Albiriox now targets over 400 financial apps and lets criminals operate your phone almost exactly as if it were in their hands.

Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions.

Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. It was first observed in September 2025 when attackers started a limited recruitment phase.

Albiriox is an Android Remote Access Trojan (RAT) and banking Trojan built for on-device fraud, where criminals perform transactions directly on the victim’s phone instead of just stealing passwords. It has a structured architecture with loaders, command modules, and control panels tailored to financial apps and cryptocurrency services worldwide.

In one early campaign, Albiriox targeted Austria. But unlike older mobile malware that focused on a single bank or country, Albiriox already targets hundreds of banking, fintech, payment, and crypto apps across multiple regions. Its internal application-monitoring database included more than 400 applications.

Since it’s a MaaS service, attackers can distribute Albiriox in any way they like. The usual methods are through fake apps and social engineering, often via smishing or links that impersonate legitimate brands or app stores. In at least one campaign, victims were lured with a bogus retailer app that mimicked a Google Play download page to trick them into installing a malicious dropper.

The first app victims see is usually just a loader that downloads and installs the main Albiriox payload after gaining extra permissions. To stay under the radar, the malware uses obfuscation and crypting services to make detection harder for security products.

**What makes Albiriox stand out?**

Albiriox combines several advanced capabilities that work together to give attackers almost the same control over your phone as if they were holding it in their hands:

*   **Live remote control**: The malware streams the device screen to the attacker, who can tap, swipe, type, and navigate in real time.
*   **On‑device fraud tools:** Criminals can open your banking or crypto apps, start transfers, and approve them using your own device and session.
*   **Accessibility abuse:** It misuses Android Accessibility Services to automate clicks, read on‑screen content, and bypass some security prompts.
*   **Overlay attacks** (under active development): It can show fake login or verification screens on top of real apps to harvest credentials and codes, with templates that are being refined.
*   **Black****‑****screen masking:** The malware can show a black or fake screen while the attacker operates in the background, hiding fraud from the user.

The live remote control is hidden by this masking, so victims don’t notice anything going on.

Because the fraud happens on the victim’s own device and session, criminals can often bypass multi-factor authentication and device-fingerprinting checks.

**How to stay safe**

If you notice strange behavior on your device or spot apps with generic names that include “utility,” “security,” “retailer,” or “investment” that you don’t remember installing from the official Play Store, run a full system scan with a trusted Android anti-malware solution.

But prevention is better:

*   Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps.
*   Before installing finance‑related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.
*   Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
*   Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
*   Keep Android, Google Play services, and all banking or crypto apps up to date so you get the latest security fixes.
*   Enable multi-factor authentication on banking and crypto services, and prefer app‑based or hardware‑based codes over SMS where possible. And if possible, set up account alerts for new payees, large transfers, or logins from new devices.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 New Android malware lets criminals control your phone and drain your bank account 

How you choose to store your assets is one of the most important decisions you’ll make when you…

How you choose to store your assets is one of the most important decisions you’ll make when you step into the **Web3** world. Pick right, and you’ll be able to grow your wealth, interact with blockchain services, and transact with other people without feeling like it’s a total gamble. You’ll also gain something pretty rare to come by in the blockchain space: peace of mind. 

However, if you rush the process, get complacent, or simply don’t put any thought into your storage strategy, then you’re lining yourself up for being one of the next cautionary tales people tell on Reddit. Don’t let that be you.

In this quick guide, we will share what a secure setup really looks like when securing your digital assets, as well as some classic mistakes to watch out for.

****Start With a Safe Environment****

First things first, you need to take a closer look at the device you use every day. If that’s not safe, then nothing else will be either. If your phone or laptop is compromised, perhaps by malware or a keylogger, your wallet will be indirectly compromised too.

The same goes for any operating system you use, or even an application that’s become outdated. If you’re actively accessing your crypto assets on a device, you absolutely need to ensure the environment is safe and that you aren’t unknowingly putting your security at risk. 

The safest play is to thoroughly clean up the environment, such as removing any unwanted apps, keeping your OS and software updated, and removing any browser extensions that track or manipulate activity in the background. Of course, this also means you should never access your crypto accounts while using **public Wi-Fi**.

****Pick a Wallet Setup That Matches Your Risk Level****

The **crypto wallet** you decide to use has huge ramifications on how much risk you’re exposed to when storing, managing, or transferring your coins. If you use a hot wallet (one that’s always connected to the internet), you are naturally more exposed to hacking attempts as your assets are online. 

Cold wallets offer much greater protection because your keys are kept offline, but they aren’t foolproof either. Aside from the extra verification steps you need to complete every time you interact with the blockchain, you also need the discipline to keep your device safe, up to date, and your recovery details secure. 

There’s long been a debate over hot vs cold wallets, but the best strategy isn’t one or the other. It’s a mixture of both. Most Web3 veterans keep a small amount in a hot wallet for convenience, but the bulk of their holdings are locked away in a cold setup for long-term storage.

The real danger isn’t choosing the wrong wallet, but in treating all your assets the same, no matter how much you hold or how often you move them.

****Protect Your Keys the Smart Way****

Your **recovery phrase** controls everything. Whoever holds it has full access to your account and can send your assets wherever they please. It’s absolutely paramount that this stays protected, which is why you should never store it digitally. 

Many newcomers make the mistake of taking a screenshot of their phrase, writing it down in a note-taking app, or saving it on a file-sharing platform like **Google Drive**. 

Instead, it’s a good idea to write down your phrase physically, either on a piece of paper or on thin metal. Doing a backup like this means the only way you can be exposed is if someone ends up with the physical document, which is why many people choose to store them in a safe or a deposit box. 

However you decide to store it, just make sure it’s reachable in an emergency. You may also want to keep multiple physical backups in different locations, just in case of an event like a fire that would likely destroy your backups.

****Safe Habits Every Transaction Needs****

Your crypto assets are never more at risk than when you’re making a transaction. Not only are you logging in and accessing your wallet, but you’re also signing and authorizing a transaction for funds to leave your account. Just one mistake here, and it could spell disaster.

As you would expect, most losses here occur for two main reasons. Rushing and complacency. Maybe you’ve seen a big trading opportunity, and you want to send your funds to a DEX to capitalize on it. Or perhaps you’re so used to interacting with your wallet that you get careless. Both of these scenarios create situations where mistakes and excessive risk-taking can occur. 

The rule of thumb when sending transactions is always to take your time. Double and triple-check the receiving address before you confirm anything. Don’t ever assume that the details are correct. Make sure.

Also, make sure you bookmark any site you’re interacting with and always send to legitimate accounts. People go to great lengths to create fake websites, and they can fool even the most seasoned crypto pros. If something feels off, pause. Hesitation is one of the simplest security tools.

****Know When to Update Your Security Setup****

Your security strategy shouldn’t be something that you just set up once and then forget about. Web3 moves quickly, and new threats and vulnerabilities pop up every day. If you sit still, you make yourself more vulnerable to these new attack vectors. 

With this in mind, make it a habit to review your security setup regularly. This doesn’t mean you need to overhaul everything each week, but a couple of times per year will give you a solid foundation. 

Ask yourself whether the wallet you’re using is still the best fit for your holdings. Do you need to move more assets to your cold storage? Have you done all the software updates for your devices? Even something as simple as changing your passwords on exchanges can make a big difference.  

You should also stay informed about what’s happening in the space. The more you know about what’s going on in Web3 and what threats are out there, the better you can protect yourself and avoid falling victim to them.

****Final Word****

Protecting your digital assets doesn’t need to be complex. All you need to do is put a little thought into it and stick to a routine. You can easily fall into the trap of getting caught up in how fast and exciting the whole Web3 experience is. However, before you begin creating wealth in Web3, you need to establish basic security processes.

Start by cleaning your environment, choosing the best wallet setup for your requirements, protecting your recovery phrase as if your entire financial future depended upon it, and developing the everyday habits that will help you stay secure even as new threats arise. 

(Photo by Shubham Dhage on Unsplash)

What a Secure Setup Really Looks Like for Storing Digital Assets

Scams are sneakier, more direct, and harder to spot than ever, so we're proud to work with GASA to help keep people safer online.

We are excited to share that Malwarebytes has officially joined the Global Anti-Scam Alliance (GASA) as a supporting member. Working with GASA helps us stay aligned with others who are focused on reducing scams and keeping people safer online.  

Modern-day scams aren’t the clumsy, obvious tricks they once were. They are sneakier, more direct, and harder to spot.  

Earlier this year, when we surveyed more than 1,300 people across the world about their online habits for shopping, clicking, swiping, and sending messages, we discovered a mobile landscape littered with scams: 

*   Nearly half of mobile users encounter scam attempts every day.  
*   Just 15% feel confident they can recognize one.  
*   More than a third have fallen victim, with 75% of victims saying they walked away with emotional harm and a shaken sense of trust. 

One thing is certain—scams are no longer rare; they’re a daily reality for most people, and they are taking a toll. 

As Mark Beare, general manager of consumer business for Malwarebytes, said:

> “Scams and consumer fraud aren’t fringe issues. They’ve become a global crisis, draining hundreds of billions of dollars each year and inflicting devastating emotional harm. We’re committed to tackling this complex problem through new technology like our AI-powered scam detector, Scam Guard, investigative research, industry collaboration, and perhaps most importantly, human support.”

This is exactly why we built Scam Guard, our free mobile scam detector: to give people real-time guidance, actionable tips, and simple scam reporting tools that make staying safe feel doable, not daunting. With Scam Guard, users can identify suspicious messages and links, instantly take action, and help others stay informed by reporting new scams as they appear.

Beare added: 

> “Today’s scams are sophisticated, leveraging deep-fake technology, AI-manipulated images, and highly targeted lures from the troves of data we’ve all lost in countless breaches. We’re proud to join GASA to further amplify our efforts and stop scammers in their tracks.”

At Malwarebytes, protecting people is at the heart of what we do. By partnering with the Global Anti-Scam Alliance, we’re extending that protection to more communities around the world.  

Stay protected and try Malwarebytes Scam Guard today! 

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Malwarebytes joins Global Anti-Scam Alliance (GASA) as supporting member  

Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

The WIRED Guide to Digital Opsec for Teens

This blog explains why vulnerability scoring matters, how CVSS works, and what’s new in version 4.0.

The Common Vulnerability Scoring System (CVSS) provides software developers, testers, and security and IT professionals with a standardized way to assess vulnerabilities. You can use CVSS to assess the threat level of each vulnerability and then prioritize mitigation accordingly.

This article explains how the CVSS works, reviews its components, and describes why using a standardized process helps organizations assess vulnerabilities consistently.

A software vulnerability is any weakness in the codebase that can be exploited. Vulnerabilities can result from a variety of coding mistakes, including faulty logic, inadequate validation mechanisms, or lack of protection against buffer overflows. Attackers can exploit these weaknesses to gain unauthorized access, execute arbitrary code, or disrupt system operations.

**Why use a standardized scoring system?**

With thousands of vulnerabilities disclosed each year, organizations need a way to prioritize which ones to address first. A standardized scoring system like CVSS helps teams:

*   Compare vulnerabilities objectively
*   Prioritize patching and mitigation efforts
*   Communicate risk to stakeholders

CVSS is maintained by the Forum of Incident Response and Security Teams (FIRST) and is widely used by organizations and vulnerability databases, including the National Vulnerability Database (NVD).

**CVSS v3.x metric groups**

CVSS v3.x included three main metric groups:

1.  **Base metrics:** Intrinsic characteristics of a vulnerability that are constant over time and across user environments.
2.  **Temporal metrics:** Characteristics that change over time, but not among user environments.
3.  **Environmental metrics:** Characteristics that are relevant and unique to a particular user’s environment.

**What’s new in CVSS v4.0?**

The CVSS v4.0 update, released in late 2023, brings several significant changes and improvements over previous versions (v3.0/v3.1). Here’s what’s new and what’s changed:

1. **Expanded metric groups**

*   **Base metrics** now include more granular distinctions, such as the new Attack Requirements (AT) metric and improved definitions for Privileges Required and User Interaction.
*   **Threat metrics** are a new, optional metric group for capturing real-world exploitation and threat intelligence, helping to prioritize vulnerabilities based on active exploitation.
*   **Supplemental metrics**, provide additional context—such as safety, automation, and recovery—to tailor scoring for specific industries or use cases.

2. **Refined scoring and terminology**

*   **Attack Vector (AV)** introduced a clearer distinction between network, adjacent, local, and physical vectors, with improved definitions.
*   **Attack Requirements (AT)** is introduced to capture conditions that must exist for successful exploitation, but are outside the attacker’s control.
*   **Privileges Required (PR) and User Interaction (UI)** have been clarified and expanded to reflect modern attack scenarios.
*   The scope is now called “vulnerable system,” providing more precise language about what is affected.

3. **Greater flexibility and customization**

*   **Modular scoring** allows organizations to use the base, threat, and supplemental metrics independently or together.
*   **Industry-specific extensions** let sectors like healthcare, automotive, or critical infrastructure apply more tailored scoring.

4. **Improved guidance and usability**

*   **Clearer documentation:** The new specification now includes better examples and more detailed guidance to reduce ambiguity in scoring.
*   **Backwards compatibility:** CVSS v4.0 scores are not directly comparable to v3.x scores, but the new system was designed to coexist during the transition period.

**How the CVSS scoring process works (v4.0)**

1.  **Assess the base metrics**
    *   Evaluate the exploitability and impact of the vulnerability using the updated metric definitions.
2.  **Incorporate threat metrics** (optional)
    *   If there’s intelligence about active exploitation, adjust the score accordingly to reflect real-world risk.
3.  **Add environmental and supplemental metrics**
    *   Tailor the score to your organization’s environment and industry-specific requirements.
4.  **Calculate the final score**
    *   The CVSS calculator (now updated for v4.0) combines the selected metrics to produce a score between 0.0 (no risk) and 10.0 (critical risk).

**Example of a CVSS v4.0 score**

Suppose a newly discovered vulnerability allows remote code execution over the network with no privileges required and no user interaction. Under CVSS v4.0, you would:

*   Assign the appropriate base metrics (e.g., Network, Low complexity, No privileges, No user interaction).
*   If there is evidence of active exploitation, use the threat metric to increase the urgency.
*   Add any environmental or supplemental metrics relevant to your organization.

The resulting score helps you prioritize remediation efforts based on both the technical details and the real-world threat landscape.

**Why the update matters**

The improvements in CVSS v4.0 reflect the changing nature of software vulnerabilities and the need for more nuanced, actionable risk assessments. By incorporating real-world threat intelligence and industry-specific context, organizations can make better-informed decisions about vulnerability management.

**Key takeaways:**

*   CVSS v4.0 provides more accurate, flexible, and actionable vulnerability scoring.
*   New metric groups allow for customization and real-world prioritization.
*   Organizations should transition to CVSS v4.0 for a more comprehensive approach to vulnerability risk management.

For more information and to access the latest CVSS v4.0 calculator and documentation, visit the FIRST CVSS v4.0 page**.**

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 How CVSS v4.0 works: characterizing and scoring vulnerabilities 

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.
"When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report

Email Security / Enterprise Security

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.

"When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report.

"These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured."

The development comes as Microsoft has begun rolling out a new feature in Teams that allows users to chat with anyone via email, including those who don't use the enterprise communications platform, starting this month. The change is expected to be globally available by January 2026.

"The recipient will receive an email invitation to join the chat session as a guest, enabling seamless communication and collaboration," Microsoft said in its announcement. "This update simplifies external engagement and supports flexible work scenarios."

In the event the recipient already uses Teams, they are notified via the app directly in the form of an external message request. The feature is enabled by default, but organizations can turn it off using the TeamsMessagingPolicy by setting the "UseB2BInvitesToAddExternalUsers" parameter to "false."

That said, this setting only prevents users from sending invitations to other users. It does not stop them from receiving invitations from external tenants.

At this stage, it's worth mentioning that guest access is different from external access, which allows users to find, call, and chat with people who have Teams but are outside of their organizations.

The "fundamental architectural gap" highlighted by Ontinue stems from the fact that Microsoft Defender for Office 365 protections for Teams may not apply when a user accepts a guest invitation to an external tenant. In other words, by entering the other tenant's security boundary, the user is subjected to security policies where the conversation is hosted and not where the user's account lives.

What's more, it opens the door to a scenario where the user can become an unprotected guest in a malicious environment that's dictated by the attacker's security policies.

In a hypothetical attack scenario, a threat actor can create "protection-free zones" by disabling all safeguards in their tenants or avail licenses that lack certain options by default. For instance, the attacker can spin up a malicious Microsoft 365 tenant using a low-cost license such as Teams Essentials or Business Basic that doesn't come with Microsoft Defender for Office 365 out of the box.

Once the unprotected tenant is set up, the attacker can then conduct reconnaissance of the target organization to gather more information and initiate contact via Teams by entering a victim's email address, causing Teams to send an automated invitation to join the chat as a guest.

Perhaps the most concerning aspect of the attack chain is that the email lands on the victim's mailbox, given that the message originates from Microsoft's own infrastructure, effectively bypassing SPF, DKIM, and DMARC checks. Email security solutions are unlikely to flag the email as malicious, as it's legitimately from Microsoft.

Should the victim end up accepting the invitation, they are granted guest access in the attacker's tenant, where all subsequent communication takes place. The threat actor can send phishing links or distribute malware-laced attachments by taking advantage of the lack of Safe Links and Safe Attachments scans.

"The victim's organization remains completely unaware," Downing said. "Their security controls never triggered because the attack occurred outside their security boundary."

To safeguard against this line of attack, organizations are recommended to restrict B2B collaboration settings to only allow guest invitations from trusted domains, implement cross-tenant access controls, restrict external Teams communication if not required, and train users to watch out for unsolicited Teams invites from external sources.

The Hacker News has reached out to Microsoft for comment, and we will update the story if we hear back.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.

The FBI has issued a public service announcement warning about a surge in account takeover (ATO) fraud, and the timing lines up with a major alert Amazon has just sent to its 300 million customers about brand impersonation scams.

**How ATO fraud works**

Account takeover fraud is just what it says: Scammers figure out a way to hijack your account and use it for their own gain. It affects everything from email and social media to retailer, travel, and banking accounts. Criminals use plenty of tactics, including malware on your computer or phone, or “credential stuffing,” where they try compromised passwords across lots of sites.

The FBI’s new alert focuses on attackers who impersonate customer support or tech support from your bank. Amazon’s warning describes almost identical techniques, but aimed at Amazon shoppers instead of banking customers.

Attackers send texts, emails and make phone calls designed to fool you into giving away your username and password, and even your multi-factor authentication (MFA) codes. Once they’re in the account, scammers quickly reset passwords or other access controls, locking you out of your own account.

****Fake websites, fake alerts, and fake customer support****

The FBI highlights another technique used for similar purposes: website-based phishing. The scammer will direct you to a fake site that looks just like your bank’s login page. The moment you enter your details, the criminals steal them and use them on the real banking site.

Amazon says the same thing is happening to its customers. In a warning email sent November 24, it listed the attacks it is seeing most often:

*   Fake delivery notices or account-issue messages
*   Third-party ads offering unbelievable deals
*   Messages via unofficial channels requesting login or payment information
*   Links to look-alike websites
*   Unsolicited “Amazon support” phone calls

One of the FBI’s examples mirrors this almost exactly: Attackers claim there has been fraudulent activity on your account and urge you to click a link to “fix” it, but it sends you straight to a phishing site.

**How do the scammers get you to these sites?**

Search engine optimization (SEO) poisoning is one common technique, the FBI says. Scammers buy ads with search engines that direct users to their malicious sites. Many mimic household names with tiny variations that are easy to miss when you’re in a hurry.

Amazon’s warning is backed up by research from FortiGuard Labs, which found that 19,000+ new domains set up to imitate major retail brands. 2,900 of those were proven to be malicious.

This wave of impersonation attacks isn’t limited to search ads and look-alike domains. Researchers have also uncovered a system called Matrix Push C2 that abuses browser push notifications to deliver fake alerts designed to look like they’re from trusted brands such as Netflix, PayPal, and Cloudflare. Once clicked, those alerts lead victims to phishing pages or malware, giving attackers yet another path to steal login details or take over accounts.

**A growing epidemic**

This type of fraud is on the rise. According to TransUnion, digital account takeover climbed 21% from H1 2024 to H1 2025, and 141% since H1 2021. It’s big business; the FBI has received over 5,100 complaints since January, and says that losses have hit $262 million.

This is a popular time for scammers to ramp up ATO fraud. Amazon’s alert comes at one of the busiest online shopping periods of the year—Black Friday and the run-up to the holidays.

And while MFA is important, it doesn’t always save you. Proofpoint found that 65% of compromised accounts had MFA enabled. But if you give up your secrets to a scammer, they have the keys to the kingdom.

Passwordless options such as passkeys promise better security because then there’s no MFA code to give up (you just use biometric access or click on a browser prompt to log in). However, those are still relatively uncommon compared to passwords, and when they do exist, people don’t often use them.

**How to protect yourself**

Cybercriminals prey on the vulnerable and the distracted. Brand impersonation works because attackers lean hard on urgency. They claim your account has been breached, or a large transaction has gone through, or a delivery can’t be completed.

Scammers are experts at using fear to get past your emotional defenses. In one inventive twist highlighted by the FBI, scammers told victims their details were used for firearms purchases, then transferred them to a fake “law enforcement” accomplice. Once fear kicks in, people act fast.

Whether the scammer is posing as Amazon, your bank, or a courier service, the same rules apply:

*   **Bookmark your bank and retailer login pages.** Don’t search for them, as results can be spoofed.
*   **Use official apps.** Download your bank or Amazon app directly from an official link, not through a search engine.
*   **Be stingy with personal info.** Pet names, schools, and birthdays can help criminals with “security questions.”
*   **Be skeptical of caller ID.** It can be spoofed. Hang up, then call back using a verified number.
*   **Use passkeys if offered.** They cut out SMS codes entirely and help prevent phishing.
*   **Never share one-time codes.** No legitimate company will ask.

Amazon also reminds users:

*   It will **never** ask for payment information over the phone.
*   It will **never** send emails asking customers to verify login details.
*   All account changes, tracking, and refunds should go through the Amazon app or website only.

If you do think you’ve been hit by an ATO scam, contact your bank immediately to try and recall or reverse any fraudulent transactions. It might still not be too late, but every second counts. Also, file a complaint with the FBI’s IC3 online crime unit.

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks 

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.

When the massive AWS outage in October brought down global services including Signal, Snapchat, ChatGPT, Zoom, Lyft, Slack, Reddit, McDonald’s, United Airlines, and even Duolingo, it exposed the fragility of cloud-first operations that, in today’s cloud-first world, anything can fail. As companies distribute their operations across global cloud platforms, the question is no longer “whether systems will fail”, but “how quickly they can recover and how intelligently they’re built to do so.”

Elena Lazar is among the engineers who have gained a solid understanding of this reality, a senior software engineer with over twenty years of experience designing resilient architectures, automating CI/CD pipelines, and improving observability across France, Poland, and the United States. As a member of the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, Elena bridges the worlds of applied engineering and scientific inquiry.

Elena told HackRead what it means to engineer for failure in the era of distributed systems: why resilience matters more than perfection, how AI-assisted log analysis is reshaping incident response, and why transparency often beats hierarchy when teams face complex system breakdowns. She also spoke about the global cultural shift redefining reliability engineering, moving from reactive firefighting to a model where recovery is built in from the start.

Elena Lazar

****Q.**** According to the New Relic observability forecast, the median cost of a high-impact IT outage has reached $2 million per hour, and that number keeps rising. From your perspective, why is recovery becoming so costly, and what can companies realistically do to minimise those losses?

****A.**** The main reason outages are getting more expensive is that digital infrastructure has become deeply interconnected and globally critical. Every system now relies on dozens of others, so when one major provider like AWS or Azure goes down, the impact cascades instantly across industries.

Recovery costs are rising not only because of direct downtime, but also because of lost transactions and brand damage that happen within minutes of an outage. The more global and automated a company becomes, the harder it is to maintain localised fallback mechanisms.

The only realistic way to reduce these losses is to design for controlled failure: build redundant architectures, simulate outages regularly, and automate root-cause detection so that recovery time is measured in seconds, not hours.

****Q.**** Elena, you’ve worked for over two decades in software engineering, from a freelance developer to your current role in large-scale projects in the broadcasting and content distribution domain. How has your understanding of reliability in distributed systems evolved through these different stages of your career?

**A.** Twenty years ago, truly large-scale distributed systems were relatively rare and mostly found in big corporations, simply because building anything reliable required maintaining your own physical infrastructure; even if it was hosted in data centres, it still had to be owned and operated by the company. Back then, a single enterprise server running both a CRM and a website could be considered “large-scale infrastructure,” and reliability largely meant keeping the hardware alive and manually checking applications.

The last 15 years changed everything. Cloud computing and virtualisation introduced elasticity and automation that made redundancy affordable. Reliability became not just a reactive goal but a design feature: scaling on demand, automated failovers, and monitoring pipelines that self-correct. If we once wrote monitoring scripts from scratch, now we have dashboards, container orchestration, and time-series databases all available out of the box. Today, reliability is not a toolset; it’s part of system architecture, woven into scalability, availability, and cost efficiency.

****Q.**** Can you share a specific case where you intentionally designed a system to tolerate component failures? What trade-offs did you face, and how did you resolve them?

****A.**** In my current work, I design CI and CD pipelines that can withstand failures of dependent services. The pipeline analyses each error: sometimes it retries, sometimes it fails fast and alerts the developer.

In past projects, I applied the principle of graceful degradation: letting part of a web or mobile application go offline temporarily without breaking the whole user experience. It improves stability but increases code complexity and operational costs. Resilience always comes with that trade-off: more logic, more monitoring, more infrastructure overhead, but it’s worth it when the system stays up while others go down.

****Q.**** In your work on CI/CD pipelines and infrastructure automation, you’ve made pipelines resilient to failures in dependent services. Which tools or practices have proven most effective?

****A.**** For years, we used scripts to analyse logs programmatically. Extending them for new scenarios took longer than manual debugging. Recently, we began experimenting with large language models (LLMs) for this.

Now, when a pipeline fails, part of its logs is fed to a model trained to suggest probable root causes. The LLM’s output goes straight to a developer via Slack or email. It often catches simple issues, wrong dependency versions, failed tests, outdated APIs and saves hours of support time.

I’m still pushing for deeper LLM integration. Ironically, I sometimes run a lightweight AI model in Docker on my laptop just to speed up log analysis. That’s where we are still bridging automation gaps with creativity.

****Q.**** Having worked on projects in banking, broadcasting, and e-commerce, which architectural patterns have proven most effective in improving system reliability?

****A.**** Replication combined with load balancing is the unsung hero. Enabling health checks in AWS ELB, for instance, practically implements a circuit breaker: it stops routing traffic to unhealthy nodes until they recover. We also rely on database replication; modern DBMSs support asynchronous replication by default.

In one banking project, integrating an external system overloaded a monolithic service. We broke that functionality into a scalable microservice behind a load balancer, which solved the problem but also exposed hidden dependencies. Some internal tools failed simply because they weren’t documented. That experience taught me a universal rule: undocumented infrastructure is a silent reliability killer.

****Q.**** You’ve worked extensively on infrastructure automation and service reliability. How do you decide which signals to monitor without overwhelming teams or inflating costs?

****A.**** Today, adding metrics is easy because most frameworks support them out of the box. There’s a clear shift from log parsing to metrics monitoring because metrics are stable and structured, while logs are constantly changing. Still, detailed logs remain indispensable for understanding «why» behind an outage.

It’s about balance: metrics keep systems healthy; logs explain their psychology.

****Q.**** Many organisations now run hundreds of microservices. What pitfalls do you see when scaling systems this way, especially around failure impact?

****A.**** Resource overhead is the biggest hidden cost that load balancers and cache layers can consume, as much compute power as the core services themselves. The only real mitigation is good architecture.

Failure propagation is a classic example. When services communicate without safeguards like heartbeat calls, circuit breakers, or latency monitoring, one failure can quickly cascade through the entire system. Yet over-engineering the protection adds latency and cost.

Sometimes the simplest solutions work best: return a fallback «data unavailable» response instead of an error, or use smart retry logic. Not every problem requires quite universal but costly event-based, asynchronous architectural solutions such as a Kafka cluster.

The key to managing growth is transparency. Restricting developers to isolated «scopes» without seeing the bigger picture is the worst anti-pattern I’ve seen. Modern Infrastructure-as-Code tools make even massive systems readable, reproducible, and, most importantly, understandable.

****Q.**** Outages can cost companies millions per hour, according to New Relic and Uptime Institute reports. How do you justify long-term investments in reliability when business priorities are often focused on short-term delivery?

****A.**** We live in an era where everyone knows the cost of failure. You don’t have to argue much anymore. Rising failure rates automatically trigger investigations, and the data speaks for itself.

For example, if the error rate in an AOSP platform update service spikes because of old Android clients, we analyse both the service and the distributed OS image. The business case always boils down to: fix reliability or lose users.

Even for internal tools like code repositories, documentation, CI and CD pipelines, the logic is similar. Unreliable infrastructure delays customer-facing features. The challenge isn’t convincing stakeholders, it’s finding the time and people to fix it.

****Q.**** According to your experience, what lessons would you share with engineering leaders building resilient pipelines today?

****A.**** Failures are inevitable, but chaos isn’t. What causes chaos is unclear ownership and poor communication. One simple rule helps immensely: give everyone access to the full codebase. When combined with a clear responsibility map, even if it’s just a well-structured Slack workspace, it empowers teams to collaborate instead of waiting for tickets to escalate. Transparency is the first step toward resilience.

**Q.** You’ve worked with machine learning–driven observability and mentioned your interest in agentic AI for automated remediation. What’s your vision for how AI will transform reliability engineering over the next five years?

**A.** Machine-learning-driven observability is already here, feeding logs into AI models to predict failures before they happen. But the real frontier is automated remediation: systems that self-heal and produce meaningful post-incident reports.

Yes, there is inertia as enterprises fear autonomous changes in production, but economics will win. Startups and dynamic organisations are already experimenting with agentic AI for reliability. Eventually, it will become the standard.

Resilience isn’t just about uptime. It’s a mindset that prioritises transparency, ownership, and systems that expect and recover from failure by design.

(Photo by Umberto on Unsplash)

Elena Lazar: Failures are Inevitable – Reliability is a Choice

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire

**Cary, North Carolina, USA, November 26th, 2025, CyberNewsWire**

**New courses, certifications, and hands-on training strengthen workforce readiness.**

INE, the leading provider of hands-on IT and Cybersecurity training and industry-recognized certification prep, today announced a significant expansion of its learning portfolio, reaffirming its commitment to empowering technology professionals with the skills they need to thrive.

As organizations across the globe accelerate their adoption of cloud, AI, automation, and advanced security technologies, IT teams must remain more adaptable than ever. INE continues to meet this demand by releasing new, high-impact content and refreshing existing learning paths to ensure learners stay aligned with industry standards, master emerging tools, and build real-world, muscle-memory expertise.

**Expanding Content for Today’s Most In-Demand Skills**

Over the last quarter, INE has rolled out a wide range of new courses, hands-on labs, and certification prep resources designed to help professionals cross-skill and upskill within one integrated training platform. New and updated content includes:

*   **AI in Automation Course** — Now part of INE’s Cisco certification prep, enabling learners to integrate AI-driven automation capabilities into modern enterprise infrastructures.
*   **Enterprise Network Design Scenarios** — Advanced modules supporting CCIE Enterprise Infrastructure candidates with realistic scenario-based design and troubleshooting.
*   **Updated INE Security Certifications & Prep** — Enhancements to Certified Incident Responder (CIR) and Certified Threat Hunting Professional (CTHP) programs, ensuring security specialists train on current adversarial tactics and defense strategies.
*   **Expanded Certification Prep for Industry-Leading Vendors** — Including updated pathways for CISSP, CompTIA Security+, and Network+.
*   **New** **Junior Data Scientist (eJDS)** **Learning Path & Certification** — A guided, practical path designed to introduce learners to Python, data analysis, machine learning foundations, and real-world data workflows.

> “Technology doesn’t stand still, and neither should the people who power it,” said Lindsey Rinehart, INE Chief Executive Officer. “Our goal is to give learners one place to grow from novice to expert, with continuously refreshed, hands-on content that reflects what top employers need right now.”

**A Platform Built for Real Skill Development**

INE’s training model emphasizes hands-on learning, scenario-based exercises, and progressive skill-building paths. Learners can practice concepts in real environments, gaining practical experience that transfers directly to on-the-job performance. Through this approach, INE enables individuals and teams to build lasting, applied knowledge rather than rely on passive video training.

**Supporting Professionals on Their Learning Journey**

In an effort to make high-quality technical training accessible to as many professionals as possible, INE is also offering limited-time pricing during the Black Friday period. These offers provide reduced-cost access to INE’s most comprehensive training plans and certifications, supporting learners at every stage of their career development.

Learners can choose from bundles that include annual subscriptions, certification vouchers, and hands-on labs, saving up to $750! For the first time, INE is offering the INE Premium Subscription for 50% off to ensure the most comprehensive training subscription is accessible to learners at every level. 

To learn more about INE’s commitment to accessible, high-impact training—and to explore this year’s limited-time Black Friday opportunities—users can visit https://learn.ine.com/promo/black-friday-2025. 

**About INE**

INE x INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

**Contact**

**Chief Marketing Officer**  
**Kim Lucht**  
**INE**  
**\[email protected\]**

INE Expands Cross-Skilling Innovations

Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.

A new report from Bitdefender Labs has brought unsettling news for the gaming community, especially those looking for free or hacked versions of popular titles. Cybercriminals are using the hype around the major first-person shooter, Battlefield 6, to trick players into downloading malicious software that can steal their private information and even take over their PCs.

Battlefield 6, developed by DICE and published by Electronic Arts (EA), hit the market in October and was, as we know it, one of the year’s most anticipated releases. Unfortunately, this popularity became a perfect target for attackers who started spreading infected files the moment the game became available.

** **Counterfeit Games and Malicious Cheats****

The researchers found fake pirated versions of the game, installers, and phoney “game trainers” being spread across torrent sites and other easily found domains. For your information, a game trainer is a program (sometimes real) that gives a player an advantage, like unlimited coins or health. However, in this case, the fake ones do the opposite; they steal your data. Also, none of the fake files actually work as a game or a cheat.

Bitdefender Labs’ research, shared with Hackread.com, further revealed that the attackers made their malicious downloads appear legitimate by using the names of real, well-known game cracking groups, like InsaneRamZes and RUNE.

Researchers assessed a pirated version using the RUNE name, which was disguised as a Battlefield 6 ISO image and deployed a dangerous Command-and-Control (C2) agent. This agent allows an attacker to remotely control an infected computer for future exploitation.

One sample, disguised as a trainer, acted as an aggressive infostealer, focused on secretly gathering personal data. Another file, distributed as Battlefield 6.GOG-InsaneRamZes used a completely different strategy that involved stealth and environmental awareness. 

It then checked regional settings and shuts down if it detects Russian or CIS countries (like Armenia, Belarus, etc.). This evasion, common for some groups, helps them avoid legal issues and detection by security programs.

****Data at Risk****

This infostealer specifically targets sensitive data. Researchers noted that this malware aggressively targets “Crypto Wallets and Cookie Sessions from Chrome, Edge, Firefox, Opera,” session tokens from Discord, and crypto-wallet extension data from Chrome add-ons like iWallet and Yoroi. Bitdefender’s analysis also found that hundreds of people (potential victims) were actively downloading the malicious torrent files.

** **How to Stay Safe****

Bitdefender’s advice is clear: always buy and download Battlefield 6 and other games only from official sources like the EA App, Steam, or GOG. They strongly recommend avoiding third-party utilities, torrents, or any unknown programs, warning that: “attackers are exploiting players’ curiosity and impatience for newly launched titles.”

Tag

#ios