Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.
"The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis.
The tech giant noted that

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-7mpr-5m44-h73r: markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

GHSA-75v8-2h7p-7m2m: Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…

Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control. Learn about the flaws, affected models and the urgent need to apply Planet’s patches.

Cybersecurity firm Immersive has identified critical security weaknesses affecting network management tools and industrial switches manufactured by Planet Technology, a Taiwanese IP-based networking products manufacturer. According to their blog post, shared with Hackread.com, these issues can allow attackers to control all network devices managed by these vulnerable.

Immersive’s team, led by security researcher Kev Breen, discovered multiple vulnerabilities in the company’s industrial control systems. The team initiated an investigation after the company’s products were flagged as vulnerable by CISA in a security advisory in December 2024.

Researchers obtained firmware from the Planet Technology website, and compressed firmware files using the BIX format (a variation of GZIP) for easy extraction. Techniques like UART logging (the process of capturing and recording data transmitted and received through the Universal Asynchronous Receiver/Transmitter (UART) interface) and tools like Binwalk were used to verify and understand the reported issues.

During their research, apart from the vulnerabilities mentioned in CISA’s report, the team uncovered additional previously undisclosed critical flaws. These issues were detected by examining the internal software of Planet Technology’s network management systems (used to remotely oversee numerous Planet devices) and industrial switches (specifically models WGS-80HPT-V2 and WGS-4215-8T2S). Here’s a breakdown of the identified issues:

*   CVE-2025-46271 (Planet network management systems)
*   CVE-2025-46274 (Planet network management systems)
*   CVE-2025-46272 (WGS-80HPT-V2 and WGS-4215-8T2S industrial switches)
*   CVE-2025-46275 (WGS-80HPT-V2 and WGS-4215-8T2S industrial switches)
*   CVE-2025-46273 (Planet network management systems and all managed devices)

CVE-2025-46271 is a pre-authentication command injection flaw in network management systems (NMS) allowing complete control. CVE-2025-46274 involves hard-coded, remotely accessible Mongo database credentials in the NMS, also leading to full control. CVE-2025-46273 reveals hard-coded communication credentials between the NMS and managed devices, enabling remote interception and configuration changes.

For specific industrial switches, CVE-2025-46272 is a post-authentication command injection vulnerability granting root access, and CVE-2025-46275 is an authentication bypass allowing unauthorized configuration modifications and admin account creation. All these flaws pose a significant risk of complete system compromise for affected Planet Technology devices.

As per Immersive’s analysis, hackers could use these weaknesses to run their own commands on the devices and even bypass the login security on some switches. They also discovered that the network management system had hidden, default usernames and passwords (like “client:client” for MQTT and “planet:123456” for MongoDB) that anyone could use. This could allow attackers to see everything happening on the network and even change how the devices are set up.

Using online tools like Shodan and Censys, researchers found many internet-connected Planet Technology devices that could be at risk. Immersive shared their findings with CISA, who helped contact Planet Technology. The company has now released software updates (patches) to fix these problems. CISA is advising all users of these Planet Technology products to take steps to protect their networks as soon as possible.

Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to take.

A serious security vulnerability, identified as CVE-2025-31324, was discovered in SAP NetWeaver’s Visual Composer development server. This critical issue, scoring a perfect 10.0 in severity, stems from a missing check that should verify if a user has the correct permissions and is being actively exploited, reveals a report from Onapsis Threat Intelligence. 

Research reveals that the flaw is active on between 50% and 70% of existing SAP NetWeaver Application Server Java systems, even though it’s not automatically installed.

Reportedly, the vulnerability, first documented by ReliaQuest, exists in the “developmentserver” part of the SAP Visual Composer, a component of SAP NetWeaver 7.xx, designed to create business tools without writing code.

The problem occurs because the system doesn’t properly check if someone accessing the Metadata Uploader feature is actually allowed to do so. This lack of proper authentication and authorization allows unlogged users to access powerful functions.

On April 22nd, ReliaQuest observed suspicious activity on patched SAP NetWeaver servers, suggesting attackers might have been using a different, unknown vulnerability. On the same day, SAP acknowledged unusual files being found on SAP NetWeaver Java systems, as described in their knowledge base article SAP KBA 3593336. On April 24th, SAP released a FAQ document (SAP Note 3596125) confirming that files with extensions like ‘.jsp’, ‘.java’, or ‘.class’ found in specific folders like …\\irj\\root, …\\irj\\work, and …\\irj\\work\\sync are likely malicious. 

Finally, on April 24th, SAP officially announced CVE-2025-31324, clearly stating it was due to a “Missing Authorization check in SAP NetWeaver (Visual Composer development server)”. They confirmed that the root cause is a lack of proper permission checks, allowing unauthorized individuals to upload dangerous executable files and an out-of-band emergency NetWeaver update has been released.

This flaw, classified as a Missing Authorization issue (CWE-862) or Missing Authentication for Critical Function (CWE-306), poses a significant risk of system takeover if exploited, which is why it has earned the highest severity score.

It can be remotely exploited using standard web communication methods (HTTP/HTTPS). Security experts have observed that attackers are targeting a specific web address: /developmentserver/metadatauploader, by sending specially crafted requests and since no login or authentication is needed to carry out an attack, anyone, even without an account, could interact with the system’s vulnerable part and upload any file.

According to Onapsis’s blog post, malicious code files called webshells titled “helper.jsp” or “cache.jsp” are already being uploaded, allowing attackers to execute commands with high-level permissions as software administrators (<sid>adm) and obtaining full control over SAP resources.

> _“Threat actors have been observed uploading web shells to vulnerable systems. These webshells allow the threat actor to execute arbitrary commands in the system context, with the privileges of the adm Operating System user, giving them full access to all SAP Resources.”_
> 
> Juan Perez-Etchegoyen – CTO at Onapsis

SAP urges customers to promptly assess their risk by checking for Java systems, the presence and version of the VCFRAMEWORK component (especially if older than 7.5 or specifically 7.0 with a support package below 16), as the vulnerable component might not be present in basic Java stack or default Solution Manager installations. Implementing the official fix is the only solution to mitigate this risk.

Benjamin Harris, CEO of Attack Surface Management firm watchTowr, warned that unauthenticated attackers are actively exploiting a vulnerability in SAP NetWeaver to upload arbitrary files, leading to full system compromise.

“This isn’t theoretical, it’s happening now,” Harris said, noting that attackers are planting web shell backdoors to deepen their access. He urged immediate patching via SAP Security Note 3594142, emphasizing, “If you thought you had time, you don’t.” Harris added that watchTowr clients were alerted to exposures within 12 hours, thanks to the platform’s rapid detection capabilities.

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
"LAGTOY can be

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

As the Trump administration’s aggressive immigration policy ramps up, people have started to seriously consider their privacy and security when crossing into the United States. That’s especially true when it comes to searches of travelers’ phones and other devices, which US Customs and Border Protection agents have broad authority to search. Fortunately, there are some steps you can take, such as deleting certain apps from your personal phone or using an alternative phone that’s set up just for traveling internationally.

Operatives with Elon Musk’s so-called Department of Government Efficiency (DOGE) have spent the first months of the Trump administration clawing their way into US government systems. It’s now starting to become clear exactly what those systems are and what kind of data on US residents they hold. WIRED this week detailed the 19 systems DOGE operatives have access to just at the Department of Health and Human Services.

Pope Francis died on Monday at age 88. The passing of the supreme pontiff sets in motion a conclave, the secretive process used to select the new pope. To protect the conclave’s integrity and try to prevent leaks, a wide range of security measures will be put in place, from privacy film on windows at the Vatican to signal jammers and sweeps for hidden microphones.

Google recently announced the initial rollout of end-to-end encrypted email for Google Workspace accounts, which is good news for the privacy of enterprise-level users. When a Workspace user emails a non-Workspace account, the recipient gets an invitation to create a guest account so they can read the email. Unfortunately, security experts say, this will likely create new opportunities for phishing attacks, as scammers try to bait people with fake invitations.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

SignalGate is the scandal that just won’t die—at least not if you’re US secretary of defense Pete Hegseth. On Wednesday, The Washington Post reported that Hegseth had installed Signal on a “second computer in his office” so that he could “use Signal in a classified space, where his cellphone and other personal electronics are not permitted, and communicate with ease with anyone.”

The Associated Press on Thursday added to the picture of Hegseth’s reported Signal use, revealing that Hegseth got a second internet line installed that connected directly to the public internet rather than through the Pentagon’s secured connection, according to sources who spoke with the AP. Hegseth allegedly did this so he could use that second computer with Signal installed. Then on Friday, The New York Times found that the phone number associated with Hegseth’s Signal account—the one he used in that infamous group chat—is easily discoverable online, potentially opening him up to targeted cyberattacks by hostile nations.

**Cybercriminals Stole a Record-Breaking $16.6 Billion From US Entities in 2024**

Despite a steady flow of arrests and takedowns of online scammers, cybercriminals are operating at unprecedented levels and making more money than ever. Two reports released this week reveal the stark scale of online criminality. Last year in the United States, businesses and individuals lost $16.6 billion to online crimes, according to the FBI’s Internet Crime Complaint Center—that’s the highest figure ever reported and a leap of 33 percent compared to 2023. In 2024, there were 859,532 complaints about potential online crimes, with the FBI saying phishing and spoofing complaints account for 193,000 of them, followed by extortion with 86,000 complaints. Investment scams, which often involve cryptocurrency, made up more than $6 billion of the total losses, with business email compromise scams leading to losses of $2.7 billion.

Around the same time, the United Nations Office on Drugs and Crime highlighted that giant scam compounds in Southeast Asia—where human trafficking victims are forced to work scamming people—are generating $40 billion in profits per year and keep on growing. These industrial-scale scam organizations, which are often linked to Chinese criminals, heavily use investment scams (sometimes called pig-butchering) to con people out of their life savings and are expanding outside of the region. “It spreads like a cancer,” Benedikt Hofmann of the UNODC said in a statement.

**Google Chrome Won’t Ditch Creepy Tracking Cookies After All**

Back in 2020, Google announced its Chrome browser would stop using third-party cookies, which track people around the web, and would move to a less creepy way of powering its advertising businesses. Web browsers such as Safari, Firefox, and Brave ditched cookies years before Google made the announcement. But this week, after countless U-turns, failed efforts to develop alternatives, and criticism that proposals to replace cookies would favor Google, the company announced it will, in fact, keep the trackers in Chrome.

“We’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome,” wrote Anthony Chavez, the Google VP in charge of its Privacy Sandbox efforts, in a blog post. “As we’ve engaged with the ecosystem, including publishers, developers, regulators, and the ads industry, it remains clear that there are divergent perspectives on making changes that could impact the availability of third-party cookies,” Chavez wrote. While the US government is proposing that Google sell off Chrome as part of its antitrust case against the company, it’s still possible to turn off third-party cookies or use a privacy-friendly browser instead.

Pete Hegseth’s Signal Scandal Spirals Out of Control

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to run code remotely and gain full control.

A severe security vulnerability has been discovered in the Commvault Command Center, a widely adopted solution for enterprise backup and data management. This flaw, tracked as CVE-2025-34028 and assigned a critical severity score of 9.0 out of 10, could allow remote attackers to execute any code they desire on vulnerable Commvault installations without needing to log in.

The dangerous weakness was discovered and responsibly reported on April 7, 2025, by Sonny Macdonald, a researcher with watchTowr Labs. Their analysis revealed that the vulnerability lies within a specific web interface component named “deployWebpackage.do.”

This endpoint is susceptible to a pre-authenticated Server-Side Request Forgery (SSRF) attack due to a lack of proper validation on the external servers the Commvault system is permitted to interact with.

Commvault itself acknowledged the issue in a security advisory released on April 17, 2025, stating that this flaw “could lead to a complete compromise of the Command Center environment,” potentially exposing sensitive data and disrupting critical operations.

However, the SSRF vulnerability is just the starting point to achieving full code execution. Research revealed that attackers can further exploit this by sending a specially crafted ZIP archive containing a malicious “.JSP” file, tricking the Commvault server into fetching it from a server controlled by the attacker. The contents of this ZIP are then extracted to a temporary directory, a location the attacker can influence.

By cleverly manipulating the “servicePack” parameter in subsequent requests, the attacker can scan the system’s directories, moving their malicious “.JSP" file into a publicly accessible location, such as “../../Reports/MetricsUpload/shell.” Finally, by triggering the SSRF vulnerability again, the attacker can execute their “.JSP” file from this accessible location, effectively running arbitrary code on the Commvault system.

However, in this case, the ZIP file is not read in a typical way. Instead, it is read from a “multipart request” before the vulnerable part of the software processes. This could allow hackers to bypass security measures that might block normal web requests.

WatchTowr Labs reported the security issue to Commvault, which quickly addressed it with a patch. The patch was released on April 10, 2025, and the issue was later disclosed on April 17, 2025.

Commvault confirmed that the problem only affected the “Innovation Release” software version 11.38.0 to 11.38.19 for Linux and Windows computers, therefore, the update to version 11.38.20 or 11.38.25 will resolve the issue. watchTowr Labs has also created a “Detection Artefact Generator” to help administrators identify systems exposed to CVE-2025-34028.

This research highlights that backup systems are becoming high-value targets for cyberattacks. These systems are crucial for restoring normalcy after an attack, and if they are controlled, they pose a significant threat primarily because these systems often contain secret usernames and passwords for crucial company computer parts. The severity of the flaw emphasises the need for swift security updates for data protection and backup infrastructure to ensure optimal protection from such attacks.  

Agnidipta Sarkar, VP CISO Advisory, ColorTokens, commented on the latest development, stating, This CVSS 10 flaw allows unauthenticated remote code execution, risking full compromise of Commvault’s Command Center. Immediate, sustained mitigation is essential. If full network shutdown isn’t feasible, tools like Xshield Gatekeeper can quickly isolate critical systems. Without action, the threat of ransomware and data loss is severe.

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…

Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has the potential to make developers more productive, as three systems on the market already provide this: GitHub Copilot, Anthropic’s Claude and OpenAI’s ChatGPT.

Hence, every developer, no matter if he or she specializes in AI or not, needs to understand and realize that as this technology is advancing so rapidly, any of us needs to know what it is, why it is relevant, and how to use it.

In this article, we will explain what generative AI exactly is, what functionality current systems bring, why it is going to be ubiquitous for developers, and tips on how to start working with it. Additionally, we’ll bust some of the generative AI replacement of developers altogether. Acquiring this new tool and doing so while not becoming too attached to it will give technology an advantage over other forms of technology.

****What is Generative AI?****

Machine learning systems that generate digital content, novel and of high-quality on-demand are generative AI. It includes anything from images, audio, and video to text as well as computer code and companies are increasingly turning to generative AI development services to harness their full potential.

In contrast to the analysis most AI has been focused on to date (categorizing existing data), generative models create brand-new artefacts. Advances in deep learning have enabled them to take in enormous datasets and to build an understanding to generate outputs that have never been seen before.

Prominent examples include DALL-E 3 for images, Jasper for audio, and GitHub Copilot for code. These models can take in a text prompt and return a relevant, realistic output in seconds without manual programming.

****Current Capabilities for Developers****

For programmers specifically, generative AI promises to boost their productivity. Modern systems can suggest entire code functions or applications based on English descriptions to save developers time and reduce bugs.

GitHub Copilot, for example, is a plugin for code editors like VS Code. As a developer writes a function, Copilot can suggest full implementations by analyzing existing code and understanding the English context. It can complete boilerplate code, debug issues, integrate APIs, and more.

Claude 3.7, Anthropic’s writing assistant, offers interactions that fall into the same category as writing assistants. Conversing with an AI in plain English to translate ideas into code in code. You can give an application what to do, walk through examples, ask questions to clarify, and Claude gives you runnable programs.

Such early examples show how generative AI accepts natural language rather than rigid, fixed rules as older technologies were; it is based on accepting natural language as input. With this, it is more intuitive and even accessible.

****Why Every Developer Should Care****

Even if you don’t specialize in AI, there are compelling reasons all technologists should closely monitor advancements in generative models:

It will become ubiquitous whether you like it or not

There is too much momentum and progress for generative AI not to infiltrate software workflows. OpenAI alone recently received nearly $750 million from Microsoft, plus more from other tech giants using its systems. With so much investment, expect rapid improvements.

It will make you more productive

Studies on Copilot show it can boost developer velocity by at least 30% once accustomed to the workflow. You don’t want competitors leveraging generative AI to build faster while you code manually.

It reduces simple but time-consuming tasks

No developer enjoys manually writing boilerplate code, documentation, tests, etc. But these tasks still take up a lot of time. Generative AI can autogenerate these routine but necessary functions to focus human efforts on complex problem-solving.

It handles legacy systems, so you don’t have to

Generative models are great for working with legacy systems. They integrate easily with outdated codebases, protocols and architectures that human engineers don’t want to work with. This allows you to build new solutions as opposed to keeping old ones.

It makes you a 2x engineer

Conceptual breakthroughs are created by outstanding developers and used to have an impact across the board. Generative AI’s power is that any engineer can create any logic in reality at least 2x faster (PDF). This technology enables world-changing applications to be brought to market today instead of months or years from now.

****How To Prepare as a Developer****

Generative AI will soon be a basic skill for professional engineers, like using IDEs or version control. Here are key ways to get ahead of the curve:

*   Experiment with GitHub Copilot, Claude, and related playgrounds. Get firsthand experience prompts that can spark whole applications.

*   Don’t fear; these tools will “take your job.” Enhance your human creativity with AI as a force multiplier. Find gaps in existing models where humans still shine over pure automation.

*   Advocate for adopting these tools at your company early, before the competition does. Pitch how it benefits users and customers, alongside developers.

*   Develop feedback loops, sharing why certain generated outputs are valuable or inadequate. The more humans train models, the better they become for everyone.

*   Get to understand the latest research from the company and its efforts. To keep up to date with anthropic frontiers, sign up for newsletters and updates from pioneers: Anthropic, Cohere, Google and others.

AI will never have the capacity to master all tasks, whether those are too unique, dynamic or complex for AI to do on its own. However, use models for what they do well and augment your human skills. This will be the future path of development: combining minds with machines.

****Busting Myths that Generative AI Replaces Developers****

With any disruptive technology, fears and misconceptions often arise around impacts on jobs. Rest assured, human developers will remain essential even as generative AI becomes widespread.

Here are common myths about generative models replacing engineers rather than augmenting them:

*   **Myth.** AI can build full-stack consumer web apps today with no human involvement.

*   **Reality.** Modern systems only generate code, not deploy full-stack apps. You still need developers to integrate outputs, train models, and handle infrastructure.

*   **Myth.** These models understand user needs and product requirements without human input.

*   **Reality.** AI has no sense of end-user behaviour or product thinking. Humans must provide a creative vision and real-world grounding.

*   **Myth.** Generated code is highly reliable and secure.

*   **Reality.** Raw model outputs still contain bugs and vulnerabilities. Humans provide QA, testing, auditing and oversight where AI falls short.

*   **Myth.** Anyone can prompt an AI to build an app without programming skills.

*   **Reality.** You still need engineers to validate code quality, connect components, identify limitations, and guide iterative improvement.

The key is viewing AI as a supportive tool rather than a wholesale replacement. Developers themselves utilize generative models just as they do compilers, debuggers, and clouds. But human creativity, judgment, and oversight remain indispensable.

**Augmenting Developers for the Future**

Hopefully, this breakdown demystifies generative AI and why it matters. These technologies aim to free engineers from drudgery so they can focus on more fulfilling, impactful work only humans can perform.

However, development will transform in the next five to ten years. Those who embrace this shift will have the most dynamic, stimulating, and rewarding careers. Others who deny how software creation is changing risk frustrating obsolescence.

Increasing general coding and automated task democratization means more people can make more ambitious projects than ever before possible. The future of AI-assisted inventions is something developers should cheer about rather than fear, with things remaining the same.

An open-minded attitude towards human and AI coexistence allows engineers to dream bigger, and faster and to make those dreams real. Complex problems in the world are desperate for innovative applications. Shortcuts are provided to that long timeline imposed by traditional code: generative models.

So while modern AI does have clear limits, its rapid pace of progress makes anticipating its potential more prudent than downplaying its capabilities. Get hands-on experience today rather than dismissing models as toys. Help drive breakthroughs by training them ethically. Then code the future you wish to see.

Why Developers Should Care About Generative AI (Even They Aren’t AI Expert)

After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us

If you are worried about revealing your exact location—or if you maybe even fib about it at times—there are some good reasons to worry about what is visible in background photos, because Artificial Intelligence (AI) is getting very good at guessing where you are based on the smallest of clues. And that might even include audio clues, if given the right data.

Our curiosity was triggered by this article in TechRadar claiming that ChatGPT o3 can geo-guess your location from almost any photo. So, we decided to do some tests and removed the metadata from a few selected photographs that I took myself and never published anywhere (for quality reasons, obviously).

Metadata can include technical details like camera settings, date and time, location, and descriptive information like captions or keywords. And we wanted to test the AI’s capability on the picture itself—not on additional data included in the file. I also used a VPN so I didn’t give away my current location.

We started with an easy one. A landmark in a relatively large city, but from a strange perspective. The picture was part of a selfie taken through a window of an office building in Cork.

view over Cork, Ireland

It was no real surprise that ChatGPT got this right.

> “Alright, let’s break this one down — this does have some standout features that make it easier to geo-locate. Here’s the reasoning step by step:”

> **🧱 Architectural Clues:**
> 
> *   The old stone building in the foreground has **Georgian-style windows and masonry**, which are common in parts of the British Isles, especially in **Ireland** and **the UK**.
> *   The clock tower in the back-left with the **green copper dome** is particularly distinctive and often used in civic buildings in Ireland.
> *   The **mix of historical and modern buildings**, with the newer glass-fronted offices across a small river or canal, suggests urban regeneration in a historically rich city.

> **🌉 Infrastructure and Environment:**
> 
> *   The modern bridge with a **blue banner advertisement** and the **tree-lined waterfront** hints at a city that integrates riverways into its urban design.
> *   The road signs and general driving direction suggest **left-hand traffic**, supporting a guess of **Ireland or the UK**.

> **🏛** **Key Landmark:**
> 
> The building with the green dome in the background looks **very much like the clock tower of Cork City Hall in Ireland**. The angle of the shot shows the old Custom House building in front, and the modern offices across the **River Lee**, which runs through Cork.

This was spot on. But surely ChatGPT is not the only AI good at geo-guessing, so we used the same picture to test Perplexity as well.

> “This image provides several strong clues for geo-guessing:
> 
> The architecture of the foreground building is classic Georgian or early Victorian, with grey stone and sash windows—styles common in the British Isles, especially Ireland and the UK.
> 
> The river, modern glass buildings, and the steel bridge suggest a city that blends historical and contemporary elements.
> 
> The most distinctive feature is the clock tower with a green dome in the background. This is a well-known landmark: the Cork Courthouse clock tower in Cork, Ireland.
> 
> The bridge over the river and the combination of old and new buildings align with the area around the River Lee in Cork city centre.
> 
> **Conclusion**
> 
> This photo was taken in Cork, Ireland, looking out over the River Lee. The stone building in the foreground is part of the historic courthouse complex, and the green-domed clock tower is a prominent feature of Cork’s skyline. The modern glass buildings and bridge further confirm this as central Cork, a city known for its mix of heritage and modern development.”

Perplexity provided almost the same level of accuracy, so we decided to raise the difficulty level. A lot.

Landscaping in progress around Dutch holiday home

You’ll have to agree that this photo doesn’t give away a lot. But the AI tools took some unexpected clues from the picture.

Here is what ChatGPT determined:

> **🧩 Visual Clues:**
> 
> 1.  **Architecture:**
>     *   The buildings are modular and prefabricated in appearance, with light-colored paneling and dark window/door frames.
>     *   This type of house is common in northern Europe, especially in the Netherlands, Germany, Denmark, or parts of the UK.
> 2.  **Landscape:**
>     *   Very flat terrain with closely trimmed hedges and grassy areas.
>     *   This suggests low-lying regions—again pointing to places like the Netherlands or Belgium.
> 3.  **Infrastructure & Construction Tools:**
>     *   The pavers being laid and the wheelbarrows used (particularly the yellow color and shape) are very common in northern and western European construction.
> 4.  **Weather and Lighting:**
>     *   Overcast sky and soft, diffused lighting typical of northern Europe in autumn or early spring.
> 5.  **Small Details:**
>     *   The small shed in the back, the organization of tools, and cleanliness/horticulture are consistent with Dutch/German design sensibilities.
>     *   The wheelbarrow has the brand name “Fort”, which is a Dutch manufacturer—this is a **very strong clue**.
> 
> **🌍** **Likely Guess:**
> 
> **The Netherlands** 🇳🇱
> 
> **📍****Narrowing it Down:**
> 
> Given the modular housing, flat landscape, and Fort-brand wheelbarrow, this could be a holiday park, construction site, or suburban area in the Dutch countryside. Possibly in a province like **North Holland**, **South Holland**, or **Friesland** where such structures and environments are typical.

I must admit I was amazed that it mentioned South Holland which is where this photograph was taken.

Perplexity did not come as close as ChatGPT, but the tool did reach this conclusion:

> “Based on architectural style, landscaping, and contextual clues, this scene is almost certainly from the Netherlands. It showcases the country’s embrace of modular housing and practical, tidy outdoor spaces, reflecting broader trends in Dutch residential design and sustainable living.”

Which is still a lot better than I expected when I selected that picture.

**Bird songs**

So, modern AI tools can pick up visible clues. But then I had another idea—call it an epiphany if you will—which deserves a brief explanation. I use an app called Merlin Bird ID which is able to identify birds based on their singing.

Some bird species are a lot more local than others, so I asked Perplexity:

> “Would it be possible to do geo-guessing based on bird songs? And how many species do you think it would take to make a good guess?”

The answer:

> “How Many Species Are Needed?
> 
> One Species: Sometimes, a single species is enough if it’s highly range-restricted (e.g., endemic to an island or a small region). However, this is rare.
> 
> A Few Species (3–5): In most cases, hearing three to five distinct species can allow for a strong guess, especially if their ranges only overlap in a limited area.
> 
> More Species, More Precision: The more species you can identify, the more precisely you can geo-locate. With about 10–15 species, especially if some are local specialties, you can often narrow it down to a specific region, habitat, or even a particular park or reserve.”

So, I tried an experiment and offered both AI tools (ChatGPT and Perplexity) a list of bird song matches made from my Merlin Bird ID app. Here is the bird list, and what they tell us about where those birds are located:

**Latin Name**

**Common Name**

**Clue**

**Fringilla coelebs**

Chaffinch

Common across Europe

**Turdus merula**

Eurasian Blackbird

Also common across Europe

**Parus major**

Great Tit

Ubiquitous, widespread

**Grus grus**

Common Crane

Migratory — breeds in Scandinavia, Baltics, parts of Central Europe; passage bird elsewhere

**Carduelis carduelis**

European Goldfinch

Europe and western Asia

**Turdus viscivorus**

Mistle Thrush

Forests, open woodland — common in Europe

**Certhia brachydactyla**

Short-toed Treecreeper

Tells us something — this species avoids northern/colder parts of Europe (rare in the UK, absent in Scandinavia)

**Ardea alba**

Great Egret

Formerly rare in Europe, but now expanding — increasingly common in wetlands and rivers of Central and Southern Europe

**Sylvia atricapilla**

Eurasian Blackcap

Woodland; migratory in north, resident in south

**Anthus trivialis**

Tree Pipit

Breeds in open woodlands across Europe; migratory

**Vanellus vanellus**

Northern Lapwing

Farmland, wet grasslands; declining in the west but still widespread

In analyzing this list, Perplexity was the “winner,” able to more accurately guess my location:

> “Given all of these factors, my best guess is that you were somewhere in Northern Europe, likely Germany, Denmark, the Netherlands, or the UK. Without more information about habitat (e.g., forest, farmland, coast), it’s difficult to narrow it down further.”

Here was ChatGPT’s response to the same bird song list:

> **🗺️** **My Final Geo-Guess:**
> 
> You were likely in **Germany** — possibly in **northern or eastern Germany** (e.g., Brandenburg or Mecklenburg-Vorpommern), which is:
> 
> *   On the **Grus grus migration route**
> *   Rich in mixed forests and wetlands
> *   Within the range of **Certhia brachydactyla**
> *   Likely to host **all the species** you heard, in late April

In reality, the birds were recorded near the Dutch-German border, which put ChatGPT off by almost 400 miles, whereas Perplexity mentioned both countries I was in or close to, but covered a large area with its geo-guess.

**Conclusion**

If you’re making selfies or vlogging and you don’t want to give away your location, you’ll need to be very aware of your visual and auditory surroundings. A wheelbarrow of a specific brand or the sound of a bird with a limited habitat are enough to provide hints about your location. With enough hints, AI can deduce your exact location.

With social media being used for AI training, it is likely that these results will rapidly gain even more in accuracy.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

Latest News