global competition recognizing ecommerce brands that excel in building strong, loyal subscription communities. Industry observers point to Inspired Go’s vertically integrated model, pairing local greenhouse sourcing, patented packaging, and direct-to-fridge delivery, as an example of how prepared food businesses can align sustainability, efficiency, and customer convenience.

For more information, visit inspired.ca

Leave a comment »

Canadian companies embrace AI for cybersecurity, but skills gap remains a hurdle for unlocking full potential

Posted in Commentary with tags on October 8, 2025 by itnerd

Today, Fortinet released its 2025 Global Cybersecurity Skills Gap Report. While organizations are embracing AI to enhance cybersecurity, the persistent skills gap prevents them from unlocking its full potential and creates new risks. 

Here is a summary of the report’s key findings: 

  • As organizations are increasingly turning to AI to strengthen their security postures and fill gaps, they also acknowledge that AI may be used against them as an engine of new or improved cyberattacks, especially given the lack of AI skillsets across teams. While 78% of Canadians surveyed say AI is helping their IT and security teams become more effective, nearly half (47%) point to a lack of staff with sufficient AI expertise as the biggest challenge to successful implementation. 
  • Lack of cybersecurity awareness and training remains the top cause of breaches. 51% of Canadians surveyed indicated a lack of IT security skills and training as one of the leading causes of breaches in their organizations. 
  • Boards lack cyber knowledge, despite it being a priority. Cybersecurity is now seen as a top business and financial priority, yet fewer than half (41%) of all Canadian respondents indicated their boards fully understand the risks posed by AI. 
  • Organizations want cybersecurity personnel with certifications. 83% of Canadian IT decision-makers prefer to hire candidates who hold certifications, seeing it as validation for their knowledge and ability to stay current. 

The full report can be found here.

Leave a comment »

Kids Help Phone Sets a New Standard of Care for Youth Mental Health at Elevate 2025

Posted in Commentary with tags on October 8, 2025 by itnerd

One year after introducing acceleratorKHP on the Elevate stage as a bold catalyst for youth mental health innovation in Canada, Kids Help Phone (KHP) returned to announce a transformative shift in mental health support that seamlessly integrates human connection with the power of generative AI, setting a new benchmark for care in the digital age.

Youth in Canada are facing a mental health crisis. Since 2020, KHP has interacted with young people more than 22 million times. Over the past decade, the number of young people reporting good mental health has steadily declined. Today, suicide is the second leading cause of death among young people in Canada.

For over 36 years, KHP has been a trusted leader in youth mental health in Canada. No one understands the evolving needs of young people across the country quite like KHP, because the organization interacts with youth more than 4 million times annually.

To fulfill its promise of offering new pathways to help that are authentic and intuitive in young people’s worlds, KHP is building a new standard of care. Through acceleratorKHP, the organization is revolutionizing how youth mental health supports are designed and delivered—leveraging one of a kind coast to coast-to-coast clinical infrastructure, real-time de-identified and anonymized data, research, AI, and partnerships to ensure youth can access help whenever and wherever they need it most.

Developed through acceleratorKHP, KHP’s GenAI tool will offer a personalized experience built with and for young people—providing choice, flexibility, safety, and credibility.

At the heart of this innovation is KHP’s extraordinary data resource: over 50 million data points that have been aggregated and anonymized from conversations with youth. Rather than offering one-size-fits-all support, acceleratorKHP is unlocking new possibilities for personalization, accessibility, and relevance. The GenAI tool is being co-created with youth and is actively in prototyping—because that’s the only way to truly understand and meet their needs. By putting youth at the center and prioritizing safety from the start, KHP is building a tool that truly understands and protects those it’s meant to serve.

Blending human connection with KHP’s GenAI product in development, young people will experience a new standard of support—one that understands their unique words, feels intuitive from the beginning, and evolves with their needs.

The GenAI tool will be able to appropriately assess risk levels, whether it’s a minor concern, suicidal ideation, or suicidal action and initiate the right steps to keep the young person safe. A trained KHP clinical professional will always be available to respond, 24/7.

KHP’s work is possible because its models are trained on KHP’s one-of-a-kind, diverse data set, integrated with clinical frameworks and quality assurance processes that have made the organization a trusted space for youth for over three decades.

While the GenAI tool is still in early development, the vision is clear: to connect young people to the support they need, in the moments they need it most, and in ways that reflect the realities of their world today. Because to young people, help means everything.

Fast Facts

  • 75% of service users tell KHP something they’ve never told anyone before
  • Since the start of 2020, KHP has had more than 22 million interactions with service users across Canada
  • Last year, 49 per cent of youth said that if they had not reached out to KHP, they would have ignored the issue or hoped it went away, which is a significant barrier to good mental health

To get involved with acceleratorKHP and follow KHP’s innovation journey, visit www.acceleratorkhp.ca

Leave a comment »

Smart Device Security: 178 countries ranked by smart device security requirements 

Posted in Commentary on October 8, 2025 by itnerd

Despite its relatively recent inception (2008/2009), the Internet of Things (IoT) industry is one of the fastest-growing markets in the world. The number of IoT-connected devices exploded from 15.4 billion in 2015 to 75.4 billion in 2025, but smart device security hasn’t always been a priority as manufacturers scramble to release devices as quickly as possible.

Related to this, Comparitech researchers have released a study to answer the following questions: 

  1. Where in the world are smart devices the most and least secure?
  2. Which countries protect consumers and smart device users through adequate legislation and labeling?
  3. And which countries have the highest number of vulnerable internet-exposed devices?

You can read the study here: https://www.comparitech.com/news/smart-device-security/

Leave a comment »

Saviynt Launches UNLOCK Global Tour to Showcase the Future of AI-Powered Identity Security

Posted in Commentary with tags on October 7, 2025 by itnerd

 Saviynt, a leader in AI-powered identity security solutions, today announced the launch of its global UNLOCK Tour: Unlock Possibility. Govern Every Identity. Accelerate with AI. This exclusive 2025 event series will explore how organizations are approaching the AI era – spotlighting AI’s incredible potential alongside the critical need to secure and govern it. Attendees will gain actionable blueprints from global industry leaders and practitioners on how intelligent identity security can help enterprises achieve more than they ever thought possible.

The tour will feature a session led by Amazon Web Services (AWS) titled “Leveraging AI to Unlock Productivity and Elevate Security of Cloud Workloads.” In collaboration with Saviynt, AWS will showcase how organizations can harness the power of AI to achieve new levels of security, operational efficiency, and innovation in the intelligence age.

At each UNLOCK event, attendees will:

  • Hear from Industry Leaders and Analysts – Insights from global security experts, including keynote perspectives from recognized veterans and analysts such as Martin Kuppinger, Principal Analyst and Co-Founder of KuppingerCole.
    Explore AI’s Promise and Risks – Understand how AI is reshaping the enterprise, and why securing and governing it is essential to success.
    Experience Real-World Strategies – Learn from customer transformation stories and live demos of AI-powered identity security capabilities in action.
    Gain Practical Blueprints – Frameworks for streamlining compliance, consolidating tools, and improving efficiency.
    Connect with Peers and Innovators – Build relationships through panels, roundtables, networking, and executive 1:1s, with Saviynt executives including CEO Sachin Nayyar, President Paul Zolfaghari, Chief Product & Strategy Officer Jeff Margolies, COO Shankar Ganapathy, Chief Product Officer Vibhuti Sinha, SVP of Strategy Henrique Teixeira, Field CTO David Lee, and Field CIO Simon Gooch.

2025 UNLOCK Tour Dates:

  • Singapore, October 3 (Invite Only)
  • New York City, October 14
  • Frankfurt, October 21
  • London, October 23
  • Sydney, October 28
  • Gothenburg, October 28
  • Toronto, November 4
  • Paris, November 6
  • Dallas, December 11

Saviynt’s UNLOCK Global Tour is complimentary for prospects, customers, and partners. To learn more about the event and register for a city near you, please visit https://saviynt.com/unlock-roadshow.

Leave a comment »

ESET Research discovers new spyware posing as messaging apps targeting users in the UAE

Posted in Commentary with tags on October 7, 2025 by itnerd

ESET researchers have uncovered two Android spyware campaigns targeting individuals interested in secure communication apps, namely Signal and ToTok. These campaigns distribute malware through deceptive websites and social engineering and appear to target residents of the United Arab Emirates (UAE). ESET’s investigation led to the discovery of two previously undocumented spyware families: Android/Spy.ProSpy impersonates upgrades or plugins for the Signal app and the controversial and discontinued ToTok app, and Android/Spy.ToSpy impersonates the ToTok app. The ToSpy campaigns are ongoing, as suggested by C&C servers that remain active.

ESET Research discovered the ProSpy campaign in June 2025, and it has likely been ongoing since 2024. ProSpy is being distributed through three deceptive websites designed to impersonate communication platforms Signal and ToTok. These sites offer malicious APKs posing as improvements, disguised as a Signal Encryption Plugin and ToTok Pro. The use of a domain name ending in the substring ae.net may suggest that the campaign targets individuals residing in the United Arab Emirates, as AE is the two-letter country code for the UAE.

During the investigation, ESET discovered five more malicious APKs using the same spyware codebase, posing as an enhanced version of the ToTok messaging app under the name ToTok Pro. ToTok, a controversial free messaging and calling app developed in the United Arab Emirates, was removed from Google Play and Apple’s App Store in December 2019 due to surveillance concerns. Given that its user base is primarily located in the UAE, it is likely that ToTok Pro may be targeting users in this region, who may be more liable to download the app from unofficial sources in their own region.

Upon execution, both malicious apps request permissions to access contacts, SMS messages, and files stored on the device. If these permissions are granted, ProSpy starts exfiltrating data in the background. The Signal Encryption Plugin extracts device information, stored SMS messages, and the contact list, and it exfiltrates other files – such as chat backups, audio, video, and images.

In June 2025, ESET telemetry systems flagged another previously undocumented Android spyware family actively distributed in the wild, originating from a device located in the UAE. ESET labeled the malware Android/Spy.ToSpy. Later investigation revealed four deceptive distribution websites impersonating the ToTok app. Given the app’s regional popularity and the impersonation tactics used by the threat actors, it is reasonable to speculate that the primary targets of this spyware campaign are users in the UAE or surrounding regions. In the background, the spyware can collect and exfiltrate the following data: user contacts, device information files such as chat backups, images, documents, audio, and video, among others. ESET findings suggest that the ToSpy campaign likely began in mid-2022.

For a more detailed analysis and technical breakdown of Android/Spy.ProSpy and Android/Spy.ToSpy, check out the latest ESET Research blog post, “New spyware campaigns target privacy-conscious Android users in the UAE” on WeLiveSecurity.com.

Leave a comment »

Cybercrime: Who’s Paying, How Much, and What’s Changing

Posted in Commentary with tags on October 7, 2025 by itnerd

VPN Mentor has just published a report with the results of a research they have recently conducted related to the cost of cybercrime during the last year. While conducting the research they identified some key elements such as:

  • Only about 1 in 10 ransomware victims officially report their attacks or losses to authorities.
  • In 2024, the total number of cybercrime complaints reported to the FBI’s IC3 reached 859,532.
  • Phishing was the most-reported cybercrime in 2024 with 193,407 complaints.
  • In 2024, financial losses due to cybercrime reached a new record of an astounding $16.6 billion.
  • In 2024, investment scams led to financial losses nearing $6.6 billion.

You can check the full report here: https://www.vpnmentor.com/blog/cybersecurity/the-cost-of-cybercrime-whos-paying-how-much-and-whats-changing

Leave a comment »

« Older Entries
Newer Entries »