More from Cybersecurity & Privacy

• 
  Europol Cracks Down on DDoS Youth

  Europol has intensified efforts to dismantle DDoS-for-hire services by targeting young users across 21 countries in Operation PowerOFF. During a recent coordinated week, authorities took down 53 domains, issued 25 search warrants, and arrested four suspects linked to over 75,000 users. The campaign now shifts to prevention, showing targeted warnings to youth searching for DDoS tools and removing 100 related URLs from search engines. This move highlights the growing concern over cybercrime's appeal to younger generations and aims to curb future attacks.

• 
  China Warns EU on Cybersecurity Crackdown

  China has issued a stern warning to the European Union, threatening reciprocal actions if the bloc enforces its proposed cybersecurity regulations targeting Chinese firms like Huawei and ZTE. The EU's draft law aims to mandate the removal of companies deemed security risks from 5G networks and potentially other critical sectors. This marks a significant escalation in tech tensions, with China signaling broad retaliation if labeled a cybersecurity threat. The coming months will reveal how Brussels balances security concerns with diplomatic fallout.

• 
  AI-Driven Hack Hits Vercel Cloud

  Cloud platform Vercel suffered a sophisticated security breach linked to a compromised third-party AI tool, Context.ai, which allowed attackers to access some internal systems and customer credentials. The breach, suspected to be AI-accelerated, affected a limited number of users, prompting immediate credential rotation. With many crypto frontends hosted on Vercel, the incident raises concerns about supply chain vulnerabilities and the risks posed by AI-powered attacks. Vercel has enhanced protections and continues investigating, urging customers to monitor their environments closely.

• 
  Brussels Age-Check App Cracked Fast

  Brussels' new age verification app was hacked in just two minutes, exposing serious security flaws. The app, intended to protect minors, failed to safeguard users' data, leading to privacy breaches including unauthorized photo manipulations. This incident raises urgent questions about the reliability of digital ID systems and the protection of personal information. Authorities must now urgently review and strengthen the app's security to restore public trust.

• 
  GitHub's Fake Star Market Unveiled

  A peer-reviewed study from Carnegie Mellon University revealed a staggering 6 million fake stars across nearly 19,000 GitHub repositories, with AI and LLM projects being the largest non-malicious targets. These stars, sold openly for as little as $0.03 each, are used by venture capitalists as key signals for funding decisions, inflating project popularity artificially. Our independent analysis confirmed that some repositories have up to 76% fake stargazers, exposing a shadow economy thriving in plain sight. With regulatory penalties looming, the tech community faces urgent calls to clean up this deceptive ecosystem.

• 
  ZionSiphon Malware Hits Israeli Water Systems

  Cybersecurity experts have uncovered ZionSiphon, a new malware targeting Israel's critical water treatment and desalination infrastructure. Designed to manipulate chlorine and pressure controls, it exploits OT protocols like Modbus and DNP3, posing a serious threat to national utilities. Although still in development, its focus on Israeli IP ranges and sabotage capabilities signal a politically motivated cyberattack. Authorities are now on high alert to prevent any operational disruptions.

• 
  Vercel Hack Sparks Crypto Key Overhaul

  A security breach at Vercel, a key web infrastructure provider, has forced numerous crypto teams to urgently rotate API keys and audit their codebases. The hack exploited a third-party AI tool, compromising access to sensitive environment variables that connect crypto apps to blockchain services. This incident puts a spotlight on the vulnerabilities in frontend hosting for Web3 projects, with teams like Orca quickly responding to secure their deployments. Investigations continue as the community braces for potential fallout.

• 
  Prompt Injection: AI’s New Phishing Threat

  A fresh wave of prompt injection attacks is forcing AI chatbots to reveal sensitive data by cleverly disguised commands, much like phishing tricks humans. This persistent security flaw highlights a fundamental vulnerability in AI systems, making it a critical challenge for developers and users alike. Experts warn this issue is unlikely to disappear soon, urging ongoing vigilance and innovation in AI defenses.

• 
  Apple Alert Phishing Scam Surges

  A new phishing scam exploits legitimate Apple account change notifications to trick users into believing an $899 iPhone purchase was made on their account. The emails, sent from Apple's own servers, include a fake support number to call, where scammers attempt to steal personal and financial information. This tactic bypasses spam filters by embedding phishing messages in account name fields, making the alerts appear authentic. Users should be wary of unexpected purchase alerts and unsolicited support calls, as Apple has yet to respond to this ongoing threat.

• 
  NIST Halts Ratings for Low-Risk Flaws

  NIST announced it will stop assigning severity scores to lower-priority vulnerabilities due to a 263% surge in submissions, overwhelming its capacity. Starting April 15, only flaws affecting critical software, federal systems, or listed in CISA’s KEV catalog will receive detailed analysis. While all vulnerabilities remain listed in the National Vulnerability Database (NVD), lower-risk issues will rely solely on ratings from their original evaluators. This shift aims to focus resources on the most impactful threats, though NIST will still accept requests to enrich low-priority entries.