From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in "10 Emerging Vulnerabilities Every Enterprise Should Know," a Dark Reading webinar — as they continuously rise and develop in 2025.

**Zero-Day Exploits**

Zero-days and their increase in volume across the cybersecurity landscape is a particularly concerning trend, as there is no patch for these bugs when they're discovered. Attackers are also able to exploit systems using these vulnerabilities undetected, as safeguards have not been put in place by organizations or enterprises yet.

High-profile zero-day vulnerabilities include Log4Shell, tracked as CVE-2021-44228, a critical RCE bug within Log4j's Java Naming and Directory Interface (JNDI). By exploiting the vulnerability, attackers were able to easily take control of vulnerable systems, a considerable threat as Log4j is used in nearly every Java application.

Other vulnerabilities include PrintNightmare and Proxyshell, both remote execution flaws that were exploited quickly and widely, according to Clark.

"The rise in zero-day exploits is partly driven by just more sophisticated threat actors," Clark said in the Dark Reading webinar. "This can include things like nation-states and also using them in targeted attacks."

Chad Graham, cyber incident response team (CIRT) manager at Critical Start, however, believes that advancements with AI will change the landscape in 2025.

"Both attackers and defenders will rely on AI-driven tools to automate the search for hidden software flaws," Graham says. "This shift will likely result in a more dynamic cybersecurity landscape, where continuous innovation and adaptation become the norm."

**Supply Chain Attacks**

Supply chain attacks remain an active threat and tend toward the severe as their impact cascades on to multiple parties: customers, suppliers, and other third parties. Attackers exploit a trusted resource and ultimately gain access to not just one organization, but multiple. These kinds of threats remain concerning as organizations depend more and more on outsourcing services.

The best known example is the SolarWinds breach, which impacted the SolarWinds Orion system, at the hands of a group known as Nobelium. More than 30,000 organizations — including state and federal agencies — used the Orion network management system, resulting in the backdoor malware compromising thousands of data, network, and systems.

Tracked as CVE-2020-10148 with a CVSS score of 9.8, the authentication bypass bug allowed an unauthenticated attacker to execute API commands. The attackers in question were advanced persistent threat (APT) actors who infiltrated into the SolarWinds’ supply chain to insert a backdoor.

"The complexity of modern supply chains makes it challenging to secure all the dependencies," Clark said in the webinar. "This underscores the need for rigorous third-party risk management."

In the year ahead, Dana Simberkoff, chief risk, privacy, and information security officer at AvePoint, believes that there will be a sharpened focus on supply chains and third-party risk management.

"The CrowdStrike incident wasn't just a wake-up call — it was a stark reminder that in our interconnected ecosystem, one weak link can trigger a catastrophic chain reaction," Simberkoff says.

**Remote Work Infrastructure Exploits**

Since 2020 and the COVID-19 pandemic, organizations have leaned into remote and hybrid work offerings, increasing the risk of cybersecurity threats and becoming a significant concern. Attackers focus on vulnerabilities that allow users to engage in remote work such as VPNs, remote desktop protocols (RDPs), and phishing attacks through platforms such as Zoom and Microsoft Teams.

There have been several notable incidents in which VPNs and RDPs were leveraged, allowing threat actors to gain access to enterprise systems and networks. In addition, remote workers are often operating from less secure environments, causing an uptick in phishing attacks as the threat actors try to take advantage of these blind spots.

"The shift to remote work has expanded the overall attack surface, Clark said in the webinar. "Remote workers often need more security controls than those that are working \[onsite\], which can lead to significant vulnerabilities."

Recent examples of vulnerabilities remote and hybrid work vulnerabilities include CVE-2024-38199, a remote code execution vulnerability (RCE) in the Windows or Line Printer Deamon (LPD) Service, and CVE-2024-21433, a Windows Print Spooler elevation of privilege vulnerability.

"Remote work infrastructure will continue to be a prime target for cybercriminals in 2025, with an increase in sophisticated attacks on cloud services, VPNs, and collaboration tools," says Stephen Kowski, field CTO at SlashNext Email Security+. "We'll likely see more AI-powered threats designed to bypass traditional security measures, exploiting vulnerabilities in interconnected devices and home networks."

**Exploitation of AI and Machine Learning Systems**

With the rise of AI and its increasing use amid the public, comes widespread risk of exploitation from attackers. Clark noted of adversarial attacks, data poisoning, and model inversion attacks that are at the forefront of emerging threats for AI and machine learning (ML) systems in particular. 

The nature of some ML systems requires feeding a system information for the best results, the system becoming more familiar with the user over time. When attacks target these systems, it can lead to unauthorized access to sensitive data stored and processed within these tools, as well as incorrect predictions or biased decisions.

"AI models will be key areas of exploitation in 2025," says Rom Carmel, co-founder and CEO at Apono. "As AI and machine learning become integral to identity verification systems, attackers will find ways to poison AI models or bypass them."

AI can also simply be manipulated for malicious ends, as seen when an AI deepfake robocall was created to impersonate US President Joe Biden to encourage individuals not to vote in the New Hampshire's Democratic primary, an event that could have had severe consequences on the US electoral process.

"The threat landscape is evolving with the rapid adoption of AI and ML," Clark said in the webinar. "Attackers increasingly focus on these systems to undermine their reliability and exploit vulnerability."

**Cloud Misconfigurations**

As organizations continue to shift their operations to the cloud, it will continue to emerge as a space for threat actors to thrive, often due to the cloud simply not being set up correctly.

Common examples of threats that circulate within the cloud are publicly accessible S3 buckets, misconfigured security groups in AWS, and exposed databases.

"Cloud misconfigurations can have severe impacts related to data breaches, unauthorized access to critical systems, financial loss, and reputational damage," Clark said. He added that the complexity of these environments is going to increase leading to more frequent configuration errors.

In the past, Amazon and Microsoft cloud environments have exposed customer data, such as viewing habits, names, email addresses, email content, and phone numbers. The leaks aren't due to vulnerabilities but misconfigurations ranging from insecure read-and-write permissions to inaccurate access lists and misconfigured policies.

"To successfully prevent cloud breaches in 2025, companies need to focus on three key areas: visibility, access control, and continuous monitoring," says Jason Soroko, senior fellow at Sectigo. "Cloud environments are dynamic, so your security needs to be dynamic too."

**IoT Device Vulnerabilities**

IoT devices are allowing for emerging threats to thrive, being easy targets for threat actors to exploit, whether it be due to weak default passwords, lack of encryption, or insecure firmware.

Common attacks that IoT devices face are data theft, network breaches, and distributed denial-of-service (DDoS) attacks. A recent example emerged in the Common Unix Printing System (CUPS) for managing printers and print jobs. The series of vulnerabilities, tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 could allow bad actors to stage DDoS attacks within seconds for less than 1 cent while using an available cloud platform.

"Just the sheer volume of connected devices really exacerbates the threat," Clark noted in the webinar. "Securing these devices becomes really challenging due to their diversity and often limited processing power for adding security features."

And as the use of IoT, OT, and 5G networks continues to rise, organizations will need cyber threat intelligence (CTI) to extend beyond traditional IT environments, says Callie Guenther, senior manager, cyber threat research at Critical Start. "This expansion, which will continue throughout 2025, will add complexity to CTI, requiring more granular insights and specific intelligence data."

**Cryptographic Weaknesses**

According to Clark, cryptographic weaknesses continue to pose a significant threat because these kinds of vulnerabilities undermine the foundation of secure communication and data protection. These weaknesses often manifest in one of two ways: flaws in encryption algorithms, or how the algorithms are implemented.

"The rising threat is kind of compounded by the fact that as computational capability advances, that previously secure crypto standard now becomes increasingly more vulnerable," Clark said in the webinar.

He recommended regularly updating cryptographic libraries, and enforcing strong encryption protocols to avoid exploitation attempts like man-in-the middle attacks, data integrity issues, and the exposed sensitive information.

Just recently, Acros Security discovered a vulnerability, similar to CVE-2024-38030, that enables an attack in which a vulnerable device is coerced into sending NTLM hashes, which is the cryptographic version of a user's password, to a threat actor.

"We have never before required from \[cloud service providers\] such granular and detailed information on the type of encryption in use, but customers (government and non-government customers alike) will require this level of detail to ensure their encryption standards are being met," says Philip George, executive technical strategist at InfoSec Global Federal.

**API Security Gaps**

More organizations are relying on APIs to connect systems; however, these APIs are at risk when they have flaws in the design or the implementation of the APIs. Attackers are able to breach systems through unauthorized access, allowing them to manipulate certain restricted actions.

A notable example of this is the exposure of user data through Facebook’s API, though these flaws are also abundant in other sectors such as healthcare or financial services. 

Gaps in API security ultimately serve as a launchpad, often for data breaches which can lead to the loss of sensitive information, unauthorized transactions, reputational damage, and significant financial loss.

"The threat is escalating as API is becoming more prevalent, increasing the number of potential attack surfaces," Clark said. "To mitigate these risks, it's essential to secure your API endpoints, enforce robust authentication mechanisms, and regularly update and audit API access."

A Docusign API was recently used in a wide-scale phishing campaign due to its "API-friendly environment," which is beneficial for businesses but also provides a way for bad actors to conduct malicious operations. The flaw could ultimately could have led to instances of fraud, though there are ways for users to avoid and detect such API abuse.

In the coming year, the cyber landscape will continue to evolve, API being in the forefront of these changes.

"We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures," says Eric Schwake, director of cybersecurity strategy at Salt Security. "One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security."

**Ransomware Evolution**

"We could do a whole webinar on ransomware," Clark said in the webinar, which raises the question: Can ransomware even be considered an emerging threat? 

The answer is yes, though ransomware attacks have become one of the most disruptive and costly cyberattacks out there largely due to their rapid evolution.

One of the most notable ransomware attacks occurred on Colonial Pipeline, which shut down its entire operations for the first time, leading to fuel shortages and four states on the East Coast declaring a state of emergency. The ransomware attack prompted action from national security and the executive branch and forced a reevaluation of the nation's critical infrastructure security.

Threat actors know they can win big when demanding ransoms from organizations, such as those in the healthcare sector, which will pay these high prices in order to help patients in need.

"As these attacks are becoming more targeted and, frankly, aggressive, it's crucial to start to implement backup strategies that are robust, strengthen your overall incident response plans, and continuously educate your employees on recognizing and avoiding things like phishing attempts that can often serve as an entry point for ransomware," Clark said in the webinar.

Backups may not always be an option, according to Brandon Williams, chief technology officer at Conversant Group.

"Some threat actors have moved to deleting data as part of their normal motions," he says. "If this gains traction in 2025, organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool. The only method of recovery will be backups; however, data shows that backups do not typically survive these breaches."

**5G Network Vulnerabilities**

5G networks are being rapidly deployed, and with them come threat actors' awareness and exploitation of its vulnerabilities. Attackers are increasingly able to target 5G infrastructure with ease, and these open the door for even bigger threats such as large-scale DDoS attacks, unauthorized data access, and disruption of our critical services.

"As we consider the rising threat, the global rollout of 5G brings an increasing number of connected devices," Clark said in the webinar. "The rising number amplifies their attack risk, particularly given their reliance on cloud-native infrastructures."

At Black Hat 2024 in Las Vegas, seven Penn State University researchers detailed how mobile devices are at risk of data theft and denial of service due to 5G technology vulnerabilities. Threat actors use these resources simply by providing someone with an Internet connection, allowing easy access to spying, phishing, and more. 

"Vulnerabilities such as lack of initial broadcast message authentication, spectrum slicing, silent downgrade, and unsecured DNS paging currently affect 5G networks," says Mayuresh Dani, manager, security research, at Qualys Threat Research Unit. "In the year to come, these will continue affecting 5G networks and vulnerabilities in unsecured base stations will multiply snooping attacks."

Emerging Threats &amp; Vulnerabilities to Prepare for in 2025

From Chinese cyberspies breaching US telecoms to ruthless ransomware gangs disrupting health care for millions of people, 2024 saw some of the worst hacks, breaches, and data leaks ever.

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages had very real consequences for people's privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complicated—and potentially explosive—year in cyberspace. But first, here's WIRED's look back on this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

**China's Salt Typhoon Telecom Breaches**

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years now. But the China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a slew of US telecoms including Verizon and AT&T (plus others around the world) for months. And US officials told reporters earlier this month that many victim companies are still actively attempting to remove the hackers from their networks.

The attackers surveilled a small group of people—less than 150 by current count—but they include individuals who were already subject to US wiretap orders as well as state department officials and members of both the Trump and Harris presidential campaigns. Additionally, texts and calls from other people who interacted with the Salt Typhoon targets were inherently also caught up in the espionage scheme.

**Snowflake Customer Breaches**

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of the cloud data storage company Snowflake. The spree barely qualifies as hacking, since cybercriminals were simply using stolen passwords to log in to Snowflake accounts that didn't have two-factor authentication turned on. The end result, though, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, the telecom giant AT&T, said in July that “nearly all” records relating to its customers' calls and texts from a seven-month stretch in 2022 were stolen in a Snowflake-related intrusion. The security firm Mandiant, which is owned by Google, said in June that the rampage impacted roughly 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all of their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment related to a 2021 breach of the telecom T-Mobile, was also indicted on charges related to the Snowflake customer breaches.

**Change Healthcare Ransomware Attack**

At the end of February, the medical billing and insurance processing company Change Healthcare was hit with a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies, and other health care facilities around the US. The attack is one of the all-time largest breaches of medical data, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack started that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the assault.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March in an attempt to contain the situation. The payment seemingly emboldened attackers to hit health care targets at an even greater rate than usual. With ongoing, rolling notifications to more than 100 million victims—with more still being discovered—lawsuits and other blowback has been mounting. This month, for example, the state of Nebraska sued Change Healthcare, alleging that “failures to implement basic security protections” made the attack much worse than it should have been.

**Russia's Midnight Blizzard Hit Microsoft**

Microsoft said in January that it had been breached by Russia's “Midnight Blizzard” hackers in an incident that compromised company executives' email accounts. The group is tied to the Kremlin's SVR foreign intelligence agency and is specifically linked to SVR's APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

**National Public Data**

The background check company National Public Data suffered a breach in December 2023, and data from the incident started showing up for sale on cybercriminal forums in April 2024. Different configurations of the data cropped up again and again over the summer, culminating in public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data didn't confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Though the breach was significant, the true number of impacted individuals seems to be, mercifully, much lower. The company reported in a filing to officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as a number of lawsuits that the company is facing over the incident.

**Honorable Mention: North Korean Cryptocurrency Theft**

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

The Worst Hacks of 2024

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams. Learn risks, real-world examples, and preventive measures for safer browsing.

Did you know that over 80% (PDF) of cyberattacks exploit online platforms, including search engines? These indispensable tools guide billions of users to the content they seek, but their trustworthiness can be weaponized.

Cybercriminals are exploiting search engine optimization (SEO) techniques to distribute malware, launch phishing attacks, and spread harmful content. This practice, known as SEO poisoning, manipulates search results to lure unsuspecting users into clicking on malicious links.

Recent reports indicate a significant rise in SEO poisoning attacks. Between August 2023 and January 2024, there was a 60% increase in malware detections stemming from malicious search results. Such trends highlight the growing sophistication of these tactics and the critical need for vigilance among businesses and individuals alike.

****What is SEO Poisoning?****

SEO poisoning is a malicious strategy where cybercriminals manipulate search engine algorithms to rank harmful websites prominently in search results. These websites often contain malware, phishing schemes, or scams designed to steal sensitive information.

Attackers capitalize on high-demand keywords tied to trending topics or urgent events, such as natural disasters, major product launches, or public health crises. By employing techniques like keyword stuffing, spammy backlinks, and deceptive content, they make their sites appear legitimate and lure unsuspecting users.

****Key Risks of SEO Poisoning:****

*   **Malware Distribution:** Clicking on infected links can install ransomware, spyware, or other malware.
*   **Phishing Scams:** Users are tricked into providing sensitive data like passwords or credit card information.
*   **Reputation Damage:** Legitimate businesses can lose credibility if associated with malicious links.

One example is the surge of Gootloader malware in early 2023. Attackers targeted niche search terms, such as _“implied employment agreement,”_ to redirect users to infected websites. These attacks emphasize how even low-competition search terms can become cybercriminals’ playgrounds.

****Real-World Examples of SEO Manipulation****

SEO manipulation has been used in several high-profile attacks, exploiting the trust users place in search results:

*   **Fake Antivirus Software:** Users searching for free antivirus tools were directed to malicious sites posing as trusted providers. These fake programs encrypted files and demanded ransom payments, exploiting users’ trust in well-known antivirus brands like Avast, Bitdefender and Malwarebytes. Fake antivirus websites have been known to impersonate popular security providers to deceive users.

*   Holiday Shopping Scams: During peak shopping seasons, cybercriminals created fake e-commerce sites targeting popular products. These fraudulent sites were designed to rank high in search results, allowing attackers to trick users into entering their payment information, which the criminals then stole.

*   **Software Search Exploitation:** In 2023, searches for popular tools like Blender 3D led users to fraudulent sites offering infected downloads. Such campaigns highlight the dangers of SEO poisoning when targeting trusted software.

These examples show how attackers exploit trust in search results and highlight the importance of vigilance, particularly during periods of heightened online activity.

****Protecting Against SEO-Based Threats****

Although SEO poisoning is a persistent threat, proactive measures can help both businesses and individual users reduce the risks.

****For Businesses****

Businesses must safeguard their websites and digital presence from exploitation. Trusted SEO providers can optimize websites while identifying and mitigating vulnerabilities, such as fake backlinks or unauthorized content changes, often exploited in SEO poisoning campaigns.

According to Stellar SEO, a custom SEO services provider, exploiting SEO-related vulnerabilities has even been adopted by top-tier groups such as the Chinese DragonRank, which was recently discovered manipulating search engines to redirect users to malicious websites.

****For Users****

Users can protect themselves by adopting proactive online habits:

*   **Verify the Source:** Always inspect URLs carefully before clicking, especially when searching for trending or high-demand topics.
*   **Use Trusted Security Tools:** Antivirus software and browser extensions can help identify and block harmful sites. For example, providers like _Kaspersky_ have shown how cybercriminals exploit marketing strategies to launch attacks.
*   **Stay Informed:** Awareness of the latest cybersecurity trends is crucial for recognizing and avoiding malicious tactics.

By combining secure SEO strategies with vigilance, businesses and users can significantly reduce their exposure to SEO poisoning threats.

****How Search Engines Are Combating SEO Poisoning****

Search engines like Google and Bing constantly update their algorithms to detect and penalize malicious websites. These updates target behaviors such as keyword stuffing, suspicious backlinking patterns, and misleading content.

****Key Defensive Measures Include:****

*   **Machine Learning Algorithms:** These tools analyze billions of web pages for signs of malicious intent.
*   **Safe Browsing Technology:** Platforms like Google warn users about harmful websites before they can be accessed.
*   **Domain Reputation Systems:** Search engines evaluate the trustworthiness of domains to demote those linked to malicious activity.

Despite these efforts, cybercriminals continue to evolve their techniques, creating sophisticated tactics to bypass detection. For instance, in November 2024, attackers exploited niche search queries like _“Are Bengal cats legal in Australia“_ to lure users to malicious websites. Such incidents underscore the importance of proactive measures by users and businesses to complement automated systems. Recognizing and avoiding malicious links remains a shared responsibility.

****Conclusion****

SEO poisoning is a growing threat at the intersection of cybersecurity and digital marketing. By exploiting legitimate SEO techniques, cybercriminals deceive users, distribute malware, and undermine trust in search engines.

For businesses, partnering with trusted providers of custom SEO services ensures websites are optimized securely, preventing vulnerabilities that attackers might exploit. For users, adopting habits like verifying sources, using reliable security tools, and staying informed about emerging threats is essential for staying safe online.

Every time you search online, consider the risks that lurk behind seemingly trustworthy links. By remaining vigilant and proactive, we can protect our digital spaces and maintain trust in the tools that shape our online world. 

1.  **Google Algorithm Updates vs SEO Strategies**
2.  **Best SEO Experts to Follow on Twitter (X) in 2025**
3.  **How to Improve SEO with Enhanced Web Security**
4.  **Link Farming: SEO Boost or Cybersecurity Threat?**
5.  **Fake GlobalProtect VPN Downloads Spread WikiLoader Malware**

SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps

AI voice cloning and deepfakes are supercharging scams. One method to protect your loved ones and yourself is to create secret code words to verify someone’s identity in real time.

Scammers are out of control. Every year, fraudsters and cybercriminals make billions by tricking people into parting with their cash. Romance fraud, business email compromise, investment scams, sextortion—the list of ways criminals prey on people is virtually endless and constantly changing.

Add to that impersonation scams, where a criminal pretends to be someone known to their target and extracts money. There have been increasing calls for people, and particularly families, to create passphrases or passwords with each other. At the start of December, the FBI issued a recommendation that people create a “secret word or phrase with your family to verify their identity,” and British bank Starling has also published guidelines on creating safe phrases with others.

It’s a simple, if not new, approach—one that can potentially be effective. For instance, if you receive a message or call from your “son” or “daughter,” and they’re urgently asking for money to get out of a jam, asking them to provide a pre-agreed passphrase can reveal whether it’s really them.

“Fraudsters will use manipulation tactics to put the victim in a vulnerable state where they act out of panic, urgency, or a strong desire,” says Erin Englund, a director of threat analytics at fraud-detection firm BioCatch. “Having a passphrase or similarly prepared strategy enables victims to quickly validate legitimacy of an unusual interaction and take control.”

The calls to create family passwords or passphrases have come because scammers are increasingly adopting AI. Machine learning has allowed criminals to create deepfake videos impersonating people and to clone voices with only a few seconds of audio. Scammers have used these voice clones to pretend family members have been kidnapped and demand ransom payments for their release.

“AI is creating a large amount of risk for businesses and families,” says Rachel Tobac, CEO of SocialProof Security. Tobac says companies she has worked with have been on the receiving end of AI voice-cloned calls, which also use spoofed phone numbers, that try to impersonate business executives.

“I also hear about a few families every day who have received AI phone-call attacks voice-cloning a nephew, grandchild, or sibling in hysterics about being kidnapped or being involved in a car accident where they hit someone pregnant and need money for legal fees and bail,” Tobac says.

**Making a Good Family Password**

As with your online passwords, there are things you should and shouldn’t do when it comes to creating a shared passphrase. For starters, you shouldn’t make a passphrase the same as any of your passwords, and they shouldn’t be things a scammer could easily find—such as street names, birthdays, pets, or other personal information that may be shared online.

“Consider anything that you or your loved ones post online as data available to scammers,” Englund says. “Even if you keep all social media private, your data is available to your connections and followers who can be hacked.”

A good family passphrase, according to Starling Bank’s advice, could be anything that is unique, easy to remember, and can ideally be “shared with friends and family in person.” The guidelines give some hypothetical examples, such as a short phrase like “cheese puffs” or “rainbows and dragons,” or a mnemonic like ABC, which stands for “ants bake cakes.”

“Avoid joking about your code word in your text messages, social media posts, et cetera,” Tobac says. “We see folks make a family code word and then it’s hashtagged in their Instagram post. That's not a great idea—it’s got to be kept private.”

Tobac says that while family passwords can be useful, it’s crucial to be aware of their potential limitations. “We have to remember how human beings actually act in an emergency,” she says. For instance, if someone has really been in a car accident, Tobac says, it’s likely adrenaline would kick in and they may not remember a passphrase.

Tobac recommends using a method she calls “Being Politely Paranoid,” which at its simplest is trying to verify the identity of the person who is contacting you by a second method. “If you receive a call from a nephew who says they are in an accident and need money for legal fees, you can say, ‘100 percent I can help you. I just texted you a word, go ahead and read that out to me.’”

Ultimately, nobody is infallible to scamming, even if they know the steps they should take when receiving a potentially suspicious call or message. “If you do fall victim to a scam, report it to your bank or the authorities,” Englund says. “Often victims feel shame and fault and do not report scams. There are options available to protect yourself and get resolution.”

You Need to Create a Secret Password With Your Family

The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao.
Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware.
BellaCiao was first

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Relive the 90s web era! The Neuro Nostalgia Hackathon challenged teams to transform modern sites into retro masterpieces…

Relive the 90s web era! The Neuro Nostalgia Hackathon challenged teams to transform modern sites into retro masterpieces with spinning GIFs, clunky CSS, and nostalgic flair.

Picture this: neon colors, pixelated fonts, and spinning GIFs from an era when dial-up modems reigned supreme. This year, Hackathon Raptors set out to bring that flashy vision back to life with the Neuro Nostalgia Hackathon. In this three-day marathon, teams worldwide scrambled to transform sleek, modern websites into gloriously clunky yet fully functional, 90s-style masterpieces. From December 13 to 16, participants didn’t just add “Under Construction” animations or marquee text; they preserved critical website features, too, ensuring every retro creation still worked in today’s world.

To top it off, the results were so impressive that the converted sites have already caught the attention of design aficionados; some have been nominated for multiple awards in the creative tech space. If you haven’t checked out these 90s revivals yet, you’re missing out on a vivid, tongue-in-cheek reminder of how web history can still teach us something about creativity (and fun).

****A Dash of 90s Flair****

Though the concept seemed simple, give each site a retro facelift, the actual process demanded a wild mix of creativity and engineering chops:

*   **Hardcore rule-based** transformations that replaced advanced CSS with table layouts.

*   **Sophisticated AI** methods that guessed how to style each webpage element, then spit it back out as a 90s creation.

*   **Hybrid** approaches mingled code logic with AI suggestions, ensuring that any pixel or color recalled an era that championed raw HTML borders and blinking text.

Participants were free to choose any route. Some coded from scratch, others used AI libraries or generative text models. But one rule stood above all else: no matter how retro it looked, the final site had to remain functional by modern standards.

****The People Behind the Magic****

A hackathon is only as good as the crowd it attracts. This event brought out a surprising blend:

*   **Retro Nostalgics** who fondly remember Geocities and lime-green hyperlinks.

*   **Modern Developers Are** itching to see if their React or Next.js apps can seamlessly degrade into neon backgrounds and marquee text.

*   **AI Enthusiasts** are excited to push machine learning past data analysis and into the world of design aesthetics.

They formed teams or jumped in solo, uploading code daily and sharing glimpses of their progress. On the hackathon platform, you’d see everything from entire single-page apps painstakingly reworked in an authentic 90s style to Chrome extensions that magically restyled websites as soon as you clicked a toggle.

Highlights from Notable Submissions

_Key Feature:_ Plugged into OpenAI’s API for real-time advice on color palettes, fonts, and background textures, then rewrote each page with a single toggle. It even offered the option to share your new retro CSS with friends, like handing someone a time-travel pass to 1996.

**Back90s**

_Developer:_ @abdibrokhim

_Pitch:_ “No humans, just data scraping.” This team crawled the 41 pages of Raptors.dev, automatically reshaping them into table layouts and blinking links. Imagine a modern blog you visit daily suddenly filled with spinning “New!” GIFs, no coding is needed beyond the initial setup.

**Neuro Nostalgia**

_Team:_ 

_Approach:_ A Next.js app that lets you choose from multiple 90s “themes,” like Windows 95 or Vaporwave. Hit counters, “Under Construction” banners, Netscape Now! badges, every nostalgic staple was neatly packaged and easy to swap in or out.

**AI Retro Engine**

_Team:_ 404 Sense Not Found

_Concept:_ A blend of AI models and curated style libraries. You’d feed it a modern site, and it spat back out a near-immediate retro version: one moment, your website’s all minimal whitespace. The next, it’s a riot of janky scrolling text and fluorescent borders.

**RetroTheme-Extension**

_Team:_ Comet (@kriithik\_, @lx8879, @kathirchelven)

_What It Did:_ Instead of building standalone pages, it created a browser extension. Any visited site can display 90s-style color combos, frames, and garish fonts with one click. The extension also offered ways to customize the retro style, so you could ramp up the nostalgia or dial it back.

**90s Retro Transformer**

_Team:_ I’m running solo (@kay\_jay2391)

_Angle:_ Minimalist but dedicated. Marquee text, clashing colors, GIF-based backgrounds, classic 90s. It was a no-fuss approach that was easy to replicate if you wanted to apply retro transformations on smaller websites.

**VibeCheck**

_Team:_ RetroRythm (manyaval, cheerful\_wolf\_50790, lost\_cognoscente\_\_)

****Judges With an Engineering Perspective****

While the participants were certainly the main event, the judging panel provided the contest’s rigor. Their strong technical backgrounds helped them pick through each team’s code, searching for those that went beyond flashy visuals to deliver well-structured solutions:

*   **Nikita Letov** – With a background in maintaining 99.97% uptime for large-scale banking platforms, he contributed a firm perspective on **operational reliability**. His expertise helped ensure that even the most radical 90s-style makeovers in the hackathon wouldn’t undermine the functional integrity of modern sites.

*   **Alexandr Hacicheant** – Renowned for steering **monolith-to-microservices transitions**, he zeroed in on how participants structured their retro transformations. Teams that modularized their “time-machine” logic and separated concerns between legacy and modern codebases received particularly detailed feedback from him.

*   **Artiom Kuciuk** – An authority on **scalable cloud architectures and performance** optimization, he explored whether 90s-inspired conversions remained efficient under real-world traffic. Projects that demonstrated minimal overhead while injecting neon colors and GIF animations impressed him the most.

*   **Rinat Garifullin** – Known for heading **complex front-end migrations**, he assessed teams that replaced sleek CSS frameworks with table-based layouts and marquee tags. By balancing nostalgia with maintainability, participants aligned well with his focus on preserving core functionality through phased or partial migrations.

*   **Vadim Goncharov** – A champion of **holistic performance tuning** and rapid response times, approached submissions with an eye toward load times and rendering efficiency. Whether participants used AI-driven tools or custom rule sets, Vadim’s performance lens ensured the hackathon’s throwback designs didn’t come at the cost of user experience.

Their critiques were never about style alone. They asked tough questions about how teams preserved site navigation, how CSS was swapped out without crippling the layout, or how AI integrated with standard HTML rendering. Winners combined a sense of fun with serious engineering discipline.

****The Winners: A Look at the Top Projects****

1.  **1st Place (45.7 points)**: Demonstrated full-scale transformations on multiple websites, showcasing impressive automation that triggered minimal manual tweaks.
2.  **2nd Place (42.3 points)**: Earned high praise for balancing the best of 90s kitsch (like spinning “@” icons and vintage error messages) with a user-friendly experience that let the site remain navigable.
3.  **3rd Place (40.3 points)**: Captured the exact look and feel of mid-90s web design complete with chunky table borders and swirling color backgrounds; while keeping modern features intact.

Each winning team received a portion of the prize pool and genuinely pleased the sponsors by bridging the past with the present.

****Where Does It Go From Here?****

Although the hackathon ended on December 16, the conversation continues. Some teams hope to refine their 90s plugins, opening them up so anyone can “time-travel” while browsing. Others plan to experiment with aesthetics from the early 2000s or add an optional “dial-up connection” simulation. Meanwhile, Hackathon Raptors is already plotting the next big challenge, emboldened by how fervently participants embraced this retro vibe.

In the end, Neuro Nostalgia was more than just a design exercise. It reminded every developer and designer who joined that constraint; such as long-obsolete CSS specs or blindingly bright color schemes, that can foster an unexpected surge of creativity. By merging old-school quirks with modern reliability, participants proved a hackathon can be technologically eye-opening and wonderfully playful.

If today’s hyper-polished websites leave you craving some retro kitsch, keep an eye out for the results of this challenge, because the 90s, it seems, never truly said goodbye. They’ve just been waiting in the wings, ready to light up our screens with another spinning “Under Construction” GIF.

Given the enthusiastic reception, Hackathon Raptors has hinted that **Neuro Nostalgia** might become an annual fixture, perhaps returning in 2025 with even more imaginative expansions or fresh spins on nostalgic design. It’s a reminder that technology doesn’t only move forward sometimes, it delights in circling back, embracing the past to spark fresh inspiration and fun.

1.  INE Security Wins 2024 SC Excellence Award
2.  One Identity Wins 2024 Top InfoSec Innovator Award
3.  EMPACT Hackathon Targets Online Human Traffickers
4.  Ultimate Guide to Designing a Logo Online: Tips and Tricks
5.  Embracing Minimalism: “Less is More” Approach in UI/UX Design

Neuro Nostalgia Hackathon 2024: A Retro Journey with Modern Twists

KEY SUMMARY POINTS Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of…

****KEY SUMMARY POINTS****

*   **Focus Shift to Nuclear Industry**: The Lazarus Group, linked to North Korea, has shifted its targets to the nuclear industry, marking a potential escalation from its earlier focus on defense, aerospace, and cryptocurrency.

*   **Fake Job Posting Tactics**: Their attacks, observed in January 2024, employ fake job postings (Operation DreamJob) to deliver malicious files disguised as job assessments, gaining access to victims’ systems.

*   **Advanced Malware Techniques**: The group uses sophisticated tools like Ranid Downloader and a novel plugin-based malware, “CookiePlus,” which operates in memory, making it harder for security systems to detect.

*   **Exploitation of Vulnerabilities**: Lazarus continues refining its tactics, exploiting vulnerabilities like Google Chrome zero-day and leveraging innovative malware like “RustyAttr” on macOS.

*   **Call for Caution**: The increasing sophistication and activity of the Lazarus Group underscore the need for heightened cybersecurity measures, particularly in sensitive industries.

Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of the notorious Lazarus hacking group, which, as we know it, has links to the North Korean government.

According to Securelist’s research, the Lazarus Group has shifted its focus to targeting individuals within the nuclear industry lately. This indicates an upcoming escalation in their operations, as they previously concentrated on sectors like defense, aerospace, and cryptocurrency. 

“We observed a similar attack in which the Lazarus group delivered archive files containing malicious files to at least two employees associated with the same nuclear-related organization over the course of one month,” the report read.   

Malicious files created on the victims’ hosts (Via Secure List)

The attacks observed by Kaspersky occurred in January 2024 and followed the pattern of using fake job postings, a tactic known as the DeathNote campaign or “Operation DreamJob.”

This involves creating fake job postings and enticing potential victims with tempting career opportunities. During the “interview” process, malicious files are subtly introduced, often disguised as legitimate assessment tests.

The attack starts with an initial file disguised as job assessments for prominent companies, which contains a ZIP archive with malicious executables or trojanized legitimate tools like VNC viewers.

Once executed, the trojan prompts the victim to enter an IP address provided by the attackers via separate communication channels like messenger apps. This grants the attackers unauthorized access to the compromised machine, enabling them to move laterally within the network and potentially steal sensitive data or disrupt critical operations.  

An XOR key is generated based on the IP address to decrypt the internal resources of the VNC executable and unzip the data. The unzipped data is then downloaded by Ranid Downloader, which fetches further malicious payloads like MISTPEN, RollMid, LPEClient, Charamel Loader, ServiceChanger, and CookiePlus. The payload type (DLL or shellcode) is determined by a flag within the data structure. The execution results of these plugins are encrypted and sent back to the C2 server.

A key innovation in these recent attacks is the introduction of “CookiePlus,” a novel plugin-based malware. This downloader operates primarily in memory, loading malicious payloads dynamically. This evasive technique makes it harder for traditional security solutions to detect and mitigate the threat.

The development of CookiePlus demonstrates the Lazarus Group’s continuous efforts to refine its tools and evade detection. By introducing new modular malware and adapting their tactics, they aim to maintain a persistent presence within targeted networks and achieve their objectives.

The group has been particularly active lately. In November Group-IB discovered the Lazarus group’s new trojan, “RustyAttr,” which hides malicious code in extended attributes on macOS systems and in October the group exploited a Google Chrome zero-day vulnerability to target cryptocurrency investors with a deceptive NFT game. This calls for continuous vigilance to safeguard your digital assets.

1.  Lazarus Exploits Chrome 0-Day with Fake NFT Game
2.  North Korean Hackers Team Up with Play Ransomware
3.  Lazarus’ Magecart attack steal card data from EU, US sites
4.  Lazarus Hits Blockchain Pros with Fake Video Conferencing
5.  Lazarus hackers suspected of targeting Indian space agency

Lazarus Group Targets Nuclear Industry with CookiePlus Malware

The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.

Don Tait, Senior Analyst, Omdia

December 23, 2024

4 Min Read

COMMENTARY

The growth in systems communicating over the internet without human involvement has been dramatic in recent years. The Internet of Things (IoT) is driving more machine-to-machine (M2M) communications without human intervention. There is also an explosion in application development underpinning the need for digital transformation, which is turbocharged by remote working and the ever-increasing adoption of e-commerce. This means that pieces of software code are interacting autonomously across networks as never before.   

There is a need to manage system identities in the sense of what they are and what they can and cannot do when they are online. For example, can they both send and receive data? Where can they send it? In what volumes and formats? Can they access data that resides elsewhere, make copies, and forward it on, even to recipients outside the organization? Just as importantly, has their identity changed since the last time they were online, e.g., with extra access rights or new software on board that was not there before? Non-human identities (NHI) are already estimated to outnumber human identities by a ratio of 50 to one (50:1). With more and more business processes being automated by artificial intelligence (AI)/generative AI (GenAI) and accessed by AI-enabled services, NHI growth is likely to accelerate even further, bringing yet more expansion in the threat landscape.

Related:Identity Orchestration Is Gaining Traction

**Why NHI Management is Required**

NHIs can be defined as digital identities tied to entities like applications, services, and machines within an enterprise technology stack. These include bots, API keys, service accounts, OAuth tokens, cloud services, and other credentials that allow machines or software to authenticate, access resources, and communicate within a system.

The need for effective NHI management (NHIM) arises from several key factors:

*   IT infrastructures are becoming more complex: Modern IT infrastructures are characterized by their complexity, featuring a myriad of interconnected systems, cloud services, and devices, including, in many cases, a host of IoT devices that operate autonomously. Managing the identities of non-human entities within such environments is essential for ensuring accountability, traceability, and security.
    
*   An increase in automation: Organizations are increasingly adopting automation to streamline processes, improve efficiency, and reduce manual intervention, with agentic AI only intensifying the trend. Non-human entities, including bots, scripts, and automated workflows, execute tasks autonomously, necessitating proper identity management to prevent unauthorized access and misuse.
    
*   An increase in cybersecurity threats: Cybercriminals often target NHIs, particularly those in the IoT area that operate without human intervention, seeking to exploit vulnerabilities for malicious purposes. Weak authentication mechanisms, misconfigured permissions, and inadequate monitoring can leave non-human entities susceptible to attacks, leading to data breaches, system compromises, and service disruptions.
    

Related:How CISOs Can Communicate With Their Boards Effectively

**A Nascent Market, Ripe for Acquisitions**

The NHI market is still developing, as demonstrated by the fact that most players are startups. This includes companies like: 

*   Aembit; Andromeda Security; Astrix; AxisNow; Clarity Security; Clutch Security; Corsha; Entro Security; Natoma; Oasis; P0 Security; SlashID; TrustFour; Unosecur; Veza; Whiteswan Security
    

Some of these vendors are focused more specifically on NHI security while others provide broader NHIM capabilities, often described as NHI governance. We plan to deliver a report comparing and contrasting the leading players in this space in 2025.

Omdia believes that since most of the players in the NHI market are startups, they are ripe for acquisition by the larger identity security platform vendors. Indeed, one or two startups have already been acquired, such as Authomize, which privileged access management (PAM) vendor Delinea purchased in January this year. Whilst in May 2024, CyberArk (the market leader in PAM) acquired Venafi for $1.5bn. Venafi was an exception amongst the NHI specialists, because it had been around much longer, thanks to its certificate lifecycle management (CLM) and key management background.

Related:Managing Threats When Most of the Security Team Is Out of the Office

**Conclusions**

The growth in devices communicating over the internet with no humans involved in the process has raised awareness of the need to manage these system’s identities. Omdia believes that over the coming years, NHI growth is likely to accelerate and further increase the threat landscape. Enterprises must be aware that trends such as the adoption of cloud, microservices, and DevOps have fueled the growth of NHIs in enterprise environments. Omdia also believes that opportunities for vendors in the identity security market are still huge, as machine identities already outnumber human identities by a ratio of 50:1. That figure is only likely to increase going forward.

Non-Human Identities Gain Momentum, Requires Both Management, Security

The software development industry is expanding tremendously. It drives up the need for technical people and new solutions.…

The software development industry is expanding tremendously. It drives up the need for technical people and new solutions. Let’s check the top AI trends to follow in 2025.

Generative AI solutions are changing software development. They automate repetitive coding tasks, increase developer productivity, improve efficiency, and speed up product delivery. AI makes the work of DevOps teams more productive. It also enhances the effectiveness of Continuous Integration and Continuous Deployment (CI/CD) operations, enabling faster code deployment. Besides that, artificial intelligence solutions are useful in Quality Assurance (QA). They automate tests, generate data, and use innovative reporting methodologies.

We can say for sure that the software development industry has been thriving for years, with a focus on technology and innovation. And the number of developers turning to machine learning (ML), Artificial intelligence (AI), and big data solutions is increasing more and more. That’s just the beginning. Deep diving, let’s look at some of the top software development statistics and trends to keep your eye on for 2025.

****1\. Employment Growth for Software Developers****

Is there a need for software developers in the future? One would expect the need for software engineers to decrease as AI, machine learning, low-code development platforms, and other technologies become more popular. However, employment opportunities for software engineers are predicted to continue to rise at a rate of more than 20%. When compared to other positions, this figure is rather high. Finally, more than 1.3 million technology experts are predicted to work in the software development business by 2024. There will be even more opportunities in 2025.

****2\. IT Outsourcing Is on the Rise****

According to a McKinsey report, more than 85% of companies are suffering from a worldwide talent shortage. And the situation is not expected to change any time soon. Here are some statistics about the global skills shortage and outsourcing development:

*   The number of open opportunities in the software development business is predicted to reach 85.2 million by 2030.
*   Companies outsource software development to developers from other countries. This year, the country’s IT outsourcing market will increase at a CAGR of 7.25 percent.
*   The worldwide IT outsourcing industry is expected to reach $410.2 billion by 2027.

Polish your use of AI/ML and Cloud technologies while learning from industry talents to bring your software product to a whole new level. At the same time, according to ObjectStyle, a staff augmentation provider, incidents involving state-backed hackers posing IT Workers to infiltrate Western companies have become a new trend which goes on to show that companies must remain alert when it comes to outsourcing or hiring.

****3\. Building Secure Apps Is a Priority for Businesses****

In 2025, software development teams throughout the world will prioritize and focus on the safety and security of their products. A recent survey conducted among software development teams revealed that more than 30 percent of them had a specialist department for security monitoring and QA. This department is responsible for:

*   Responding to security vulnerabilities or attacks while minimizing damage.
*   Protecting corporate software from malicious code, coding flaws, and encryption failures.
*   Performing penetration testing, static security analysis (SAST), and configuration audits.
*   Ensuring proper code quality.

****4\. Top Programming Languages, Databases, and Cloud Platforms****

A recent StackOverflow poll provided us with some intriguing insights into the top software development trends:

*   JavaScript remains the most popular programming language, with more than 65 percent of respondents selecting it.
*   Rust is also a top popular programming language, with more than 86.73 percent of respondents favoring it.
*   When it comes to databases, MySQL leads with almost 46% of the votes.
*   AWS is the most popular cloud platform, with a market share of more than 50%.
*   Node.JS and React.JS are the most popular web frameworks in the software development business.
*   Docker is the most popular tool, with more than 75% of respondents voting in favor.

So keep these in mind when deciding on the core of your next software development project.

****5\. The World Is Going Remote****

According to the same poll, 42.98 percent of respondents work totally remotely. Similarly, 42.44 percent of respondents work in a hybrid workplace. These numbers demonstrate that enterprises throughout the globe are adopting remote work and its advantages. Only a limited number of companies would like their employees to work from the office in person. Hybrid and partly remote work regimes are becoming more and more popular with companies.

**6\. Custom Software Development Will Rock**

According to 2022 market demand, the value of software development in 2022 was $28.2 billion with a projected CAGR of 21.5% for the period 2023 to 2032. Simply said, the industry is expanding at an exponential rate. As businesses increasingly seek tailored solutions to meet their unique needs, the importance of custom software will only continue to rise. And the following trends will be true drivers:

*   User-Centered Design
*   Integration of AI and Machine Learning
*   Low-Code and No-Code Development
*   Cloud-Native Solutions
*   Enhanced Cybersecurity Measures
*   Blockchain Technology
*   Agile Methodologies and DevOps Practices
*   Sustainability Focus

To succeed in their business niche, every company or specialist involved in this industry should be aware of bespoke software development trends. For example, NFTs and Web 3 technologies were worth $16 billion in 2021. Companies that were able to adopt this trend over time reaped significant benefits.

****Let’s Wrap It up****

The software development industry is expanding tremendously. It drives up the need for technical people and new solutions. The software development business will place a greater focus on AI and ML in the future, creating outstanding employment possibilities for AI and ML developers worldwide. Despite these favourable tendencies, the worldwide skills scarcity is expected to drive enterprises towards IT outsourcing. Let’s keep an eye on the industry.

1.  Kotlin app development company – How to choose
2.  Best Methods for Storing, Protecting Digital Company Files
3.  What is an Infosec Audit, Why Does A Company Need One?
4.  Benefits of hiring a Java web application development firm
5.  Tips to protect company data sent via home internet connections

_Top image via y Innova Labs from Pixabay_.

Top AI Trends Every Software Development Company to Follow in 2025

Criminals are luring victims looking to download software and tricking them into running a malicious command.

More and more, threat actors are leveraging the browser to deliver malware in ways that can evade detection from antivirus programs. Social engineering is a core part of these schemes and the tricks we see are sometimes very clever.

Case in point, there has been an increase in attacks that involve copying a malicious command into the clipboard, only to be later pasted and executed by the victims themselves. Who would have though that copy/paste could be so dangerous?

The new campaign we observed uses a a combination of malicious ads and decoy pages for software brands, followed by a fake Cloudflare notification that instructs users to manually run a few key combinations. Unbeknownst to them, they are actually executing PowerShell code that retrieves and installs malware.

**The discovery**

Our investigation into this campaign started from a suspicious ad for ‘notepad’ while performing a Google search. Such search queries have been a hot spot for criminals who want to lure victims that are looking to download programs onto their computer.

Based on previous evidence, criminals are tricking victims into visiting a lookalike site with the goal of downloading malware. In this case, the first part was true, but what unfolded next was new to us.

When we clicked the Download button, we were redirected to a new page that appeared to be Cloudflare asking us to “_verify you are human by completing the action below_“. This type of message is more and more common, as site owners try to prevent bots and other unwanted traffic.

But rather than having to solve a CAPTCHA, we saw another unexpected message: _“Your browser does not support correct offline display of this document. Please follow the instructions below using the “Fix it” button_“.

**Powerful technique**

This technique is actually not new in itself, and similar variants have been seen both via email spam and compromised websites before. It is sometimes referred to as ClearFake or ClickFix, and requires users to perform a manual action to execute a malicious PowerShell command.

Clicking on the ‘Fix It’ button copies that command into memory (the machine’s clipboard). Of course the user has no idea what it is, and may follow the instructions that ask to press the Windows and ‘R’ key to open the Run command dialog. CTRL+V pastes that command and Enter executes it.

Once the code runs, it will download a file from a remote domain (_topsportracing\[.\]com_) within the script. We tested that payload in a sandbox and observed immediate fingerprinting:

C:\\Users\\Admin\\AppData\\Local\\Temp\\10.exe  
    C:\\Windows\\SYSTEM32\\systeminfo.exe  
        C:\\Windows\\system32\\cmd.exe  
            C:\\Windows\\system32\\cmd.exe /c "wmic computersystem get manufacturer"

The information is then sent back to a command and control server (_peter-secrets-diana-yukon\[.\]trycloudflare\[.\]com_) abusing Cloudflare tunnels:

The use of Cloudflare tunnels by criminals was previously reported by Proofpoint to deliver RATs. We weren’t able to observe a final payload but it is likely of a similar kind, perhaps an infostealer.

**Campaign targets several brands**

This was not an isolated campaign for Notepad, as we soon found additional sites with a similar lure. There was a Microsoft Teams landing page which used exactly the same trick, followed by others such as FileZilla, UltraViewer, CutePDF and Advanced IP Scanner.

Oddly, we saw a lure for a cruise booking site. We have no idea how that came to be, unless the criminals agree that everyone needs a vacation sometimes.

**Overlap with other campaigns**

As mentioned previously, this type of social engineering attack is getting more and more popular. Researchers are tracking several different families under different names such as the original SocGholish.

Interestingly, the same domain (_topsportracing\[.\]com_) we saw in the malicious PowerShell command for Notepad++ was also used recently in another campaign known as #KongTuke:

As these schemes are being increasingly used by criminals, it is important to be aware of the processes involved. The Windows key and the letter ‘R’ pressed together open the Run dialog box. This is not something that most users will ever need to do, so always think carefully whenever you are instructed to perform this.

Malwarebytes customers are protected against this attack via our web protection engine for both the malicious sites and PowerShell command.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**Indicators of Compromise**

Malicious domains

notepad-plus-plus.bonuscos\[.\]com  
microsoft.team-chaats\[.\]com  
cute-pdf\[.\]com  
ultra-viewer\[.\]com  
globalnetprotect\[.\]com  
sunsetsailcruises\[.\]com  
jam-softwere\[.\]com  
advanceipscaner\[.\]com  
filezila-project\[.\]com  
vape-wholesale-usa\[.\]com

Servers used before Cloudflare proxy

185.106.94\[.\]190  
89.31.143\[.\]90  
94.156.177\[.\]6  
141.8.192\[.\]93

Malware download URLs

hxxp\[://\]topsportracing\[.\]com/wpnot21  
hxxp\[://\]topsportracing\[.\]com/wp-s2  
hxxp\[://\]topsportracing\[.\]com/wp-s3  
hxxp\[://\]topsportracing\[.\]com/wp-25  
hxxp\[://\]chessive\[.\]com/10\[.\]exe  
hxxp\[://\]212\[.\]34\[.\]130\[.\]110/1\[.\]e

Malware C2

peter-secrets-diana-yukon\[.\]trycloudflare\[.\]com

Tag

#mac