With more platforms and governments asking for age verification, we look at the options and the implications.

With governments demanding actual age verification on websites with adult content, and platforms like social media and Roblox introducing restrictions based on a user’s age, the controversy about different types of age verification and their implications is growing.

Last week, Roblox announced new age estimation technology which, it says, should help to confirm users’ ages and unlock a feature called Trusted Connections for those aged 13 and older. Trusted Connections allows teens aged between 13 and 17 to add adult users (18+) they know in real life. It’s billed as an option to keep out predators, which is good. But the age estimation technology raises concerns and questions.

While Roblox didn’t release any details about how its new technology works, the age estimation processes we know are based on Artificial Intelligence (AI) tools that scan selfies or short videos and compare them to a database to estimate the user’s age. Needless to say, they are not always right and it opens up the system to deepfakes, and spoofing.

This kind of technology is more effective than asking the user to provide their birthday or check a box that they are over 18, but it’s not waterproof.

We see similar concerns when it comes to age verification for sites that host adult content. As of this Friday, websites operating in the UK with pornographic content must “robustly” age-check users.

The regulator, Ofcom, lists a number of allowed methods which all have their pros and cons:

**Facial age estimation**

Show your face, get a guess. You take a selfie or a short video, and an algorithm tries to figure out if you look over 18. The tech claims to keep data private, but facial scans are sensitive. And, as we pointed out, accuracy is far from perfect. If you’ve ever been asked to provide an ID in real life because you “look young,” you can expect a digital déjà vu.

**Open banking**

Banks know your age, so why not let them confirm it? Here, you allow the age-check service to peek at your bank account. No bank statements get handed over, just a yes/no to the question: “Is this customer an adult?” It’s easy, but convincing users to link their bank to a porn site might be a different story.

**Digital identity services**

This is the world of digital wallets for your ID. Think of it as carrying your driver’s license in your phone, but only showing the “over 18” part when needed. Sounds great and it is, but you’ll need yet another app in your digital life just to vouch for your adulthood everywhere you go.

**Credit card age checks**

Simple logic: you need to be 18+ to have a credit card, so showing a valid one counts as proof. The age-checker pings the payment processor to see if your card is legit. It’s quick and familiar, but not everyone over 18 has a credit card, so it’s not for everyone. Plus your purchase trail grows with every verification.

**Email-based age estimation**

Enter your email address. The system tries to deduce your age using records of that email in other “adult” places, like financial or utility services. Basically, you’re allowing digital snooping, and the effectiveness depends on your online life elsewhere having already tipped off your age somewhere along the line.

**Mobile network operator checks**

The system queries your phone provider to see if you have any age restrictions on your account. No parental controls? Looks like you’re an adult. Fast, but only as reliable as the information stored at your carrier, and not an option for users on pay-as-you-go or burner numbers.

**Photo-ID matching**

You upload your ID and a fresh selfie. The system checks if the faces and ages match up. Classic, effective, and widely used, but you’re giving away a lot of personal information, and trusting that it’ll be kept safe.

**Privacy concerns**

None of these options is perfect or without risk. Many of these options have privacy implications for the user, or as a commenter told BBC News:

> “Sure, I will give out my sensitive information to some random, unproven company or… I will use a VPN. Difficult choice.”

A VPN is a popular option to circumvent regulations that only apply in certain countries or states. VPNs offer a secure connection when you’re using the internet and they have a variety of uses, but one is getting around blocks based on your location.

Work is being done on “double-anonymity” solutions, but implementation seems to be hard. Double anonymity basically separates the information of two providers from each other. The first provider (website asking for age confirmation) will only get the requester’s age and no other information. The second provider (the age verifier) will not receive information about the service or website the age verification is needed for.

In essence, the system answers only the question “Is this user of the required age?” to the site, and the third party never knows for what purpose or where this answer is used. This approach is becoming a regulatory standard in places like France to balance protecting minors online with adult users’ privacy.

We feel “double-anonymity” sounds a whole lot better than “age estimation.” But the real question is whether age verification is an effective method to protect children, or is it just another threat to our privacy?  Let us know your opinion in the comments.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Age verification: Child protection or privacy risk? 

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems.
The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603."
The threat actor attributed to the financially

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

Unmasking the new Chaos RaaS group attacks

Anyone can buy or collect data, but the goal must be to realize actionable insight relevant to the organization in question.

What Makes Great Threat Intelligence?

Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence (AI) chatbot. It...

Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence (AI) chatbot.

It is good to know before you dive in that Proton’s chatbot has two user options that offer a very different experience. If you want Lumo to access the internet you will have to use the “Web search” button before you submit your prompt. If you don’t, it will tell you it doesn’t have the capability to browse the web or access real-time information.

While this somewhat limits the usefulness of Lumo when you’re looking at recent developments, it is reassuring that the model was trained on selected sources. This also reduces the risk of hallucinating. Lumo is set up to recognize when it doesn’t know the answer and in such cases, it will make you aware of that and suggest alternative sources of information, or other ways to find the answer you’re looking for.

Private, Safeguarded, and Treated with respect

Proton believes that a privacy-first AI is essential because hundreds of millions of ordinary people currently interact with AI tools, unknowingly sharing sensitive information. This information is far more sensitive than what they would reveal in a typical Google search query.

Not only does this constant interaction with AI tools put personal information at risk, but we also witnessed several instances where company secrets got submitted to an AI without realizing that the information might be used to train the AI or accessed by third parties.

Similarly, we recently reported on how Meta AI chats might be public without the user’s awareness, and many AI bots have spilled sensitive information for separate reasons, like someone guessing a default password.

Lumo offers a different approach to AI chatbots. Other AI companies keep a record of all the conversations on their servers, leaving this information vulnerable to data leaks or exploitation for profit. Lumo does not store any logs of your conversations on its server, and only your device can decrypt any chats you choose to save.

Most people recognize a significant privacy risk here: the possibility that their conversations could help train the AI. This concern makes sense because the training process might use your personal data to generate responses in other users’ conversations.

Lumo does not do that. I asked Lumo where its training data comes from, and how—if it cannot browse the web, or use conversations—it is able to learn. Lumo answered:

> “Great question! My training data comes from a curated set of sources that were available up until my last training cut-off in October 2023. These sources include a wide range of books, articles, websites, and other publicly available texts. The data was carefully selected and processed to ensure quality and relevance.
> 
> While I can’t browse the web or use conversations for learning, my training data provides a broad foundation of knowledge that allows me to understand and respond to a wide variety of topics. Additionally, my ability to process and interpret information means that I can often provide helpful and accurate responses even to questions that are somewhat different from what I was specifically trained on.
> 
> As for learning, I don’t have the ability to update my knowledge or learn from new experiences after my initial training. However, my design allows me to provide useful and informative responses based on the knowledge I already have. If you have any specific questions or need information, feel free to ask, and I’ll do my best to help!”

We took Lumo for a little spin and, for now, the failing support for direct image uploads or processing is the only thing keeping us from using it much more. But we appreciate the idea of having a privacy-focused AI chatbot available when we want our conversations to stay private.

And who can resist a purple kitty anyway?

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Proton launches Lumo, a privacy-focused AI chatbot 

XSS.IS has been seized after its admin was arrested in Ukraine, however its dark web and mirror domains only show a 504 Gateway Timeout error.

Earlier this morning, it was **reported** that on 22 July 2025, Ukraine arrested a man suspected of being the administrator of XSS.IS, one of the world’s most notorious and sophisticated cybercrime platforms. The arrest was made with the assistance of Europol and French authorities. Now, as seen by Hackread.com, the forum itself has also been seized.

Visitors to XSS.IS now see a seizure notice stating, “This domain has been seized by la Brigade de Lutte Contre la Cybercriminalité with assistance from the SBU Cyber Department.”

The seizure notice on XSS.IS (Image credit: Hackread.com)

The “SBU Cyber Department” refers to the Cyber Security Department of the Security Service of Ukraine (SBU). La Brigade de Lutte Contre la Cybercriminalité (BL2C) is a branch of the French judicial police that specialises in combating cybercrime.

****XSS.IS Dark Web (.onion) and Clearnet Domains Show 504 Gateway Timeout Error****

At the time of writing, the main domain of the forum displays a seizure notice, while its dark web domain and clearnet mirror (XSS.AS) both return a “504 Gateway Timeout” error. Notably, the Telegram channel linked to the XSS.IS administrator shows no signs of seizure and is marked as “recently seen.” It remains unclear whether authorities have access to these domains or control over the forum’s Telegram account.

The dark web domain of the XSS.IS forum (Image credit: Hackread.com)

****Background of XSS.IS****

The XSS.IS forum was originally launched in 2004 under the name DaMaGeLaB, a well-regarded Russian-language hacking community. The site was briefly shut down in December 2017 after one of its administrators, Belarusian national Sergey Yarets, known on the forum as “Ar3s,” was arrested.

In late 2018, a prominent forum administrator acquired a backup of the site and relaunched it under the new name XSS, a reference to the web security vulnerability known as **cross-site scripting**.

The name change served two main purposes. First, it distanced the forum from its past associations with law enforcement under the DaMaGeLaB name. Second, it gave the site a more technical and modern image by referencing a vulnerability familiar to its target audience.

Authorities and the cybersecurity community have long suspected that XSS.IS was operated or supported by Russian intelligence agencies, including the Foreign Intelligence Service (SVR), the Federal Security Service (FSB), and the Main Intelligence Directorate (GRU). However, the administrator was found to be in Ukraine. It remains unconfirmed whether the suspect is a Ukrainian or Russian national.

Authorities are analysing the suspect’s electronic devices (Via Europol)

****A Major Blow to Cybercrime****

Although cybercrime forums frequently **appear** and **disappear**, the seizure of XSS.IS marks a significant setback for the global cybercrime community. The forum had more than 50,000 registered users, with membership granted only after a thorough vetting process. In some cases, users were even required to pay a fee to create an account in order to prevent spam.

XSS.IS became a highly prominent and notorious marketplace for **hijacked system access**, malware, stolen credentials, databases, ransomware kits and an encrypted Jabber channel that hackers used to coordinate deals. The forum generated millions of dollars through advertising and facilitation fees.

According to Europol’s **press release**, authorities have also seized user data, which is now being analysed and will be used to track cybercriminals and support ongoing operations against cybercrime both in Europe and globally.

In the end, the message is clear: if you are involved in crime, especially at the scale of running a major cybercrime forum, authorities will eventually catch up. No matter how high-profile the platform may be, it is only a matter of time before it is taken down.

XSS.IS Cybercrime Forum Seized After Admin Arrested in Ukraine

Microsoft Sentinel Data Lake aims to provide inexpensive storage for large volumes of telemetry, while threat intelligence will be included with Defender XDR at no extra cost.

Microsoft Integrates Data Lake With Sentinel SIEM

Flowable’s 2025.1 update brings powerful Agentic AI features to automate workflows, boost efficiency, and scale intelligent business operations.

Flowable has taken a significant leap forward in the realm of intelligent process automation with its Summer 2025 release. The update brings a comprehensive set of features centered around agentic AI, signaling a new era where artificial intelligence seamlessly integrates into business workflows as a first-class citizen.

Released on July 22, 2025, the Flowable 2025.1 update will empower businesses to seamlessly integrate AI into workflows, driving greater efficiency, collaboration, and scalability, and will redefine business process automation forever.

****AI Agents as Core Components of Flowable****

The summer 2025 release makes Agentic AI a central element of the Flowable platform. Businesses can now create, orchestrate, and manage AI agents using the same powerful tools they rely on for BPMN and CMMN workflows, providing a unified environment for advanced enterprise process automation.

This new release offers enterprises the opportunity to scale AI adoption and integration, unlocking new levels of productivity and business process optimization.

****Key Features of Flowable’s New AI Agents****

The update includes a range of new features designed to optimize business processes and enhance automation:

*   **Flexible Agent Creation:** Users can create AI agents of varying complexity to work with simple tasks or complex workflows, directly within the Flowable platform.

*   **External AI Integration:** Flowable integrates with external AI services, such as AWS Bedrock, Azure Foundry, and Salesforce Agentforce, enabling businesses to extend their automation capabilities.

*   **Multi-Agent Collaboration:** The platform supports complex workflows with multiple AI agents working together across internally configured and external systems for efficient automation.

*   **AI-Powered Case Management:** The new “AI button” in Flowable’s case automation links cases to AI models, enabling real-time summaries, question answering, actionable suggestions, and autonomous customer communication and task completion.

****AI Agent Autonomy: Adaptive Decision-Making****

Flowable’s new AI agents offer dynamic autonomy, meaning they can adapt their level of decision-making based on the nature of the task at hand. In unpredictable, organic scenarios, agents provide AI-powered assistance. For more structured, well-defined processes, they revert to deterministic solutions, ensuring businesses can handle both structured workflows and complex, evolving situations effectively.

****Document and Data Processing with AI****

A key feature of this update is the Document Agent Type, which automates the processing of unstructured documents. This agent classifies documents, such as invoices, passports, and contracts, extracting relevant information and significantly reducing manual data entry, thereby improving efficiency and reducing errors in document-heavy workflows.

****AI-Driven Contextual Assistance****

The Orchestrator Agent Type provides businesses with an intelligent assistant to manage cases and workflows. It offers capabilities such as:

*   Summarizing case details and providing task overviews.

*   Triggering actions based on user interactions or document uploads, such as initiating an “invoice intent analysis” after an invoice is uploaded.

*   Suggesting or automating steps in workflows based on case events, like starting a “customer escalation” if a customer expresses frustration.

These features enhance case management by improving both responsiveness and decision-making.

****A Suite of AI Agents for Every Business Need****

The Flowable 2025.1 release introduces four powerful types of AI agents, each designed to address specific business needs:

*   **Utility Agent:** Automates tasks like data enrichment, sentiment analysis, and classification.

*   **Document Agent:** Extracts and processes data from unstructured documents such as invoices, contracts, and other records.

*   **Knowledge Agent:** Provides contextual answers by tapping into internal knowledge bases, FAQs, or documentation.

*   **Orchestrator Agent:** Coordinates and manages other agents or tasks based on dynamic inputs, rules, or goals.

****Empowering Enterprises with Intelligent Automation****

Flowable’s latest release enables enterprises to seamlessly integrate agentic AI into their workflows, unlocking new levels of automation and intelligence. By leveraging agentic AI, organizations can enhance decision-making, streamline operations, and drive digital transformation. 

With this next generation of AI-powered automation, businesses are poised to lead the future of intelligent business processes.

****About Flowable****

Flowable is a leader in digital transformation, offering a unified platform for business process management (BPM), business process automation (BPA), case management, and AI-powered automation. Flowable helps organizations streamline operations, improve decision-making, and drive innovation at scale, supporting businesses in their digital transformation journey. 

****Media Contact:****

*   Violet Diamanti-Race
*   Product Marketing Manager
*   Email: \[email protected\]
*   Marketing: \[email protected\]

Flowable’s Summer 2025 Update Introduces Groundbreaking Agentic AI Capabilities

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft's urgent security guidance.

Microsoft’s critical new update reveals that specific Chinese nation-state threat groups are actively exploiting vulnerabilities in its on-premises SharePoint servers. Following an earlier report from Hackread.com, which highlighted the compromise of over 100 organisations globally, Microsoft has now identified the key players behind the intrusions and released comprehensive security updates for all affected SharePoint versions.

The ongoing cyberattacks leverage two distinct zero-day flaws, CVE-2025-49706, a spoofing vulnerability that allows attackers to trick systems, and CVE-2025-49704, a remote code execution (RCE) vulnerability enabling them to run malicious code remotely. These flaws are related to the previously highlighted CVE-2025-53770 and CVE-2025-53771.

> Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: https://t.co/oQ2HDZZbJB
> 
> — Microsoft Threat Intelligence (@MsftSecIntel) July 22, 2025

****Named Threat Actors and Attack Tactics****

Microsoft’s Threat Intelligence unit confirms that Chinese nation-state actors Linen Typhoon, Violet Typhoon, and another China-based group tracked as Storm-2603, are exploiting these vulnerabilities. Observed attacks begin with threat actors conducting reconnaissance and sending crafted POST requests to the ToolPane endpoint on SharePoint servers.

These groups are known for espionage, intellectual property theft, and persistently targeting exposed web infrastructure. Attacks are widespread, with CrowdStrike observing hundreds of attempts across over 160 customer environments since July 18, 2025.

Linen Typhoon, active since 2012, focuses on stealing intellectual property from government, defence, and human rights sectors. Violet Typhoon, tracked since 2015, specialises in espionage against former military personnel, NGOs, and financial institutions, often by scanning for and exploiting vulnerabilities.

While Storm-2603 has previously deployed ransomware like Warlock and Lockbit, their current objectives with these SharePoint exploits are still being assessed. Here is a summary of these groups’ activities:

****1\. Linen Typhoon****

*   Chinese state-sponsored group
*   Previously known as Hafnium
*   Target focuses on the Government, defence, NGOs, and education
*   Known for attacks on US critical infrastructure and academic institutions
*   Notable activity includes Exploited Microsoft Exchange vulnerabilities (ProxyLogon)

****2\. Violet Typhoon****

*   Chinese threat actor
*   Previously known as APT41 (also known as Barium or Winnti, depending on activity)
*   Known for a mix of state-backed espionage and financially motivated attacks
*   Target focuses on healthcare, telecom, software, and gaming industries
*   **Notable activity**: includes supply chain compromises, backdoored software updates

****3\. Storm-2603****

*   Believed to be China-linked
*   “Storm” is a temporary name Microsoft uses for emerging or unattributed groups
*   Known for exploiting zero-day vulnerabilities in Microsoft products
*   Target focus includes government and corporate systems
*   Status is under investigation, but early indicators point toward Chinese origin

According to Microsoft’s investigation, attackers are deploying web shells, such as modified spinstall0.aspx files, to steal critical IIS Machine Keys, which can bypass authentication, and early exploitation attempts date back to July 7, 2025. As previously noted by Shadowserver Foundation, these persistent backdoors allow hackers to maintain access even after systems are updated.

****Urgent Fixes and Mitigation Steps****

On July 19, 2025, Microsoft Security Response Centre (MSRC) published security updates for all supported SharePoint Server versions (Subscription Edition, 2019, and 2016). This is a crucial development, as previously, updates for SharePoint 2016 were still pending. Microsoft urges immediate application of these updates.

Other than patching, Microsoft recommends enabling Anti-malware Scan Interface (AMSI) in Full Mode and deploying Microsoft Defender Antivirus or equivalent solutions on all SharePoint servers.

Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data. And it claims to be working within the law.

According to 404 Media, for as little as $50, Farnsworth Intelligence will give companies a look at records from infostealer logs.

Infostealers are a type of malware that focus on harvesting as much data from a victim’s computer as possible. Criminals infect computers in various ways, including via malicious links and infected versions of pirated software or cheat add-ons.

The malware can do everything from monitoring every key you type through to code that probes your internal storage and memory for secrets. Some infostealers even take snapshots of screens to see what they can find. All this data gets beamed back to the infostealer’s criminal operators.

There is no suggestion that Farnsworth Intelligence infects computers with infostealer software itself. It claims to operate within legal frameworks, with data provided through a third-party vendor that specializes in security monitoring services.

This data is available in huge quantities. The startup offers over 20 billion records of stolen data from over 50 million computers. A professional subscription-based version of the service offers access to include anything that an infostealer can pilfer, including cryptocurrency wallet data, browser histories detailing what sites you’ve visited, usernames and passwords for those sites, and browser cookies that criminals could use to impersonate you on a site. Customers can also get access to a list of applications on a person’s computer.

Farnsworth Intelligence says its target audience for the service is “professionals with a legitimate use case in industries such as investigations, intelligence, journalism, law enforcement, cyber security, compliance, IP/brand protection, executive protection, etc”.

There is also a version with ad hoc searches paid for in credits. This gives you access to a subset of the data, searched via phone number, email address, username, domain, password, or autofills (the information that browsers use to fill common fields in web forms). At one credit per search, the cheapest version is the $50 version, which buys users 45 credits.

The service doesn’t just provide access to a static set of data; it’s adding to it all the time. It claims to add over 185 million new records, stolen from over 40,000 computers each month.

“While historical breach data remains valuable, its utility diminishes over time as credentials change and contact information becomes outdated,” says the blurb on Farnsworth’s website (which we’re not linking to here). “Infostealer logs provide investigators with current, device-level data that offers significantly higher intelligence value than traditional breach compilations.”

Is this legal? The startup seems to think so. There’s no vetting of customers, though, at least for the consumer service, which makes us worry about how, for example, a cyberstalker or abusive ex might use such a thing. Regardless, it’s another reason why you should protect yourself from infostealers.

**How to protect yourself from infostealers**

All the normal cybersecurity rules apply:

*   Use a well-established, up-to-date anti-malware program on your computer.
*   Don’t click on links or download files you’re not sure about or weren’t expecting to receive.
*   Be careful when storing passwords, postal addresses, or credit card data in your browser’s built-in autofill storage. These are common targets for infostealers.
*   Use a password manager that prevents you having to type usernames and passwords to get into sites.
*   Never download or install software from suspicious sites including torrent sites.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#intel