Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1.  Vulnerability exploited in targeted attacks.…

Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1.  Vulnerability exploited in targeted attacks. Update your iPhone/iPad now.

Apple has issued an urgent security update for iPhones and iPads, addressing a significant vulnerability that has, reportedly, already been exploited in targeted attacks. Tracked as CVE-2025-24200, the vulnerability affects the USB Restricted Mode, a security feature introduced in 2018 to protect devices from unauthorized access. 

For your information, this security feature is designed to disable the Lightning or USB ports of iPhones and iPads if they remain locked for more than an hour. Normally, these ports are re-enabled once the user authenticates and unlocks their device.   

However, it appears that this protection mechanism itself has been compromised. The bug can be exploited by an attacker with physical possession of a locked phone, enabling them to re-enable the data port and potentially allowing further intrusion. Apple has acknowledged that this flaw can disable the feature.

“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an “extremely sophisticated” attack against specific targeted individuals,” the iPhone maker’s advisory read.

Security experts believe that Apple’s unusual choice of words, describing the exploit as “extremely sophisticated,” highlights the seriousness of the issue.   

The National Institute of Standards and Technology (NIST) has also assessed this vulnerability, describing it as an “authorization issue” that has been resolved through “improved state management.”  

The company has released patches, iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 to address this issue. These updates are available for a wide range of devices, including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad Mini, and standard iPad models.

The vulnerability was discovered by Bill Marczak, a senior researcher at the Citizen Lab. While Apple has not provided detailed information about the attack or the specific methods used, the discovery by the Citizen Lab suggests a possible connection to sophisticated surveillance techniques, potentially at the nation-state level.

> Update your iPhones.. again! iOS 18.3.1 out today with a fix for an ITW USB restricted mode bypass (via Accessibility) https://t.co/jcrsab7RGu pic.twitter.com/ER42QQcsLj
> 
> — Bill Marczak (@billmarczak) February 10, 2025

Apple Confirms ‘Extremely Sophisticated’ Exploit Threatening iOS Security

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do,…

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do, and why do so many people rely on it? In an era of constant digital surveillance, increasing cyber threats, and growing concerns over data privacy, VPNs (Virtual Private Networks) have surged in popularity.

But not all VPNs are created equal. Some are designed for corporate use, while others cater to individuals looking for enhanced online anonymity. So, let’s break it down: What is a personal VPN? How does it work? And what benefits does it bring to the table?

****Understanding Personal VPNs****

A Personal VPN is a service that encrypts your internet traffic and routes it through a secure server, masking your IP address and online activities. Unlike business or corporate VPNs, which are typically used to provide remote employees with access to internal company networks, personal VPNs focus on individual users who want to protect their privacy, bypass geo-restrictions, or stay safe on public Wi-Fi.

Think of it as a digital invisibility cloak, one that shields you from prying eyes, whether they belong to hackers, advertisers, or even your own Internet Service Provider (ISP).

But why does this matter? Consider this: 70% of internet users worldwide are concerned about their online privacy (Statista, 2023). That’s a lot of people looking for ways to stay anonymous, avoid tracking, and prevent data breaches.

****How Does a Personal VPN Work?****

A VPN functions like a secure tunnel between your device and the internet. Here’s a simplified breakdown of what happens when you connect to a VPN server:

*   **Your device encrypts all outgoing internet traffic.** This means your browsing data, passwords, and online activities become unreadable to outsiders.

*   **The encrypted data is sent to a VPN server, located in a different region or country.** Your real IP address is replaced with one from the VPN server, making it appear as if you’re browsing from that location.

*   **The server forwards your requests to the internet.** Websites and services see only the VPN server’s IP address, not yours.

*   **Incoming data follows the same path back, fully encrypted.** This prevents hackers, ISPs, and governments from snooping on your activity.

****What Is a Personal VPN Server?****

For those who want even more control, a personal VPN server is an option. Instead of relying on a commercial VPN provider, you can set up your own VPN server; on a cloud platform, a home router, or a dedicated server. This offers:

*   **Full control over security settings**

*   **No reliance on third-party VPN providers**

*   **Faster speeds with fewer users sharing the server**

However, setting up a personal VPN server requires technical knowledge and maintenance. Most people opt for paid VPN services instead.

****Key Features of a Personal VPN********1\. Strong Encryption****

A good VPN uses AES-256 encryption; the same standard used by governments and banks. It ensures that even if your data is intercepted, it remains unreadable.

****2\. No-Logs Policy****

Some VPNs keep logs of your online activity, which defeats the purpose of using one. The best VPNs follow a strict no-logs policy, meaning they don’t track or store user data.

****3\. Multiple Server Locations****

Want to access Netflix libraries from different countries? A VPN with global server locations lets you bypass geo-blocks and censorship.

****4\. Kill Switch****

If your VPN connection drops unexpectedly, a kill switch cuts off your internet to prevent data leaks.

****5\. Split Tunneling****

Some users need certain apps to bypass the VPN. Split tunneling allows you to choose which traffic goes through the VPN and which doesn’t.

****6\. Fast Speeds****

VPNs can slow down your connection, but top-tier services use high-speed servers to **minimize lag and buffering**.

****What Is the Best VPN for Personal Use?****

With so many options, what is the best personal VPN? The answer depends on your needs. It is quite difficult to choose the most balanced solution in terms of security features, anonymity, functionality, speed, number of servers and price. According to VeePN VPN, users should choose a VPN with a proven history of protecting their privacy.

****What Is a Personal VPN on an iPhone?****

If you’ve ever seen a “Personal VPN” option in your iPhone settings, you might wonder what it means. Apple allows users to configure VPN connections manually or use third-party VPN apps. The built-in option is designed for those with a VPN configuration file (such as one provided by an employer or a self-hosted VPN).

****Benefits of Using a Personal VPN********1\. Privacy Protection****

Your ISP can see everything you do online. A VPN stops this by encrypting your traffic, preventing tracking, data collection, and targeted ads.

****2\. Security on Public Wi-Fi****

Hackers love public Wi-Fi networks. Airports, coffee shops, hotels. A VPN encrypts your data, making it useless to cybercriminals.

****3\. Access Restricted Content****

Whether it’s streaming services, websites blocked in your country, or social media platforms, a VPN can bypass geo-restrictions and censorship.

****4\. Safe Torrenting****

Downloading torrents can expose your real IP address. A VPN masks your identity, ensuring anonymous and secure torrenting. (Avoid downloading pirated software, eBooks, or engaging in any other illegal activities while torrenting.)

****5\. Avoid Bandwidth Throttling****

Some ISPs slow down your connection based on your activities (e.g., streaming, gaming). A VPN hides your activity, preventing speed throttling.

****6\. Better Online Deals****

Airline tickets, hotel rates, and rental services sometimes offer different prices based on your location. A VPN lets you change your virtual location and find better deals.

At the end of the day, a personal VPN is all about keeping your online activity private, secure, and unrestricted. Whether you want to protect your data on public Wi-Fi, stop your ISP from tracking you, or access content from different parts of the world, a good VPN can make a big difference. Not all VPNs are the same, so it’s important to pick one that actually protects your privacy without slowing you down. If you’re serious about staying safe online, using a VPN is one of the easiest and smartest ways to do it.

What Is a Personal VPN? Features, Benefits, and How It Works

Hacker claims to have breached OmniGPT, leaking over 30,000 user email address, phone  numbers, and 34 million lines of chat messages. Data includes API keys, credentials, and file links.

A hacker claims to have breached **OmniGPT**, a popular AI-powered chatbot and productivity platform, exposing 30,000 user emails, phone numbers, and more than 34 million (34,270,455) lines of user conversations. The data was published on **Breach Forums** on Sunday at 10:04 AM by a hacker using the alias “Gloomer.”

The leak, as analysed by the Hackread.com research team, includes messages exchanged between users and the chatbot, as well as links to uploaded files, some of which contain credentials, billing information, and API keys. In a post accompanying the download link, Gloomer stated:

> _“This leak contains all messages between the users and the chatbot of this site, as well as all links to the files uploaded by users and also 30k user emails. You can find a lot of useful information in the messages, such as API keys and credentials. Many of the files uploaded to this site are very interesting because sometimes they contain credentials/billing information.”_

If confirmed, this breach would be one of the largest leaks of AI-generated conversation data, exposing users to identity theft, phishing scams, and financial fraud.

The hacker claiming OmniGPT breach on Breach Forums (Screenshot credit: Hackread.com)

****Sample Data: Messages, Files, and User Information****

A sample from the leaked dataset includes chat messages from users discussing technical and development topics, such as:

📌 **User: Kamil**  
_“The cut duration is not displayed correctly.”_

📌 **User: Marcus**  
_“Right now, I’m seeing it be accurate for a cut. How is it displaying incorrectly?”_

📌 **User: Javier**  
_“This comes from review.display\_data (edited).”_

Along with message logs, the leak includes file upload links to documents stored on OmniGPT’s servers, which may contain sensitive information in PDF and Document format. Some of the leaked files include:

*   **Office projects**
*   **University assignments**
*   **Market Analysis Reports**
*   **WhatsApp chat screenshots**
*   **Police verification certificates**
*   **Multiple personal and business-related documents**

_and a lot more._

Screenshot from the leaked data (Screenshot credit: Hackread.com)

****How Does OmniGPT Work****

OmniGPT integrates various advanced language models, including ChatGPT-4, Claude 3.5, Perplexity, Google Gemini, and Midjourney, into a single interface. Designed to enhance efficiency, it offers features such as data encryption, team collaboration tools, document management, image analysis, and WhatsApp integration. Pricing plans start from a free tier with basic features to a Plus plan at $16 per month, providing access to more advanced models and functionalities.

****Data Breach and GDPR****

While the hacker’s modus operandi behind the alleged breach remains unclear, the leaked data suggests that OmniGPT has a global user base, with a major portion of the exposed information belonging to users from South America, particularly Brazil; Europe, especially Italy; and Asia, including India, Pakistan, China, and Saudi Arabia.

If confirmed, this breach could present serious legal and regulatory challenges, particularly concerning **GDPR compliance in Europe**, where strict data protection laws require companies to safeguard user information and report breaches promptly. Failure to address these issues could lead to heavy fines and legal repercussions, further complicating OmniGPT’s position in the global market.

****Consequences: Identity Theft, Phishing, and API Key Exploitation****

If the hacker’s claims are accurate, this leak could pose significant cybersecurity and privacy risks for OmniGPT users. Exposed email addresses and phone numbers may lead to targeted phishing attacks or increase the risk of identity theft.

Additionally, if users shared sensitive API keys or credentials in chatbot conversations, attackers could exploit this information to gain unauthorized access to third-party services or personal accounts. Furthermore, some of the leaked files may contain billing information or confidential business data, exposing companies to financial fraud, data theft, or corporate espionage.

****OmniGPT’s Response: Silence So Far****

As of now, OmniGPT has not issued an official response regarding the alleged breach. Hackead.com has contacted OmniGPT for a response, and this article will be updated as new information becomes available.

If you have an OmniGPT account, it is important to take immediate precautions to protect your data. Start by changing your passwords, especially if you have shared any credentials or sensitive information on the platform. Enabling two-factor authentication (2FA) adds an extra layer of security against unauthorized access.

Stay alert by monitoring your emails and financial accounts for any unusual activity, such as unauthorized logins or fraudulent transactions. Be cautious of phishing attempts, as cybercriminals may use leaked email addresses to send fake messages pretending to be from OmniGPT or other trusted sources. Also, if you have used OmniGPT to process API keys, consider revoking old tokens and generating new ones to prevent unauthorized access.

This is a developing story, and we will update it as more information becomes available.

OmniGPT AI Chatbot Alleged Breach: Hacker Leaks User Data, 34M Messages

Monero (XMR) remains the leading privacy cryptocurrency with its unparalleled anonymity and security in a world increasingly financially…

Monero (XMR) remains the leading privacy cryptocurrency with its unparalleled anonymity and security in a world increasingly financially surveilled. As regulations mature and the need for private transactions grows, Monero’s place in the cryptoverse has never been clearer. What awaits XMR in 2025? Let’s watch the strongest forces shape its destiny.

****Why is Monero different?****

Unlike clear blockchains such as Bitcoin and Ethereum, Monero employs sophisticated cryptography such as stealth addresses, ring signatures, and RingCT (Ring Confidential Transactions) to offer absolute financial anonymity. This makes Monero the most anonymous cryptocurrency for individuals who value financial anonymity.

The need for central financial monitoring has only made the likes of the Monero exchange even more relevant. With institutions watching transactions closely and governments further cranking up the pressure on financial oversight, Monero is even a tool of necessity for anyone who aspires to financial liberty.

**What would drive Monero in 2025?**

*   **Regulatory reforms.** Governments across the globe are about to legalize cryptocurrencies, and others are looking for privacy coins. The need for anonymous transactions is, however, set to persist, particularly with financial privacy increasingly becoming a concern. In the case that Monero can navigate regulation hurdles, adoption will grow exponentially.

*   **Institutional and retail demand.** Monero has long been the privacy lover’s currency of choice, but it can also resonate fairly well with more mainstream users as financial privacy becomes a greater concern. Increased use by retail investors and privacy-sensitive businesses could drive long-term price appreciation.

*   **Embracing decentralized finance (DeFi).** Placing Monero in anonymity-enabling DeFi applications can unlock new use cases, making it a more appealing asset to users who need anonymity when they interact with decentralized finance protocols.

*   **Supply dynamics and market trends.** Bitcoin has a fixed supply of 21 million, while Monero’s tail emission functionality guarantees that there is always an incentive for miners to lock up the network. This can lead to long-term adoption and consistent network validity.

****Possible risks and challenges for Monero****

Monero, despite all its sound fundamentals, has the following challenges to face:

*   **Regulatory pressure:** Some exchanges have delisted anonymity coins like Monero in the interest of compliance. This will decrease liquidity, and it will be difficult for people to sell and purchase XMR.

*   **Competition from other privacy solutions:** New technologies in the blockchain have more sophisticated privacy solutions, and they can break Monero’s monopoly. 

*   **Scalability issues**: As more people join the network, the size of the transaction and the computational powers also grow, and this will face scalability issues in the future.

****Is Monero a good investment in 2025?****

Monero’s future rests on the changing world of financial anonymity, government reactions, and acceptance. If you dream of anonymous transfers to be in forever demand, XMR is a solid option among cryptos. If you’d ever like Monero exchange, you may try using an Exolix exchange to capitalize on their secure, easy, and very fluid transaction options. 

****Final opinions****

Monero is still one of the strongest privacy cryptos, and its place in the financial world will not be usurped soon. Under the pressures of regulatory scrutiny, technological advancement, and changing market forces on its fate, 2025 can be a year of make or break for XMR. As a protection from heightened financial monitoring or as a method of payment that cannot be traced, Monero stands every opportunity to continue to be a pillar of the crypto space.

****_Editor’s Note:_****

_This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, and regulatory changes can impact their value and legality. Always conduct your own research and consult a professional financial advisor before making any investment decisions._

Monero (XMR) 2025 Prediction: What Is in Store for the Top Privacy Coin?

Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Cisco's response and the details of the original attack.

Cisco has refuted claims of a recent data breach after the Kraken ransomware group published sensitive information, allegedly stolen from the company’s internal network, on its dark web leak site. Cyber Press reported on the ransomware group’s claims, which included the exposure of credentials linked to Cisco’s Windows Active Directory environment. 

According to the report, the leaked dataset contained usernames and their associated domains, unique relative identifiers (RIDs) for each user account, and hashed representations of passwords (NTLM hashes). The compromised accounts include privileged administrator accounts, regular user accounts, service and machine accounts linked to domain controllers, and the crucial Kerberos Ticket Granting Ticket (krbtgt) account.

The report further revealed that credential-dumping tools like Mimikatz, pwdump, or hashdump were likely used to extract this information. These tools are commonly employed by cybercriminals and advanced persistent threat (APT) groups to harvest credentials stored within system memory. Alongside the leaked data, the attackers left a threatening message, hinting at their intent to inflict further damage.  

“You lied to us and play for time to kick us out. We will meet you soon, again. Next time you’ll have no chance,” attackers stated.

Files published by the Kraken ransomware group (Image via: CyberPress)

However, Cisco has issued an official statement contradicting the ransomware group’s claims, revealing that the exposed credentials stem from a previously disclosed security incident that occurred back in May 2022.  

“Cisco is aware of certain reports regarding a security incident. The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time. Based on our investigation there was no impact to our customers,” the company stated.

Hackread.com reported a breach where attackers gained control of a Cisco employee’s personal Google account containing company credentials. Through sophisticated voice phishing (vishing) attacks, the attackers bypassed multi-factor authentication (MFA) and gained access to the target user’s VPN. Cisco confirmed it successfully removed the intruder, who made several unsuccessful attempts to regain access in the following weeks.

Cisco’s CSRIT and Talos teams found no evidence suggesting the attacker accessed critical internal systems, such as the production environment or code signing architecture.  

At the time of the 2022 incident, Cisco believed the perpetrator was an initial access broker (IAB) linked to the group tracked by Mandiant as UNC2447, known for its use of the FiveHands malware, as well as the Lapsus$ threat collective and the Yanluowang ransomware operation.  

While the current claims by the Kraken ransomware group involve data from an older incident, the re-emergence of this information highlights the increasing prevalence of credential-based cyberattacks and the need to implement advanced yet reliable security measures.

Organizations should adopt proactive defences, such as forced password resets, disabling NTLM authentication, implementing multi-factor authentication, monitoring access logs for unauthorized activity, and enhancing network monitoring to detect intrusion attempts.

Cisco Rejects Kraken Ransomware’s Data Breach Claims

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.

Threat analysts have identified a new and emerging threat: a variant of the SystemBC RAT (Remote Access Trojan) that is now actively targeting Linux-based platforms. This development puts corporate networks, cloud infrastructures, and IoT devices at risk.

The latest version of SystemBC RAT is more stealthy and harder to detect, using encrypted communication to stay hidden while letting attackers move freely through compromised systems.

****SystemBC RAT: From Windows to Linux****

SystemBC is a Remote Access Trojan (RAT) commonly used in cyberattacks to provide attackers with remote control over infected systems. 

Initially a Windows-only threat, it has now expanded to Linux, making it even more dangerous as Linux-based servers are widely used in enterprise environments.

ANY.RUN’s analysts compared SystemBC’s Windows and Linux traffic

****What Makes the Linux Version of SystemBC RAT Dangerous?****

Let’s look at how this malware operates and why it poses a serious threat to Linux-based systems.

****Encrypted Communication with C2 Servers****

The SystemBC RAT for Linux maintains encrypted communication with C2 servers using the same custom protocols as its Windows counterpart. 

This allows attackers to keep a stable connection across a unified infrastructure of both Windows and Linux implants, making it easier to control infected machines without raising suspicion.

While SystemBC RAT is designed to keep its C2 communication encrypted and hidden, it becomes fully visible inside an ANY.RUN analysis session. By running a real sample in the sandbox, security teams can see the malware’s network connections, file modifications, and process activities in real time.

**View ANY.RUN analysis session**

SystemBC RAT analyzed inside ANY.RUN sandbox

Below the Linux Virtual Machine window, all network connections and system modifications related to this specific attack are clearly displayed. 

Suricata rule triggered by SystemBC RAT

In the Threats section, we can see that an alert was triggered by the Suricata rule: “Malware Command and Control Activity Detected – BOTNET SystemBC.Proxy Connection.” This immediate detection allows analysts to track the infection process and understand how the malware operates.

****Proxy Implant for Lateral Movement****

The malware operates as a proxy implant, meaning it can facilitate lateral movement within a compromised network without deploying additional, easily detectable tools. This makes it a powerful weapon for attackers who seek persistence and deeper infiltration within corporate infrastructures.

****Evasion of Traditional Detection****

One of the most concerning aspects is that security vendors struggle to detect this version as belonging to the SystemBC family. This stealthy approach allows the RAT to remain undetected for extended periods, making it a persistent threat.

****Sandbox and Virtualization Evasion****

Besides signature-based evasion, SystemBC also detects virtualized environments to resist dynamic analysis. In a real ANY.RUN analysis session mentioned above, the MITRE ATT&CK framework flags reveal “Virtualization/Sandbox Evasion- System Checks,” showing that the malware actively performs system checks to determine if it’s running inside a security sandbox or virtual machine. 

By identifying these environments, SystemBC can alter its behaviour or terminate execution, helping attackers bypass automated malware analysis tools while remaining fully operational on real infected systems.

Defense evasion techniques and tactics detected by ANY.RUN sandbox

****Integration with Other Malware Strains****

SystemBC is rarely deployed on its own. It often works alongside other malware to expand an attack’s impact. In Windows attacks, it has been observed delivering ransomware like Ryuk and Conti, as well as banking trojans and infostealers. 

With its new Linux variant, similar threats will likely follow, putting enterprise servers and cloud environments at greater risk of data theft, ransomware encryption, and persistent backdoor access.

****Unmasking Hidden Threats Before They Strike****

Cyber threats are getting smarter, and businesses can’t afford to play catch-up. With SystemBC RAT now hitting Linux, attackers have a new way to hide C2 traffic, move through networks unnoticed, and drop additional malware. Traditional security tools often miss these stealthy tactics, leaving corporate networks, and critical infrastructure at risk.

However, with tools like ANY.RUN interactive sandbox, hidden doesn’t mean unstoppable. Your security team can:

*   Analyze threats safely in a controlled environment.
*   Respond faster, containing threats before they spread and cause real harm.
*   Spot evasion techniques before they do damage, exposing how threats slip past defences.
*   Extract key IOCs, strengthening your threat intelligence and prevention strategies.
*   See hidden malware behaviours in real-time, from network traffic to system changes.

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

Luxembourg, Luxembourg, 11th February 2025, CyberNewsWire

**Luxembourg, Luxembourg, February 11th, 2025, CyberNewsWire**

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

**Key highlights from Q3-Q4 2024**

●    Compared to Q3–Q4 2023, the number of DDoS attacks have risen by 56%, which highlights a steep long-term growth trend.

●    The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks.

●    In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

●    There was a 17% increase in the total number of attacks compared with Q1-Q2 2024.

●    The largest attack peaked at 2Tbps in Q3-Q4 2024, which is an 18% increase from Q1-Q2 2024.

●    DDoS attacks are becoming shorter in duration but more powerful.

**Attackers are shifting their focus**

The sectors that were targeted in Q3-Q4 2024 reflect a changing focus among DDoS attackers. The technology industry has seen a steady increase in its share of DDoS attacks, increasing from 7% to 19% since Q3-Q4 2023. This is because DDoS attackers recognise the wide-reaching disruption potential of attacking technology services. A single successful attack can take out a service that countless organizations depend on – causing significant harm to people and businesses. Another reason that technology platforms have seen an increase in DDoS attacks is due to their vast computational power, which malicious actors can exploit to intensify their attacks.

The gaming industry continues to be the most-attacked industry, although there were 31% fewer attacks compared with Q1-Q2 2024. The decline in attacks may be attributed to several factors. For instance, gaming companies are strengthening their DDoS defenses in response to ongoing attacks, which may result in fewer successful attacks. Another explanation is that attackers may be shifting their focus towards other high-value sectors, such as financial services, which saw a 117% increase in the number of attacks. The sector’s critical online services and susceptibility to ransom-based attacks make it a prime target.

Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only is the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.

**The geographical distribution of DDoS attacks**

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted. 

Gcore’s findings have highlighted the Netherlands as a key source of attacks; leading application-layer attacks with 21% and ranking second for network-layer attacks at 18%. The U.S. ranked highly across both layers, reflecting its vast internet infrastructure for hackers to exploit.

Brazil featured prominently in network-layer attacks at 14%. Brazil’s growing digital economy and connectivity make it an emerging source of attacks. China and Indonesia also featured prominently, with Indonesia showing a growth in application-layer attacks at 8%, which reflects a broader trend of increased attack activity in Southeast Asia.

**Short but potent attacks continue to take hold**

DDoS attacks are becoming shorter in duration, but no less disruptive. The longest DDoS attack duration during Q3-Q4 2024 was five hours, which is a significant decrease from 16 hours in the first half of the year. This is reflective of an increasing trend towards shorter but more intense attacks. These ‘burst attacks’ can be more difficult to detect as they may blend in with normal traffic spikes. The delay in detection gives attackers a window of opportunity to disrupt services before cyber defenses can kick in.

The trend of shorter DDoS attack durations can in part be attributed to improvements in cybersecurity. As security tightens, attackers have learned to adapt with short burst attacks designed to bypass defenses. A short DDoS attack can also double as a smokescreen to conceal a secondary attack, such as ransomware deployment.

The full report is available at https://gcore.com/library/gcore-radar-ddos-attack-trends-q3-q4-2024

**About Gcore**  

Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 180 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps.

Users can learn more at gcore.com or follow them on LinkedIn, Twitter, and Facebook.

**Contact**

**Gcore press contact**  
**\[email protected\]**

Gcore Radar report reveals 56% year-on-year increase in DDoS attacks

In a coordinated international security operation, authorities have seized four dark web sites linked to the 8Base ransomware group and arrested four suspects.

International law enforcement agencies have seized the dark web infrastructure of the notorious **8Base ransomware group** and arrested four suspected members, including two men and two women.

The operation, led by the Bavarian State Criminal Police Office and the Office of the Public Prosecutor General in Bamberg, targeted the group’s TOR-based leak site used to publish stolen data and pressure victims into paying ransoms.

8Base dark web site shows seizure notice (Screenshot: Hackread.com)

According to a Thai media **report**, the arrests, carried out in Phuket, Thailand, targeted individuals believed to be part of the Phobos ransomware gang, the malware family linked to 8Base’s operations. The suspects are accused of carrying cyberattacks against over 1,000 victims worldwide, marking a big win in the ongoing fight against ransomware.

The 8Base ransomware group began its activities in 2022, initially operating on a smaller scale, suggesting it was in a developmental phase. By early 2023, the group emerged in its current form, rapidly evolving its tactics. In May 2023, 8Base adopted a multi-extortion model, encrypting data and threatening to leak it unless a ransom was paid. They also launched a TOR-based victim blog to publish stolen data.

By mid-2023, the group saw a sharp increase in activity, targeting organizations across various sectors. Analysts believe 8Base is using a modified version of Phobos ransomware, which has been linked to numerous attacks. The group’s impact has been global, with a significant number of victims in the United States and Brazil.

The latest infrastructure seizure and arrests come just two months after a Russian national was extradited to the United States to **face charges** related to the Phobos ransomware operation. This takedown also highlights law enforcement agencies’ commitment to fighting cybercrime, following the recent arrest of the admin behind the infamous cybercrime and hacker forums, **Cracked and Nulled**, just two weeks ago.

This article will be updated with more information once official confirmation from authorities is available. For now, it is confirmed that the agencies involved in this operation include the DoD Cyber Crime Center, FBI, Europol, Japan’s National Police Agency, the UK’s National Crime Agency (NCA), Germany’s Bavarian State Criminal Police Office, the Federal Office of Police, and Thailand’s Cyber Crime Investigation Bureau.

4 Arrested as Police Dismantle 8Base Ransomware, Seize Dark Web Sites

Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.

The infamous Handala hacking group, with suspected ties to Iranian intelligence, has claimed responsibility for a cyberattack against Israel’s police force, managing to exfiltrate 2.1 terabytes of sensitive data, including personnel records, weapons inventories, medical and psychological profiles, legal case files, weapon permits, and identity documents. Handala further claims to have disseminated 350,000 of these documents publicly.

The scope of the claimed data breach is extensive, encompassing a wide range of sensitive information. Reports suggest the stolen data includes email addresses, gun licenses, officer photos and personal contact details, classified documents, and personal information about suspects and convicted criminals, including details about sex offender employment permits.

Handala also alleges obtaining access to the personal files of police officers, including psychological evaluations and other private data, and breaching the servers of the Israeli Ministry of National Security. 

Despite Handala’s claims, the Israeli police have denied any direct penetration of their systems. Their statement suggests that the breach, if confirmed, likely involved third-party entities that share data with the police. An investigation is currently underway to ascertain the true extent of the incident and identify any vulnerabilities.

https://twitter.com/IL\_police/status/1888576600985243926

This alleged break follows a pattern of disruptive cyber actions by Handala targeting Israeli entities, particularly since the escalation of the Israeli-Hamas conflict. Microsoft reports that Israel has become a prime target for Iranian cyber operations, experiencing a significant increase in attacks. Handala’s own activity reflects this trend, with a series of increasing data breaches targeting Israeli institutions.

For instance, in October 2024, Hackread.com reported their suspected involvement in a phishing campaign targeting cybersecurity personnel within Israeli organizations with wiper malware, aiming to disrupt the country’s digital defences. In September 2024, the group targeted Israel’s Soreq Nuclear Research Center (SNRC) in a significant ransomware attack.

The group has targeted crucial Israeli institutions/ systems with the Elad Municipality and the Ramat Gan Academic College being their recent targets. On January 27, 2025, the group compromised the emergency alert system, operated by Israeli electronics firm Maagar-Tec, impacting at least 20 kindergarten educational institutions across Israel, triggering widespread panic with false terror alerts.

Nevertheless, in its post on BreachForums dated February 9, 2025, Handala Group not only claimed responsibility for the latest attack but also taunted Israel, emphasizing their success in penetrating their defences and exposing their secrets while accusing Israel of arrogance and deception.

“Handala does not forget. Handala does not forgive,” the group reiterated their slogan.

Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.

Artificial intelligence is changing industries from finance and healthcare to entertainment and cybersecurity. As AI adoption grows so do the risks to its integrity. AI models are being targeted by cybercriminals to manipulate, steal or exploit sensitive data. From adversarial attacks that mess with AI decision-making to large-scale data breaches the security landscape is more complex than ever.

The very nature of AI which relies on massive datasets, cloud computing power and decentralized processing creates vulnerabilities. Securing AI systems is not just about protecting data; it’s about reliability, trust and ethical usage.

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin which are creating new security models for their AI infrastructure.

****The Growing Threats to AI****

AI is a target for cybercriminals. AI models process sensitive data from financial transactions to medical records so are a treasure trove for hackers. Breaches not only expose confidential information but also raise ethical concerns about privacy violations and data misuse.

The biggest security risks are data breaches, model theft and infrastructure vulnerabilities. AI models rely on proprietary datasets and unauthorized access to these datasets can cause financial and reputational damage. Attackers can steal AI models or feed them adversarial data to mess with outputs and cause incorrect decision-making. Centralized AI cloud solutions are single points of failure and can be taken down and cause service disruptions.

To address these risks many AI platforms are moving away from traditional centralized models to decentralized architectures. By distributing AI workloads and data across multiple nodes companies can increase security, reduce failure risks and create more robust AI-driven ecosystems.

****How These Two Decentralized AI Brands Tackle Cybersecurity****

AI solutions use different strategies to keep systems safe from cyber threats like hacking, data leaks, and unauthorized access. By building strong security measures, they help protect sensitive information and ensure AI runs smoothly and securely. Let’s take a look.

****OORT: Protecting Data with Blockchain****

OORT secures its holistic AI offering with blockchain and decentralization to build a more powerful cloud. One of its key patented innovations is the Proof of Honesty (PoH) algorithm which makes AI computations verifiable and tamper-proof. 

Unlike traditional cloud systems that rely on centralised servers that can be targeted, OORT distributes data across a decentralized network, so the risk of breaches or unauthorised access is greatly reduced. Even if one part of the network is compromised the rest remain secure so continuity and reliability are maintained.

To add more security, OORT uses Olympus Protocol, a DAG-based system (PDF), so transactions are faster, cheaper, and more scalable. Instead of miners, it uses trusted committees to validate transactions and secure the network. This allows for zero fees, high speed, and easy interoperability with other chains, it’s a good fit for Web3.

Since the blockchain is immutable any attempt to alter data leaves a trail so attackers can’t cover their tracks. 

Additionally, OORT recently partnered with DeTaSECURE to add AI security and data integrity using advanced threat intelligence to fortify decentralized AI infrastructure against cyber threats and support trustless, verifiable AI models in Web3.

By combining blockchain verification with distributed validation OORT creates a trustless AI infrastructure where users don’t have to rely on a single entity to verify computations. Nodes across the network validate AI processes so it’s fair, accurate and secure.

Image: OORT Infra. Edge, Super and Backup Nodes.

This is particularly useful for industries that require high trust such as finance, healthcare and autonomous systems where AI-driven decisions are critical. Through these mechanisms, OORT secures AI applications reduces risk and provides a safer environment for advanced AI solutions.

****Filecoin: Eliminating Single Points of Failure****

AI models need large datasets which are often stored in the cloud. Traditional cloud storage has risks due to centralization which creates a single point of failure. Decentralized storage is a more secure option.

Decentralized storage is key for AI because it eliminates single points of failure, and reduces the impact of a cyber attack. It uses cryptographic proofs to ensure data integrity and authenticity and allows users to control encryption and access permissions.

Filecoin is a decentralized storage network that provides secure and scalable data storage solutions. It secures AI-related data through Proof-of-Replication and Proof-of-Spacetime, cryptographic methods that verify data integrity and prevent unauthorized modifications. 

Distributed storage nodes prevent centralization breaches by distributing AI datasets across multiple storage providers.

Client-controlled encryption allows users to encrypt their data before storing it so only authorized parties can access it. By using decentralized storage AI platforms can reduce their dependence on vulnerable cloud providers and build a more resilient infrastructure.

****AI and Cybersecurity Future****

As AI adoption grows so will the sophistication of attacks on AI systems. Solving these security challenges requires continuous innovation and collaboration between AI developers, security experts and regulatory bodies.

Several trends are shaping AI security. Federated learning is emerging as a method where AI models are trained across decentralized devices without sharing raw data, more privacy. Blockchain-powered AI security uses smart contracts and distributed ledgers to ensure transparency and prevent unauthorized modifications. AI is being used to detect security threats in real-time, more resilience against attacks.

With cyber threats getting more sophisticated, AI platforms need to get proactive with security to be trusted and reliable. Companies need to realize that security is not an afterthought but a foundation of AI innovation. 

Whether through decentralized infrastructure, encryption protocols or secure AI training environments, the future of AI security is resilience, transparency and bleeding-edge tech. By security from the start, AI developers and companies can build systems that are intelligent and threat-proof.

Source

HackRead