1010.cx

  • What is Autonomous Penetration Testing and How Does it Work?

    ·

    This week in cybersecurity from the editors at Cybercrime Magazine

    Sausalito, Calif. – Feb. 3, 2026

    Read the full story from BreachLock

    Everything you always wanted to know about penetration testing but were afraid to ask can be found in a widely popular blog post from BreachLock, a leading vendor in the Penetration Testing-as-a-Service (PTaaS) market over the past five years, according to Gartner.

    The experts at BreachLock provided Cybercrime Magazine readers with a new blog post that answers a frequently asked question: What is autonomous pentesting, and how does it work?

    Autonomous Penetration Testing is a modern pentesting approach that uses Artificial Intelligence (AI) technologies such as machine learning and natural language processing to autonomously and continuously simulate cyberattacks on enterprise systems with minimal or no human involvement.

    These AI-enabled tools test environments like real attackers would, dynamically planning, executing, pivoting, and moving laterally to uncover weaknesses before a threat actor can exploit them.

    Generative AI-powered autonomous penetration testing systems continuously adapt to changes in enterprise infrastructure and the evolving threat landscape. This enables simulation of complex attack paths aligned with modern attacker tactics, techniques, and procedures (TTPs).

    Read the Full Story

    Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:

    • SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
    • NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
    • HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
    • VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
    • M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
    • BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
    • PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
    • PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
    • RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.

    Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.

    The post What is Autonomous Penetration Testing and How Does it Work? appeared first on Cybercrime Magazine.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms

    ·

    , , ,

    A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python‑based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly exfiltrating them to attacker‑controlled infrastructure. On macOS, threat actors increasingly rely on social engineering and […]

    The post Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • French Authorities Raid X Office Following Cybercrime Allegations

    ·

    ,

    French authorities raided the Paris headquarters of Elon Musk’s social media platform X today, escalating a year-old cybercrime probe into alleged algorithmic manipulation and illicit content distribution.

    The operation, led by the Paris prosecutor’s cybercrime unit alongside France’s national cybercrime police and Europol, marks a significant intensification of scrutiny on X’s data practices and moderation failures.

    The search commenced early Tuesday at X’s French offices, focusing on evidence related to suspected abuses. Prosecutors have summoned Musk, X’s chairman, and former CEO Linda Yaccarino, who resigned in July 2025, for voluntary questioning on April 20 in Paris, alongside other employees as witnesses. No arrests were reported, and the probe remains preliminary, with authorities emphasizing compliance with French digital laws.

    Opened on January 5, 2025, following a lawmaker’s complaint, the inquiry initially focused on claims that biased algorithms were distorting automated data processing systems on X.

    It expanded in July 2025 amid reports of X’s AI chatbot Grok disseminating Holocaust denial content and sexually explicit deepfakes infringing image rights. Further allegations include complicity in retaining and distributing child exploitation imagery, potentially punishable by up to 10 years in prison under French law.

    Specific Cybercrime Allegations

    Investigators are probing “fraudulent data extraction” and organized manipulation of X’s recommendation algorithms, which allegedly amplified harmful content.

    The case also examines Grok’s role in generating or promoting illegal materials, highlighting vulnerabilities in AI moderation on social platforms. Europol’s involvement underscores cross-border concerns over platform accountability in cyber-enabled crimes like deepfake proliferation and non-consensual imagery.

    X has not yet commented on the raid but previously dismissed the probe as “politically motivated,” denying algorithm tampering or data breaches.

    In a notable backlash, the Paris prosecutor’s office announced it would cease using X for official communications, pivoting to LinkedIn and Instagram. This move amplifies tensions between regulators and tech giants amid Europe’s push for stricter digital services enforcement.

    The raid signals heightened French enforcement against Big Tech’s cyber risks, from AI-driven misinformation to content moderation lapses.

    Experts warn it could set precedents for international probes into algorithmic bias and deepfake threats, urging platforms to bolster AI safeguards. As hearings loom, X faces potential fines or operational curbs in the EU, underscoring the collision of free speech and cybercrime prevention.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post French Authorities Raid X Office Following Cybercrime Allegations appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft to Disable NTLM by Default as a Step Towards More Secure Authentication

    ·

    , ,

    The transition away from NTLM (New Technology LAN Manager), a legacy authentication protocol that has existed in Windows for over three decades, is being accelerated.

    The company has announced a phased roadmap to reduce, restrict, and ultimately disable NTLM by default in upcoming Windows releases, marking a significant evolution in Windows authentication security.

    NTLM has long served as a fallback authentication mechanism when Kerberos is unavailable.

    However, the protocol’s age and inherent cryptographic weaknesses make it vulnerable to replay, relay, and pass-the-hash attacks.

    Microsoft’s Three-Phase Transition Plan(source: Microsoft)
    Microsoft’s Three-Phase Transition Plan(source: Microsoft)

    Three-Phase Roadmap for Smooth Transition

    As modern security threats continue to evolve, NTLM’s susceptibility to these attack vectors poses significant risks to enterprise environments.

    Microsoft’s decision to disable NTLM by default reflects the need to adopt stronger, Kerberos-based authentication mechanisms that align with contemporary security standards.

    The transition follows a three-phase approach designed to minimize organizational disruption.

    PhaseTimelineKey FocusDetails
    Phase 1Available nowVisibility & AuditingShows where NTLM is used across systems.
    Phase 2Second half of 2026Reduce NTLM UsageEnables Kerberos in NTLM fallback cases.
    Phase 3Future Windows releaseDisable by DefaultNTLM off by default with legacy support.

    Importantly, Microsoft will provide built-in support for handling legacy NTLM-only scenarios. Minimizing application breakage for organizations with older systems or custom applications.

    Backward Compatibility Maintained During Migration

    The company emphasizes that disabling NTLM by default does not mean complete removal.

    NTLM will remain present in the operating system and can be re-enabled via policy if necessary, ensuring backward compatibility during the transition period.

    This approach balances meaningful security improvements with practical organizational needs.

    Organizations should begin preparing now by deploying enhanced NTLM auditing, mapping application dependencies, and migrating workloads to Kerberos.

    Testing NTLM-disabled configurations in non-production environments. Microsoft encourages enterprises to engage identity, security, and application owners to ensure smooth transitions.

    For organizations facing unique NTLM-dependent scenarios, Microsoft has established ntlm@microsoft[.]com as a point of contact.

    This phased, collaborative approach positions Windows for a more secure, passwordless future while maintaining supported migration pathways for enterprise environments.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft to Disable NTLM by Default as a Step Towards More Secure Authentication appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials

    ·

    , ,

    A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins with a professionally crafted phishing email containing a PDF attachment. The malicious payload leverages legitimate […]

    The post Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Mozilla Unveils Kill Switch to Disable All Firefox AI features

    ·

    , , ,

    Firefox 148 introduces comprehensive AI controls, giving users greater control over artificial intelligence features built into the browser.

    The new security-focused setting provides a centralized toggle to block current and future generative AI functionalities.

    Addressing growing privacy and security concerns among users who reject AI integration in their browsing environment.

    The “Block AI enhancements” toggle represents a significant shift in browser security architecture.

    When activated, this kill switch disables all AI-powered features across Firefox and prevents notifications or prompts encouraging the adoption of AI features.

    This granular control mechanism addresses cybersecurity best practices by allowing organizations. Privacy-conscious users need to eliminate potential attack vectors introduced through AI-driven features.

    Firefox AI controls overview( source : mozilla)
    Firefox AI controls overview (source: Mozilla)

    Individual AI Feature Management

    Firefox’s AI controls section in desktop settings lets users selectively manage five distinct AI functionalities. The first feature is intelligent translation, enabling multilingual browsing without third-party translation services.

    The second enhancement adds accessibility-focused alt text generation for PDF documents, using AI to describe images automatically.

    Third, AI-enhanced tab grouping suggests related browsing contexts and assigns descriptive group names based on content analysis.

    The fourth feature implements link preview functionality, extracting and displaying summarized content before users navigate to external URLs.

    Finally, the integrated AI chatbot sidebar supports multiple AI models, including Anthropic Claude, ChatGPT, Microsoft Copilot, Google Gemini, and Le Chat Mistral, enabling conversational assistance during browsing sessions.

    This update reflects Mozilla’s recognition of growing user apprehension regarding AI-driven data processing and potential security risks.

    The persistent preference storage mechanism ensures user settings remain stable across Firefox updates.

    Preventing automatic re-enablement of disabled features during system refreshes is a critical security consideration for enterprise deployments.

    Early access to these AI controls is available through Firefox Nightly, enabling security researchers and technical users to conduct vulnerability assessments and evaluate potential AI-related threat vectors before widespread deployment.

    Mozilla’s approach contrasts sharply with other browsers that implement AI features by default.

    By prioritizing user agency and security-first design, Firefox sets a precedent for responsible AI integration in internet infrastructure.

    This development demonstrates the browser vendor’s commitment to privacy preservation while acknowledging legitimate use cases for AI-assisted functionality.

    The launch of Firefox 148, with comprehensive AI controls, signals industry-wide movement toward user-controlled AI deployment.

    Particularly addressing cybersecurity professionals’ demand for transparent, manageable implementations of artificial intelligence within critical browsing infrastructure.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Mozilla Unveils Kill Switch to Disable All Firefox AI features appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data

    ·

    ,

    A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed lures and malicious attachments that masquerade as Word or PDF files to trick employees into executing an AppleScript-based payload. Attackers begin by sending emails asking recipients to “confirm the company’s […]

    The post Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Beware of Malicious Party Invitations that Tricks Users into Installing Remote Access Tools

    ·

    , ,

    A new phishing campaign is tricking people with fake party invitations that secretly install remote access software on Windows computers.

    The attack uses social engineering to deliver ScreenConnect, a legitimate remote support tool, allowing threat actors to gain complete control of victim systems.

    What appears to be a harmless invitation from a friend turns into a serious security breach that gives attackers unrestricted access to personal files, credentials, and sensitive data.

    The campaign begins with emails designed to look like casual party invitations from trusted contacts.

    These messages often come from compromised email accounts, making them appear authentic and familiar.

    The informal tone and social context lower suspicion, encouraging recipients to click without hesitation.

    Malicious party invitation (Source - Malwarebytes)
    Malicious party invitation (Source – Malwarebytes)

    Malwarebytes researchers identified this campaign primarily targeting users in the United Kingdom, though there are no technical barriers preventing its expansion to other regions.

    When victims click the link in the email, they land on a carefully crafted webpage that mimics a genuine event invitation.

    The page displays a bold headline reading “You’re Invited!” along with messages suggesting a friend sent the invitation and that it should be viewed on a Windows device.

    A countdown timer creates urgency by indicating the invitation is already downloading, while social proof statements like “I opened mine and it was so easy!” push users toward executing the file.

    Within seconds, the browser automatically downloads a file named RSVPPartyInvitationCard.msi.

    The downloaded MSI file is not an invitation at all but an installer that launches Windows Installer (msiexec.exe) to silently deploy ScreenConnect Client on the victim’s computer.

    Malwarebytes analysts noted that the installation happens without clear user-facing notifications, making it difficult for victims to realize what is occurring.

    Malicious landing page prompting MSI download (Source - Malwarebytes)
    Malicious landing page prompting MSI download (Source – Malwarebytes)

    The process installs ScreenConnect binaries under C:\Program Files (x86)\ScreenConnect Client\ and creates a persistent Windows service with randomized characters in its name, such as ScreenConnect Client 18d1648b87bb3023.

    How the Remote Access Tool Establishes Control

    Once ScreenConnect is installed, it initiates encrypted HTTPS connections to ScreenConnect relay servers using a uniquely assigned instance domain.

    This connection grants attackers the same capabilities as a remote IT technician, including viewing the victim’s screen in real time, controlling the mouse and keyboard, uploading or downloading files, and maintaining access even after system restarts.

    Since ScreenConnect is legitimate software commonly used for remote support, traditional security tools may not flag it as malicious.

    The first signs of compromise often appear as behavioral anomalies, such as unexplained cursor movements, windows opening without user input, or unfamiliar processes running in the background that victims do not remember installing.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Beware of Malicious Party Invitations that Tricks Users into Installing Remote Access Tools appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems

    ·

    , , , , , , , , ,
    Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Chollima APT Hackers Weaponize LNK File to Deploy Sophisticated Malware

    ·

    , ,

    The Ricochet Chollima advanced persistent threat group has launched a targeted campaign against activists and organizations focused on North Korea, beginning in March 2025.

    The operation, named “Operation: ToyBox Story” by Genians Security Center, relies on a clever combination of social engineering and malware delivery tactics.

    Attackers send spear-phishing emails that appear to come from credible sources, specifically impersonating North Korea-focused security experts.

    These emails contain Dropbox links that lead to compressed archives holding malicious Windows shortcut files. The victims unknowingly download files that trigger hidden code execution when opened.

    The attack demonstrates significant sophistication in disguising malicious content. Threat actors crafted emails with subject lines referencing North Korean troops deployed to Russia, using culturally relevant content to increase the likelihood of user engagement.

    The email attachments mimic Hangul document icons—commonly associated with legitimate Korean word processors—to deceive recipients into thinking they are opening standard documents rather than executable files.

    Operation. ToyBox Story (Source - Medium)
    Operation. ToyBox Story (Source – Medium)

    This social engineering approach proves effective because users trust familiar file icons and organizations they believe are sending the messages.

    An Offensive Security Engineer, S3N4T0R, noted the malware after analyzing the campaign’s technical characteristics and infection chain.

    S3N4T0R identified how the attack progresses through multiple stages, each designed to evade security tools and maintain persistence on compromised systems.

    The analysis revealed that attackers deliberately structured the malware to stay hidden in system memory rather than writing files to disk.

    Fileless Execution Through Memory Injection

    The most dangerous aspect of this malware involves its ability to execute code without leaving traces on the hard drive.

    When victims extract the ZIP archive and open the seemingly innocent document file, a hidden PowerShell command embedded within the shortcut executes silently.

    This command launches a batch file named “toy03.bat,” which then loads a file called “toy02.dat” from the temporary folder.

    Toy.bat (Source – Medium)

    The loader decodes XOR-transformed data and injects shellcode directly into memory, bypassing traditional file-based detection methods.

    Once loaded into memory, the malware creates a new executable thread to run the injected code.

    This technique, known as fileless malware execution, presents serious challenges for security teams because the malicious program leaves minimal evidence on disk.

    The malware then establishes communication through Dropbox API channels, allowing attackers to send commands and receive stolen data while hiding their activities within legitimate cloud service traffic.

    This approach represents a significant evolution in APT tactics, leveraging trusted services to conceal malicious operations and making detection substantially more difficult for defenders.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post Chollima APT Hackers Weaponize LNK File to Deploy Sophisticated Malware appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶