February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file…

February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file transfer flaws, infostealers, and AI-driven tactics, reveals Bitdefender’s latest Threat Debrief report.

Cybersecurity just reached a new milestone; and not in a good way. According to Bitdefender’s latest Threat Debrief report, February 2025 was the worst month in history for ransomware attacks, with a 126% increase in claimed victims compared to the same period last year.

This surprising jump saw the number of victims soar from 425 in February 2024 to a staggering 962 in February 2025. The massive surge in ransomware attacks occurred despite the United States-led alliance of 40 countries, announced in November 2023, aimed at dismantling ransomware gangs and their infrastructure. The initiative focused on disrupting payments, taking down infrastructure, and enhancing intelligence sharing.

****Clop (Cl0p) Ransomware at Its Peak****

According to Bitdefender’s report shared with Hackread.com ahead of publishing on Thursday, Cl0p ransomware group Clop was responsible for more than a third of the attacks, claiming 335 victims in just one month. This makes a 300% increase from the previous month.

So, what’s behind this sudden rise in attacks? Cybersecurity experts point to a new trend that’s not so new: attackers are increasingly targeting vulnerabilities in edge network devices, such as file transfer systems and remote access tools.

Instead of focusing on specific industries, these opportunistic hackers are scanning the internet for easily exploitable flaws and launching automated attacks. For example, the Cl0p ransomware gang is notorious for exploiting vulnerabilities in MOVEit, a managed file transfer (MFT) software, with the highest frequency in 2023. The group stole so much data through MOVEit vulnerabilities that it launched a clearnet website to leak stolen information from victims worldwide.

In December 2024, Cl0p also announced exploiting security vulnerabilities in Cleo’s managed file transfer software, specifically targeting Cleo Harmony, VLTrader, and LexiCom products. Bitdefender’s Threat Debrief report also spotted Cl0p’s exploitation of Cleo vulnerabilities, especially CVE-2024-50623 and CVE-2024-55956 both rated 9.8 out of 10 in severity.

Both flaws allow attackers to execute commands remotely on compromised systems and were disclosed late last year. Despite patches being available, many organizations failed to update their systems in time, leaving them wide open to exploitation leading to the surge in victims seen in February 2025.

The illustration highlights the rapid pace at which ransomware gangs exploit vulnerabilities and shift to new targets. (Credit: Ditdefender)

****Other Notable Developments in the Ransomware World****

Beyond the record-breaking numbers, Bitdefender researchers noticed several other noteworthy trends in February 2025 including:

****FunkSec’s New Infostealer****

FunkSec, a growing ransomware group, released Wolfer, a tool designed to extract sensitive information from infected machines. It communicates with a Telegram bot to gather system details, Wi-Fi passwords, and more.

A ransomware gang using infostealers is bad news, especially as researchers recently found that cybercriminals are successfully breaching U.S. national security with infostealers as cheap as $10. Even high-security institutions like the military and the FBI have had their systems compromised, with access being sold on the dark web.

****Black Basta Gets Analyzed by AI****

On February 11, 2025, the notorious Black Basta ransomware gang had its internal chats leaked. These chats contained over 200,000 Russian-language messages. Hudson Rock’s researchers created a chatbot called BlackBastaGPT to sift through the chat logs.

Insights revealed details about their profits, use of deepfake technology, and internal conflicts. The group’s leader emphasized avoiding detection by using built-in system tools, a tactic known as “living off the land.”

****Ghost Ransomware Under Scrutiny****

A joint advisory from CISA highlighted Ghost (also known as Cring), a China-based ransomware operation exploiting older but still unpatched vulnerabilities. Recommendations include patching affected software, segmenting networks, and backing up data regularly.

****Akira’s Webcam Hack****

The Akira ransomware gang found a creative way to bypass security by hijacking a victim’s webcam. Since the device ran Linux and wasn’t monitored closely, it became the perfect launchpad for encrypting files across the network undetected.

****Top 10 Companies Most Targeted by Ransomware Gangs****

The United States, Canada, the UK, Germany, and other developed nations remain the biggest targets of ransomware groups. These countries are highly vulnerable due to their reliance on connected edge devices, cloud infrastructure, and critical business data.

In total, these are the top 10 companies most targeted by ransomware gangs:

1.  USA
2.  Canada
3.  The UK
4.  Germany
5.  France
6.  Australia
7.  Brazil
8.  Mexico
9.  Italy
10.  Sweden

For those looking to understand the full scope of modern ransomware operations and how to fight back, Bitdefender has published a comprehensive whitepaper detailing current attack methods and defence strategies. You can access it here.

Ransomware Hits Record High: 126% Surge in Attacks in February 2025

One of the many advancements in the financial system is the adoption of Bitcoin, which has shifted the…

One of the many advancements in the financial system is the adoption of Bitcoin, which has shifted the paradigm by offering a new method of banking within a cryptocurrency framework that is both decentralized and transparent. However, the digital aspect of this currency also poses unique cybersecurity problems. With the expansion of the cryptocurrency marketplace, cyber risks are also evolving, making it imperative to consider security when investing in or adopting Bitcoin.

**Table of Contents**

*   The Rising Threat of Cyberattacks on Bitcoin
*   Common Security Threats in Bitcoin Transactions
*   Securing Bitcoin: Best Practices for Cybersecurity
*   The Role of Blockchain in Enhancing Bitcoin Security
*   Bitcoin Regulation and Its Effect on Cybersecurity
*   The Future of Bitcoin Security
*   Conclusion

**The Rising Threat of Cyberattacks on Bitcoin**

The growing availability and usage of Bitcoin puts it on the radar of cybercriminals. Weaknesses in the crypto ecosystem are always being targeted by malicious actors, ranging from phishing bots to advanced exchange hacks. The multilevel marketing structure of Bitcoin means transactions are irreversible and further complicates the situation with lacking fund recovery options.

There has been a drastic shift in perspective on securing digital assets as the Bitcoin price changes. People have started investing with caution while monitoring the prices closely. Recent hacks toward key exchanges serve as a reminder that protective measures must be implemented to secure private holdings.

For example, in November 2023, the HTX (formerly Huobi) exchange was hacked, resulting in 30 million dollars worth of losses because of a compromised private key. This should alert us to the need for better multi-layer authentication and improved security measures. Also, in September 2023, covert private key thefts worth 70 million dollars to the CoinEx exchange showed the dire need for better key management systems.

**Common Security Threats in Bitcoin Transactions**

*   Phishing Attacks: Scammers use fake emails or web pages purporting to be from legitimate businesses and use them to extract private keys and passwords from unsuspecting users.
*   Exchange Hacks: An easy target for cybercriminals is centralized exchanges due to the huge sums of assets locked in their wallets. It has been a documented fact that numerous breaches have resulted in the theft of Bitcoins amounting to millions of dollars.
*   Malware and ransomware: There has been a rise in malicious programs poised to steal authentication credentials to a Bitcoin wallet or to hold user information hostage for a ransom payment.
*   Sim-Swapping Attacks: Interception of a target’s phone number and use of 2FA security codes to access crypto wallets without permission is possible with the attackers getting hold of a victim’s phone number.
*   Wallet Exploits: Even non-custodial wallets are at risk of being compromised by keyloggers and other forms of malware or bugs in the host program.

**Securing Bitcoin: Best Practices for Cybersecurity**

Measures requiring the adoption of stringent cybersecurity postures must be put in place to ensure Bitcoin is secure from cyber threats:

*   Use Hardware Wallets: These are offline cold storage solutions that add an extra layer of security as the hardware is not connected to the internet, where hackers may use the private key for malicious intent.
*   Enable Multi-Factor Authentication (MFA): Implementing two or more form factor identifiers on exchange accounts and wallets is a cynical plan for restricting unauthorized access.
*   Be Aware Of Security Risks: Keeping track of developments in cybersecurity helps numerous users prepare for a potential threat or scam that may arise.
*   Do Not Use Public Wi-Fi For Sensitive Transactions: The danger posed by public networks is that they may be subject to man-in-the-middle attacks, thus compromising personal transactions. For instance, in 2023, several users lost their money when hackers took advantage of unprotected public wireless networks to hijack Bitcoin transactions. This adds to the necessity for secure VPN use and underscores the need for safe connections while dealing with Bitcoins.
*   Check the URLs and Other Sources: Always ensure that login credentials are entered on legitimate web pages, especially before initiating Bitcoin transactions.

**The Role of Blockchain in Enhancing Bitcoin Security**

Blockchain technology protects Bitcoin from a good number of cyberattacks, even if it is constantly exposed to them.

*   Decentralization: Unlike banks, which rely on an institution, Bitcoin uses a ledger that is decentralized and thus has various opportunities for potential failures.
*   Immutability: Changes can never be made to the Bitcoin transactions that have already been confirmed on the blockchain and hence recorded to it.
*   Cryptographic Security: Wallet addresses and transaction data are protected from alteration by sophisticated encryption methods.
*   Peer-to-peer Verification: Multiple nodes in the network verify each transaction, making it nearly impossible to commit fraud.

These characteristics are what make Bitcoin one of the most protected digital assets; however, users still need to take the necessary additional steps to secure their assets.

**Bitcoin Regulation and Its Effect on Cybersecurity**

Universal adoption of Bitcoin entails the enforcement of governance and legislative bodies at a macro level to improve safety protocols within the crypto industry. The UK, Japan and the EU have implemented more stringent KYC and AML policies in an attempt to curb fraudulent and criminal behaviours. For instance, the MiCA Regulations passed by the EU in early 2023 aimed to manage the market of crypto assets by enforcing more comprehensive KYC policies together with monitoring of transactions.

Regulatory authority has the challenge of attempting to establish security measures without undermining the core principle of decentralization that Bitcoin embodies. Overcontrol creates a possibility of pushing transactions underground to uncontrolled P2P markets, which can escalate cyber threats. Cautious investors need to check what local regulations are and implement basic security measures.

For example, the U.S. has become stricter, requiring crypto exchanges to register with the SEC and follow strict AML (Anti-Money Laundering) procedures, while Singapore has opted for a modern approach under the Payment Services Act, which ensures innovation alongside consumer protection.

**The Future of Bitcoin Security**

In response to novel cybersecurity threats, safeguarding Bitcoin will become more sophisticated over time. The following innovations are working towards enhanced Bitcoin protection:

*   Multi-Party Computation (MPC): A form of cryptography that improves a user’s wallet security by splitting the control of the keys to the wallet among several parties.
*   Decentralized Identity Solutions: These include systems that block identity theft through blockchain-based identity verification and phishing safeguard systems.
*   Quantum Resistant Cryptography: Working on developing methods of encryption that resist future attacks on Bitcoin’s secrecy through quantum computing. Institutions like the National Institute of Standards and Technology (NIST) and the community of Bitcoin Core developers are working to provide solutions. These solutions are aimed at countering quantum computing to secure blockchain technologies for ever so long.
*   AI-Powered Fraud Detection: Algorithms created to analyze for potential illicit action in Bitcoin operations and strengthen the antifraud measures in place on the Bitcoin networks. Chainalysis and CipherTrace have implemented tools that use AI to analyze blockchain transactions for any suspicious activity so that exchanges and financial institutions can manage their exposure.

**Conclusion**

The freedom offered by a decentralized bitcoin comes with a tradeoff since it often makes users vulnerable to cybersecurity issues. As time goes by, traders and investors alike need to focus on precautionary measures as their digital wealth is increasingly at risk. With the development of hardware wallets and AI fraud detection systems, bitcoin can remain a strong component of one’s portfolio in the era of digitization. Being proactive by adopting optimal security methods allows Bitcoin users to deal with potential threats head-on.

Bitcoin and Cybersecurity: Protecting Digital Assets in a Decentralized World

Louis Donald Mendonsa, 62, was sentenced following a guilty plea for distributing child sexual abuse materials (CSAM) via…

Louis Donald Mendonsa, 62, was sentenced following a guilty plea for distributing child sexual abuse materials (CSAM) via Dark Web and other online networks after 6,5000 explicit images were found on his devices.

A California resident, Louis Donald Mendonsa (62), has been sentenced to 24 years and four months in federal prison for his involvement in managing four illegal websites on the dark web that shared explicit images and videos of children.

Mendonsa, a Sacramento native, played a key role in maintaining these platforms, which were active from December 2021 until his arrest in November 2022. He received his sentence on February 27, 2025, after pleading guilty in April 2024 to seven counts of distributing CSAM and one count of possession.

The websites, which operated on the dark web, a hidden part of the internet often used for illegal activities only accessible through the Tor browser, allowed users to advertise, distribute, and trade disturbing content involving children. According to the US Department of Justice’s press release, one of the sites even featured material depicting infants and toddlers.

Mendonsa not only managed these platforms but also actively promoted and shared illegal content himself. His activities came to light after law enforcement discovered his actions while he was using public Wi-Fi at a local coffee shop.

Upon arrest, a search of Mendonsa’s electronic devices revealed approximately 6,500 explicit images, confirming the identities of several known victims. This case is part of Project Safe Childhood, a nationwide initiative launched by the Department of Justice in 2006 to combat the alarming rise in child sexual exploitation. 

The project brings together federal, state, and local law enforcement agencies to track down, arrest, and prosecute individuals who exploit children online, while also working to rescue victims.

Man Jailed 24 Years for Running Dark Web CSAM Sites from Coffee Shop

Crypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing…

Crypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing one can be confusing for so many investors. The three commonly used are mobile, desktop, and hardware wallets. 

Mobile and desktop wallets are called hot wallets, which means they are connected to the internet. Hardware wallets, on the other hand, are cold and thus don’t require Wi-Fi. However, all these wallets are non-custodial. You have the full responsibility of protecting your keys.

In this article, we will look at mobile, desktop, and hardware wallets to help you determine the best option for your investment. 

****Hardware Wallet****

Hardware crypto wallets offer offline protection. These are physical devices used to store your private keys. Since they are not connected to the internet or any other devices, hardware wallets are typically considered more secure, but they can be a little complicated to use. 

Modern hardware wallets are more refined. For example, if we look at the Tangem wallet review, you will learn that these devices are designed similarly to modern credit cards and use smartphone displays, making them convenient to carry around. 

Hardware wallets are ideal for large investments since they are highly secure and less susceptible to online attacks. It is best to buy these wallets from authorized dealers or the main company to avoid getting a counterfeit one. 

****Mobile Wallets****

Mobile crypto wallets are apps you can download on your phone to manage your cryptocurrency. It can be on your main phone or another mobile device. These wallets are very portable, enabling you to make transactions on the go. Most mobile wallets have a PIN and a recovery phrase to increase security. 

The major downside is walking around with your wallet is risky. You can easily lose your phone, which makes your wallet vulnerable to hacking. However, some people are adopting to use of a second phone as their mobile wallet which is more secure. The phone is often disconnected from WiFi and may even not include a plan. You only switch it on when making a transaction. 

Generally, mobile wallets are ideal for people who use crypto often, especially in small transactions. It is also a good option for beginners who don’t have a large investment. 

****Desktop Crypto Wallets****

Desktop wallets are software or programs you can install on your computer. Most wallets are compatible with common operating systems like Windows, Linux, and Mac. These are very similar to desktop wallets but some providers offer extra advantages. 

For example, some software wallets allow you to keep your keys offline on a USB drive, essentially functioning like hybrid crypto wallets. Desktop wallets are more secure than mobile ones but are not portable since it is not quite convenient to carry your desktops everywhere. 

The main risk is that if your device gets infected by a virus or malware, your crypto could be jeopardized. Desktop wallets are a good alternative for anyone looking for a secure wallet that is not for everyday use.

****Conclusion****

Choosing the best crypto wallet depends on your use and the size of the investment. For those who use crypto daily, mobile wallets are the best choice. If you want a foolproof, secure wallet, opt for hardware. However, if you are using browser-generated wallets watch out for security vulnerabilities like Randstorm which is currently impacting billions in crypto assets worldwide.

1.  Benefits of Using an Anonymous Bitcoin Wallet
2.  Biggest Crypto Scam Tactics and How to Avoid Them
3.  Power Plants to eWallets: ZTNA’s Role in the Gig Economy
4.  Study Finds AI Guesses Crypto Seed Phrases in 0.02 Seconds
5.  The Growing Importance of Secure Crypto Payment Gateways

Hardware Crypto Wallets vs. Mobile vs. Desktop: Which Should You Choose?

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

TP-Link is one of the most popular router manufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, though no evidence of deliberate wrongdoing has yet emerged.

“We are a US company,” Jeff Barney, president of TP-Link told WIRED, “We have no affiliation with TP-Link Tech, which focuses on mainland China, and we can prove our separateness.”

The investigation was sparked by a letter from John Moolenaar, a Republican for Michigan, and Raja Krishnamoorthi, a Democrat of Illinois. Both are on the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. They outlined concerns that Chinese state-sponsored hackers may be able to compromise TP-Link’s routers more easily than other brands and thereby infiltrate US systems, and that TP-Link is subject to Chinese law, meaning it can be forced to hand over sensitive US information by Chinese intelligence officials.

Photograph: Simon Hill

TP-Link was founded in China in 1996 by two brothers, and TP-Link USA was established in 2008. It wasn’t until 2022 that the Chinese and US wings began to split. The process of moving the 170 subsidiaries and all the related ownership out of Hong Kong and into the United States was delayed by the pandemic, says Barney, but it was divested and restructured by 2024.

TP-Link now has headquarters in California and Singapore and manufactures in Vietnam. It researches, designs, develops, and manufactures everything except chipsets in-house, according to Barney. “Our entities in China are governed directly by us, our employees badged by us, secured by us, in our own facilities.” He also says TP-Link has shared documentation with investigators and that its factory in Vietnam was audited by US retail partners like Walmart, Best Buy, and Costco.

“Everybody has a Nexus in China,” Barney says. He claims that American rival Netgear uses Chinese ODMs (original device manufacturers) to build its products and that even Apple relies on manufacturing in China. Netgear says its routers are manufactured in Taiwan, Vietnam, and Thailand, not China.

**Competition Concerns**

The WSJ report suggests that TP-Link has a leading 64.9 percent share of the US router market, but TP-Link disputes this. The company claims its share hovered around 20 percent for the last few years, but jumped to a 36.5 percent unit share and a 30.7 percent dollar share in 2024. But even TP-Link’s lower estimate shows a company in the ascendancy. This dominance has been driven by aggressively low prices and a relatively early roll-out of Wi-Fi 7 routers, perceived by some as a concerted effort to flood the US market.

“Technology should not be exorbitant,” Barney says. “We're trying to democratize these products.”

However, the wide product range raises questions, with many wondering how TP-Link can profit from routers sold at such low prices compared to the competition. Former CNET reviewer Dong Ngo explores this point on the in-depth router review website, Dong Knows.

Concerns about the links between Chinese companies and its government are nothing new. The ban on Huawei’s networking equipment and US sanctions came after years of cybersecurity concerns and intellectual property lawsuits brought by US companies. The TikTok ban is not being enforced by President Donald Trump’s administration, but owner ByteDance is still under pressure to divest its US operations. These situations can be tricky for the average person to navigate because the lines between shoddy security, Chinese espionage, US protectionism, and the growing trade war are distinctly blurry and are not mutually exclusive.

It’s no secret that US competitor Netgear has been lobbying the US government on “cybersecurity and strategic competition with China.” Netgear has had a tough couple of years after adopting a premium pricing strategy that did not resonate with consumers. It has also been embroiled in litigation against TP-Link for patent infringement, resulting in TP-Link paying a $135 million settlement in September 2024.

**Are TP-Link Routers Secure?**

TP-Link has signed CISA’s “Secure by Design” pledge and is part of the Technical Exchange Group. It has a vulnerability disclosure program, where independent researchers and the security community can report potential issues to security@tp-link.com. It claims report response time was 8.4 days on average in 2023, with patches released in an average of 38.5 days. The company is also planning to launch a bug bounty program.

Barney claims TP-Link’s rate of vulnerabilities per product is significantly lower than many of its peers, including Netgear and Cisco, citing public data collected by Finite State, an independent US cybersecurity company, from CVE Details, VulDB, and CISA (Cybersecurity and Infrastructure Security Agency), but not everyone agrees.

“TP-Link does not have a great reputation for patching vulnerabilities or working with security researchers, which does raise alarm bells,” Pieter Arntz, malware intelligence researcher for Malwarebytes told WIRED via email.

Photograph: TP-Link; Data Source: U.S. Cybersecurity and Infrastructure Security Agency

TP-Link was criticized in a recent Microsoft report over a “password spraying” hack that mostly impacted its routers, and the report suggested Chinese “nation-state threat actor activity.” Barney says these were end-of-service products and that Asus and Netgear routers were also impacted.

Other incidents include a Check Point Research exposé of a malicious firmware implant for TP-Link routers, linked to a Chinese state-sponsored “advanced persistent threat” group dubbed “Camaro Dragon.” Cyfirma researchers also found TP-Link router vulnerabilities for sale on underground forums.

“It’s also a challenge because regardless of the home router vendor, there will always be vulnerabilities found,” Arntz says.

A part of the problem with older routers is that the onus is often on the user to download and install updates, and this is rarely automatic or as simple as clicking on “update,” which means many patches are never installed, creating vulnerable devices for any savvy cybercriminals or nation-states. Even months after TP-Link released patches for a vulnerability on its popular Archer AX21 router, hackers continue to scan for and exploit it on unpatched routers.

These security concerns are moot in the face of built-in backdoors. Backdoors can be pieces of code or even hardware added to the circuit board that enables remote parties to gain access and potentially control the device. There’s no evidence that TP-Link devices have backdoors, but, as Ngo points out, when you use an online account with your router, you are already giving the company access through the front door. Whether remote connectivity is justified by the need for automatic software updates, remote control access, or other features for users, it effectively gives the manufacturer access to your router.

**Should You Worry?**

Ultimately, the concern isn’t so much about the Chinese government or other malicious actors spying on your web browsing habits—though that is possible—it’s the idea they might employ your router as a part of a botnet to launch a cyberattack on a US government agency or major service provider.

The NSA has been concerned about Chinese hackers for some time now, and China's Salt Typhoon spies continue to infiltrate US internet service providers and telecommunications companies. Speaking on the _NatSec Tech_ podcast recently, former special assistant to the president and cybersecurity coordinator on the US National Security Council, Rob Joyce, likened TP-Link routers to a Trojan Horse and suggested China is pre-positioning for a potentially devastating attack on US infrastructure.

While some cybersecurity experts suggest a ban is imminent, Barney is confident that TP-Link routers won’t be banned. Investigations are ongoing. Even if the government doesn't find anything or decides against a ban, it won’t publicly clear TP-Link. It’s more likely the investigation will fade from the news.

Photograph: Simon Hill

For owners of a TP-Link router or anyone considering buying one, it all boils down to trust. We've tested and recommend several TP-Link routers and Deco mesh systems in our buying guides because they offer good value and great performance. But we continually update our guides and will monitor the situation before deciding whether we need to reconsider those recommendations.

There’s no easy fix because all the major router manufacturers have issues with vulnerabilities, and most of them require you to use an online account. You can go down the rabbit hole with router security, or seek out security-focused brands like Firewalla, but expect to pay more for your equipment in both time and money.

Even if you stick with what you have, there are steps you can take to be more secure online. We recommend using a VPN service and learning a little about router settings. Malwarebytes’ Arntz says the most secure router is the one on which you are comfortable changing the settings: credentials, firewall options, and especially installing updates.

Here’s his advice for home TP-Link router owners who are concerned:

*   First, update your login credentials. Ensure you have moved away from the default login credentials set by the router manufacturer (or internet provider). Make this password different from your Wi-Fi name and password. And remember, length equals strength when it comes to passwords.
*   Second, patch your device and set a reminder to check regularly for firmware updates.
*   Third, turn on the firewall and Wi-Fi encryption. You can find these settings by logging into your router from its app or website.
*   Finally, consider purchasing a new router from a different vendor with a less problematic history.

TP-Link also manufactures a wide range of smart home devices marketed under the Tapo brand, including everything from security cameras to water leak detectors. These are not part of the current investigation, which seems to be focused solely on routers. TP-Link says it has applied to the FCC’s Cyber Trust Mark program administered by UL Solutions, which ensures that internet-of-things devices are tested and labeled secure. Sadly, there is no such program for routers.

The US Is Considering a TP-Link Router Ban—Should You Worry?

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords, IP addresses, and device IDs are among the exposed data. Learn more.

A large, unprotected database belonging to Mars Hydro, a company specializing in IoT grow lights (Internet of Things Grow Lights) and agricultural software, was discovered by cybersecurity researcher Jeremiah Fowler.

The database, containing a whopping 2.7 billion records totalling 1.17 terabytes, exposed a treasure trove of sensitive information, including Wi-Fi network names (SSIDs), passwords, IP addresses, device IDs, email addresses, and more.  

According to Fowler’s blog post for vpnMentor which the company shared with Hackread.com ahead of publishing on Wednesday 12th February 2025, within the database, folders labelled for logging, monitoring, and error records of IoT devices worldwide were found. 

Sample analysis revealed over 100 million records across 13 folders, containing not only Wi-Fi network names but also their corresponding passwords, along with IP addresses and unique device identifiers.  Interestingly, the data also seemed to link to the control devices, such as smartphones, used to manage these IoT products, revealing information about operating systems (e.g. iOS and Android).

Further investigation linked the database to LG-LED SOLUTIONS LIMITED, a California-registered company.  API details and URLs associated with LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer- all involved in the manufacturing and sale of agricultural grow lights, fans, and cooling systems- were also present in the exposed data.  Numerous records were specifically labelled as “Mars-pro-iot-error” or “SF-iot-error,” suggesting a connection to these specific product lines.  

Fowler also found error logs containing potentially sensitive information, including tokens, application versions, device types, and IP addresses, in addition to the Wi-Fi credentials. 

Following the discovery, Fowler promptly notified LG-LED SOLUTIONS and Mars Hydro, leading to the database being secured within hours. Mars Hydro, identified as a Shenzhen, China-based LED grow light manufacturer with warehouses in the UK, US, and Australia, confirmed to Fowler that the Mars Pro app is their official product. 

Nevertheless, questions remain regarding the database’s ownership, management, and the duration of its exposure. It is unclear if the database was managed directly by LG-LED SOLUTIONS or a third-party contractor. A thorough forensic audit would be required to determine the extent of any unauthorized access, Fowler noted in the blog post.

The Mars Pro app and connected devices have been exposing vast amounts of information. Such lapses can lead to misuse, like surveillance, man-in-the-middle attacks, and manipulation. The recently reported Matrix hacker group is a prime example of the ongoing exploitation of exposed IoT devices for DDoS botnets.

Additionally, studies indicate that a significant percentage of IoT devices (57%) are highly vulnerable, with a majority of transmitted data (983%) being unencrypted. To mitigate these risks, IoT device makers and app developers must prioritize data protection, avoid plain text logging, use encryption, secure internal cloud storage, and conduct regular security audits and penetration testing.

.

Massive 1.17TB Data Leak Exposes Billions of IoT Grow Light Records

Gambling companies are sharing their users’ data with Meta for marketing and tracking purposes.

While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company.  

The Observer reports that over 150 UK gambling websites have been extracting visitor data through a hidden embedded tracking tool, and then sending that data to Meta in order to profile people as gamblers and flood them with Facebook ads for casinos and betting sites.

The gambling websites used and shared data for marketing purposes—without obtaining explicit permission from the users—in an apparent breach of data protection laws. The websites include popular sites like Hollywoodbets, Sporting Index, Lottoland, and Bwin.  

Of the 150 websites that were tested, 52 used a tracking tool called Meta Pixel to share data directly and without explicit consent. This data was automatically transferred when loading the webpage, before users could even accept or decline the use of their data.  

The data collection resulted in the reporter—who said they never once agreed to the use of their data for marketing purposes— being inundated with ads for gambling websites. In one browsing session, the reporter encountered ads from 49 different brands, including from betting companies which were not involved in the data collection and had been using Meta Pixel within the rules.  

Wolfie Christl, a data privacy expert investigating the ad tech industry commented:

> “Sharing data with Meta is highly problematic, even with consent, but doing so without explicit informed consent shows a blatant disregard for the law. Meta is complicit and must be held accountable” 

This isn’t the first time that gambling sites have been caught unlawfully selling off user data, and comes amid calls for a wider investigation into the targeting of gamblers, as well as the need for more protective measures.

**Don’t gamble away your data and stay protected**

Here are some ways to protect your data while using gambling (or any other) sites online:

*   Use a VPN, especially on public Wi-Fi networks
*   Use privacy-focused browsers and search engines, such as Brave
*   Clear your browsing data when closing your browser
*   Review the permissions of all your apps. Only grant them permission to access things they absolutely need.
*   Disable location tracking for as many apps as possible
*   Disable personalized ads as much as you can
*   Keep your devices up-to-date. This protects you from vulnerabilities that cybercriminals might try to exploit
*   Install Malwarebytes Browser Guard—our free tool that protects against ad tracking.

 Gambling firms are secretly sharing your data with Facebook  

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do,…

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do, and why do so many people rely on it? In an era of constant digital surveillance, increasing cyber threats, and growing concerns over data privacy, VPNs (Virtual Private Networks) have surged in popularity.

But not all VPNs are created equal. Some are designed for corporate use, while others cater to individuals looking for enhanced online anonymity. So, let’s break it down: What is a personal VPN? How does it work? And what benefits does it bring to the table?

****Understanding Personal VPNs****

A Personal VPN is a service that encrypts your internet traffic and routes it through a secure server, masking your IP address and online activities. Unlike business or corporate VPNs, which are typically used to provide remote employees with access to internal company networks, personal VPNs focus on individual users who want to protect their privacy, bypass geo-restrictions, or stay safe on public Wi-Fi.

Think of it as a digital invisibility cloak, one that shields you from prying eyes, whether they belong to hackers, advertisers, or even your own Internet Service Provider (ISP).

But why does this matter? Consider this: 70% of internet users worldwide are concerned about their online privacy (Statista, 2023). That’s a lot of people looking for ways to stay anonymous, avoid tracking, and prevent data breaches.

****How Does a Personal VPN Work?****

A VPN functions like a secure tunnel between your device and the internet. Here’s a simplified breakdown of what happens when you connect to a VPN server:

*   **Your device encrypts all outgoing internet traffic.** This means your browsing data, passwords, and online activities become unreadable to outsiders.

*   **The encrypted data is sent to a VPN server, located in a different region or country.** Your real IP address is replaced with one from the VPN server, making it appear as if you’re browsing from that location.

*   **The server forwards your requests to the internet.** Websites and services see only the VPN server’s IP address, not yours.

*   **Incoming data follows the same path back, fully encrypted.** This prevents hackers, ISPs, and governments from snooping on your activity.

****What Is a Personal VPN Server?****

For those who want even more control, a personal VPN server is an option. Instead of relying on a commercial VPN provider, you can set up your own VPN server; on a cloud platform, a home router, or a dedicated server. This offers:

*   **Full control over security settings**

*   **No reliance on third-party VPN providers**

*   **Faster speeds with fewer users sharing the server**

However, setting up a personal VPN server requires technical knowledge and maintenance. Most people opt for paid VPN services instead.

****Key Features of a Personal VPN********1\. Strong Encryption****

A good VPN uses AES-256 encryption; the same standard used by governments and banks. It ensures that even if your data is intercepted, it remains unreadable.

****2\. No-Logs Policy****

Some VPNs keep logs of your online activity, which defeats the purpose of using one. The best VPNs follow a strict no-logs policy, meaning they don’t track or store user data.

****3\. Multiple Server Locations****

Want to access Netflix libraries from different countries? A VPN with global server locations lets you bypass geo-blocks and censorship.

****4\. Kill Switch****

If your VPN connection drops unexpectedly, a kill switch cuts off your internet to prevent data leaks.

****5\. Split Tunneling****

Some users need certain apps to bypass the VPN. Split tunneling allows you to choose which traffic goes through the VPN and which doesn’t.

****6\. Fast Speeds****

VPNs can slow down your connection, but top-tier services use high-speed servers to **minimize lag and buffering**.

****What Is the Best VPN for Personal Use?****

With so many options, what is the best personal VPN? The answer depends on your needs. It is quite difficult to choose the most balanced solution in terms of security features, anonymity, functionality, speed, number of servers and price. According to VeePN VPN, users should choose a VPN with a proven history of protecting their privacy.

****What Is a Personal VPN on an iPhone?****

If you’ve ever seen a “Personal VPN” option in your iPhone settings, you might wonder what it means. Apple allows users to configure VPN connections manually or use third-party VPN apps. The built-in option is designed for those with a VPN configuration file (such as one provided by an employer or a self-hosted VPN).

****Benefits of Using a Personal VPN********1\. Privacy Protection****

Your ISP can see everything you do online. A VPN stops this by encrypting your traffic, preventing tracking, data collection, and targeted ads.

****2\. Security on Public Wi-Fi****

Hackers love public Wi-Fi networks. Airports, coffee shops, hotels. A VPN encrypts your data, making it useless to cybercriminals.

****3\. Access Restricted Content****

Whether it’s streaming services, websites blocked in your country, or social media platforms, a VPN can bypass geo-restrictions and censorship.

****4\. Safe Torrenting****

Downloading torrents can expose your real IP address. A VPN masks your identity, ensuring anonymous and secure torrenting. (Avoid downloading pirated software, eBooks, or engaging in any other illegal activities while torrenting.)

****5\. Avoid Bandwidth Throttling****

Some ISPs slow down your connection based on your activities (e.g., streaming, gaming). A VPN hides your activity, preventing speed throttling.

****6\. Better Online Deals****

Airline tickets, hotel rates, and rental services sometimes offer different prices based on your location. A VPN lets you change your virtual location and find better deals.

At the end of the day, a personal VPN is all about keeping your online activity private, secure, and unrestricted. Whether you want to protect your data on public Wi-Fi, stop your ISP from tracking you, or access content from different parts of the world, a good VPN can make a big difference. Not all VPNs are the same, so it’s important to pick one that actually protects your privacy without slowing you down. If you’re serious about staying safe online, using a VPN is one of the easiest and smartest ways to do it.

What Is a Personal VPN? Features, Benefits, and How It Works

The Importance of Balancing Cost and Security!

Finding a virtual private network (VPN) that offers complete privacy protection without breaking the bank might be difficult when worries about online privacy are growing. Many users must decide between paying for premium VPNs, which are usually expensive, and using free services that can **jeopardize their data**.

However, what if you could locate a reasonably priced service with robust privacy features? The top VPNs that ideally balance cost and security. Whether streaming, torrenting, or safeguarding your online presence, these options are tailored to meet your needs without breaking the bank. The key considerations for choosing a VPN are to explore the best budget-friendly options available today.

****Key Features to Look for in a Secure VPN****

When privacy is a concern, knowing which features are most important is fundamental because not all VPNs are equal. For example, any trustworthy **VPN** must-have military-grade encryption to shield your data from prying eyes. Protocols like OpenVPN or WireGuard ensure secure and efficient connections, and a strict no-logs policy keeps your browsing activity private.

The user experience can be improved by features like a kill switch, DNS leak protection, and multi-device compatibility. Transparency is essential for those worried about privacy; look for suppliers whose claims have been independently audited.

These fundamental capabilities are still available in low-cost VPNs, demonstrating that economy need not equate to sacrificing quality. By prioritizing these factors, you can ensure your VPN satisfies strict security requirements while remaining within your budget.

****Top Affordable VPNs for Streaming and Torrenting****

Streaming and torrenting are two of the most popular reasons individuals seek VPNs. However, these activities require a service with particular features, such as avoiding geo-restrictions and preserving quick, reliable connections. Cheap VPNs like NordVPN and Surfshark are excellent choices for these purposes.

While NordVPN offers dedicated P2P servers for torrenting, Surfshark allows unlimited device connections, making it perfect for families or individuals with many devices. Both providers can unblock well-known **streaming services** like Netflix and Hulu thanks to SmartDNS capability.

These VPNs demonstrate flawless streaming and safe torrenting, which is possible without breaking the bank. Purchasing a reasonably priced VPN with strong features might improve your online experience without compromising privacy.

****Evaluating Privacy Policies: No-Logs and Transparency****

Examining a VPN’s privacy policies is essential when selecting one. A “no-logs” policy guarantees that your actions stay anonymous by preventing the supplier from storing your browsing data. But not every no-log assertion is made equally.

To ensure transparency, choose VPNs that third parties audit, such as ExpressVPN and CyberGhost. These suppliers have demonstrated their commitment to protecting their customers’ privacy by permitting independent companies to audit their systems. 

The jurisdiction in which the VPN works should also be taken into account. Services based in privacy-friendly countries like Switzerland or the British Virgin Islands are not subject to invasive data retention laws. A transparent and reliable VPN policy is non-negotiable for privacy-conscious users; even budget-friendly options can meet these stringent standards.

****Practical Use Cases: Everyday Benefits of a Secure VPN****

More than just a tool for techies, a secure VPN is useful for regular users. A VPN lowers the danger of hacking by protecting private information on public Wi-Fi networks for frequent travellers. VPNs allow remote employees to safely access corporate networks without disclosing sensitive data.

Because a VPN protects users from online tracking and invasive advertisements, even casual internet users can benefit from increased privacy. Those with limited funds can use inexpensive VPNs like ProtonVPN and Windscribe because they provide free tiers with strong security features. Using a secure VPN to stream, shop online, or get around censorship guarantees that your digital activities stay private and protected.

****Affordable Privacy is Within Reach****

Finding a **cheap VPN** that meets your spending limit doesn’t have to be complicated. Concentrating on essential features like encryption, no-logs policies, and multi-device support may give you strong privacy without exceeding budget. Affordability and security can coexist, as shown by services like Surfshark, NordVPN, and ProtonVPN, which serve a range of use cases from streaming to regular online safety.

Accept the comfort of protecting your digital footprint while adhering to your spending plan. Users concerned about their privacy can browse the internet with confidence and security if they have the correct VPN.

Cheap Yet Secure: Top VPNs for Privacy-Conscious Users on a Budget

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive…

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive customer data.

A vulnerability was recently discovered by cybersecurity researchers Shubham Shah and Sam Curry in Subaru’s STARLINK-connected vehicle system, enabling them to remotely start, stop, and track vehicles. The vulnerability in Subaru’s Starlink in-vehicle service, allowed attackers to remotely control and track connected vehicles. 

The vulnerability, an arbitrary account takeover flaw in the Starlink admin portal, enabled the duo to compromise a Subaru employee account. This flaw could let them target vehicles and customer accounts across the United States, Canada, and Japan.

Exploiting this flaw, Curry and Shah could gain unauthorized access to sensitive customer and vehicle data, and even remotely control targeted vehicles. According to a blog post published by researchers, the issue originated from a flaw in the Subaru STARLINK admin portal, a system intended for employee use.

This portal had a critical vulnerability that allowed attackers to reset employee passwords without requiring any confirmation. This meant that by simply knowing an employee’s email address, an attacker could gain access to their account.

> _“It appeared that there was a “resetPassword.json” endpoint that would reset employees’ accounts without a confirmation token. If this worked how it was written in the JavaScript, then an attacker could simply enter any valid employee email and take over their account.”_
> 
> Sam Curry

Researchers further bypassed two-factor authentication (2FA) by manipulating the website’s code, effectively disabling the security measure. With unauthorized access to the admin portal, the researchers demonstrated the ability to, start, stop, lock, and unlock any Subaru vehicle, and access a year’s worth of detailed location history for any vehicle, including stops and engine starts, providing precise locations with updates every time the engine started. 

Furthermore, they could retrieve the personal information of any customer, including contact details, addresses, billing information (partially masked), and vehicle PINs. They could also add themselves as authorized users to other vehicles, effectively taking control of them without the owner’s knowledge.

Researchers reported this vulnerability to Subaru on November 20, 2024, and the company in response promptly addressed the issue, patching it within 24 hours. The findings were publicly disclosed on January 23, 2025.

****Previous Hacks by the Duo****

Sam Curry and Shubham Shah are well-known for their creative and innovative methods of uncovering security vulnerabilities and responsibly disclosing them to companies.

One of their notable discoveries involved exploiting vulnerabilities in the globally used Points.com loyalty system. This flaw allowed unauthorized access to sensitive user data, including names, addresses, email addresses, phone numbers, and transaction details.

In December 2022, Sam Curry identified a critical app flaw that compromised Honda and Nissan vehicles through their VINs. Attackers could exploit this vulnerability to unlock doors, honk horns, and flashlights, and even start the vehicle remotely.

In September 2024, Sam Curry and three other security researchers found a way to control Kia vehicles by exploiting vulnerabilities linked to their license plates.

1.  **How Hackers Can Remotely Unlock/Start Honda Cars**
2.  **Cybercriminals Exploit CAN Injection Hack to Steal Cars**
3.  **Critical Intel chip flaw left cars and IoT devices vulnerable**
4.  **Self-driving cars can be fooled by displaying virtual objects**
5.  **Tesla cars can be remotely hacked using drone, WIFI dongle**

Tag

#wifi