A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected.

A hacker using the alias “Lovely” is selling nearly 40 million (39,970,158) Condé Nast user records that allegedly belong to the company’s subsidiary websites, many of which rank among the most popular sites worldwide.

****Background****

On December 27, 2025, Hackread.com **reported** that a hacker using the alias “Lovely” leaked a database containing the personal details of 2.3 million Wired.com users. Wired.com is a major American magazine and website owned by Condé Nast.

Alongside the download link, the hacker accused Condé Nast of ignoring repeated security warnings. Three days after the Wired.com leak, the hacker announced that the entire Condé Nast dataset was being put up for sale.

****Allegedly Impacted Sites and Data Offered****

Condé Nast has neither confirmed nor denied the claims. However, the list of websites shared by the hacker is extensive and spans multiple industries. Below is the full list of sites that are allegedly affected, along with the corresponding user counts currently being offered for sale on a cybercrime forum.

1\. 9,468,938 - NIL  
2\. 6,796,525 - NYR  
3\. 2,647,152 - EPI  
4\. 2,366,576 - WIR  
5\. 2,075,122 - SELF  
6\. 2,030,162 - BNA  
7\. 1,959,212 - VOG  
8\. 1,871,068 - ALLURE  
9\. 1,637,038 - VANITYFAIR  
10\. 1,461,408 - GLAMOUR  
11\. 1,289,744 - NTD  
12\. 1,080,711 - TVL  
13\. 994,072 - MEN  
14\. 854,862 - AD  
15\. 684,549 - GOLFDIGEST  
16\. 622,178 - LKY  
17\. 586,194 - TEENVOGUE  
18\. 527,598 - BRI  
19\. 350,026 - STYLE  
20\. 202,173 - CONCIERGE  
21\. 80,951 - DET  
22\. 64,365 - GMT  
23\. 57,924 - WMG  
24\. 51,955 - UWD  
25\. 51,797 - UVO  
26\. 30,434 - UGQ  
27\. 26,136 - CNT  
28\. 24,881 - CNEE\_UK\_CTR  
29\. 24,069 - UVF  
30\. 17,746 - CNEE\_UK\_HAG  
31\. 13,046 - UGM  
32\. 10,431 - CNEE\_UK\_WOI  
33\. 8,327 - CNEE\_UK\_TAT  
34\. 1,436 - CNEE\_UK\_GQS  
35\. 1,252 - CN

The price of the data has not been disclosed by the hacker. However, the contents of the dataset have been outlined and reportedly include a large volume of personal information, including the following:

1.  ID
2.  Email addresses
3.  Phone numbers
4.  First name
5.  Last name
6.  Gender
7.  Birthday
8.  Addresses
9.  Display names

and more…

The authenticity of the dataset has not been independently verified. Hackread.com will continue monitoring the situation and update this report if Condé Nast issues a statement or if further technical validation of the data becomes available.

Screenshot of the hacker’s post offering the alleged Condé Nast records (Image credit: Hackread.com)

If the claims are accurate, affected users could face an increased **risk of phishing**, credential stuffing, and targeted scams. Users of Condé Nast-owned platforms are advised to change passwords, enable multi-factor authentication where available, and remain cautious of unsolicited emails or messages referencing their subscriptions or accounts.

Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

Billionaire Chen Zhi and associates Xu Ji Liang and Shao Ji Hui have been extradited to China. This exclusive report details the collapse of the Prince Group's global scam network, the seizure of $15 billion in Bitcoin, and the forced labour camps behind the billion-dollar pig butchering fraud.

Chinese state television CCTV has released footage showing Chen Zhi, the former chairman of the Cambodia-based multinational conglomerate Prince Group, being escorted off a plane in Beijing.

Handcuffed and hooded, the 38-year-old was led away by armed SWAT officers following his arrest in Cambodia. This marks a major turning point in the global fight against scam centres that have affected thousands of victims worldwide.

****A Joint Investigation****

The arrest on Tuesday, January 6, 2026, was the result of a months-long investigation between China and Cambodia. Alongside Chen, two other men, Xu Ji Liang and Shao Ji Hui, were also detained and sent back to China.

Beijing law enforcement authorities have actually been quietly tracking the Prince Group since 2020, and even set up a special task force to investigate the group, which they described as a massive illegal gambling and fraud ring based in Cambodia.

Investigation into Chen’s background shows he was a powerful figure in Cambodia, once serving as an advisor to the Prime Minister. However, his Cambodian citizenship was revoked by royal decree last month, which paved the way for this extradition.

Watch as Chinese forces bring Chen Zhi into custody

****Crimes Behind the Curtain****

Chen’s business empire is accused of being a front for pig butchering schemes. This is a type of fraud where scammers build long-term trust with victims online, usually through fake dating or social media profiles, before convincing them to put money into fake cryptocurrency platforms.

According to a US Justice Department indictment from October 2025, the Prince Group was one of Asia’s largest criminal organisations that apparently involved real estate and banking, but secretly operated phone farms and scam compounds across Cambodia.

Reportedly, Chen’s compounds were mostly manned by trafficked workers lured with fake job offers and then forced to work in slave-like conditions, surrounded by high walls and barbed wire. Prosecutors say he even kept records of beatings and ledgers tracking the profits from the scams.

These stolen funds were allegedly used to buy luxury yachts, private jets, and even a Picasso painting in New York. The indictment confirmed authorities seized $15 billion in Bitcoin linked to these operations, the largest seizure of its kind in history.

****Financial Consequences****

The financial consequence has been swift and quite damaging for the accused, as Prince Bank in Cambodia is currently being liquidated by the central bank, while authorities in the UK have frozen over £112 million in real estate. This includes a luxury London mansion and an office building. Furthermore, large sums of money and assets have also been seized in Singapore, Taiwan, and Hong Kong.

While the Prince Group previously claimed these allegations were baseless, the crackdown continues, and Chen is now in custody. In China, he faces charges for operating illegal casinos, fraud, and money laundering. Chinese authorities state they will soon release a list of other key members of the group and are warning them to surrender immediately.

****Experts’ Perspectives:****

In a perspective shared exclusively with Hackread.com, Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace, noted that these professional scam organizations invest a “ton of resources” into identifying and building relationships with targets before “ultimately ripping them off for everything they’ve got.”

She points out that pig-butchering is a deeply “human” operation compared to traditional technical cybercrime, specifically because these centres use trafficked labor to work the targets. “The more you look into it,” she warned, “the worse it gets.”

This sentiment is echoed by April Lenhard, Principal Product Manager, Cyber Threat Intelligence at Qualys, who shared insights with Hackread.com, describing these romance schemes as “emotional warfare” where victims are conned out of their life savings by people whose full-time job is to make you fall in love with their persona.

Lenhard highlighted that cryptocurrency makes these crimes particularly attractive to criminals because “there is no safety net or overarching regulation… once it’s gone, it’s gone.”

$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials.

A well-known, dangerous banking malware called Astaroth has found a new way to break into people’s lives by sneaking into WhatsApp. The findings come from the Acronis Threat Research Unit (TRU), with the formal report released on Thursday, January 8, 2026.

Acronis has identified a new campaign dubbed Boto Cor-de-Rosa in which the malware acts like a digital worm, spreading automatically from one person’s contact list to the next, and mainly targeting Brazilians.

Lead researchers Jozsef Gegeny and Jonathan Micael noted in the blog post, shared with Hackread.com, that while its operators have usually exploited email, this new tactic exploits the trust we place in our chat apps.

****How the Malware Breaks In****

For any user, getting a file from a friend on WhatsApp feels much safer than opening a random email. This is exactly what the hackers are counting on. The attack begins with a message containing a ZIP archive (basically a compressed folder), usually named with a confusing string of digits like 552_516107-a9af16a8-552.zip.

If a victim opens this folder, a hidden script triggers a chain reaction. Further probing revealed that the malware hides its main files in a very specific spot on the computer: C:\Public\MicrosoftEdgeCache_6.60.2.9313.

Once settled, it runs two different modules at the same time:

1.  The Banking Module: This stays quiet and watches for when you log into a bank.
2.  The WhatsApp Spreader: This is a new piece of code written in Python (a file named zapbiu.py) that steals your contact list and starts sending out copies of the virus to everyone you know.

Attack Chain (Source: Acronis)

****Polite Messages and Tracking Progress****

It is worth noting that the hackers have added a surprisingly human touch to the messages. The software actually checks the time on your computer to send the right greeting in Portuguese. Depending on when it sends the message, it will start with “Bom dia” (Good morning), “Boa tarde” (Good afternoon), or “Boa noite” (Good evening).

The message usually says: “Here is the requested file. If you have any questions, I’m available!” This makes it look like a follow-up to a real conversation. Researchers note that the malware even tracks its own success rate, printing out a progress report every 50 messages to see how many people it has successfully reached.

The WhatsApp Message (Source: Acronis)

****Consistent Evolution****

Astaroth is a Delphi-based virus that has been a headache for security experts for a long time. For your information, this isn’t the first time Hackread.com has reported on its tricks. In February 2025, a version of Astaroth was found that could bypass two-factor authentication to steal Gmail and Microsoft logins.

Later, in October 2025, it was found abusing GitHub to hide its backup files inside images. This shows that the hackers are always looking for new hiding spots, and WhatsApp is simply their latest target.

Nevertheless, while the latest version is currently focused on Brazil, its discovery shows that these attackers are finding smarter ways to hide in plain sight. Therefore, regardless of your location, watch out for this and other similar threats and visit Hackread.com for more.

Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

A critical vulnerability (CVE-2026-21877) found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution.

If your company uses n8n to handle daily tasks, it is time to check your version number. A major security flaw has been found in the platform, and it’s about as serious as it gets. The firm Upwind recently put out an analysis on this problem, which is a “critical authenticated remote code execution vulnerability.”

In simple words, it means that if a hacker gets in, they could take over the whole system. For your information, n8n is a “glue” that connects different apps and databases. Because it sits in the middle of all that data, a security gap here is a massive deal.

****What went wrong?****

This flaw is officially named CVE-2026-21877 and carries a 10.0 severity score, which is the highest possible danger rating. The technical side of things comes down to an arbitrary file write condition. What happens is that the software lets someone save a file in a place they shouldn’t be allowed to touch. According to researchers, this happens because the system doesn’t properly double-check “untrusted input” before it starts processing data.

Security researcher Théo Lelasseux, who found the bug, noted that while a person needs a valid login to pull this off, once they are inside, they can cause “untrusted code to be executed by the n8n service.” As we know it, these systems can provide access to internal systems, credentials, and sensitive data, so an intruder could do a lot of damage very quickly.

****How to stay safe****

The research into this flaw was shared with Hackread.com. It turns out a huge range of versions are at risk, specifically 0.123.0 all the way up to 1.121.3. It doesn’t matter if you run the software on your own office servers or use a managed cloud version; you are likely affected.

The fix is simple but urgent; you need to update to version 1.121.3 or higher right now to fully address the vulnerability. It is worth noting that there haven’t been reports of hackers using this yet, but you shouldn’t wait to find out. Besides updating, experts suggest disabling the Git node and making sure only your top-level admins have the right to change how your workflows function.

n8n Users Urged to Patch CVSS 10.0 Full System Takeover Vulnerability

A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his "best friend," even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice.

A 25-year-old Bigfork man, Jeremiah Daniel Starr, was sentenced yesterday to 46 months in federal prison for a cyberstalking campaign that lasted nearly three years. The case is particularly chilling because the victim, identified as Jane Doe, believed Starr was her best friend, while he was secretly the person sending her threatening and frightening messages.

According to the Department of Justice (DoJ) press release, Starr went to great lengths to hide his tracks. He used more than 50 different phone numbers and a service called NordVPN, which is a tool used to hide a person’s digital location. Investigators from the FBI had to sift through over 1,100 distinct IP addresses to finally link the harassment back to Starr.

****A Terrifying Fake Shooting****

As the years went by, the harassment moved from the digital world into real-life violence. Court records reveal that on February 9, 2025, while the victim was asleep, Starr actually fired a gun into her apartment. In what US Attorney Kurt Alme described as an “elaborate ruse,” Starr then pretended to “return fire” at imaginary attackers, acting as if he were protecting her.

Investigation, however, revealed that there were no other gunmen; it was just Starr shooting rounds both inside and outside the home to keep his victim living in fear. The victim later told investigators that the constant pressure was “unbearable” and caused her massive emotional distress. Justin Gerken, the Special Agent in charge, noted that “the defendant exploited the anonymity of the internet” to inflict lasting harm.

****Accountability in a Digital Age****

Starr had previously pleaded guilty to one count of cyberstalking in August 2025. At the sentencing, US District Judge Dana L. Christensen ordered that after his 46-month prison term, Starr must also complete three years of supervised release.

Assistant US Attorney Cyndee Peterson prosecuted the case, which relied heavily on the technical work of the FBI’s Billings Field Office. It is worth noting that cases like this are becoming a major focus for law enforcement as they work to protect people from high-tech stalking.

This case is a loud warning that these digital masks don’t stay on forever and will eventually be stripped away. While the internet offers plenty of ways for people to hide, the persistence of federal investigators shows that even the most complex digital trails can be followed to ensure that the culprits are held fully accountable for their actions.

(Photo by nicholas tessier on Unsplash)

US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords.

A recent investigation by the research firm Zscaler ThreatLabz has found a clever new trap targeting people in the cryptocurrency space. In November 2025, researchers found three malicious software packages hiding in NPM, a massive public library that developers use every day to build apps.

These files weren’t just glitches; they were designed to deliver a specific virus that researchers have named NodeCordRAT. This is basically a Remote Access Trojan (RAT), which gives a stranger a backdoor into your computer to watch what you do and steal your files.

****The Chain of Deception****

During the investigation, it was noted that, other than uploading malware, attackers also created a chain of files to avoid being caught. They used names that look almost exactly like real, trusted tools from the legitimate bitcoinjs project. According to researchers, the attacker (linked to the email [email protected]) uploaded three specific packages:

*   bip40 (Downloaded about 958 times)
*   bitcoin-lib-js (Downloaded about 183 times)
*   bitcoin-main-lib (Downloaded about 2,286 times)

Upon probing further, researchers found that when a developer tried to install the first two packages, a hidden script would automatically pull in the third one, bip40, which carried the actual virus. This whole process happens automatically in the background, and the user never sees a ‘Yes/No’ pop-up or a warning.

“It is also possible to download bip40 as a standalone package, completely bypassing the other libraries. To deceive developers into downloading the fraudulent packages, the attacker used name variations of real repositories found within the legitimate bitcoinjs project,” Zscaler’s blog post reads.

Attack chain (source: Zscaler)

****Controlled via Discord****

What makes this attack unique and troubling is how it talks back to the hackers. Discord, as we know it, is mainly used for gaming or chatting, but these hackers used it as a remote control by sending simple text commands to a private Discord channel. This way, the hackers could tell the infected computer exactly what to do.

Researchers further noted that the virus responds to specific shorthand commands. For example, the command !run allows for shell command execution, letting attackers run any code they want. Meanwhile, !screenshot snaps a picture of your desktop and !sendfile allows attackers to pick any file on your hard drive and upload it directly to their chat.

****What They Are After****

NodeCordRAT specifically hunts for Chrome data such as saved passwords and login info, crypto wallets (specifically MetaMask seed phrases and digital keys), and API secrets, including hidden files (like .env files) that businesses use to keep their websites running.

It is worth noting that while these packages have since been scrubbed from the NPM store, the damage may already be done for the thousands who downloaded them. If you work in crypto or development sectors, it is a good idea to check your recent downloads for these specific names.

Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages

Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy.

The convenience of AI chatbots has come with a hidden cost for nearly a million Chrome users. On December 29, 2025, cyber threat defence experts at OX Security revealed that two popular browser extensions were secretly recording private conversations and sending them to outside servers.

This discovery is part of a disturbing new trend that researchers at Secure Annex have named Prompt Poaching, where attackers specifically target the sensitive questions and proprietary data we feed into tools like ChatGPT.

****Malicious Chrome Extensions****

The two tools at the centre of OX Research’s investigation are “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600,000 installs) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (300,000 installs).

Researchers explained in the blog post that these extensions weren’t just random apps; they were designed to look exactly like a legitimate tool called AITOPIA. Because a professional appearance can be deceiving, one of these fakes even managed to trick Google into giving it a Featured badge, making it look safe to the average person.

****How the Information is Stolen****

The theft begins the moment a user installs these sidebars. The extensions first request permission to collect “anonymous, non-identifiable analytics,” but the second, when a user clicks “allow,” that promised anonymity vanishes.

To steal your data, the software uses a technique called DOM scraping, which essentially allows it to read the text directly off your screen. The malware listens for when you visit chatgpt.com or deepseek.com, assigns you a unique tracking ID called a “gptChatId,” and begins harvesting.

This isn’t just a minor leak; it includes everything from personal search history to secret company code and business strategies. Every 30 minutes, the software bundles up your prompts, the AI’s answers, and even your session tokens or authentication data, then sends them to servers like deepaichats.com or chatsaigpt.com.

If you uninstalled one, the browser would sometimes automatically redirect you to the other, as the developers used the platform Lovable.dev to host fake privacy policies and keep their operation running.

Attack Flow

While OX Security reported these threats to Google on December 29, both extensions remained live and downloadable as of January 7, 2026. If you have any AI sidebar installed, you should check your settings at chrome://extensions immediately.

Look for the specific IDs fnmihdojmnkclgjpcoonokmkhjpjechg or inhcgfpbfdjbjogdfjbclgolkmhnooop and remove them. Also, try to avoid any extension that asks for full “read and change” access to your websites, even if it has a verified badge.

This incident shows how trust can be compromised when security checks fail to keep pace with the rapid evolution of AI tools. AI chats feel private, but anything sitting inside a browser can be watched, copied, and sent elsewhere without you noticing.

Until Chrome Web Store policing improves, the safest move is to keep extensions to a minimum, be suspicious of unnecessary permissions, and think twice before sharing sensitive work or personal details with any AI tool running in your browser.

(Photo by Solen Feyissa on Unsplash)

Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users

Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales.

A decade-long run of selling illegal stalkerware has come to an end for Bryan Fleming, the founder of the Michigan-based company pcTattletale. On Tuesday, January 7, 2026, Fleming entered a guilty plea in a San Diego federal court, admitting to charges of computer hacking and the illegal advertising of surveillance devices.

This marks the first successful federal prosecution of a stalkerware operator in the United States since 2014, when the creator of another surveillance app, StealthGenie, was similarly charged.

****How the Stalkerware Worked****

For your information, stalkerware is a hidden app installed on a phone or computer without the owner’s permission. It runs quietly in the background to monitor a partner or spouse, making it nearly impossible for a victim to detect. While Fleming originally launched pcTattletale as a tool for parents or employers, the investigation revealed that he was actively encouraging a much more invasive use.

Since at least 2016, the software allowed users to secretly monitor romantic partners by hiding the app on their devices. Once installed, it captured everything from text messages and photos to real-time GPS locations, and even provided a “movie” of the victim’s screen activity, all this for a subscription fee of $99.99.

****Caught in an Undercover Sting****

The downfall of pcTattletale began in 2021 when agents from Homeland Security Investigations (HSI) launched a probe into over 100 websites selling similar products. One agent went undercover, posing as a marketer to get close to Fleming. Court records show that Fleming personally sent the agent advertising banners with slogans like “Catch a Cheating Husband.”

Investigators noted that Fleming was unusually public about his operation. He even filmed YouTube videos from his 7,700-square-foot mansion in Bruce Township, Michigan, showing how the app stayed invisible on a victim’s phone.

Bryan Fleming, the creator of pcTattletale

Authorities eventually raided that home, which Fleming recently sold for $1.2 million. Financial records seized during the investigation showed his business was highly profitable, raking in more than $600,000 by the end of 2021 alone.

****Data Breach and Shutdown****

The business finally hit a breaking point in 2024 following a massive data breach that forced Fleming to shut down operations. A hacker defaced the company’s website and stole extensive data from its servers, including identifiable details belonging to both the customers and their victims.

Not only were the records of 138,000 customers leaked, but over 300 million private screenshots taken from victims’ devices were found sitting on unsecured servers, accessible to anyone who knew where to look.

Fleming is now facing sentencing on April 3. Cybersecurity experts suggest that while many of these companies operate overseas, this conviction should be taken as a clear warning to anyone selling surveillance tools within the US that they can no longer act with total freedom from the law.

pcTattletale Founder Bryan Fleming Pleads Guilty in Federal Stalkerware Case

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA.

A lone hacker has managed to break into the private files of about 50 major companies around the world, including Pickett, Sekisui House, IFLUSAC, Iberia Airlines, K3G Solutions, CRRC MA, GreenBills, and CiberC, reveals the latest research by the Israeli cybersecurity firm Hudson Rock conducted for its sister site Infostealers.com.

Researchers identified the attacker who is believed to be an Iranian national operating under the online names Zestix and Sentap. This individual is currently auctioning off massive amounts of stolen corporate data on dark web forums to the highest bidder.

While we might expect these large organisations to be hard to get into, this wasn’t a very difficult job for the hacker. However, researchers noted that the hacker simply used stolen passwords to log into accounts that didn’t have basic security authentication in place.

****How “Infostealers” Opened the Door****

The hacker didn’t hack the companies directly. Instead, they used Infostealers, specifically RedLine, Lumma, and Vidar. These viruses sneak onto a person’s computer usually after the victim downloads a fake file or a cracked game, and quietly steal every password saved in their web browser.

Once Zestix had these passwords, they just used them to log into company file-sharing sites like ShareFile, Nextcloud, and OwnCloud. The only reason this worked is that these 50 companies failed to turn on Multi-Factor Authentication (MFA).

Access to the Maida Health Nextcloud instance (Source: Infostealers.com)

MFA, as we know it, is that extra step where a site asks for a code from your phone after you type your password. Since that second step wasn’t required, the stolen password was all the hacker needed to walk right in.

****Who Was Affected?****

The stolen data includes everything from private medical files to military blueprints. For example, Iberia Airlines had 77 GB of data taken, including safety manuals for their planes. A U.S. firm called Pickett & Associates lost 139 GB of data, which included detailed maps of power lines and utility stations.

It’s important to mention that in November 2025, Iberia Airlines was also involved in another data breach in which Everest ransomware stole and later leaked 596GB of the airline’s internal and customer data.

The reach of the attack, as per the company’s report, was truly global. In Turkey, Intecro Robotics saw its designs for military drones and fighter jets put up for sale. In Brazil, Maida Health lost 2.3 terabytes of medical records belonging to the military police. Even public transit was hit, with internal plans for train brakes and signalling used by the LA Metro being exposed through a company called CRRC MA.

Profile and posting from Zestix on Russian language cyber crime forum Exploit.in (Credit: InfoStealers.com)

****A Lesson in Basic Security****

Some of the stolen passwords used in these attacks were years old. If these companies had forced a password change or simply required a phone code to log in, this entire disaster could have been avoided.

Hudson Rock warns that credentials for employees at other giants like Samsung, Walmart, and Deloitte are also floating around in these hacker logs, meaning they could be at risk too. This is a reminder for all of us: a password alone is no longer enough to keep your information safe.

Lone Hacker Used Infostealers to Access Data at 50 Global Companies

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical. Automated traffic now makes up more than half of all web traffic, and bot-driven attacks continue to grow in volume and sophistication. What has changed is the role of legitimate bots and how little visibility most security teams have into their behavior.

So-called good bots now account for a significant share of automated traffic. Search engine crawlers index content. AI systems scrape pages to train models and generate responses. Agentic AI is beginning to interact with applications on behalf of users. These bots often operate within accepted norms, but at a scale that introduces real security, performance, and cost implications.

The risk is not always malicious intent. It is uncertainty. Legitimate bots expand the attack surface by continuously interacting with web applications, APIs, and content repositories. They touch endpoints that may not be closely monitored and generate traffic patterns that blend into normal activity. When behavior shifts gradually over time, short retention windows make it difficult to detect anomalies or validate whether existing controls are still effective.

Traditional bot management relies on static allow and deny lists. Known crawlers are permitted. Abusive automation is blocked. That model breaks down in an AI-driven environment. Large language models (LLMs) and agentic systems repeatedly crawl and re-crawl content, often bypassing cache efficiencies and placing persistent load on origin infrastructure. These patterns can increase costs, degrade availability, and expose sensitive content without triggering conventional security alerts.

Security teams are now pulled into broader decisions around rate limiting, content exposure, bot identity, and enforcement. Those decisions require historical context. Without long term visibility, teams are left reacting to symptoms instead of understanding how automation is evolving across their environment.

Long-term bot visibility is becoming essential to modern security operations. Hydrolix’s newly released Bot Insights provides sustained insight into malicious, traditional, and AI driven bot behavior by retaining and analyzing high volume traffic data over extended periods. This allows security teams to track trends, validate controls, and understand how automated access changes as AI systems evolve.

Monitoring legitimate bot traffic is no longer optional. It is part of attack surface management, cost control, and data protection. Security teams need to know which bots are accessing their systems, how often, what resources they consume, and how those patterns change over time. Stopping malicious bots is only the starting point. Modern security depends on understanding automation, not merely blocking it.

Source

HackRead