A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.
The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.
The threat intelligence firm said it

OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers

Up to one in five of the most popular mobile VPNs are owned by Chinese companies that do their best to hide the fact.

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist.

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic.

Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. People use them to make it look as though they’re connecting from elsewhere, often to dodge local censorship or to access commercial content not available in their region, or just because they’re concerned about privacy.

The downside is that you must be able to trust the company that operates those computers. After all, they get to see all of your traffic as it passes through those channels.

The TTP warns that a large proportion of the most popular mobile VPN apps in the Apple App Store are owned by Chinese companies. These include Qihoo 360, which is classified as a Chinese military company by the US Department of Defense.

**Several mobile VPNs linked to Chinese military**

According to the TTP report, Qihoo acquired an app development company called Guangzhou Quanyong. The company developed several mobile apps for Innovative Connecting Pte. Ltd, a Singapore-registered company owned by another company called Lemon Seed, registered in the Cayman Islands.

Innovative Connecting developed an app called Turbo VPN, which was marketed to Spanish-speaking people in the US as a way to circumvent proposed restrictions when accessing Chinese-owned social network TikTok. The company developed several other VPNs in the top 100, including VPN Proxy Master and Thunder VPN. It is also responsible for others that didn’t make it into the top 100: Snap VPN, and Signal Secure VPN.

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report.

Not only is Qihoo 360 classified as a Chinese military company in the US, in June 2025 the US government also placed Qihoo 360 on its Entity List, which is a list of companies maintained under the US government’s Export Administration Regulations (EAR).

The Entity List identifies entities that the US believes pose a risk to its national security. It added Qihoo 360 and others to the list citing “reasonable cause to believe that these entities pose a significant risk of becoming involved in activities — the procurement of commodities and technologies for military end-use in China—that are contrary to the national security interests of the United States.”

Three months later, Qihoo 360 sold a package of assets under the banner ‘Project L’, which the TTP investigation believes contained Lemon Seed based on the description of its acquisition date in the public filing.

In spite of the sale, TTP suggests an ongoing link between the two companies after the sale, based on March 2025 filings that list its sole director as Chen Ningyi, who shows up on a Qihoo 360 patent in 2017 and who appears to be a general manager for Qihoo’s mobile security app 360 Mobile Guard.

**Shell companies and proxy ownership**

Apps developed by Innovative Connecting aren’t the only with possible links to China, according to the report. It traced several back to companies in Hong Kong. The island city has come under increasingly strict Chinese control lately with the passage a year ago of Article 23, a bill applying strict penalties for a broad array of activities deemed anti-Chinese.

The report found several VPN apps registered to Hong Kong companies, often owned by people or entities on the mainland. These included X-VPN, VPNIFY, VPN Bucks, LinkWorldVPN, VPN Proxy OvpnSpider, and Best VPN Proxy AppVPN.

It also found some registered in other parts of the world that appeared to be Chinese products operating through proxies. One, WireVPN – Fast VPN & Proxy, was registered in the UK but is controlled by a single Chinese national via a shell company. It shares a privacy policy with another similarly-named product registered in Belize called Wirevpn – Secure & Fast VPN. Both use language lifted directly from Chinese privacy regulations.

While VPNs are a useful way to achieve some privacy online, this report highlights the importance of due diligence when choosing a technology provider. Not all VPNs are created equal – and just because they’re in Apple’s App Store doesn’t mean that they’re automatically above board.

**How to find a VPN you can trust**

**Consider the jurisdiction:**

*   As evidenced by the TTP report, the VPN provider’s location matters. Be wary of VPNs based in countries that require intelligence-sharing with their governments

**Look for these security features:**

*   Strong encryption protocols (like 256-bit ChaCha20) are vital.
*   A “kill switch” is important; it disconnects your internet connection if the VPN drops, preventing data leaks.
*   Look for VPNs that support secure protocols like WireGuard

**Read the privacy policy:**

*   A “no-log” policy is essential. This means the VPN provider should not track, store, or share your browsing history, IP address, or any of your network data
*   Carefully read the privacy policy to understand what data is collected and how it’s used.

**Consider Malwarebytes Privacy VPN:**

Of course we’d say that. But with a 256-bit ChaCha20 encryption, lightning-fast Wireguard protocols, and a strict no-log policy, you can be sure that Malwarebytes Privacy VPN **will never** track, store, or share any network data.

 Popular VPNs are routing traffic via Chinese companies, including one with link to military 

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed.
And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind.
But you’re not alone—and

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

The Growing Threat of Digital Identity Theft Identity theft is a continuous online threat that lurks behind every…

****The Growing Threat of Digital Identity Theft****

Identity theft is a continuous online threat that lurks behind every login, transaction, and online engagement in 2025, rather than being a one-time criminal. Protecting your financial and personal identity has never been more important, especially with fraudsters using sophisticated phishing techniques, data breaches at an all-time high, and sensitive information regularly **spilling on the dark web**.

Today’s consumers must decide which identity protection service to choose to secure their digital presence. Two names consistently dominate this space, prompting one key question: Who secures your digital life better in 2025? This face-off dissects and compares every key detail of the two leading services to help you make an informed, security-driven decision. Suppose you’ve ever worried about your social security number, credit details, or personal data falling into the wrong hands. In that case, this analysis is crafted for you so you can stop guessing and start protecting what matters.

****Features Breakdown – What’s on Offer?****

When it comes to identity protection, not all services are created equal. Both contenders in this face-off promise strong defenses, but their feature sets reveal key differences. The essentials look similar: credit monitoring, dark web surveillance, fraud alerts, and identity recovery assistance.

However, it’s the finer details and execution that separate the two. One service leverages near **real-time alerting systems**, ensuring users are notified within minutes of suspicious activity. The other, while comprehensive, often experiences delays, leaving users exposed for more extended periods without immediate action.

Beyond monitoring, some services offer extras like VPN access, password managers, and family plan coverage. Yet, many users overlook how bloated or fragmented these bundles can get, often pushing unnecessary upsells disguised as “premium” features. The reality is that identity protection isn’t about flashy add-ons. It’s about speed, accuracy, and straightforward security layers that work without gimmicks. And that’s precisely what today’s digital users should demand.

****Pricing and Upsells – The Hidden Costs of Protection****

In an era of growing online risks, budget-conscious users are often trapped in a game of hidden fees and escalating subscription costs. It’s not enough to look at the price tag; you need to understand the actual cost of long-term digital protection. One of the services in this comparison frequently upsells. Their initial pricing may appear competitive, but users soon discover that advanced features like identity restoration, credit lock services, or family plan expansions come at an additional cost.

This paywall-heavy model creates confusion and penalizes customers for seeking full coverage. On the other hand, the competitor in this analysis has streamlined its pricing strategy. Instead of bombarding users with constant upgrade prompts, it bundles its most valuable features upfront, offering predictable pricing and transparent plans. In a market flooded with marketing noise, knowing precisely what you’re paying for and avoiding surprise fees should be non-negotiable.

****Family & Multi-User Protection – Who Watches Over Everyone?****

Cybercriminals don’t just target individuals; they target households. In 2025, identity theft attacks will be increasingly focused on families, especially children and elderly relatives who may be less aware of the risks. Multi-user and family protection plans have become essential to **identity theft services**. One of the contenders in this face-off leads the charge with flexible, affordable family plans that cover multiple members under a single subscription without nickel-and-diming users for every additional account.

These plans don’t just duplicate features; they extend monitoring and real-time alerts to every member, ensuring your family’s data is as protected as yours. In comparison, the other service struggles in this department, often locking family coverage behind complex, expensive tiers. For modern families juggling financial security and digital privacy, simplified, scalable coverage isn’t optional; it’s essential. The best service doesn’t just protect you; it protects everyone you care about, all under one roof.

****Real-Time Alerts & Threat Response – The Speed Factor****

When your identity is at risk, speed is everything. A delay of even a few hours can result in fraudulent charges, compromised credit, or worse, stolen personal data being sold across black market forums. This is where one service outperforms the other in this showdown. It consistently delivers faster, near real-time alerts when suspicious activity is detected, giving users time to respond, lock accounts, and prevent financial damage.

The other provider, while reputable, has been criticized for lagging notifications and slower response times. Delayed alerts can mean the difference between safety and disaster in a digital landscape where hackers operate within minutes. Proper identity protection isn’t passive; it’s proactive, instant, and relentless. In 2025, anything less than real-time threat alerts is no longer acceptable. Digital users deserve a service that detects threats and allows them to act before it’s too late.

****Who Wins the 2025 Identity Protection Battle?****

After analyzing features, pricing strategies, family coverage, and real-time threat response, the winner of this 2025 identity protection face-off is clear. While both services offer credible security options, **Aura and LifeLock** differ significantly in execution. Aura’s faster alerts, more substantial family plans, simplified pricing, and absence of constant upsells make it the more intelligent choice for modern users.

In a digital world where identity theft is evolving daily, the best defense isn’t about branding or bundled perks; it’s about who acts faster, protects wider, and delivers real value without playing games. Your digital identity is worth more than confusing subscriptions and delayed responses. Choose the service that prioritizes your protection, not their profit margins.

Aura or LifeLock: Who Offers Better Identity Protection in 2025?

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports.

A recent investigation by ESET researchers has shed light on the continued activities and evolving toolset of the China-aligned Advanced Persistent Threat (APT) group known as FamousSparrow (aka Salt Typhoon).

The probe, initiated by suspicious activity detected in July 2024 within a United States-based financial trade group, revealed that FamousSparrow has been diligently enhancing its malicious capabilities. Evidence pointed to a concurrent breach of a Mexican research institute and a governmental institution in Honduras, demonstrating the group’s broadening targeting scope.

Also, this campaign marked the first documented instance of FamousSparrow utilizing ShadowPad, a privately distributed backdoor known to be exclusively supplied to threat actors aligned with Chinese interests.

The analysis detailed the deployment of two newly discovered versions of the group’s signature malware, SparrowDoor. One version bears similarity to the “CrowDoor” backdoor, a tool attributed to the Earth Estries APT group by Trend Micro, while the other, a modular design, deviates significantly from prior SparrowDoor instances.

“From our perspective, these are part of the continued development effort on SparrowDoor rather than a different family,” ESET researchers explained in the blog post.

The attack chain started with the deployment of a webshell on an Internet Information Services (IIS) server. Researchers suspect the exploitation of vulnerabilities in outdated versions of Windows Server and Microsoft Exchange, given the availability of several public exploits for these systems. The group utilized a combination of custom malware and tools shared among China-aligned APTs, culminating in the deployment of SparrowDoor and ShadowPad.

The attackers gained access through a batch script downloaded from a remote server, which then deployed a .NET webshell, allowing them to establish remote PowerShell sessions, gather system information and escalate privileges using publicly available exploits incorporated into the PowerHub framework.

The final stage involved a sophisticated “trident loading scheme” to execute SparrowDoor, employing a legitimate antivirus executable for DLL side-loading. “We observed three unique SparrowDoor C&C servers in this campaign, all of which used port 80,” researchers noted.

The new SparrowDoor versions demonstrate technical sophistication, including parallel command processing and a plugin-based architecture for dynamic loading of additional functionalities. While ESET researchers have not yet observed any plugins in action, the code analysis suggests that this modular design is intended to evade detection by minimizing the core backdoor’s traceability.

ESET researchers have confidently attributed observed activity to FamousSparrow due to its exclusive use of SparrowDoor and significant code overlaps with previously documented samples. They maintain that FamousSparrow, GhostEmperor, and Earth Estries are distinct groups, citing discrepancies and lack of conclusive evidence to support their alleged links, a theory proposed by Microsoft Threat Intelligence under the Salt Typhoon cluster.

They acknowledge partial code overlaps between SparrowDoor and HemiGate, a tool associated with Earth Estries. However, they suggest that these overlaps might be better explained by the existence of a shared third party, such as a “digital quartermaster,” providing tools or infrastructure, rather than a full conflation of the groups.

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

A generative AI nudify service has been found storing explicit deepfakes in an unprotected cloud database.

Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection.

Now it’s the turn of an AI “nudify” service.

A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS bucket belonging to the nudify service.

The rising popularity of these nudify services apparently has caused a selection of companies without any security awareness to hop on the money train. Millions of people use these services to turn normal pictures into nude images, and it only takes a few minutes.

South Korean AI company GenNomis by AI-NOMIS or somebody acting at their behalf stored 93,485 images and json files with a total size of 47.8 GB in a non-password-protected nor encrypted, but publicly exposed database.

Looking at the service, GenNomis is an AI-powered image generation platform that allows users to transform text descriptions into images, create AI personas, turn images to videos, face-swap images, remove backgrounds, etc., and all that without restrictions. It also provides a marketplace, where users can buy and sell these images as “artwork.”

The researcher saw numerous pornographic images, including what appeared to be disturbing AI-generated portrayals of very young people. Even though the GenNomis guidelines prohibit explicit images of children and any other illegal activities, the researcher found many of them. That doesn’t mean they were available to buy on the platform, but they were at least created.

Some of the deepfakes are hard to discern from real images, and as such may lead to serious privacy, ethical, and legal risks. Not to mention the humiliation for the owners of those images or parts thereof who didn’t consent. Sadly, there are many examples where young people have taken their own lives over sextortion attempts.

The researcher contacted the company about what he had found. He told The Register:

> “They took it down immediately with no reply.”

**Keep your children safe from nudify services**

We’ve seen many cases where social media and other platforms have used the content of their users to train their AI. Some people have a tendency to shrug it off because they don’t see the dangers, but let us explain the possible problems.

In this case, it’s at the extreme end of what the content could be used for.

*   Deepfakes: Users of this generative AI could have used the nudify service on publicly available pictures to create explicit deepfakes without consent. AI generated content, like deepfakes, can be used to spread misinformation, damage your reputation or privacy, or defraud people you know.
*   Metadata: Users often forget that the images they upload to social media also contain metadata, such as where the photo was taken. This information could potentially be sold to third parties or used in ways the photographer didn’t intend.
*   Intellectual property. Never upload anything you didn’t create or own. Artists and photographers may feel their work is being exploited without proper compensation or attribution.
*   Bias: AI models trained on biased datasets can perpetuate and amplify societal biases.
*   Facial recognition: Although facial recognition is not the hot topic it once used to be, it still exists. And actions or statements done by your images (real or not) may be linked to your persona.
*   Memory: Once a picture is online, it is almost impossible to get it completely removed. It may continue to exist in caches, backups, and snapshots.

If you want to continue using social media platforms that is obviously your choice, but consider the above when uploading pictures of you, your loved ones, or even complete strangers.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 &#8220;Nudify&#8221; deepfakes stored unprotected online 

Delaware, USA, 2nd April 2025, CyberNewsWire

**Delaware, USA, April 2nd, 2025, CyberNewsWire**

Brinker, an innovative narrative intelligence platform dedicated to combating disinformation and influence campaigns, has been recognized as one of the “10 Most Promising Defense Tech Startups of 2025” by Défense Israel and Robel Innovations. This distinction underscores Brinker’s groundbreaking approach to safeguarding governments, enterprises, and NGOs from increasingly sophisticated narrative-based threats.

Brinker’s proprietary technology identifies malicious narratives across platforms, languages, and geographies, performing automated OSINT investigations and providing real-time mitigation options at the press of a button—dramatically reducing the entire response process from weeks to minutes.

In October 2024, Brinker was selected to join the prestigious Innofense program for dual-use startups, run by SOSA and MAF’AT (DDR&D), designed to strengthen collaboration between civilian and defense markets through joint technological innovation.

Disinformation, identified by the World Economic Forum as the number one global risk, poses significant threats to social cohesion, democratic institutions, and economic stability. Brinker’s solutions not only protect organizations but also empower societies to effectively defend themselves from harmful domestic and foreign influence campaigns, positively impacting communities worldwide.

Brinker was founded by Benny Schnaider, Daniel Ravner, and Oded Breiner, who realized that starting a company built fundamentally on AI, rather than merely adding AI as a feature, would level the playing field in the asymmetric war against disinformation—transforming it into a symmetrical one.

> “This recognition affirms our vision to reshape the OSINT landscape through battle-proven narrative intelligence technology,” said Daniel Ravner, CEO and Co-founder of Brinker.

> Brinker’s CTO and Co-founder Oded Breiner added, “Our patented LLM-driven analysis allows us to reveal and neutralize threats that traditional metadata-driven tools often miss.”

Brinker’s comprehensive suite includes automated legal escalations, platform takedowns, and behavioral economics-based counter-narratives, ensuring not just threat removal but active influence mitigation.

**About Brinker**

Brinker is an award-winning disinformation threat mitigation platform built to combat malicious narratives and influence campaigns using proprietary narrative intelligence technology. The SaaS platform delivers AI-powered detection, context analysis, and automated OSINT investigations. A suite of mitigation tools is available at the press of a button, including pre-legal actions, media publications, content removal, and counter-narratives. A Mastercard portfolio company, Brinker serves governmental intelligence agencies, major enterprises, law firms, and NGOs across the globe.

For more information about Brinker, users can visit https://www.brinker.ai/.

**Contact**

**Daniel**  
**Brinker**  
**\[email protected\]**

Brinker Named Among “10 Most Promising Defense Tech Startups of 2025”

In the competitive world where artificial intelligence (AI) has made it easy to use technology, companies are constantly…

In the competitive world where artificial intelligence (AI) has made it easy to use technology, companies are constantly looking for ways to connect with their audience without stretching resources. One proven method is outsourcing, which allows businesses to focus on core operations while leveraging expert outreach strategies. However, as with any digital transformation, there are data security concerns to consider.

In this article, we’ll cover the most effective strategies for enhancing customer engagement through outsourced telemarketing, including how to protect sensitive data and maintain performance.

****Key Advantages of Outsourced Telemarketing****

Outsourced telemarketing offers numerous benefits, including cost savings, flexibility, and access to skilled agents. Let’s break down the most compelling reasons to subcontract your telemarketing efforts.

Outsourcing means reducing the expenses normally connected to salaries, training, coaching, infrastructure, and technology. That is why we are now seeing the advent of so many cloud call centers and other cloud-first services around the world. Interestingly enough, according to Deloitte , 90% of companies want to employ cloud-based computing in their subcontracting efforts.

****Cutting-Edge Software and Tech Integration****

Modern telemarketing companies and call centers can use different dialers and phone systems to satisfy the needs of the modern customer. Relying on cutting-edge tools and technology allows them to respond to clients’ requirements more precisely. These tools include:

*   Predictive Dialers: Automate call distribution and increase agent efficiency.

*   CRM Integration: Track customer interactions and communication history to create tailored experiences.

*   Real-Time Analytics: Monitor call performance and identify areas for improvement.

*   Call Monitoring and Recording: Maintain quality control and ensure compliance.

While these technologies significantly boost engagement, they also introduce data security challenges. Integrating customer data into outsourced systems can expose sensitive information. Always ensure your vendor follows robust cybersecurity protocols and compliance standards, such as GDPR and CCPA.

****Smart Resource Management****

Maintaining an in-house telemarketing team can be resource-intensive. Outsourcing offers a practical alternative, allowing companies to:

*   Minimize operational costs related to staffing and maintenance.

*   Adapt quickly to changing demands without hiring or laying off employees.

*   Access skilled professionals and advanced technology without long-term investment.  
    

****Data Privacy Considerations****

While outsourcing reduces costs, data security must remain a priority. Make sure your chosen vendor employs encryption, follows industry regulations, and has an incident response plan in place. Transparency about data-handling practices is crucial when selecting a subcontractor.

****Flexibility and Scalability****

While one in four small companies claims that their main reason for outsourcing is improved efficiency, 16% state that flexibility is their goal. Staying flexible in sales means you can adjust your business activities to the ever-changing market demands. As customer needs can shift dramatically, staying flexible translates to being competitive and trustworthy.

Flexibility goes hand in hand with scalability, which allows companies to adapt to their clients’ needs. If you choose to outsource telemarketing, you will not have to deal with the headache of hiring or laying off staff, as well as training them to perform new roles. Subcontracting a call center might enable you to respond adequately to the latest market trends, new launches, and seasonality.

****Mitigating Risks with Security Protocols****

Ensure your outsourced team has strict security policies to safeguard sensitive information. This includes:

*   Data Encryption: Protect data both at rest and in transit.

*   Access Control: Limit data access to authorized personnel only.

*   Incident Response Plans: Be prepared to address potential breaches swiftly.  
    

****Strategies for Successful Outsourcing in Telemarketing****

To get the most from your outsourced telemarketing efforts, follow these key strategies:

****1\. Set Clear Goals and KPIs****

Define measurable objectives and track performance through Key Performance Indicators (KPIs), such as:

*   Contact quality and satisfaction rates.

*   Call resolution efficiency (First-Call Resolution).

*   Customer engagement metrics and feedback.

****2\. Personalize Customer Interactions****

Personalization is essential to effective customer engagement. Your outsourced team should be equipped to:

*   Use CRM data to understand client preferences and history.

*   Address customers by name and tailor responses to their needs.

*   Deliver customized interactions based on previous conversations.  
    

****3\. Implement a Multi-Channel Approach****

Effective telemarketing goes beyond just phone calls. Use a combination of:

*   SMS: Quick updates and reminders.

*   Emails: To follow up and reinforce messaging.

*   Voice Calls: Direct and personalized communication.

*   Social Media: Maintain an active presence and engage customers.  
    

****Security Risks and How to Mitigate Them****

Outsourced telemarketing can improve efficiency but also presents data security risks. Here’s how to keep your data safe:

*   Choose Reputable Vendors: Work only with companies that have proven security protocols.

*   Conduct Regular Audits: Verify that data protection standards are maintained.

*   Implement End-to-End Encryption: Secure data during transmission and storage.

*   Educate Staff on Security Best Practices: Minimize human error and reduce risk exposure.  
    

Outsourcing is an efficient way to enhance customer engagement and streamline communication processes. To ensure success, prioritize data security by choosing reputable partners and implementing **strong cybersecurity measures**. Setting clear goals and adopting multi-channel strategies will maximize customer satisfaction and build lasting relationships.

Image by Gerd Altmann from Pixabay!

Enhancing Customer Engagement with Outsourced Telemarketing 

A vishing scam via Microsoft Teams led to attackers misusing TeamViewer to drop malware and stay hidden using simple but effective techniques.

Ontinue’s Cyber Defense Centre (CDC) recently investigated an incident that shows how a simple **vishing call** can turn into a full environment compromise. The attack combined social engineering with legitimate tools like Quick Assist, signed binaries, and malicious scripts to gain access, maintain persistence, and avoid detection.

****A Teams Message and a Phone Call****

The attack began with a **Microsoft Teams** message sent from what looked like a legitimate external user. Alongside that came a vishing call designed to build trust and guide the target into running a PowerShell command. That command downloaded a payload, the first stage of a larger chain. **Quick Assist**, a legitimate remote support tool built into Windows, was then used by the attacker to gain remote access.

****Tools Used: Legitimate, Trusted and Misused****

Once inside, the attacker dropped a signed binary, TeamViewer.exe, to a hidden folder. That executable was used to sideload a malicious DLL (TV.dll), helping to blend in with normal system activity. This type of sideloading isn’t new, but it remains effective, especially when using signed and widely trusted applications.

According to the company’s **blog post** shared with Hackread.com ahead of its release on Tuesday, the attacker set up a shortcut file in the startup folder to make sure the malware would automatically run again every time the system rebooted. Meanwhile, they also used BITS jobs (Background Intelligent Transfer Service) to transfer files quietly to maintain access for up to 90 days.

The second stage involved a JavaScript-based backdoor (index.js) executed through Node.js. This gave the attacker full command-and-control access via a socket connection, complete with command execution capabilities and hardcoded credentials.

Although the CDC couldn’t confirm attribution with high confidence, the tactics observed in this attack closely resemble those associated with **Storm-1811**, a group previously identified by Microsoft.

The similarities include the use of Quick Assist for remote access, sideloading malicious DLLs via signed binaries, exploiting Microsoft Teams as an entry point, and relying on **living-off-the-land** techniques using built-in Windows tools. These overlaps align with recent findings from both **Microsoft** and **Sophos**, which documented similar vishing-driven campaigns involving abuse of remote support software.

The attack’s success depended on one thing: **social engineering**. The initial vishing call was the key that opened the door. Ontinue’s 2H Threat Intelligence Report already **highlighted** a 1633% increase in vishing attacks in Q1 2025, and this incident is proof that those numbers are more than just stats.

**Jason Soroko**, Senior Fellow at Sectigo, a Scottsdale-based certificate management provider, shared his perspective with Hackread.com, stating, “This attack started with a Teams vishing attempt that led to a signed binary slipping past defenses. The attacker sideloaded a malicious DLL into a trusted process, turning standard remote support into a stealthy entry point.”

“Defenders should watch for PowerShell commands in Teams messages, unexpected use of Quick Assist, and signed binaries like TeamViewer.exe running from unusual paths. Signs of DLL sideloading, such as TV.dll loading unexpectedly, are also red flags,” he added.

This case is a reminder that threat actors don’t always need **zero-days** or malware. When users trust unfamiliar voices and messages, and when familiar tools are misused, attackers can do serious damage using what’s already available on the system.

Microsoft Teams Vishing Used to Deploy Malware via TeamViewer

A number of specialized dating apps leaked the--not so--secret storage location of 1.5 Million more or less explicit images

A researcher found millions of pictures from specialized dating apps for iOS stored online without any kind of password protection.

The pictures, some of which are explicit, stem from dating apps that all have a specific audience. The five platforms, all developed by M.A.D. Mobile are kink sites BDSM People and Chica, and LGBTQ+ apps Pink, Brish, and Translove.

As we reported not too long ago, many iOS apps leak at least one hard coded secret. We consider hard coded secrets in the source code of the apps as exposed because they are relatively easy to find and abuse by cybercriminals. And those secrets can have serious consequences for the apps’ users

Cybernews’ Aras Nazarovas found the storage location (a Google Cloud Storage bucket) used by the apps by reverse engineering the code. To his surprise, he could access the unencrypted and otherwise unprotected photos without needing any password.

As soon as he saw the first image, he knew this storage should not have been public. Not only did it contain profile pictures, it also included pictures sent in private messages, including some removed by moderators.

In total, nearly 1.5 million user-uploaded images were available to anyone stumbling over the storage bucket. Although the images are not linked to any user accounts or other private information, it is not unthinkable that cybercriminals could figure out some of the identities by using commonly available face search engines.

Many of these search engines use Artificial Intelligence (AI) for facial recognition combined with reverse image search technology to find other photos of a person published online, based on a picture submitted by the user.

Although officially intended only for self-searches, many of them don’t bother to check whether that’s actually the case.

Coupled to the identity of the person in the picture, these images could expose users to extortion, as well as an increased risk of hostility. As if online dating isn’t nervewracking enough, especially for those looking in special categories, the last we need is to see our explicit images exposed.

M.A.D Mobile was warned about the leak in January, but didn’t take any action to protect the storage until the BBC contacted the company on Friday. The issue has now been fixed.

It’s important to stipulate that the apps are exclusive to iOS and do not have Android or web alternatives.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

Tag

#intel