Artificial Intelligence is cracking cloud security at high speeds and security teams just can’t keep up. This is one of the conclusions echoed in the “2026 Cloud Security Report: Enter the AI Era,” a new in-depth report published by Check Point Software Technologies.

In the report, shared with TechRadar Pro earlier this week, Check Point claims that businesses are aware of the risks posed by AI in the wrong hands, but simply don’t have the means to address it. Apparently, in response to AI, 77% of organizations have updated their security strategy for cloud this year, but just a quarter (26%) have the architecture to actually enforce it.

• Check Point’s 2026 Cloud Security Report warns AI is overwhelming cloud defenses
• While 77% updated cloud strategies, only 26% have architectures capable of enforcing them
• Researchers urge a unified, prevention‑first architecture

Tech Radar are reporting that at the same time, AI is being increasingly weaponized in phishing and malware attacks, at speeds to which “traditional security models” cannot respond.

“The impact is already measurable: 78% of organizations reported confirmed or suspected AI-related security incidents over the past year,” Check Point said.

“AI adoption has outpaced the architecture built to govern it. Agents are acting inside live systems; data is moving through external AI services, and most enterprises still lack the visibility and enforcement to keep pace,” commented Stuart Green, Cloud Solution Architect at Check Point. “Visibility, Control, and Security need to be present at all layers in the stack AI workloads will operate in.”

There are numerous challenges for businesses, especially cloud-native environments, the report further stresses. Besides infrastructure misalignment (52% of AI workloads span hybrid environments, yet 64% confirmed their architecture needs redesign), there are serious perimeter gaps (76% rated datacenter security as critical for AI, but just 35% said it can support current trends), as well as performance challenges (only 25% can fully inspect AI traffic without impacting performance).

Finally, there are issues with operational complexity (88% said AI increased security complexity), as well as problems with limited visibility (54% experienced an AI-related security incident, with 24% saying they couldn’t confirm due to lack of visibility).

The post Security Teams Can’t Keep Up with AI appeared first on Direct Submit.net.

In an increasingly complex cybersecurity landscape, the concept of “hacking yourself first” is not new as such. Organizations have long been engaging white hat hackers to simulate attacks and identify vulnerabilities before malicious actors can exploit them.

However, the traditional approach to red teaming, which typically involves selecting a few trusted individuals to test a system, is no longer sufficient.

The issue lies in scale and diversity. A small, internal team will always be limited by their own experiences and perspectives, while cybercriminals operate in a global, decentralized environment. To stay ahead, security testing has to reflect that same breadth and depth of capability.

An article on the Tech Radar website is saying that utilising this approach, they believe that this is where a more open and competitive red teaming model comes into its own. Rather than relying on a fixed set of internal engineers or external consultants, organizations are increasingly turning to decentralized architectures.

These invite skilled professionals from around the world to solve specific, targeted challenges. The best talent is incentivized to respond, and the organization benefits from rapid, high-quality insights tailored to the specific threats it faces.

In practice, this model offers two significant advantages to the ‘standard white hacking’ exercise.

First, it ensures that the right expertise is applied to the right challenge. Not every engineer is equipped to uncover flaws in VPN detection or anti-fingerprinting solutions. A decentralized approach enables organizations to source the most relevant skill sets directly, without needing to retrain or reallocate internal teams.

Secondly, the incentive mechanism encourages speed and transparency. Contributors are motivated to share findings immediately so that they can claim rewards. This reduces and even eliminates delays and ensures that critical information reaches defenders quickly.

The benefits of this approach are already being realized. In sectors such as fintech and Web3, attacks discovered through decentralized red teaming have been observed in the wild months later. This lead time allows businesses to prepare and adapt before those attacks gain traction in broader markets.

It’s important to recognize that decentralized red teaming is not about replacing traditional methods entirely. Conventional penetration testing still plays a valuable role in improving baseline security. But as threats evolve and attackers become more sophisticated, organizations need a more dynamic and scalable way to test their defenses.

Ultimately, the shift from reactive to proactive security cannot be achieved through periodic exercises alone. It requires continuous, adaptive engagement with the threat landscape, and a willingness to invite external expertise into the process.

By embracing a more competitive and decentralized approach to red teaming, businesses can significantly improve their resilience and stay one step ahead of attackers.

Cybersecurity is no longer about responding to yesterday’s threats. It is about anticipating tomorrow’s, and making sure your defenses are ready today.

The post Hacking Yourself for Proactive Cybersecurity appeared first on Direct Submit.net.

Fake CAPTCHAs are not just about copying and pasting links to malware – they can also be about sending an SMS to an international number and being charged a whole lot for the privilege. Security researchers from Infoblox recently published an in-depth report about an “underreported” type of CAPTCHA scam.

>>> Infoblox researchers expose long‑running CAPTCHA scam that tricks victims into sending costly international SMS messages

>>> Victims can unknowingly send dozens of texts, incurring charges while attackers profit through telecom revenue sharing

>>> The defense is simple: never send a text message to “prove you are human”

This particular campaign has been active since at least June 2020 and has been tricking people into sending SMS messages through social engineering and browser back button hijacking. During their research, they found 35 phone numbers in 17 different countries.

“The fake CAPTCHA has multiple steps, and each message crafted by the site is preconfigured with over a dozen phone numbers, meaning the victim isn’t charged for just a single message – they’re charged for sending SMSs to over 50 international destinations,” researchers David Brunsdon and Darby Wise wrote in their report.

One of the reasons why this sort of scam hasn’t been that widely reported is likely because of delayed billing, they added. International SMS charges are only a problem a few weeks later, when the bill arrives, and by then, “the experience with the fake CAPTCHA has been long forgotten.”

Another vital part of the effort are the malicious traffic distribution systems (TDS), which redirect the victim to these landing pages.

Here is how it works: a commercial TDS redirects a victim to a malicious website that requires the person to “confirm they are human” by sending an SMS. When the victim taps the button, the page uses built-in mobile features to open the SMS app with the number and message already filled in. The numbers are leased by the attackers.

The process then continues, and each subsequent step asks for another “confirmation”, triggering multiple SMS messages to different numbers. In the process, the victims may end up sending as many as 60 SMS messages to 15 different numbers, raking up expenses of up to $30. It may not sound like much, but this is a game of large numbers – with thousands of users falling victim, the figures quickly add up.

The victims in this campaign are both the end users and the telecoms, Infoblox concluded. Users, for obvious reasons, and telecoms – by paying revenue share to the perpetrators, as well as by sorting out chargebacks and customer refund requests.

Defending against the scam is simple, however. “Unfortunately, it needs to be said,” Infoblox stressed. “Do not send a text to confirm you are human.”

Article Source: Tech Radar

The post Fake CAPTCHAs Driving Global SMS Scam appeared first on Direct Submit.net.

Google has revealed its Gemini AI platform has helped the company filter out almost all malicious ads submitted to the Google Ads network in 2025.

In a new blog post, Google said its Gemini-powered tools “dramatically improved” its ability to detect and stop bad ads, catching more than 99% of policy-violating ads before they were ever served. “We’re continuing to evolve our defenses to stay ahead of even the most advanced schemes,” Google said.

• Google says Gemini blocked 99% of malicious ads in 2025
• AI tools removed 8.3 billion ads, suspended 24.9 million accounts, including millions tied to scams
• Gemini analyzes billions of signals to preemptively stop deceptive GenAI‑crafted ads

Being arguably the biggest advertising network on the planet, Google Ads is under a constant barrage of attacks: crooks steal other people’s accounts, or create new ones, then use Generative Artificial Intelligence (GenAI) to create convincing ads that just spoof other, known businesses.

These ads are then shown on the network, and different techniques are used to trick users into thinking they are visiting legitimate websites.

Now, Google says it is fighting fire with fire.

“This proactive approach helped us defend against bad actors. In 2025, we blocked or removed over 8.3 billion ads and suspended 24.9 million accounts, including 602 million ads and 4 million accounts associated with scams,” the company said.

Google Gemini now analyzes “billions of signals”, including account age, behavioral cues, and campaign patterns, to identify potential threats.

The company says these models are better at understanding intent, helping spot malicious content and preemptively block it, “even when it’s designed to evade detection”.

“Bad actors are using generative AI to create deceptive ads at scale, and Gemini helps us detect and block them in real time. By the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly, and harmful content was blocked at submission — a capability we plan to bring to more ad formats this year.”

Google also stressed that its advertiser verification program provides an additional prevention layer.

Article Source: Tech Radar

The post Google is Fighting AI Powered Ad Fraud appeared first on Direct Submit.net.

Cybercriminals using the so-called “spray and pray” tactic love to impersonate well-known brands. Especially ones with huge customer bases.

Amazon reportedly has around 310 million active customers, so they certainly qualify as a brand worth impersonating. And it shows in the sheer volume of scams that use its name.

The hook in a recent email campaign is the same: something you bought does not meet safety or quality standards.

Amazon account take-over (ATO) scams were numerous during the holiday season, and they haven’t gone away. The scammers have ported the “product recall due to safety concerns” text message scam over to email.

The fake product recall message is one of scammers’ most popular lures, and we’ve reported on in the past.

The UK’s Mirror reported on emails that read:

“Dear Customer, we are writing to inform you of a product recall affecting an item from your March 2026 order due to a design defect that may pose a potential safety risk. We apologise for any inconvenience this may cause and appreciate your prompt attention to this important safety matter. Thank you for your continued trust in Amazon.”

Following the link takes the target to a fake login page designed to steal their Amazon username and password.

These messages are intentionally vague about the nature of the product or the exact issue they’re being recalled for. The less specific they are, the more likely it is that someone will think, “This could be me.” If you’ve recently ordered something from Amazon, you’re more likely to fall for it.

How to avoid falling for Amazon phishing scams

• If you get a recall notice, don’t click any links. Instead, go straight to Amazon using the app or by typing the website into your browser. Then check the Message Centre in your account. Legitimate messages from Amazon will appear there.
• If you’ve fallen for this, change your Amazon password straight away and anywhere else you use that password. Monitor your bank statements for any unfamiliar charges, and contact your bank immediately if you see anything suspicious.
• While you’re in your Amazon account settings, turn on two-step verification.
• Report the scam to Amazon itself, whether you’ve fallen for it or not.
• In the US, forward scam texts to 7726 (SPAM) or use the “Report Junk” option. For emails, report them as spam in your inbox.
• Install web protection that can warn you of phishing sites, card skimmers, and other nasties that could lead to your data being taken.

Scammers sometimes use information they’ve found online to personalize their scam messages. Check what information is already out there about you using the free malwarebytes Digital Footprint scanner and then remove or change as much of it as you are able.

Source: Malwarebytes

The post Scammers Pose as Amazon Support to Steal your Account appeared first on Direct Submit.net.

Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday, after a group of hackers claimed responsibility for the hack.

In posts viewed by outlets, the criminals said they gained access to Rockstar servers managed by a third-party cloud provider and would publish stolen material online unless paid a ransom.

But Rockstar, confirming the hack to gaming publication Kotaku, downplayed the breach – saying “this has no impact on our organisation or our players”.

“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach,” a Rockstar spokesperson told the outlet, external.

The BBC has approached Rockstar for comment, and has spoken to the hackers responsible for this latest breach, who called themselves ShinyHunters.

They are a prolific group of English-speaking cybercriminals, thought to be in their teens, who specialise in data theft and extortion.

They previously claimed to be behind a hack targeting gig ticket operator Ticketmaster.

In the last two years the criminals have repeatedly broken into cloud storage systems used by major corporations and claim to have done the same with Rockstar Games.

ShinyHunters said the stolen data would be published online as their demands had not been met.

Law enforcement advice around the world is not to pay cybercriminal ransoms as it fuels the industry and there is no guarantee hackers will actually delete stolen data.

The incident marks the second time the blockbuster game developer has been hacked.

In 2023 an 18-year-old British hacker called Arion Kurtaj was given an indefinite hospital order after hacking into the company and stealing data, source code and video clips of the unfinished GTA 6 game.

The damaging hack saw 90 video clips of incomplete gameplay for Rockstar’s highly-anticipated new game published in online forums – prompting the firm to release its trailer for the game ahead of schedule.

The post GTA Maker Rockstar Games Hacked Again appeared first on Direct Submit.net.

Popular student information system (SIS) Infinite Campus has confirmed a data breach, reportedly carried out by the notorious hacker group ShinyHunters, who are now attempting to extort the company.

According to a data breach notification shared with affected individuals and later posted on Reddit, an unauthorized actor accessed an employee’s Salesforce account on March 18, 2026. Infinite Campus says its IT and security teams quickly removed the intruder, but not before the attacker obtained names and contact information of school staff. The company emphasized that most of the stolen information is “commonly found on school websites,” and that customer data was not targeted or compromised.

What Happened

• Breached system: Salesforce account
• Data exposed: Names and contact details of school staff
• Customer impact: None; no sensitive customer information was taken
• Ransom demand: Added to ShinyHunters’ leak site with a March 25, 2026 deadline

The attackers have claimed to have taken Salesforce records containing personally identifiable information (PII) and other internal corporate data. They added Infinite Campus to their data leak site, demanding payment in Bitcoin or Monero or threatening to release the files online.

ShinyHunters’ Pattern

While Infinite Campus did not publicly name the group, it described the attackers as a “group known for targeting Salesforce accounts of hundreds of companies,” strongly indicating ShinyHunters. The group has previously targeted major organizations, including Cisco, Adidas, Qantas, and Allianz Life, using tactics such as:

• Voice phishing (vishing): Trick employees into granting access
• OAuth token theft: Exploit legitimate authentication to access CRM data

Once access is gained, the attackers exfiltrate sensitive CRM data and demand ransom, often through cryptocurrency. Infinite Campus stated that it will not engage with the attackers, and has temporarily disabled some customer-facing services for users without verified IP addresses.

This incident highlights the growing threat to cloud-based services like Salesforce, especially in sectors handling sensitive educational and organizational data.

The post Students at Risk after Classroom Software Hacked appeared first on Direct Submit.net.

Global cybercrime syndicates are increasingly exploiting outdated software, misplaced trust in digital platforms, and the allure of fast money, putting millions of people at risk, according to a new research report from NordVPN’s Threat Intelligence unit and TechRadar’s security team.

The investigation highlights three major, interconnected campaigns that demonstrate how cybercriminals are scaling up operations and exploiting both technical vulnerabilities and human behaviour.

Exploiting Legacy Software

One of the primary campaigns centers on the exploitation of FCKeditor, a once-popular web-based text editor that was widely used in websites and content management systems during the 2000s and early 2010s. Although no longer maintained, the software is still in use across many sites, leaving them vulnerable to known security flaws.

The vulnerability in question, tracked as CVE-2009-2265, allows attackers to upload and execute malicious files on affected systems. NordVPN and TechRadar report that cybercriminals have already compromised more than 1,300 domains, including government websites, corporate platforms, research institutions, and major brands.

Attackers have been using these compromised websites to spread malware, redirect users to phishing sites, and conduct other fraudulent activity. Previous reporting by TechRadar revealed that dozens of university websites, including those of MIT, Columbia University, the University of Washington, and others, had been targeted. Government sites and commercial domains were also affected, including the Government of Virginia, the Government of Spain, and Yellow Pages Canada.

Once infiltrated, these legitimate domains become powerful tools for cybercriminals, helping them evade suspicion and reach a wider pool of victims.

A Sophisticated Crypto Scam

Another large-scale campaign focuses on cryptocurrency fraud. Victims receive emails claiming that a large crypto deposit, typically 15 Bitcoin, has been credited to a new account on an exchange. The message includes login credentials and a link to a fake exchange website, where the victim sees a fabricated balance.

To access the supposed funds, victims are asked to pay fees or taxes, often described as “gas fees.” Once paid, the money is stolen, and the victim is left with nothing.

NordVPN researchers identified more than 100 domains connected to this scheme, suggesting a well-organized operation.

“This is social engineering at an elite scale,” said Domininkas Virbickas, Product Director at NordVPN. “Criminals are leveraging the allure, and confusion, of cryptocurrency to reinvent old scams in new digital forms.”

Fake Online Stores on an Industrial Scale

The third campaign uncovered by researchers involves more than 800 fake online stores across categories such as fashion, automotive products, and health goods. These websites advertise extreme discounts and time-limited deals designed to create urgency and bypass consumer skepticism.

The operation has been linked to a single Chinese-speaking threat actor. The websites are built using common platforms such as WordPress, WooCommerce, and Elementor, making them easy to replicate and scale. Indicators such as untranslated Chinese characters and reused digital assets helped investigators trace the network.

Researchers also discovered that many of the fraudulent sites share the same hosting provider, registrar, and infrastructure patterns, allowing the operators to run a large, coordinated network of scams.

“This network demonstrates the industrialization of online fraud,” said Virbickas. “Automation and template-based site creation now allow single actors to manage entire fraudulent ecosystems that mimic legitimate online retail.”

A Growing, Coordinated Threat

The findings underscore how cybercriminal groups are becoming more organized, professional, and scalable. By combining technical exploitation with social engineering and industrial-scale fraud infrastructure, attackers are increasing their reach and impact.

As cybercrime becomes more sophisticated, users and organizations alike must stay vigilant, keeping systems updated, scrutinizing unexpected messages, and verifying websites before sharing personal or financial information.

The post Cybercriminals Are Industrializing Deception appeared first on Direct Submit.net.

When it comes to military firepower, the US and Israel are not shy about how they are attacking Iran. With professional photos and slick videos, US Central Command has been posting every few hours on social media about the kinds of weapons, jets and ships being used.

But the US and Israel are far more coy on what is happening in cyber-space. Over hours of press conferences, speeches and dozens of social media posts, mentions of cyber operations are vanishingly rare.

However, Iranian hackers have claimed their first prominent cyber-attack on a US company during the conflict, on US medical tech firm, Stryker.

The BBC news service is reporting that cyber is indeed playing a significant role in this war, as commander of the US Central Command Admiral Brad Cooper recently hinted in a press update.

“We continue with strikes into Iran from seabed to space and cyber-space,” he said.

Here is what we know about the types of cyber operations being carried out – and what it tells us about modern warfare.

Cyber-espionage and hacking are known to play a large role in so-called “pre-positioning” for war.

General Dan Caine, chairman of the joint chiefs of staff at the Pentagon, described in a press conference how the war was enabled by months, in some cases years, of planning that went into preparing the so called “target set” for strikes.

US and Israeli hackers could have infiltrated key computer networks in Iran long before any actual strike was planned.

Computer networks behind air defences or military communications would have been high-priority targets.

The Financial Times was told by unnamed sources that CCTV and traffic cameras had been hacked by Israel to create an enormous surveillance network, in order to establish so called “patterns of life” of Ayatollah Ali Khamenei and his commanders in preparation for the strike that killed him.

Internet-connected cameras have become a target in cyber warfare as they “offer real‑time situational awareness of streets, facilities, and movement at very low cost,” said Sergey Shykevich, threat intelligence expert at cyber-security company Check Point.

Commentators say this kind of information would be used alongside more traditional intelligence – such as that gathered from human spies.

“Cyber isn’t usually the decisive weapon on its own; it’s a force multiplier that helps shape the information environment and supports operations happening on the ground,” said Tal Kollender, former Israeli military cyber-defence specialist and founder of cybersecurity platform Remedio.

In a press conference given after the initial strikes,operatives in US Cyber Command and US Space Command were described by Gen Caine as the “first movers”, disrupting and “blinding Iran’s ability to see, communicate and respond”.

Some commentators suggest mobile phone towers were jammed or shut off to prevent the Ayatollah’s security team from being warned about incoming jets, for example.

This is not confirmed but we have seen this in other conflicts, such as the war in Ukraine.

US Defence Secretary Pete Hegseth also boasted during a more recent press conference that members of the Iranian military “can’t talk or communicate, let alone mount a coordinated and sustained offensive”.

The comments echo the words of President Trump when praising the success of the abduction of Venezuelan President Nicolas Maduro. “The lights of Caracas were largely turned off due to a certain expertise that we have,” he said after that operation.

It has not been confirmed if the president was referring to a cyber-attack, but in the newly-published US Cyber Strategy he went further in praising his cyber forces for that specific operation, saying that they rendered “our adversaries blind and uncomprehending during a flawless military operation”.

Israel is also being accused of hacking a popular Iranian prayer-timing app called BadeSaba which has 5 million downloads. Reuters reported that a push notification was sent to users just as the bombs began to hit saying “help has arrived”.

Secretary Hegseth spoke this week about the continuing operation of “hunting for more systems to kill” – and cyber may well play a role in this stage of the war with operatives using open source intelligence, satellite imagery analysis and cyber-espionage to locate military targets in Iran.

The use of Artificial Intelligence (AI) tools are probably being heavily employed in this work too. A possible hint of this came again from Hegseth who praised an intelligence operative he saw in action.

“I was talking to a young colonel who’s iterating on how we target and how we find and fix different aspects of what the Iranians are trying to do,” he said, being careful not to give away too much detail.

The post Role Cyber Warfare has Played in Iran? appeared first on Direct Submit.net.

An error in coding of a PayPal app left some customers’ data exposed and even resulted in a few fraudulent transactions, the ecommerce company has confirmed. PayPal recently notified a subset of its customers that it identified a bug in its PayPal Working Capital (PPWC) loan application, which works as a business financing product, giving eligible businesses a cash advance, based on their PayPal sales history.

Discovered on December 12, 2025, the bug was leaking sensitive data for more than five months, between July 1, 2025, and December 13, 2025, including user names, email addresses, phone numbers, business addresses, Social Security numbers (SSN), and dates of birth.

This is a potent mix of data that can easily be leveraged in a phishing email, tricking users into giving away their login credentials and thus access to funds, as well.

The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.

To make matters worse, it seems that the bug itself also granted malicious actors access to other people’s funds. In the warning email, PayPal said that “a few customers experienced unauthorized transactions on their account.”

We don’t know how many “a few” actually are, but PayPal stressed that the unauthorized access was revoked, and victims reimbursed. It also said that all victims had their passwords reset, and that the change in code responsible for the intrusion was rolled back.

“We have not delayed this notification as a result of any law enforcement investigation,” PayPal added.

The company also understands the potency of personally identifiable data (PII), which is why it is offering two years of complimentary credit monitoring and identity restoration services through Equifax. This is, more or less, standard practice in incidents such as this one. However, it stressed that its systems were not compromised:

“When there is a potential exposure of customer information, PayPal is required to notify affected customers. In this case, PayPal’s systems were not compromised,” a company spokesperson told TechRadar Pro.

As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.”

Finally, the company urged all customers to remain vigilant of incoming emails, and to be extra careful when clicking on links or downloading attachments.

The post PayPal Data Breach & Info Exposed appeared first on Direct Submit.net.