A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs at risk, reveals a report from vpnMentor. Cybersecurity expert Jeremiah Fowler uncovered an unsecured database containing a whopping 12.2 terabytes of sensitive data, linked to an app-building platform.

The exposed database, which was neither encrypted nor protected by a password, held 3,637,107 records. These records included names, email addresses, physical addresses, and details about payments for what appeared to be both users and app creators.

According to Fowler’s report, internal files and the database’s name suggested the data belonged to Passion.io, a company based in Texas/Delaware. Passion.io provides a no-code platform, allowing individuals like creators, coaches, and celebrities to build their own mobile apps without needing technical skills. These apps enable users to offer interactive courses and earn money through subscriptions or one-time purchases.

The exposed information, including personally identifiable information (PII) like names addresses, and even images, carries significant risks. Fowler warns that such data can be used by criminals for “phishing or social engineering attacks,” which are a common starting point for cybercrimes. Leaked email addresses and purchase histories can be used to trick individuals into revealing more personal or financial details by impersonating a trusted company.

Furthermore, the exposure of user profile images, some of which included children, raises serious privacy concerns. These images could potentially be misused for impersonation, creating fake accounts, or other online scams.

Source: vpnMentor

The researcher noted that even seemingly harmless images could be “potentially weaponized or used for unethical purposes.” Beyond personal data, the database also contained video files and PDF documents that appeared to be premium content sold by app creators, along with internal financial records, which could undermine creators’ revenue and give competitors insight into the company’s operations.

**Kudos to Passion.io’s Transparency**

Upon discovering the leak, Fowler promptly informed Passion.io. The company acted swiftly, restricting public access to the database on the same day. Passion.io acknowledged the finding, stating their “Privacy Officer and technical team are working on fixing the issue, making sure this can’t happen again.”

Nevertheless, if your company processes data, here are 5 key steps to follow to avoid database misconfigurations and prevent data leaks like the one affecting Passion.io. It is worth noting that these following steps won’t guarantee perfection, but they lower the chance of leaving a database exposed and leaking user data:

****1\. Enforce Authentication and Access Controls****

*   Implement multi-factor authentication for administrative access.

*   Use role-based access to limit who can view or modify sensitive data.

*   Never leave a database exposed without a password or access control.

****2\. Encrypt Data at Rest and In Transit****

*   Use strong encryption protocols and manage keys securely.

*   Ensure all sensitive data is encrypted both on disk and during transfer.

****3\. Automate Misconfiguration Detection****

*   Set up alerts for public exposure or unusual access patterns.

*   Use cloud security tools or configuration scanners (e.g., AWS Config, GCP Security Command Center) to detect misconfigurations in real-time.

****4\. Conduct Regular Security Audits and Pen Tests****

*   Test not just your app but also your storage and database layers.

*   Perform routine vulnerability assessments and penetration tests on your infrastructure.

****5\. Train DevOps and Technical Teams on Security Best Practices****

*   Keep documentation updated and enforce policies during development.

*   Make sure all team members handling infrastructure know how to secure cloud databases, manage permissions, and spot risky configurations.

Unsecured Database Exposes Data of 3.6 Million Passion.io Creators

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies circulating on the dark web.

A new report from NordVPN highlights the severe privacy risks associated with web cookies, which are small files websites store on your device to remember your browsing activity. The research, conducted in partnership with threat exposure management platform, NordStellar, uncovered approximately 93.7 billion stolen cookies available for sale in underground online marketplaces.

Researchers analyzed data from Telegram channels between April 23 and April 30, 2025, resulting in a dataset of around 94 billion cookies. The researchers analyzed the cookies’ active or inactive status, malware used, country of origin, data content, the company, the user’s OS, and keyword categories assigned to users. NordVPN did not buy stolen cookies or access their contents, but only examined the data within them.

****What’s Inside the Digital Cookie Jar?****

The analysis of these stolen cookies revealed a treasure trove of personal data. When analyzing these stolen cookies, ‘ID’ (Assigned ID was associated with 18 billion cookies) and ‘session’ (associated with 1.2 billion cookies) were identified as the most common keywords, indicating the type of data they held.

These are crucial for maintaining active user sessions on websites, meaning a stolen session ID could grant an attacker direct access to an account without needing a password. Alarmingly, out of the total 93.7 billion stolen cookies analysed, 15.6 billion were still active, posing an immediate threat to users.

This vast collection of compromised data poses a significant threat to personal security, potentially allowing malicious actors to access sensitive information and online accounts. Beyond session data, the report reveals that compromised cookies frequently contained personal details such as names, email addresses, countries, cities, and even passwords.

This information can be exploited for targeted phishing attacks or, in more severe cases, identity theft. Here’s a breakdown of the data attackers can steal via cookies.

Source: NordVPN

****Where Did These Cookies Come From?****

The majority of these stolen cookies were traced back to several major online platforms and originated from a diverse set of countries. Google services alone accounted for over 4.5 billion cookies, with YouTube and Microsoft each contributing more than 1 billion. This indicates that widely used platforms are prime targets for cybercriminals due to the sheer volume of user data they handle.

The primary method of theft involved various types of malware, including infostealers, trojans, and keyloggers. Redline emerged as the most prolific, responsible for stealing almost 42 billion cookies. Check out the list of malicious software used to steal these cookies:

Source: NordVPN

****Protecting Your Digital Crumbs****

Given the widespread threat, cybersecurity experts advise users to take proactive steps to safeguard their online presence.

> _“Cookies may seem harmless, but in the wrong hands, they’re digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide.”_
> 
> Adrianus Warmenhoven, Cybersecurity Expert – NordVPN

Therefore, to stay safe, always be careful when accepting cookies on websites, opting to reject unnecessary ones, especially third-party trackers. Also, regularly clear cookies from your browser to limit the window of opportunity for attackers.

Furthermore, using security tools like anti-malware software and Virtual Private Networks (VPNs) can significantly enhance protection. It helps block malicious websites, scan downloads for threats, and encrypt internet traffic, making it harder for cybercriminals to snatch your digital cookies.

Nearly 94 Billion Stolen Cookies Found on Dark Web

Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these…

Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these sophisticated attacks trick users into running malware and what to watch out for.

Cybersecurity experts at Cofense Intelligence are warning hotel chains and other businesses in the food and accommodation sector about an email scam that mimics Booking.com. These deceptive emails are part of attack campaigns known as ClickFix, which aims to trick users into running malicious software.

The ClickFix campaign has been steadily gaining traction since November 2024, with a notable acceleration in recent months. According to Cofense’s analysis, a staggering 47% of the total campaign volume was observed in March 2025 alone.

The firm’s active threat reports (ATRs) indicate that 75% of all incidents involving fake CAPTCHAs utilized Booking.com-themed ClickFix templates. While Booking.com impersonations are most common, Cofense also noted less frequent variations, including those spoofing Cloudflare Turnstile and cookie consent banners.

****How the Scam Works****

The scam begins with an email containing a link to a fake CAPTCHA website. A CAPTCHA is usually a test designed to tell humans and computers apart, like typing distorted letters. In this case, however, the fake CAPTCHA is a trick. Instead of a real verification code, clicking on it delivers a harmful script to the user’s computer.

These ClickFix websites then instruct users to press specific keyboard shortcuts, typically Windows key + R, followed by Ctrl + V, and then Enter. This sequence opens the Run command in Windows, pastes the hidden malicious script, and then executes it. The malicious script often includes extra characters that look like a _verification code_ to hide the real harmful commands.

These sites are cleverly designed to look like legitimate pages from well-known brands such as Booking.com and Cloudflare. Interestingly, the scam only targets Windows computers, and if accessed on other devices, the fake CAPTCHA sites will display a message indicating they only work on Windows.

****What Malware is Being Delivered?****

Once the malicious script is run, it can install various types of dangerous software. The most common payload seen in these attacks is XWorm RAT, a type of Remote Access Trojan (RAT). For your information, RATs allow attackers to secretly control a victim’s computer from a distance.

Other frequently observed malware include Pure Logs Stealer and DanaBot, which are information stealers designed to swipe sensitive data. In some instances, both RATs and information stealers have been delivered in a single attack.

Sample Attack Chain (Source: Cofense)

This ClickFix method is a concerning new tactic because it manipulates users into activating the malware themselves, without needing to download any files directly. It highlights the importance of being cautious about suspicious emails, even those that appear to be from trusted sources like Booking.com, and to always double-check the legitimacy of any verification steps or prompts that ask you to run commands on your computer.

For more detailed information on how to spot these ClickFix attacks, refer to Hackread.com’s guide on the techniques used to trick users and how to stay safe.

ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware

After three years of peddling stolen data, BidenCash, one of the web's most brazen cybercrime hubs is offline, and authorities say they're just getting started.

BidenCash cybercrime market seized by global authorities; 145 domains linked to stolen credit card sales taken offline in a major crackdown.

In major news from the cybercrime world, BidenCash, one of the internet’s most notorious marketplaces for stolen credit card data, has been seized and taken offline in a coordinated law enforcement operation involving U.S. and Dutch authorities.

The takedown, officially confirmed on June 4, 2025, involved the seizure of 145 domains connected to the market. Visitors to the once-active URLs now land on a seizure banner posted by the US Department of Justice, FBI, U.S. Secret Service, and Dutch National Police, announcing the end of BidenCash’s online presence, at least for now.

Notice on the now seized BidenCash sites (Image credit: Hackread.com)

**A Market Built on Chaos**

Launched in March 2022, BidenCash quickly made a name for itself in cybercrime circles by doing what most dark web marketplaces avoided: operating in the open. The platform did not require a Tor browser for access and was indexed on the surface web, an intentional strategy to maximize traffic and lure low-skilled cybercriminals.

But what set BidenCash apart was its aggressive self-promotion on multiple occasions in which the site’s administrators leaked millions of stolen credit card numbers for free, as part of marketing campaigns designed to draw in new users.

As reported by Hackread.com in March 2023, BidenCash leaked over two million valid credit cards as part of its birthday anniversary promotion, most of these cards belonged to users in the United States, China, Mexico, India, Canada, and the United Kingdom.

In December 2023, the marketplace administrators leaked 1.6 million credit card details in plaintext. Most recently in April 2025, BidenCash leaked 1 million payment card numbers along with their CVVs, and expiry dates.

One of the leaks from 2023 by BidenCash on the Russian cybercrime forum XSS.IS

Authorities say that over its three-year run, the site had more than 117,000 registered users and facilitated the sale of over 15 million payment card records, generating an estimated $17 million in illicit revenue.

****What Was Seized?****

According to US DoJ’s press release, the operation resulted in the seizure of 145 dark web and clear web domains, cryptocurrency wallets and assets and disruption of “critical infrastructure” supporting the marketplace. Authorities have already begun working on identifying and arresting administrators and affiliates.

Here are the seized dark web and clear net domains used by BidenCash. The dark web domains now redirect users to Bidencash.usssdomainseizure.com with the same takedown notice:

https://bidencash.bid

https://bidencash.asia

http://biden3veilozweo2xubiusixn4kbfbbih23s6xsd35bzsuaz2weiz4yd.onion 

http://biden3veilozweo2xubiusixn4kbfbbih23s6xsd35bzsuaz2weiz4yd.onion

http://bidencjap2u4hmzh3vtqsyqc54uevcariczl56y7jah4lgof4xzxb5qd.onion

http://bidencjap2u4hmzh3vtqsyqc54uevcariczl56y7jah4lgof4xzxb5qd.onion

The global takedown also had private sector support from cybersecurity organizations including Searchlight Cyber and The Shadowserver Foundation, who helped law enforcement map out BidenCash’s infrastructure and activity over time.

****BidenCash Victims Remain Vulnerable****

While the takedown is a win for cybersecurity, the impact won’t be immediate for victims. Many of the cardholders whose data was sold or dumped on BidenCash are likely still vulnerable, especially if they haven’t changed their banking details or been notified of exposure.

It is advised that consumers and businesses monitor their accounts closely, use two-factor authentication, and freeze credit if possible, particularly if they suspect any prior compromise.

**What Comes Next?**

BidenCash may be gone, but its users, and its model, are not. For now, the BidenCash seizure shows that cybercrime isn’t invisible. And for a market that gained attention with public data dumps, its end came just as publicly with victims having the last laugh.

Feds Seize BidenCash Carding Market and Its Crypto Profits

Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.

Hackers have leaked what they claim is AT&T’s database which was reportedly stolen by the ShinyHunters group in April 2024 after they exploited major security flaws in the Snowflake cloud data platform. But is this really the Snowflake-linked data? We took a closer look.

As seen by the Hackread.com research team, the data was first posted on a well-known Russian cybercrime forum on May 15, 2025. It was re-uploaded on the same forum on June 3, 2025, after which it began circulating among other hackers and forums.

The screenshot shows the data now leaked on two cybercrime forums. While hackers claim it contains 70 million customer records, Hackread.com confirms it actually holds 86 million AT&T customer records. (Image Credit: Hackread.com)

After analyzing the leaked data, we found it contains a detailed set of personal information. Each of these data points poses a serious privacy risk on its own, but together, they create full identity profiles that could be exploited for fraud or identity theft. The data includes:

*   **Full names**

*   **Date of birth**

*   **Phone numbers**

*   **Email addresses**

*   **Physical addresses**

*   **44 Million Social Security Numbers (SSN) (43,989,219 in total)**

****Plain Text and Full Social Security Numbers (SSNs) Leaked****

Here’s the troubling part: the threat actor claims that both date of birth and Social Security numbers (SSNs) were originally encrypted but have since been fully decrypted and are now included in the leaked data as plain text. Put simply, if you’re an AT&T customer, your SSN could be part of this leak.

Screenshot from the leaked data (Credit: Hackread.com)

Not that it changes much; your SSNs were likely already exposed in the August 2024 National Public Data breach, where a now-arrested hacker using the alias USDOD, leaked over 3.2 billion SSNs and other personal details online.

****Background of AT&T Snowflake Data Breach****

AT&T has a long history of large-scale data breaches, so if this feels familiar, you’re not imagining it. Buckle up, this is just the latest in a growing list.

In April 2024, as reported by Hackread.com, AT&T experienced a major data breach when hackers accessed its Snowflake cloud environment, compromising the call and text metadata of nearly 110 million customers.

The breach lasted from May 2022 to October 2022 and included some records from January 2023, exposed phone numbers, interaction counts, and call durations, though not the content of communications or personally identifiable information.

The cyberattack was part of a large-scale campaign targeting over 160 Snowflake customers. Hackers exploited stolen credentials lacking multi-factor authentication to infiltrate these environments.

AT&T’s compromised data was stolen by a hacker associated with the ShinyHunters group. Reports indicate that AT&T paid a ransom of approximately $370,000 in Bitcoin to have the stolen data deleted, a transaction facilitated through an intermediary known as Reddington.

It’s worth noting that the ShinyHunters group also took credit for the major Ticketmaster data breach connected to the Snowflake security lapse in which data of 560 million users was put to sale online.

In response to the breach, AT&T initiated an incident response process with third-party cybersecurity experts, closed the unauthorized access point, and notified affected customers. The company stated that it does not believe the data is publicly available.

The breach prompted scrutiny from US lawmakers, with Senators Richard Blumenthal and Josh Hawley demanding explanations from AT&T and Snowflake regarding the security lapses that led to the incident. They expressed concerns about the misuse of the compromised data by malicious actors.

****Is this the AT&T Database from Snowflake Breach? Not So Fast.****

The threat actor behind the latest leak claims the database contains 70 million AT&T customer records stolen in April 2024 by exploiting a major security vulnerability in the Snowflake cloud data warehouse.

“Originally one of the databases from the Snowflake breach, here is my backup I created,” the account behind the data leak stated. But does that claim hold up? Not quite.

Hackread.com’s analysis reveals that the dataset actually includes more than 88 million (88,320,018) records. After removing duplicates, the number drops to more than 86 million (86,017,090) unique entries, far more than the claimed 70 million.

There’s another issue. The database contents don’t fully match what was reported in the Snowflake-related AT&T breach. That breach reportedly exposed nearly 110 million customer records, including call and text metadata; none of which appears in this leak.

So, is this a partial AT&T database from the Snowflake breach? Maybe, maybe not. But unless AT&T officially confirms it, there’s no way to say for certain.

****But, There’s More****

In August 2021, the notorious hacking group ShinyHunters claimed to possess a database containing the personal information of over 70 million AT&T customers. They listed this data for sale on the now-seized Raid Forums marketplace, starting at $200,000.

Hackread.com reviewed sample records provided by the group back in 2021, which included full names, addresses, ZIP codes, dates of birth, email addresses, and encrypted Social Security Numbers (SSNs). AT&T responded by stating that, based on their investigation, the information did not appear to originate from their systems.

However, in April 2024, after nearly two years of denial, AT&T acknowledged the August 2021 data breach when ShinyHunters leaked the full database on BreachForums. “Based on our preliminary analysis, the dataset appears to be from 2019 or earlier, affecting approximately 7.6 million current AT&T account holders and 65.4 million former account holders,” the company admitted.

****Similarities and Differences Between the April 2024 AT&T Leak and the Latest One****

Hackread.com has noticed several similarities and differences between the April 2024 AT&T leak and the latest one. The April 2024 leak was a poorly structured mess. The data appeared in a loosely organized, pipe-delimited format with no field labels, making it difficult to interpret or analyze without a corresponding schema to explain each value.

The latest leak is well-structured, clearly formatted, and straightforwardly divided into three CSV files, making it easy to understand what each field represents. Interestingly, the biggest similarity, and difference, between the two leaks is the handling of Social Security Numbers (SSNs). In the 2024 leak, the SSNs were encrypted. In the latest leak, however, those same SSNs appear to have been decrypted.

Hackread.com conducted a detailed analysis and found that all previously encrypted SSNs from the earlier leak have been carefully decrypted and mapped in the new dataset, making them more accessible for malicious use.

Credit: Hackread.com

We also found matching customer names, email addresses, physical addresses, and phone numbers across both leaks. However, while the 2024 leak contained around 73 million records, the latest dataset includes 86 million.

This makes it unclear whether the new leak is simply the 2024 database with decrypted values, or if it originates from the more recent Snowflake-related breach. That said, the data appears legitimate, especially since AT&T has already acknowledged the earlier breach and data leak.

****Our Conclusion****

At this point, it’s difficult to say with certainty whether the newly leaked database is a decrypted version of the 2024 Snowflake breach, a separate dump, or some combination of both. What’s clear, though, is that a massive amount of highly sensitive AT&T customer data is circulating once again, this time in a more organized and potentially more dangerous form.

With decrypted Social Security Numbers, full personal details, and a growing pattern of repeated exposure, the stakes for affected users are higher than ever. While AT&T has acknowledged past breaches, the company has yet to confirm whether this latest dataset is part of the same incident or something new altogether.

Until a formal response is issued, unfortunately, unsuspecting customers are left in the dark, relying on our report, and forums to understand the scope of their exposure. Nevertheless, we have reached out to AT&T and this article will be updated accordingly.

Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs

Today, your internet presence is much more than just a website or social media profile, it’s like your…

Today, your internet presence is much more than just a website or social media profile, it’s like your business card, reputation and main medium of staying connected. However, with this visibility comes genuine danger. Do you know what’s one of the most troublesome threats hiding out there? DDoS attacks! If you have not heard this term before, no need to worry. Let’s simplify it and understand how to protect your online space from it.

****DDoS: What it Means****

DDoS is short for Distributed Denial of Service. It may sound complicated, but basically, it means overwhelming a server or website with excessive fake traffic until it falls apart. Imagine a coffee shop where suddenly many people arrive at the same time, not to buy anything, just to block the space. In this situation, real customers are unable to enter and the business comes to a halt. This is primarily what occurs during a DDoS attack – it’s bots that cause this blockage.

Usually, these kinds of attacks are started by using networks of computers that have been taken over – many times they belong to people who don’t even know. This is what is meant by “distributed”. When it starts, your website could either become very slow or completely unavailable.

****Why You Should Care (Even If You’re a Small Business)****

At this point, it’s normal to think, “I don’t have a major brand, just a small business” or “I just run a personal blog.” DDoS attacks can also be used against much smaller businesses. Smaller sites are targeted quite often because attackers believe their security is not as strong. Truth is, when your website goes down, even briefly, it affects your reputation, and your budget and makes your customers or users unhappy.

In addition, a DDoS attack can stop your service or online store from operating. People can’t order or get answers which causes them to doubt the business. It can be very irritating, but it can also be truly harmful.

****Start with Strong Hosting****

A solid first action is to select a reliable hosting provider. Hosting providers are not all the same and some are better prepared to handle DDoS attacks than others. Find hosting providers that guarantee or promote DDoS protection through their services. This is because they have effective steps to prevent and handle an attack early on.

Don’t hesitate and ask your hosting provider which security measures they have for your website. If their responses are unclear or they treat security lightly, this is a warning sign. You should choose a provider that handles the back-end work and protects your site from malicious users at the same time.

****Get a CDN Working for You****

For even better performance, allow your website to tap into a CDN. A Content Delivery Network uses multiple servers worldwide to distribute the activities involved in content delivery. Therefore, all the requests are not delivered to your main server at the same time. If there is a DDoS attack, the distribution system can save you.

****Firewalls and Rate Limiting****

Firewalls act like filters, they inspect incoming traffic and stop suspicious things before reaching your main systems. Web Application Firewalls (WAFs) are specially designed to block the kind of unwanted traffic that DDoS attacks cause.

Next, we have rate limiting – this is a background function that restricts how frequently someone can interact with your site. If something is making constant requests to your server, it will be flagged or stopped.

****Keep an Eye on What’s Happening****

A lot of damage from DDoS attacks happens because people don’t notice it early enough. So, make sure to monitor your site’s traffic. Sudden increases, constant hits to one page or visits from strange places can all suggest concerns. 

Many tools exist today that make website monitoring easy. Some of these are included in hosting plans, while others can be added by you manually. You don’t need advanced coding skills – just some understanding of this domain is quite helpful.

****Have a Contingency Plan****

Regardless of how strong your security is, things can still go wrong. So it’s smart to have a plan in case you do get hit. Be aware of who you should reach out to when problems occur – this could be your host, a protective service or someone experienced in such matters.

Maintain updated backups and ensure you are familiar with quick restoration. Additionally, inform your users about the ongoing situations. Clear communication can go a long way in keeping trust intact during tough times.

****Call in the Pros if You Need to****

Feeling overwhelmed? Managed security services exist for a reason. These individuals are experts in detecting threats and reacting quickly, so you don’t need to be on guard all the time.

Yes, it costs money. However, if your business relies on your online presence, the expense may be worthwhile simply for the reassurance. Think of it as employing a security guard for the night shift at your virtual store.

****Keep Everything up to Date****

This may seem like the basics of cybersecurity, but it’s important to keep your devices updated. Old plugins, CMS versions or themes can be great opportunities for hackers. Fix those gaps before anyone else discovers them.

Nevertheless, DDoS attacks are very serious, but they’re not impossible to defeat. By using intelligent strategies such as improving hosting services, CDNs, traffic filters and constant monitoring you can significantly reduce your risk.

(Image by Free stock photos from www.rupixen.com from Pixabay)

How to Protect Your Online Presence from Devastating DDoS Attacks

What comes to your mind when you think of Photoshop? A tool for editing and retouching photos –…

What comes to your mind when you think of Photoshop? A tool for editing and retouching photos – that’s what most of us would say. But Adobe Photoshop is more than that. 90% of professional designers, photographers, web developers, and retouchers use Photoshop for its versatile image editing features and seamless integration capabilities with Adobe software. Let’s review the top reasons why professionals globally prefer Adobe Photoshop.

****Why Adobe Photoshop?****

*   **Vast Collection of Templates:** Adobe Photoshop templates cover a wide range of customizable flyers, brochures, banners, logos, social media posts, and more, helping you tap into visual creativity with cutting-edge designs.
*   **Stunning Visuals:** Adobe Photoshop provides unique tools and features for manipulating images, and creating graphics, digital paintings, illustrations, and other art formats.
*   **Flawless Editing:** Professionals use Photoshop to fine-tune images, remove blemishes, retouch images, and adjust colors and lighting to enhance the overall quality. 
*   **Versatility:** Whether you want to create visuals for your social media account or various marketing channels, Photoshop is the go-to solution for professionals’ design needs.

****When to Use Photoshop?****

Let’s say you want to edit your remote work portfolio that you created with AI-generated content samples, adjust the photo composition, and fix the lighting. What do you do? Simple! You Photoshop! Adobe Photoshop is a widely preferred editing application for everything that needs editing and retouching, from correcting the lighting of a photo to cropping, combining, and layering images, and creating collages.

You can do a lot with Photoshop. Unlike vector images, Photoshop images are raster graphics or pixel-based. Their colors and shadings are more detailed and can handle detailed textures and precise editing.

****Key Photoshop Skills You Need to Master****

*   **Brushes:** You can create different textures and strokes and manipulate different brushes for designing.
*   **Brightness and Contrast:** The tools help to manipulate the lightness and darkness of hues and increase the focus on the subject.
*   **Layers**: Layers create a logical hierarchy and organize your work by creating separate parts for shapes, images, and text for improved visibility.
*   **Cropping**: This feature allows you to remove unwanted elements from the background and increase the focus on the design’s main subject.
*   **Selection Tools**: These enable you to work on a specific design section. The marquee tool helps to select areas with straight edges and curves, while the lasso tool allows free-form selections.
*   **Blending Modes**: Nearly 30 blending modes are available for modifying the key aspects of an image, such as brightness or contrast, saturation, and opacity. 
*   **Saturation**: A fundamental tool for adjusting the hues in an image, either in a particular section or throughout. 
*   **Transform Tools**: This tool offers features like scale, distort, skew, perspective, rotate, and warp to alter an image or balance the effects on a design. 
*   **Masking**: With masking, you can isolate sections of an image using the brush or selection tool without disturbing the original image. 
*   **Sharpening and Healing Brush**: Sharpening helps define the edges and lines for improved clarity, whereas the healing brush removes minor details from an image and replicates them in another region.
*   **Pen Tool**: Offers standard, free-form, and curvature formats for creating different shapes and lines
*   **Curves**: An advanced feature used for modifying colors and tones and manipulating the highlights and shadows 
*   **Histogram**: This helps assess the tones, adjust the contrast and brightness levels, and enhance the highlights, exposure, composition, and shadows.

****Improve Your Photoshop Skills With Expert-Recommended Tips** **

1.  Photoshop is a complicated tool with multiple intricate features and functionalities. Practice regularly to improve your efficiency and gain confidence in the tool.
2.  Experiment with each tool in Photoshop to understand its mechanism. Recreate different art pieces using various effects to polish your design and editing skills. 
3.  Follow step-by-step guides by industry specialists to comprehend how different tools, techniques, or effects work in Photoshop. 
4.  Join online groups and participate in professional workshops to stay updated about the latest trends, premium elements, advanced techniques, and hacks. Use these groups to build your network and collaborate on different projects to develop new skills.

(Image by Hitesh Choudhary from Pixabay)

Photoshop for Beginners – Overview of Top Skills and How to Hone Them

Shift in cyberattack focus puts APAC region under growing pressure.

India, China and the US were the top DDoS attacks targets in Q1 2025, with APAC facing over half of global attacks, according to new data from cybersecurity firm StormWall.

A new report from cybersecurity firm StormWall reveals that nearly half of all DDoS attacks in the first quarter of 2025 were aimed at China, India and the United States. Instead of focusing heavily on the usual targets, attackers are now directing more of their efforts toward infrastructure in the Asia-Pacific region.

According to StormWall’s analytics center, India topped the chart with 18.1% of the global DDoS traffic, followed by China at 16.2% and the US at 14.7%. Japan (12.3%) and Taiwan (10.2%) rounded out the top five. When it comes to industry-wise attacks, Telecommunications became the top target in APAC, with 136% year-over-year (YOY) growth.

Four of the five most targeted countries now sit in the APAC region, with 57% of all malicious requests focused there. This shows that attackers are moving their focus away from the usual targets in Europe and North America, at least for now. The reasons may be geopolitical, economic, or a combination of both.

“You can always count on US targets attracting a lot of attention,” said Ramil Khantimirov, founder of StormWall. It’s the world’s largest GDP and hackers are always going to target that, but we’ve never seen so much activity in APAC and so densely concentrated.”

According to StormWall’s report shared with Hackread.com ahead of publishing on Thursday, the main force behind these attacks is botnets. These networks of infected devices were responsible for nearly 70% of all DDoS traffic tracked by StormWall in the first quarter of 2025.

Botnets, often run by state-sponsored groups, hacktivists, or organized cyber criminals, allow attackers to direct massive traffic at targeted systems. One such botnet identified in the report, named “Eleven11bot,” used a network of 86,000 compromised IP cameras and DVRs. It was frequently used in politically motivated campaigns.

While APAC faced an increase in DDoS attacks, other regions haven’t been spared. Belgium, though much smaller, experienced significant attacks, with 9.7% of global DDoS activity aimed at its national digital infrastructure, including MyGov.be and the Walloon Parliament. Saudi Arabia was also hit hard, at 6.8%, largely due to pro-Palestinian attacks linked to ongoing regional tensions.

Countries like Italy, Russia, and Switzerland appeared further down the list with lower attack volumes, but experts caution that even minor increases in activity can pose serious threats to unprepared networks.

Via StormWall

StormWall’s data paints a picture of a fast-evolving threat environment, driven by automation, political motives, and shifting strategic interests. While botnet-powered campaigns grow in scale, the need for mitigation services is more important than ever.

However, separate research from NordPass shows that many industries still fall short on basic cybersecurity. In most cases, weak and easily guessed passwords like 123456 and passwords@, are still in use, making systems vulnerable to breaches and turning devices into part of larger botnets.

StormWall Reveals India, China and US Faced Most DDoS Attacks in Q1 2025

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common passwords like 123456, leaving smart cars and critical systems vulnerable to cyberattacks. Learn why the car sector’s digital security is lagging.

Even with all the progress in smart vehicles and automated systems, the automotive industry still has a big cybersecurity problem with weak and reused passwords.

A recent study by NordPass, conducted in collaboration with NordStellar and shared with Hackread.com, highlights how car manufacturers, suppliers, and dealerships are often using easily crackable passwords to secure vital systems. This puts valuable data and critical infrastructure at risk of cyberattacks.

The analysis that led to these findings involved reviewing a massive 2.5 terabyte (TB) database of credentials compiled from publicly available sources, including the **Dark Web**.

****Common and Risky Choices****

The **research** identified a troubling trend of predictable and unsafe passwords being widely used across the automotive sector. For instance, **passwords like** 123456 and P@ssw0rd are still prevalent, alongside variations linked to company names or roles, such as @Incontrol1976 and caoa2024**.

Karolis Arbaciauskas, head of business products at NordPass, stated that these simple credentials can be “easily cracked, leaving companies wide open to cyberattacks.” Moreover, the study found that many companies commonly reuse passwords with minor changes, like F3930ebbce and F3930ebbce@, increasing their susceptibility to breaches.

The research also highlights that this issue isn’t limited to the automotive sector. Other industries, including education, technology, healthcare, and retail (which has faced a wave of **cyberattacks recently**) also rely on weak or easily guessed passwords.

It is worth noting that these insights are part of a **broader study** that examined password trends across 11 key sectors, including healthcare, finance, and education, to identify industry-specific vulnerabilities.

****The Human Element and Solutions****

The report points to several weaknesses in the automotive industry’s online security. A major contributing factor is **human error**, which reports suggest accounts for up to 70% of data breaches. Employees often make critical mistakes, such as using their email addresses or personal names as passwords, making it easier for hackers to gain unauthorized access. Another key vulnerability is the lack of multi-factor authentication (MFA), a crucial security layer that requires more than just a password to verify a user’s identity.

Countries with the most password breaches (Source: NordPass)

To address these vulnerabilities implementing cybersecurity training for employees is crucial to educate them on best practices. Businesses should also adopt advanced network security solutions, including business VPNs and password managers for secure storage of credentials.

Multi-factor authentication (MFA) is highlighted as an essential defence against unauthorized access. Additionally, the study mentions the emerging role of **passkeys**, a more secure alternative to traditional passwords, with tools like Authopia by NordPass helping companies integrate this technology.

Overall, NordPass highlights the significant role of compromised credentials in data breaches, emphasizing the need for enhanced password management and comprehensive cyber resilience strategies.

Check out the Top20 not-so-secret automotive passwords:

    Stream3312#
    
    @Incontrol1976
    
    @EciAutomation1976
    
    F3930ebbce
    
    Ngtr@2020
    
    F3930ebbce@
    
    f3930ebbce
    
    Top44430
    
    [email protected]
    
    novi1pass2
    
    Springbok+78
    
    $tr3amLine
    
    123456
    
    Stream3312!
    
    Ankara0661
    
    @Incontrol1971
    
    caoa2024**
    
    P@ssw0rd
    
    Mega@poli07
    
    Elite$00

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of clients. Learn about the details of this critical security incident.

Vanta, a company known for helping businesses manage their security and compliance, has admitted to a major cybersecurity-related issue. A software error caused the company’s private customer information to be shared with other Vanta clients.

This incident, caused by a recent change in the company’s product code, has affected hundreds of organizations, raising questions about data safety in specialized compliance platforms.

****What Happened and Who Was Affected?****

The issue was first found by Vanta’s own team on May 26. The problem allowed details like sensitive employee data, how accounts were set up, details about two-factor authentication (MFA) use, and information on tool settings to be “erroneously pulled into” other Vanta customer accounts. While Vanta stated that “fewer than 4% of customers” were impacted, this still means hundreds of businesses had their data compromised.

Screenshot via Vanta

According to the company, the exposure affected “fewer than 20%” of its connections with other third-party services. It is important to note that Vanta has confirmed that this was a “Code Bug” caused by a “Product change,” not an attack from outside.

Jeremy Epling, Vanta’s Chief Product Officer, confirmed the breach, saying that “a subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers. Fewer than 4% of Vanta customers were affected, and have all been notified.”

Vanta has started informing affected customers that their employee account data was incorrectly inserted into their Vanta instance and out of it into other customers’ instances.

> _“On May 26, we identified a product code change that resulted in a subset of data from fewer than 20% of our third-party integrations being exposed to other Vanta customers. The incident was not security-related and did not involve API keys, credentials, or an intrusion. In total, fewer than 4% of Vanta customers were impacted. Upon identification of this issue, the change was rolled back and remediation started immediately. We will complete remediation by June 4. All impacted customers were notified and Vanta’s customer support teams are addressing customer questions and requests. We are standing by to provide further support for customers. To prevent an incident like this in the future, we are updating our third-party integrations API and improving our access control testing.”_
> 
> Jeremy Epling, Chief Product Officer

****Addressing the Vulnerability****

Vanta is actively working to fix the problem and to complete the process by June 4. However, this data leak goes on to show the dangers of using central systems for managing sensitive company information, especially when internal changes can lead to such wide-ranging data mixing. For a company whose main job is to help others with security, this event is a prime example that even expert systems can have weaknesses.

Source

HackRead