Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Dear readers, please see the latest issue of the Security & Tech Insights newsletter

Please see the latest issue of the Security & Tech Insights newsletter on the impact of artificial intelligence. Thanks!

Dear readers, please see the latest issue of the Security & Tech Insights newsletter. AI is impacting every aspect of our lives, and this issue provides a compendium of articles that address some of those topics, including cybersecurity. I believe it will be providing a useful resource for everyone interested in emerging tech and cybersecurity, and especially AI. Thanks, and stay safe! Best, Chuck Brooks.

(Kindly follow me on LinkedIn for regular posts on topics of emerging tech, cybersecurity, innovation, risk management, and govcon).

#artificialintelligence #cybersecurity #tech #innovation #future

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool.

“Recent campaigns in June 2025 demonstrate GIFTEDCROOK’s enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and browser secrets,” Arctic Wolf Labs said in a report published this week.

“This shift in functionality, combined with the content of its phishing lures, […] suggests a strategic focus on intelligence gathering from Ukrainian governmental and military entities.”

Surging Investments in AI Are Transforming Cybersecurity

Kindly see my recent Forbes article: “”

Thanks and have a great weekend!

#artificialintelligence #cybersecurity #tech #investments #futuretrends

AI is transforming cybersecurity, and investments are following in close concert with those trends. AI systems seek to replicate human traits and computational capabilities in a machine and surpass human limitations and speed. Elements of AI emergence consist of machine learning and natural language processing. Today, AI can understand, diagnose, and solve problems from both structured and unstructured data—and in some cases, without being specifically programmed.

AI is becoming integral in cybersecurity, and companies are logically investing in AI-based defenses against cyberattacks, and the demand for them is expected to grow in the next few years. AI offers a logical collection of tools and the best chance for defenders that work in an environment characterized by an uneven threat level and are already short on workforce and money. The demand for AI is growing due to expanded risks and threats to enterprises.

This is unambiguous evidence that AI is becoming increasingly important in cybersecurity, and organizations must capitalize on its potential to remain competitive.

Continue reading “Surging Investments in AI Are Transforming Cybersecurity” | >

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.

“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines,” Koi Security researcher Oren Yomtov said. “By exploiting a CI issue a malicious actor could publish malicious updates to every extension on Open VSX.”

Following responsible disclosure on May 4, 2025, multiple rounds of fixes were proposed by the maintainers, before a final patch was deployed on June 25.

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

“The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors,” Jiří Kropáč, Director of Threat Prevention Labs at ESET, said.

ClickFix has become a widely popular and deceptive method that employs bogus error messages or CAPTCHA verification checks to entice victims into copying and pasting a malicious script into either the Windows Run dialog or the Apple macOS Terminal app, and running it.

The Slovak cybersecurity company said the highest volume of ClickFix detections are concentrated around Japan, Peru, Poland, Spain, and Slovakia.

Malware on Google Play, Apple App Store stole your photos—and crypto

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices.

The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices.

When installing crypto wallets, the installation process tells users to write down the wallet’s recovery phrase and store it in a secure, offline location.