1010.cx

  • Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race

    ·

    Bethesda, USA / Maryland, December 2nd, 2025, CyberNewsWire

    While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik, a Maryland cyber startup, is betting on something simpler: making sure attackers don’t know what defenders know.

    The company emerged today with a fundamentally different approach using novel cyber deception and a newly issued U.S. patent to back it.

    “The industry has turned cybersecurity into a compute and analysis war,” said founder Hans Ismirnioglou. “Bigger models, more data, faster analysis. But you can’t out-compute or out-analyze an adversary forever. We’re not trying to. We’re exploiting information asymmetry.”

    Traditional deception tools deploy fake systems, wait for attackers to find them, and hope they interact.

    Frenetik’s patented “Deception In-Use” technology (U.S. Patent 12,463,981 – “Systems and Methods for Counter-Reconnaissance in Cloud Infrastructure to Disrupt Adversarial Targeting”) takes a different path: it continuously rotates actually used identities and resources across Microsoft Entra (M365), AWS, Google Cloud, and on-premises environments.

    The critical details of who changed, what changed, when, where, and how travel through out-of-band channels accessible only to trusted parties. Defenders stay informed. Attackers work from stale intelligence.

    “Adversaries, especially AI-driven ones, build models based on reconnaissance. They assume the environment they mapped earlier is the environment they’ll exploit today,” Ismirnioglou explained. “We break that assumption without needing a bigger GPU cluster by simply depriving them of easily discoverable information.”

    Users can think of it as musical chairs for hackers: by the time they figure out where to sit, everything has moved—and only defenders know which chairs are real and which have become traps.

    The technology transforms existing deception tools from passive traps into active ones. When Frenetik rotates real resources, attackers following stale intelligence get funneled straight into honeypots and decoys, supercharging interaction rates with classic deception elements that previously only hoped to look real.

    Unlike solutions requiring extensive tuning or analyst oversight, Frenetik works because attackers simply lack the information needed to know the difference.

    “I want the adversary to have to continuously put a dedicated body onto every target they go after – no more free lunches or easy days for America’s adversaries,” says Ismirnioglou.

    https://www.youtube.com/embed/JaUQ8MRXLSw (embedded video)

    About Frenetik

    Frenetik, a Maryland-based cybersecurity startup, just emerged from stealth with a new approach: instead of flooding defenders with more data, it starves attackers of the information they need to move.

    Focused on measurable security outcomes, and pricing transparency, Frenetik is built to tip the balance of power by denying adversaries trustworthy insight into targeted environments. Frenetik offers a free community version at www.frenetik.us.

    Contact

    Founder

    Hans Ismirnioglou

    Frenetik

    info@frenetik.us

    The post Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk

    ·

    Baltimore, MD, December 2nd, 2025, CyberNewsWire

    The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited.

    Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive data.

    Produced by Cybersecurity Insiders with research support from Cyera Research Labs, the study reflects responses from 921 cybersecurity and IT professionals across industries and organization sizes.

    The data shows AI increasingly behaving as an ungoverned identity — a non-human user that reads faster, accesses more, and operates continuously. Yet most organizations still use human-centric identity models that break down at machine speed.

    As a result, two-thirds have caught AI tools over-accessing sensitive information, and 23 percent admit they have no controls for prompts or outputs.

    Autonomous AI agents stand out as the most exposed frontier. Seventy-six percent of respondents say these agents are the hardest systems to secure, while 57 percent lack the ability to block risky AI actions in real time.

    Visibility remains thin: nearly half report no visibility into AI usage and another third say they have only minimal insight — leaving most enterprises unsure where AI is operating or what data it touches. 

    Governance structures lag behind adoption as well. Only 7 percent of organizations have a dedicated AI governance team, and just 11 percent feel prepared to meet emerging regulatory requirements, underscoring how quickly readiness gaps are widening.

    The report calls for a shift toward data-centric AI oversight with continuous discovery of AI use, real-time monitoring of prompts and outputs, and identity policies that treat AI as a distinct actor with narrowly scoped access driven by data sensitivity.

    “AI is no longer just another tool — it’s acting as a new identity inside the enterprise, one that never sleeps and often ignores boundaries,” said Holger Schulze with Cybersecurity Insiders. “Without visibility and robust governance, enterprises will keep finding their data in places it was never meant to be.”

    As the report cautions: “You cannot secure an AI agent you do not identify, and you cannot govern what you cannot see.”

    The full 2025 State of AI Data Security Report is available for download at: https://www.cybersecurity-insiders.com/portfolio/2025-state-of-ai-data-security-report-cyera/

    Media Contact: Andrea.Chilkott@cybersecurity-insiders.com

    About Cybersecurity Insiders

    Cybersecurity Insiders provides strategic insight for security leaders, grounded in more than a decade of independent research and trusted by a global community of 600,000 cybersecurity professionals.

    We translate shifting market trends into clear, actionable guidance that helps CISOs strengthen their programs, make informed technology decisions, and anticipate emerging risks.

    We connect practitioners and innovators by giving CISOs the clarity needed to navigate a noisy market while helping solution providers align with real-world priorities.

    We drive this alignment through evidence-backed research, strategic CISO guides, independent product reviews, data-driven message validation, and peer-validated recognition through the Cybersecurity Excellence Awards and AI Leader Awards.

    More: https://cybersecurity-insiders.com

    Contact

    Founder

    Holger Schulze

    Cybersecurity Insiders

    holger.schulze@cybersecurity-insiders.com

    The post AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk

    ·

    Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive […]

    The post AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials

    ·

    , ,

    The Arkanix stealer is a new malware family now spreading in the wild. It targets home users and small offices that rely on VPN clients and wireless networks for daily work.

    Once active, it focuses on stealing VPN account data, Wi‑Fi profiles, browser credentials, and desktop screenshots.

    This gives attackers direct access to private networks and a clear view of what the victim is doing.

    Early attacks use simple but effective lures. Victims are tricked through fake software downloads, cracked tools, or email links that drop a small loader.

    This loader then pulls the main Arkanix payload from a remote server and runs it without drawing attention.

    The whole chain is built to look like a normal installer, which helps it blend into routine user activity.

    G Data Cyber Defense security analysts identified Arkanix during an investigation into new info‑stealing campaigns.

    Their telemetry showed repeated theft of VPN profiles and Wi‑Fi keys from systems in Europe and other regions, with the same code base behind the attacks.

    Further analysis revealed a modular design that lets operators switch targets quickly, from browser data to screenshots or other files.

    Once loaded, Arkanix scans the system for VPN configuration files, password stores, and saved wireless profiles. It exports them into a single archive, adds fresh screenshots from the active desktop, and then sends everything to a command‑and‑control (C2) server.

    Web panel login screen (Source - G Data)
    Web panel login screen (Source – G Data)

    Network captures show outbound HTTPS requests that hide this theft inside encrypted traffic, making it harder to spot.

    Infection chain and data theft

    The main binary runs simple but focused code to collect data. A common pattern is a loop that walks known paths for VPN and Wi‑Fi data, then posts them to the C2 endpoint:-

    for each(path in target_paths){
    grab_files(path);
}
take_screenshot();
upload_to_c2(zip_all());

    A configuration panel used by the malware author controls which modules run, such as Wi‑Fi theft or screenshot capture.

    Configuration options (Source - G Data)
    Configuration options (Source – G Data)

    This complete technical breakdown shows that Arkanix is built for direct access: steal VPN accounts, map Wi‑Fi networks, watch the screen, and then let intruders move into those environments with very little effort.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

    ·

    Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named “hamburgerisland” in February 2024. The package has been downloaded

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Candiru’s DevilsTongue Spyware Attacking Windows Users in Multiple Countries

    ·

    , ,

    Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business leaders.

    The mercenary spyware, known as DevilsTongue, represents a growing threat to Windows users globally, with eight distinct operational clusters identified across Hungary, Saudi Arabia, Indonesia, and Azerbaijan.

    This modular Windows malware combines advanced evasion techniques with extensive surveillance capabilities, making it one of the most dangerous cyber threats operating today.

    DevilsTongue has emerged as a particularly concerning weapon in the mercenary spyware market, capitalizing on both advanced exploitation techniques and sophisticated persistence mechanisms.

    The malware operates through multiple infection vectors, leveraging zero-day vulnerabilities in web browsers and weaponized documents to compromise target systems.

    What makes this spyware distinctive is its ability to operate covertly once installed, stealing sensitive information while remaining virtually undetectable to standard security tools.

    Recorded Future security analysts identified new infrastructure linked to Candiru’s operational clusters, revealing significant differences in how various groups manage their victim-facing systems.

    Some clusters operate directly, while others route commands through intermediary layers or the Tor network, adding layers of complexity to defensive efforts.

    The discovery highlights how Candiru continues adapting its operational security even after facing international sanctions from the US Department of Commerce in November 2021.

    The licensing model for DevilsTongue underscores the commercial nature of this threat. According to leaked project proposals, Candiru charges based on concurrent infections, allowing customers to monitor multiple devices simultaneously.

    A base contract starting at €16 million permits unlimited infection attempts with ten concurrent devices monitored, while additional fees unlock expanded capacity and geographic coverage across different countries.

    Candiru pricing options (Source - Recorded Future)
    Candiru pricing options (Source – Recorded Future)

    This pricing structure attracts government clients with substantial budgets seeking persistent surveillance capabilities.

    Technical Persistence and Evasion Mechanisms

    DevilsTongue employs sophisticated techniques to maintain persistence and evade detection on infected Windows systems.

    The malware utilizes COM hijacking by overwriting legitimate COM class registry keys, directing them toward a first-stage DLL located in C:\Windows\system32\IME.

    This approach cleverly disguises the malware within legitimate system directories. A signed third-party driver called physmem.sys enables kernel-level memory access, allowing the malware to proxy API calls and avoid detection mechanisms.

    During the hijacking process, DevilsTongue reinstates the original COM DLL through shellcode manipulation of the LoadLibraryExW return value, maintaining system stability to prevent triggering security alerts.

    All additional payloads remain encrypted and execute exclusively in memory, preventing forensic recovery.

    This design allows the malware to extract credentials from LSASS, browsers, and messaging applications like Signal Messenger before covering its tracks through metadata scrubbing and unique file hashing.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Candiru’s DevilsTongue Spyware Attacking Windows Users in Multiple Countries appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Dash Cam Hack: How Criminals Can Seize Control in Seconds

    ·

    ,

    Dashcams have become an essential accessory in vehicles across many countries, serving as impartial witnesses in the event of accidents and roadside disputes. Yet, new research presented at Security Analyst Summit 2025 by a team of Singaporean cybersecurity researchers has uncovered a disturbing reality: dashcams, even offline ones, are increasingly being exploited as convenient surveillance […]

    The post Dash Cam Hack: How Criminals Can Seize Control in Seconds appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Investigation Defender portal Issue That Blocking Users Access

    ·

    ,

    Microsoft is currently investigating a service disruption affecting the Microsoft Defender portal, which has blocked numerous security professionals from accessing critical threat management tools.

    The issue, tracked under the identifier DZ1191468 in the Microsoft 365 admin center, sparked concerns early Tuesday as administrators reported timeouts and login failures when attempting to load the security dashboard.​

    The disruption began earlier today, with users across multiple regions experiencing difficulties reaching the Defender portal (security.microsoft.com). According to Microsoft’s status updates, the root cause has been linked to an unexpected “spike in traffic” that overwhelmed the service’s access capabilities.

    While the portal is essential for Security Operations Center (SOC) teams to monitor alerts, investigate incidents, and manage endpoint security, the outage effectively left some organizations temporarily blind to real-time threat data.

    Microsoft’s Official Response

    Microsoft acknowledged the problem quickly, assigning it the case ID DZ1191468. In a statement provided to administrators, the company confirmed the nature of the anomaly:

    Following the implementation of traffic management mitigations, service availability has largely recovered. However, Microsoft notes that while the core issue is resolved, they are still “reviewing isolated error reports” to ensure complete stability for all tenants.

    For enterprise security teams, access to the Microsoft Defender portal is non-negotiable. It serves as the central hub for Extended Detection and Response (XDR), allowing analysts to triage malware alerts and isolate compromised devices.​

    Even brief access interruptions can impede a SOC’s ability to respond to active threats or verify automated remediations. During the downtime, automated background protection services (like Defender Antivirus on endpoints) likely remained operational, but the administrative visibility required for human oversight was temporarily severed.

    Administrators experiencing lingering connection issues are advised to monitor the Service Health Dashboard in the Microsoft 365 admin center under DZ1191468 for the latest recovery confirmation.​

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft Investigation Defender portal Issue That Blocking Users Access appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

    ·

    Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper. The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Early Indicators of Insider Threats Through Authentication and Access Controls

    ·

    ,

    Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalate into confirmed breaches. Most insider threats do not announce themselves with apparent malicious activity. Instead, security teams encounter subtle […]

    The post Early Indicators of Insider Threats Through Authentication and Access Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶