Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as…

Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as licenses, passports, and even vehicle identification numbers. It’s a small addition that could make form-filling faster than ever, but also one that invites a fresh look at where that data sits and how safe it really is.

Google says the upgrade builds on Chrome’s long-standing autofill capability for passwords, addresses, and payment details. The company promises stronger privacy protections this time, stating that the browser will store information only with user consent, protect it with encryption, and ask for confirmation before it’s used. In a **blog post** announcing the update, Google wrote that users will remain “in full control” of their stored data.

While the convenience factor is clear, the change introduces new layers of sensitivity. Information like passports and **vehicle details** can reveal much more about a person than an address or phone number. Cybersecurity professionals are already weighing in on what that could mean for user safety.

**Nivedita Murthy**, Senior Staff Consultant at Black Duck, noted that while Google’s autofill has always been a time-saver, it also concentrates personal information in one place. “This information is not stored in a secure format,” she explained.

“While the autofill option is very convenient for users, it adds risk in keeping your personal information in one location. Google accounts are also used in other places to authenticate. If your email account is compromised, not only could your emails get leaked, but any personal information that is also stored within that account.”

She adds that users need to weigh convenience against possible consequences. A single compromised Google account could give attackers access not just to messages, but to sensitive identification data now stored in the same place.

Nevertheless, the new feature also runs counter to long-standing advice from the cybersecurity community, which urges users to avoid storing passwords or autofill data in browsers due to a growing number of malware strains targeting such information. **Shuyal Stealer**, for instance, is known to target data from 17 of the most widely used browsers.

For now, Google’s global rollout is limited to desktop Chrome users, with plans to expand the types of data it can recognize in future updates. The company maintains that privacy remains at the center of the design, but as always in cybersecurity, what’s convenient for the user can also be convenient for the wrong person.

Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.

Cybersecurity researchers have identified a new backdoor called SesameOp that uses the OpenAI Assistants API to exchange instructions and data, replacing the typical attacker-controlled servers with a legitimate cloud service.

According to Microsoft’s Detection and Response Team (DART), the findings show a growing trend where threat actors use trusted technologies to hide malicious traffic. SesameOp doesn’t exploit a vulnerability in OpenAI products; instead, it misuses an available feature to communicate once systems are compromised.

The investigation began after analysts examined modified Microsoft Visual Studio utilities that loaded unusual libraries. This led to the discovery of Netapi64.dll, an obfuscated loader that runs a hidden .NET-based component named OpenAIAgent.Netapi64.

The malware maintains persistence and allows remote operators to issue commands, gather results, and send them back through the OpenAI API as if they were ordinary data exchanges.

Microsoft found that the backdoor stores and retrieves instructions by creating and managing custom “Assistants” within an OpenAI account. These Assistants act as placeholders for encoded messages labeled with terms such as “SLEEP,” “Payload,” and “Result.” Each step of communication is encrypted, compressed, and Base64-encoded to limit visibility and evade inspection.

Further analysis showed that SesameOp applies a .NET AppDomainManager injection technique to load its code at runtime and execute payloads through a JavaScript engine embedded in memory. The design points to long-term persistence and espionage motives, rather than broad financial attacks.

Following the report, Microsoft collaborated with OpenAI to disable the API key and account used by the attacker. Both companies confirmed that the activity was limited to API calls and did not involve any access to model data or user information.

Microsoft said that the issue is not a flaw in OpenAI’s systems but a demonstration of how attackers adapt legitimate tools for covert use. The company advises organizations to audit server logs, apply strict proxy and firewall controls, and monitor for connections to api.openai.com originating from unexpected processes.

Nevertheless, legitimate cloud services, including AI platforms, are becoming attractive channels for threat actors who want to avoid building their own infrastructure. Therefore, companies need to be on the lookout and monitor their systems accordingly. For technical details on the SesameOp Backdoor operation, visit Microsoft’s blog post here.

SesameOp Backdoor Abused OpenAI Assistants API for Remote Access

In January 2023, Getty Images filed a major lawsuit in the UK High Court against Stability AI, an…

In January 2023, Getty Images **filed a major lawsuit** in the UK High Court against Stability AI, an artificial intelligence company which develops and releases open-source generative AI models, most famously the Stable Diffusion text-to-image model.

In the **lawsuit**, Getty alleged that Stability AI used millions of its copyrighted photographs and associated metadata without permission to train the generative model Stable Diffusion. Getty further claimed that the AI model’s outputs sometimes reproduced Getty’s content (or substantial parts thereof) and that those outputs included Getty’s watermark or trademarks.

Additional claims included trademark infringement (use of Getty/iStock marks), database rights infringement, and “passing off” (i.e., the suggestion that AI‐generated images were endorsed by or created by Getty).

Simply put, Getty’s lawsuit aimed to hold Stability accountable for how its model was trained, what output it produced and how that related to its intellectual property.

In response, Stability AI defended its position by arguing that the training took place outside the UK, that users’ prompts were responsible for output similarity, and that the watermark/trademark claims lacked the “in the course of trade” context.

****What the court found (and did not find)****

Today, November 4th, 2025, after two years of arguments; the court released its verdict, marking a split outcome where Getty Images won narrowly on trademark grounds while Stability AI prevailed on the major copyright claims.

****Major claims abandoned****

Mid-trial, Getty dropped its primary copyright infringement claim revolving around the training of Stability’s model on Getty’s images. The reason stated by the company includes evidential and jurisdictional difficulties proving that the alleged copying/training occurred under UK law. Because of that, the court did not decide whether the model training itself infringed Getty’s copyrights in full.

****Remaining claims and judgment****

The case proceeded on the trademark claim (use of Getty watermarks in outputs), database rights, secondary copyright infringement (making available an “**article**” containing infringing works), and passing-off.

When the **judgment** was delivered, the court, presided by High Court judge Mrs Justice Joanna Smith, found that Getty succeeded in part on the trademark claim that the inclusion of Getty’s watermarks in AI-generated images was found to infringe the Getty mark.

The secondary copyright infringement claim was, however, dismissed, and since the broader copyright-training claim had already been abandoned, it was not adjudicated.

****Who won, who lost, who largely won/ lost********Getty Images****

On the one hand, Getty did secure a legal victory on trademark infringement. That means it proved that its watermarked trademarked images were reproduced in generated outputs, and that gave the company a concrete win.

On the other hand, Getty failed to get a ruling on its main copyright claims (training and output reproduction) because those were either dropped or dismissed. Thus, in the overall sense, Getty largely lost the aims it had pursued.

_“_Today’s ruling confirms that Stable Diffusion’s inclusion of Getty Images’ trademarks in AI‑generated outputs infringed those trademarks. Crucially, the Court rejected Stability AI’s attempt to hold the user responsible for that infringement, confirming that responsibility for the presence of such trademarks lies with the model provider, who has control over the images used to train the model. This is a significant win for intellectual property owners,_“_ Getty Images said in a **statement**.

****Stability AI****

Stability avoided liability for the larger copyright claims and defeated the secondary copyright claim. It did lose on the trademark count. So while Stability had a “partial loss”, relative to the threat Getty posed, it largely won. Simply put: Getty won a narrow win (trademark) but lost the bigger fight (copyright). Stability lost a narrow bit but won the main battle.

****What Experts Think of This Judgment****

**Simon Barker**, Partner and Head of Intellectual Property at law firm Freeths, commented on the court ruling, stating that “This is an interesting case where intellectual property meets AI. The High Court has drawn a line to say that training an AI model on copyright works, without storing or reproducing those works in the model itself, does not amount to secondary copyright infringement under UK law.  AI developers can take some comfort from the case that the mere act of training on large datasets will not, of itself, expose them to liability for copyright infringement in the UK.

Expanding on the implications for AI companies, Barker explained that “The judgment also serves as a warning that if AI-generated outputs reproduce protected trade marks, for example, where they appear as watermarks, in a way that could confuse people, then they will risk infringing those trade marks. Each case will turn on its own facts, and rights holders will need to evidence a likelihood of confusion or association with the relevant trade mark to succeed.”

“The judgment strikes a balance between protecting the interests of creative industries and enabling technological innovation. It is likely to influence both future litigation and policy debates on AI and intellectual property, not just in the UK but internationally,” Barker added, reflecting on the broader significance.

**Iain Connor**, Intellectual Property Partner with national law firm Michelmores, said: “The most significant AI case to reach the English High Court has been decided and has turned out to be a massive damp squib.”

Explaining how the case unfolded, Connor noted that “during the trial, Getty Images dropped its important ‘Training and Development Claim’ on jurisdictional grounds because it accepted that none of the Stability AI model’s learning took place within the UK jurisdiction.”

He went on to clarify that “given the jurisdictional problem Getty Images faced (and ultimately acknowledged), the judge had no opportunity to rule in general terms on the lawfulness of AI’s use of copyright-protected ‘input materials’ and whether an AI model’s ‘output’ infringed such copyrights.”

According to Connor, “the decision leaves the UK without a meaningful verdict on the lawfulness of an AI model’s process of learning from copyright materials. He also pointed out that “the more technical database right case died with the primary copyright case.”

Discussing the failed arguments, he explained that “the question of whether an AI system is inherently unlawful if trained on third-party copyright materials also failed. This was a highly technical ‘secondary infringement’ claim which failed because the AI model, Stable Diffusion, did not store or reproduce any works protected by copyright. This should be contrasted with the US legal case involving Anthropic, which settled for $1.5 billion because Anthropic admitted that it retained copies of authors’ works without permission after it had trained its AI.”

He acknowledged that there was a limited success for Getty, stating that “there was a small win for Getty Images in that it was held that Stability AI infringed Getty Images’ trade marks by including Getty Images’ and iStock’s watermarks on its final AI images. However, this will provide Getty Images with little solace.”

“The legal community still waits with bated breath for a judgment to rule on the legality or otherwise of the training and use of AI models. The case does nothing to answer the ‘big tech vs creative industries’ argument, but Getty Images’ share price rose on Friday on the back of an AI licence deal it struck, which suggests that both sides believe it is better to do commercial deals than seek to resolve the issues through the courts,” Connor concluded

Nevertheless, the battle between Getty Images and Stability AI ends with a mixed outcome. Getty secured a legal victory on trademark grounds, but it fell short of securing a broad copyright ruling. Stability AI avoided liability for the core copyright claims but did lose on the trademark front. The ruling provides some clarity but leaves many of the most difficult questions, training data, output similarity, and global jurisdiction unresolved.

UK Court Delivers Split Verdict in Getty Images vs. Stability AI Case

Delaware, United States, 4th November 2025, CyberNewsWire

**Delaware, United States, November 4th, 2025, CyberNewsWire**

Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board.

His appointment strengthens Brinker’s mission to transform the fight against disinformation, moving from detection to real-time, technology-driven mitigation at global scale.

> “Most disinformation efforts fail because they rely on manual operations that can’t match the speed and scale of today’s influence campaigns,” said **Bob Flores**. “Brinker’s AI-native approach enables responses that were previously impossible, turning real-time analysis and large-scale mitigation into a reality.”

Founded by Benny Schnaider, Daniel Ravner, and Oded Breiner, Brinker was built from the ground up as a Native AI platform that identifies, analyzes, and neutralizes harmful narratives across platforms, languages, and geographies. Its proprietary, battle-proven LLM traces how stories evolve and spread over time, uncovering connections that traditional tools take weeks to detect.

> “Bob’s expertise in intelligence and technology will help Brinker accelerate its global impact,” said **Daniel Ravner**, CEO of Brinker. **Oded Breiner**, CTO, added: “Bob’s technological experience and understanding of mission-critical systems can help take Brinker’s automated OSINT technology to the next level, ensuring our platform continues to meet the operational demands of U.S. and global government partners, turning what was once a reactive process into a real-time defense capability.”

Flores brings decades of experience in national security and enterprise technology innovation. As the CIA’s former CTO, he led digital transformation and information-sharing initiatives across U.S. intelligence agencies. He currently serves as Founder and President of Applicology Inc., a Virginia-based security advisory firm.

This appointment follows the addition of Avi Kastan, former CEO and Co-Founder of Sixgill (acquired in 2024), further strengthening Brinker’s advisory board with deep expertise in intelligence, cybersecurity, and threat analysis.

**About Brinker**

Brinker is an award-winning disinformation threat mitigation platform built to combat malicious narratives and influence campaigns using proprietary narrative intelligence technology. The SaaS platform delivers AI-powered detection, context analysis, and automated OSINT investigations. A suite of mitigation tools is available at the press of a button, including pre-legal actions, media publications, content removal, and counter-narratives. Brinker serves governmental intelligence agencies, major enterprises, law firms, and NGOs.

More information is available at www.brinker.ai

**Contact**

**Daniel Ravner**  
**Brinker**  
**\[email protected\]**

Bob Flores, Former CTO of the CIA, Joins Brinker

Baltimore, USA, 4th November 2025, CyberNewsWire

**Baltimore, USA, November 4th, 2025, CyberNewsWire**

The new **2025 Insider Risk Report****,** produced by Cybersecurity Insiders in collaboration with Cogility**,** highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks. Yet only 23% express strong confidence in stopping them before serious damage occurs. The report warns that most organizations remain reactive despite a surge in AI-driven risks and the increasing prevalence of decentralized workforces.

The report, which surveyed 635 CISOs and cybersecurity professionals, highlights an urgent industry contradiction: while there is high awareness of insider risks, the capabilities to anticipate and prevent them are dangerously limited. Without stronger behavioral intelligence and predictive modeling, organizations risk being blindsided by trusted insiders misusing powerful new tools.

Key findings include:

*   **Flying blind against insiders:** 93% of organizations find insider attacks as hard or harder to detect than external threats. At the same time, fewer than one in four are confident in preventing them before major damage.
*   **Behavioral blind spots:** Only 21% extensively integrate HR, financial stress, or psycho-social signals into detection, leaving most programs relying solely on technical anomalies.
*   **Predictive defenses are missing: Only 12% have mature predictive risk models, leaving** the majority in reactive mode, while AI-enabled insider risks accelerate.

> “Insider threats don’t announce themselves with alarms – they unfold quietly, in plain sight,” said Holger Schulze, founder of Cybersecurity Insiders. “Without context like financial stress or behavioral shifts, security teams are watching shadows on the wall while the real danger moves unchecked. If organizations fail to evolve, they’ll be reading about their data on the dark web before they ever see it in their logs.”

The full report can be read here.

**About Cybersecurity Insiders**

Cybersecurity Insiders is the trusted intelligence source for CISOs and cybersecurity decision-makers seeking strategic clarity in a complex, fast-moving industry. Backed by more than a decade of analyst-led research and a global community of over 600,000 cybersecurity professionals, we deliver evidence-based insights, original data, and expert commentary to help leaders navigate threats, assess emerging technologies, and shape forward-looking security strategies. More: https://cybersecurity-insiders.com

**About Cogility**

Cogility’s continuous Decision Intelligence Platform, Cogynt, provides an advanced decision intelligence and decision support streaming analytic solution for government and commercial organizations — allowing our customers to get left of harm or ahead of opportunity. A cloud-scalable, proven solution, Cogynt enables organizations to efficiently and effectively manage complex intelligence challenges with high-confidence, predictive, and explainable insights required to become proactive versus reactive in highly complex and high consequence environments. To learn more, users can visit www.cogility.com.

**Contact**

**Head of Research**  
**Holger Schulze**  
**Cybersecurity Insiders**  
**\[email protected\]**

2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks

New reports show China-based hackers are targeting US federal, state, and global government networks via unpatched Cisco firewalls. Get the full details and necessary steps to secure devices.

A China-linked hacking group, known to security experts as Storm-1849 (also tracked as UAT4356), has been actively compromising Cisco firewalls used by governments and large firms worldwide.

According to experts at Palo Alto Networks’ Unit 42, the hackers are “scanning for and exploiting a popular line of Cisco firewalls,” specifically the Cisco Adaptive Security Appliance (ASA) line, which is vital for government bodies, defence institutions, and major companies across the US, Europe, and Asia.

It is worth noting that Cisco ASA appliances are high-value targets because they combine several security roles, such as filtering network traffic, checking for viruses, and handling secure connections (VPNs), acting as a gateway to sensitive internal systems.

Though CISA and Cisco have not officially named Chinese actors as responsible for the 2025 campaign, cybersecurity research firm Censys previously found convincing signs pointing toward China in related 2024 attacks.

****A Global Security Threat****

According to Palo Alto Networks’ Unit 42’s findings shared with The Record, reported that this campaign lasted throughout October. In the US, they observed activity against 12 network addresses (IPs) tied to federal government agencies and 11 others belonging to state or local government offices. Interestingly, researchers noted there was a pause in activity between October 1 and October 8, which they believe was likely due to China’s Golden Week holiday.

Unit 42 researchers also noted that the threat extends far beyond America. Public network addresses in numerous other countries have also been targeted, including India, Nigeria, Japan, Norway, France, the UK, the Netherlands, Spain, Australia, Poland, Austria, the UAE, Azerbaijan, and Bhutan.

Further probing revealed that Storm-1849 also focused on US financial institutions, military organisations, and defence contractors. Pete Renals, director of National Security Programs for Unit 42, said that throughout October, the group “persisted in targeting vulnerable government edge devices.”

****Urgent Call to Patch****

The hackers are, reportedly, chaining together two known vulnerabilities in the Cisco ASA devices, identified as CVE-2025-30333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5). This combined attack allows them to gain deep, persistent control over the appliances. CVE-2025-30333 is a serious issue that lets an attacker with VPN credentials run their own code on the device, while CVE-2025-20362 allows an unauthenticated remote attacker to bypass security checks to access restricted areas.

The US Cybersecurity and Infrastructure Security Agency (CISA) had already issued an emergency directive one month ago, ordering all federal civilian agencies to quickly apply patches for these two issues.

Despite the security advisories, the attacks continued seemingly undeterred. Research also reveals that the attackers have found ways to maintain their access even if the device reboots or receives a system upgrade.

Several security experts have shared their perspectives on this discovery with Hackread.com. James Maude, Field CTO at BeyondTrust, emphasised the need to “keep calm and patch” the two CVEs immediately, per the CISA directive.

He also stressed that due to the attackers’ ability to modify settings and maintain access, any organization that suspects compromise must reset its Cisco configurations to factory defaults, changing all passwords, keys, and certificates before reconfiguring the device.

Heath Renfrow, Co-Founder and Chief Information Security Officer at Fenix24, reinforced that the continued attacks confirm that “edge devices are now primary targets, not secondary infrastructure.”

He advised organisations to verify that their appliances are running supported software and warned that “Patching alone isn’t enough – assume compromise and perform full credential hygiene and log review.”

China-Linked Hackers Target Cisco Firewalls in Global Campaign

Your Windows 11 PC will finally shut down! Learn about the KB5067036 update that fixes the decades-old restart glitch, plus new features like faster search and simpler update names.

Microsoft has confirmed and issued a fix for a frustrating, long-running issue affecting Windows 10 and Windows 11 users in its latest October updates. For many years, users who selected the ‘Update and shut down’ option on their PC were often surprised to find the computer actually performed an ‘Update and restart,’ booting back up to the login screen instead of powering off completely.

****The Restarting Mystery Solved****

Imagine choosing ‘update and shut down’ late at night on your laptop but finding the device running again in the morning, sometimes with a drained battery. This was the problem with Microsoft’s update system. Because the “Update and shut down” and “Update and restart” buttons look very similar, many users believed they had simply clicked the wrong one. Microsoft has now confirmed this was a system error all along.

Update and Shut Down

The fix for this problem is included in the October 2025 optional update, known as KB5067036, available for Windows 11 versions 24H2 and 25H2. According to Windows Latest’s tweet (not affiliated with Microsoft), the broader rollout of this fix is expected to begin with the November Patch Tuesday updates.

The update requires Windows 11 Build 26200.7019 or newer. While the issue has also affected some Windows 10 users in the past, this specific fix currently applies to Windows 11 builds.

The KB5067036 update also brings some new features, including a new Start menu, faster Windows Search, and new colourful battery icons on the taskbar. It also adds an ‘Ask Copilot’ shortcut to the File Explorer Home, bringing the AI assistant to a prominent spot.

****Simpler Update Names****

In related news, Microsoft is also making updates easier to understand by changing its names. Instead of a jumble of codes and numbers, the company is using a simpler system. They are removing things like platform architecture and date codes, but keeping important identifiers like the KB number and build or version. This change aims to help users quickly understand what updates they are receiving. Check out some updated titles:

Microsoft Fixes Long-Standing ‘Update and Shut Down’ Bug in Windows 11

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.

A new global cyber-espionage threat has surfaced with the discovery of Dante, a commercial surveillance tool developed by the Italian company Memento Labs. For your information, Memento Labs is the rebranded entity of the controversial Italian surveillance firm, Hacking Team.

The cybersecurity firm Kaspersky unveiled the campaign, named Operation ForumTroll, which first hit targets in March 2025. Kaspersky attributes this attack to a specific threat group it tracks as ForumTroll APT.

****Phishing Trap and Zero-Day Attack****

The operation began with highly personalised phishing emails disguised as invitations to the ‘Primakov Readings’ international forum. These highly personalised messages targeted government bodies, research centres, universities, and media organisations, primarily in Russia and Belarus. The goal, according to Kaspersky’s research, was clearly espionage.

Phishing email sample (Image credit: Kaspersky Securelist)

The infection started when a recipient clicked a personalised link. The malicious site ran a quick check, called a Validator, to confirm the victim was a real user before executing the attack. The main trick involved exploiting a zero-day vulnerability in Google Chrome. This specific flaw, tracked as CVE-2025-2783, was particularly clever: it took advantage of a decades-old error in Windows to trick Chrome’s security process.

By doing this, the attackers managed to bypass all of Chrome’s protective barriers (sandbox escape) and gain full control of the system. Kaspersky reported the issue, leading Google to swiftly release a patch. The extensive list of previous zero-day attacks shared by Kaspersky shows this is a continuous, difficult effort to catch such malicious attacks.

Here’s the list of in-the-wild Zero-days reported by Kaspersky:

****Adobe****

*   CVE-2014-0497
*   CVE-2014-0515
*   CVE-2014-0546
*   CVE-2016-4171
*   CVE-2017-11292

****Microsoft****

*   CVE-2014-4077
*   CVE-2015-2360
*   CVE-2016-0034
*   CVE-2016-0165
*   CVE-2016-3393
*   CVE-2018-8174
*   CVE-2018-8453
*   CVE-2018-8589
*   CVE-2018-8611
*   CVE-2019-0797
*   CVE-2019-0859
*   CVE-2019-1458
*   CVE-2020-0986
*   CVE-2020-1380
*   CVE-2021-28310
*   CVE-2021-31955
*   CVE-2021-31956
*   CVE-2021-40449
*   CVE-2023-28252
*   CVE-2024-30051

****Google****

*   CVE-2019-13720
*   CVE-2024-4947
*   CVE-2025-2783

****Apple****

*   CVE-2023-32434
*   CVE-2023-32435
*   CVE-2023-38606
*   CVE-2023-41990

****New Tools, Old Habits: LeetAgent and Dante****

Once compromised, attackers installed a secret component to ensure persistent access. They achieved this using a technique called Component Object Model (COM) hijacking, which involves manipulating the Windows registry. By placing a custom entry in the user’s private settings, the attackers forced legitimate Windows programs to load their malicious code, which then launched the actual spyware LeetAgent, a tool designed to steal files (like documents and spreadsheets), run system commands, and record keystrokes.

Kaspersky’s researchers then found a direct operational and code link between the LeetAgent attacks and a more powerful tool they identified as Dante. This connection confirms a key development in the commercial spyware market. Dante is the new surveillance platform from Memento Labs, the company created after the infamous Hacking Team was acquired and rebranded in 2019.

Connection between LeetAgent and Dante, and Operation ForumTroll attack chain (Image credit: Kaspersky Securelist)

“We found similar code shared by the exploit, loader, and Dante. Taken together, these findings allow us to conclude that the Operation ForumTroll campaign was also carried out using the same toolset that comes with the Dante spyware,” researchers noted in the blog post.

As per Hackread.com’s earlier coverage, Hacking Team was founded in 2003 and is known for its powerful surveillance software, Da Vinci or Remote Control System (RCS) spyware. A massive 2015 data leak compromised their tools and exposed internal operations, causing their subsequent rebranding.

The discovery of Dante (whose name Kaspersky found written in the code) and its use by the ForumTroll APT group since at least 2022 confirms that the commercial surveillance market is constantly adapting. Despite the Hacking Team’s rebranding, their business of selling powerful spying tools persists.

Researchers suggest that finding and naming the developers of these advanced tools, a process called attribution, is crucial for addressing the true scope of global cyber-espionage.

New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Today, with the world more conscious than ever about the conservation of energy, efficiency becomes even more critical.…

Today, with the world more conscious than ever about the conservation of energy, efficiency becomes even more critical. Not only do you save money on bills, but you also have a smaller carbon footprint.

Few approaches hit the mark quite like watching how spaces are actually used. By optimizing energy use based on space usage, you’ll see exactly how spaces are occupied. This lets you cut down on wasted energy. Here are six reasons you should consider using occupancy sensors to trim your energy costs.

****Understanding Space Utilization****

Real time occupancy monitoring provides information on how spaces are being utilized. With occupancy patterns monitored, you can see when spaces are filled or empty. Imagine having the perfect temperature and lighting in your office. Thanks to this data, managers can finally set the heating, cooling, and lighting just right for everyone who walks through the doors. For example, turning down heating in offices when they are unoccupied or switching the lighting on and off based on presence can save a lot of energy. 

****1\. Enhancing Climate Control****

Many buildings use a high share of energy for heating, ventilation, and air conditioning (HVAC) systems. Knowing if people are actually in a room is a big deal for these systems to run right and save energy. Thanks to knowledge about how many people are inside the building, the HVAC can be run in a way that matches the desired output instead of a constant setting, so you get to cut back on energy waste.

****2\. Improving Lighting Efficiency****

Lighting consumes a significant portion of energy in many facilities. You can make data-driven decisions on a room-by-room or floor-level basis using occupancy monitoring technology. When a room is empty, the lights can automatically turn off, and the brightness can be adjusted based on how many people are in a room. You’ll use less electricity, which means your lights will stay bright for longer before needing a change. Your energy bills will drop. Additionally, you can contribute positively to the environment by aligning your power consumption with actual needs.

****3\. Supporting Smart Building Integration****

Occupancy monitoring is a core component of smart building technology. It can join forces with other tools, giving you a smooth, automatic workflow. Smart buildings constantly use real-time data to make things like heating and cooling run much more efficiently. Automated systems can use occupancy data to modify energy consumption. When you connect these systems, you’ll see your operations speed up and your energy bills shrink. The use of intelligent technology allows buildings to become flexible and energy-efficient.

****4\. Aiding Long-Term Sustainability Goals****

Occupancy monitoring capabilities support long-term sustainability goals. Businesses hit these goals faster when they track energy, use it smarter, and cut down on operating expenses. Businesses can lay the groundwork for longer-term sustainability goals through occupancy monitoring. This allows them to reduce their carbon footprint, encouraging optimum utilization of resources.

****5\. Facilitating Cost Savings****

Cost savings are one of the best advantages of occupancy monitoring. Businesses can adjust energy consumption to substantially reduce their utility expenses. Often, the savings generated by more efficient energy management quickly outweigh the upfront investment in occupancy monitoring technology. These financial benefits become very appealing, especially since they pair perfectly with environmental improvements over time. Tracking who is in a building slashes operating expenses. It also helps protect the environment.

****6\. Enhancing Security and Safety****

Occupancy monitoring substantially cuts down on wasted energy and provides a much more robust shield for safety and security. Businesses can create specific security setups once they know which areas are busy. During an emergency, understanding the number of occupants lets businesses quickly guide everyone to safety.

****Conclusion****

Less energy is used when businesses understand which spaces are used and make smarter decisions based on this data. Occupancy monitoring not only promotes sustainability but also contributes to financial savings. To reduce your building’s energy consumption and environmental impact, you should install an occupancy monitoring system.

6 Reasons Occupancy Monitoring Is Key for Energy Efficiency

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies.

North Korean state-sponsored agents from the Famous Chollima APT group are using real-time AI deepfakes to apply for software engineering positions at cryptocurrency and Web3 companies.

The new campaign involves these operatives stealing legitimate identities and résumés of engineers, then deploying AI-powered facial filters during video interviews to hide their true appearance while impersonating their victims. Their goal is to infiltrate Western companies for corporate espionage and fund acquisition, a tactic quite prevalent over the last couple of years.

****AI-powered facial reconstructive procedure**  **

Threat intelligence analysts from the Quetzal Team identified two consecutive infiltration attempts by North Korean IT workers from the Famous Chollima APT group applying for Senior Software Engineer positions at a cryptocurrency company.

Famous Chollima is a division of the Lazarus group that specialises in landing jobs at Western companies, primarily targeting software engineering positions in Crypto, Web3, and Fintech sectors, though recent reports show they’ve expanded into civil engineering and architecture.

The threat actors, using stolen identities of Mexican engineers named Mateo and Alfredo, joined video interviews with real-time AI facial filters that attempted to reconstruct their appearance, but many details didn’t quite add up. 

Picture A – Exaggerated AI-powered facial reconstruction (Via Quetzal Team)

****A bad surgeon and two bad liars**  **

During the interviews, the deepfake technology showed clear signs of failure. The first candidate’s face appeared heavily filtered, with his mouth remaining shut whilst speaking and his teeth not accompanying any lip movements. 

AI filter showing failure signs. Pay attention to the word “authentication” (Via Quetzal Team)

The second operative used more subtle filtering but displayed nervous behaviour,  constantly rocking back and forth whilst over-gesticulating with his brows. Both claimed to have studied engineering at Mexican universities and resided in Jalisco and Chihuahua, respectively, yet neither spoke a single word of Spanish when questioned.

Their LinkedIn profiles vanished immediately after the interviews were terminated, a pattern consistent with previous Chollima infiltration attempts documented by the Quetzal Team. 

A nervous candidate has anxious signs while waiting to reply (Via Quetzal Team)

****Bouncing over the internet**  **

The investigation revealed that both operatives connected through Astrill VPN, a service commonly used by Chinese users to bypass the Great Firewall and increasingly favoured by DPRK IT workers for fraudulent activities.

Their connections tunnelled through European IP addresses before landing on US-based residential IPs that were part of laptop farms accessed via remote desktop tools. The operatives were attempting to mask their North Korean origin by appearing as US-based candidates with residential connections.

The latest attempt by North Korean hackers to conceal their identities while seeking jobs in Western companies highlights why organisations hiring remotely should apply strict background checks and work closely with compliance teams. This may include verifying national IDs and, where lawful, recording interviews to confirm candidate authenticity.

Otherwise, the consequences can be severe. In July, an Arizona woman was sentenced to 8.5 years in prison for helping North Korean hackers carry out a $17 million IT job fraud that targeted more than 300 US companies. A May 2025 report also revealed that North Korean hackers had already stolen over $88 million by impersonating US IT professionals using fake identities.

Source

HackRead