Forem: Deepak Sharma

AI Agents Are Creating New Cybersecurity Risks Inside Companies

Deepak Sharma — Thu, 07 May 2026 11:56:19 +0000

Cybersecurity experts are warning that AI agents are being adopted faster than organizations can properly secure or manage them. As businesses increasingly use AI-powered assistants, automation tools, and autonomous agents, security teams are struggling to maintain visibility and control over what these systems are accessing and doing internally.

One major concern is that many AI agents operate with broad permissions across multiple applications, cloud systems, and internal tools. Unlike normal user accounts, AI agents can work continuously in the background and interact with sensitive business data at machine speed. This creates new security risks if proper governance is missing.

Researchers say many organizations currently lack centralized visibility into AI agent activity. In some environments, nearly half of identity-related activity may already be happening outside traditional identity and access management systems. This creates what experts describe as “identity dark matter” — hidden and unmanaged digital activity occurring without proper monitoring.

Another growing issue involves static credentials and overprivileged access. AI agents often rely on API keys, tokens, and service accounts that may not be rotated regularly. If attackers compromise these credentials, they can potentially gain long-term access to internal systems.

Security analysts also warn that organizations are deploying AI tools faster than they can implement security policies. Weak governance, excessive permissions, and poor auditing can allow AI systems to unintentionally expose sensitive information or create new attack surfaces for hackers.

Experts recommend continuous monitoring, strict access controls, credential rotation, least-privilege policies, and better visibility into AI-driven activity to reduce risks associated with enterprise AI adoption.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

MuddyWater Hackers Used Microsoft Teams to Steal Credentials

Deepak Sharma — Thu, 07 May 2026 11:49:09 +0000

Cybersecurity researchers have uncovered a new campaign linked to the Iranian state-backed hacking group known as MuddyWater. The attackers reportedly used Microsoft Teams as part of a social engineering attack to steal credentials and gain unauthorized access to targeted organizations.

According to security experts, the campaign was designed to look like a ransomware attack connected to the Chaos ransomware group. However, researchers later discovered that the real objective was espionage, credential theft, long-term persistence, and data exfiltration rather than file encryption.

The attackers reportedly contacted employees through Microsoft Teams and convinced them to join screen-sharing sessions. During these interactions, victims were manipulated into entering credentials, approving multi-factor authentication requests, or allowing remote access tools to be installed on their systems.

Researchers found that the attackers used tools like AnyDesk and DWAgent to maintain remote access after the initial compromise. Instead of encrypting files like traditional ransomware groups, the hackers focused on collecting sensitive information and maintaining hidden access inside the network.

Security analysts believe the use of Chaos ransomware branding was a “false flag” tactic designed to confuse investigators and make the attack appear financially motivated rather than state-sponsored espionage.

The incident highlights how cybercriminals and advanced threat groups are increasingly abusing trusted communication platforms like Microsoft Teams for phishing and social engineering attacks. Experts recommend organizations strengthen employee awareness training, restrict unnecessary remote access tools, monitor unusual login activity, and improve MFA security policies.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Mirai-Based xlabs_v1 Botnet Targets IoT Devices Through ADB Exploits

Deepak Sharma — Thu, 07 May 2026 11:46:01 +0000

Cybersecurity researchers have uncovered a new Mirai-based botnet called xlabs_v1 that is actively targeting internet-exposed devices using Android Debug Bridge (ADB). The malware is designed to hijack vulnerable IoT devices and use them for large-scale DDoS attacks.

According to researchers, the botnet mainly targets devices with ADB enabled on TCP port 5555. This includes Android TV boxes, smart TVs, set-top boxes, routers, and other IoT hardware connected to the internet. Once infected, these devices become part of a botnet controlled remotely by attackers.

The malware reportedly supports multiple attack methods across TCP and UDP protocols, allowing attackers to launch powerful distributed denial-of-service attacks against gaming servers and online services. Researchers also found that the malware can collect bandwidth information from infected devices to categorize them for different attack tiers.

Unlike traditional malware, the botnet does not heavily rely on persistence mechanisms. Instead, attackers re-infect devices repeatedly through exposed ADB services. Researchers also noted that the malware contains features designed to remove competing malware from infected devices so the attackers can fully control system resources.

Security experts warn that many IoT devices still ship with insecure default settings or exposed services, making them easy targets for Mirai-based attacks. Users are advised to disable ADB if not needed, change default credentials, update firmware regularly, and avoid exposing IoT devices directly to the internet.

The incident highlights the growing cybersecurity risks associated with poorly secured smart devices and internet-connected hardware.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Critical vm2 Vulnerabilities Expose Node.js Applications to Remote Code Execution

Deepak Sharma — Thu, 07 May 2026 11:11:28 +0000

Cybersecurity researchers have disclosed multiple critical vulnerabilities in the popular vm2 Node.js library, raising serious concerns for developers and organizations that rely on sandboxed JavaScript execution.

The vulnerabilities allow attackers to escape the sandbox environment and execute arbitrary code on the underlying host system. Security experts say the flaws mainly affect applications that use vm2 to run untrusted JavaScript code in isolated environments.

Several of the reported vulnerabilities received extremely high severity scores, with some rated as critical. Researchers found that attackers could abuse weaknesses in functions related to object handling, Promise callbacks, and sandbox protections to bypass security restrictions.

The issue is especially dangerous because vm2 is widely used in developer tools, online code runners, plugin systems, and cloud-based applications. If exploited successfully, attackers may gain full control over affected servers and execute malicious commands remotely.

Researchers also noted that sandbox escape vulnerabilities in vm2 have appeared multiple times in recent years, highlighting the difficulty of securely isolating untrusted JavaScript code.

Security experts strongly recommend updating to the latest patched versions immediately and reviewing systems that depend on vm2. Organizations are also advised to monitor applications for suspicious activity and reduce exposure wherever possible.

The incident once again highlights the growing cybersecurity risks within open-source software ecosystems and dependency chains used by modern applications.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Day-Zero Readiness Gaps Are Becoming a Major Cybersecurity Problem

Deepak Sharma — Thu, 07 May 2026 11:08:31 +0000

Cybersecurity experts are warning that many organizations are still unprepared for “day-zero” incidents, where attackers exploit vulnerabilities before companies can properly respond. Recent security reports highlight that operational gaps during the first few hours of a cyberattack are becoming one of the biggest reasons breaches turn into large-scale incidents.

One major issue is poor visibility. Many organizations lack proper access to logs, monitoring systems, and centralized security tools during active incidents. Without complete visibility, security teams struggle to understand how attackers entered the network, what systems were affected, and how far the compromise has spread.

Experts also warn that delayed approvals and slow access management create dangerous response delays. During an attack, incident response teams often waste valuable time waiting for permissions, account setup, or internal approvals instead of containing the threat immediately.

Another growing challenge is short log retention periods. Some companies only store logs for a few days or weeks, which can make investigations nearly impossible if attackers remained undetected for a longer period. Security researchers now recommend at least 90 days of log retention for better incident analysis.

The rise of AI-driven cyberattacks is making the problem even worse. Researchers say attackers are moving faster than ever, reducing the time organizations have to detect and contain breaches. Modern cybersecurity strategies are increasingly shifting toward an “assume breach” approach, where companies focus on rapid detection and containment rather than relying only on prevention.

Security experts recommend pre-approved incident response policies, tested emergency workflows, centralized logging, and continuous monitoring to improve day-zero readiness and reduce operational delays during cyberattacks.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Malicious PyPI Packages Deliver Hidden Malware on Windows and Linux

Deepak Sharma — Thu, 07 May 2026 10:46:58 +0000

Cybersecurity researchers have discovered several malicious packages on the Python Package Index (PyPI) that were secretly spreading a new malware family called “ZiChatBot.” The infected packages appeared legitimate but were actually designed to deliver malware to both Windows and Linux systems.

According to security researchers, the malware abused Zulip APIs as command-and-control infrastructure instead of using traditional hacker-controlled servers. This allowed the malicious activity to appear more legitimate and harder to detect.

The fake packages reportedly included names like uuid32-utils, colorinal, and termncolor. Some of these packages even depended on each other to hide the malicious behavior more effectively. Once installed, the malware could drop harmful files onto the victim’s system and execute hidden code in the background.

Researchers believe this was part of a carefully planned software supply chain attack targeting developers and users who trust open-source repositories. The campaign highlights the growing cybersecurity risks within software package ecosystems like PyPI.

Experts recommend that developers carefully verify packages before installation, monitor dependencies, avoid unknown libraries, and use security scanning tools to reduce supply chain risks. Keeping systems updated and reviewing package behavior before deployment can also help prevent infections.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

The Cyber Risks of Browser Notifications

Deepak Sharma — Thu, 07 May 2026 10:39:41 +0000

Browser notifications are designed to keep users updated with news, messages, and website alerts. However, cybercriminals are increasingly abusing browser notifications to spread scams, malware, and phishing attacks.

Many users unknowingly allow notification access while visiting websites. Some sites use misleading pop-ups such as “Click Allow to continue” or “Press Allow to verify you are not a robot.” Once permission is granted, the website can continuously send notifications directly to the user’s device.

Hackers often use these notifications to promote fake virus alerts, suspicious software downloads, gambling websites, or phishing pages. Because browser notifications appear similar to system alerts, users may trust them and click without thinking.

Another major risk is malware distribution. Some malicious notifications redirect users to infected websites that automatically download harmful files or trick users into installing fake applications. These programs can steal passwords, monitor activity, or compromise the entire device.

Browser notification abuse is also commonly used for advertising fraud and scam campaigns. Users may receive endless pop-ups promoting fake prizes, investment scams, or cryptocurrency fraud.

The problem becomes worse when users ignore browser settings and forget which websites were granted notification access. As a result, scam notifications may continue appearing for weeks or months.

To stay safe, users should only allow notifications from trusted websites, regularly review browser notification permissions, avoid clicking suspicious alerts, and keep browsers updated. Disabling unnecessary notifications can also reduce exposure to scams and malicious content.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

How Hackers Use AI-Generated Voices for Fraud

Deepak Sharma — Thu, 07 May 2026 10:37:54 +0000

Artificial intelligence has made voice technology more advanced than ever. Today, AI tools can clone a person’s voice within minutes using just a short audio sample. While this technology has useful applications, hackers are now abusing AI-generated voices for scams and financial fraud.

One common tactic is voice impersonation. Cybercriminals use AI-generated voices to pretend to be family members, company executives, or bank representatives. Victims may receive urgent phone calls asking for money transfers, OTPs, or sensitive information. Because the voice sounds realistic, many people trust the caller without questioning it.

Businesses are also becoming targets. In some fraud cases, attackers have used AI-generated voices to imitate CEOs or managers and instruct employees to transfer funds to fake accounts. These scams can cause massive financial losses within minutes.

Social media content is another source for voice cloning. Public videos, interviews, voice notes, and livestreams give hackers enough audio data to recreate someone’s voice using AI tools.

AI voice scams are especially dangerous because they create emotional pressure. A fake call pretending to be a friend or relative in trouble can push victims to act quickly before verifying the situation.

To stay safe, people should avoid sharing too much personal audio publicly, verify urgent financial requests through another communication method, and never trust voice calls alone for sensitive actions. Businesses should also implement verification processes for payment approvals and internal communication.

As AI technology continues to evolve, awareness and digital caution are becoming essential for protection against modern cyber fraud.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

The Hidden Threat Behind Public Telegram Groups

Deepak Sharma — Thu, 07 May 2026 10:35:15 +0000

Public Telegram groups have become popular for discussions, communities, file sharing, news updates, and online networking. While many groups are harmless, some public Telegram groups can expose users to serious cybersecurity and privacy risks.

One major danger is phishing and scam links. Cybercriminals often use public groups to spread fake investment schemes, giveaway scams, malware links, or fraudulent login pages. Since messages can spread quickly in large groups, many users click without verifying the source.

Another hidden risk is malware distribution. Some groups share cracked software, modified apps, or downloadable files that may contain spyware, ransomware, or trojans. Once installed, these malicious files can steal passwords, banking details, or personal data from a device.

Public Telegram groups can also expose personal information. Many users unknowingly reveal phone numbers, usernames, profile photos, or other sensitive details. Attackers may collect this information for social engineering, impersonation, or targeted phishing attacks.

Some cybercriminal groups even use Telegram to trade leaked databases, stolen credentials, hacking tools, or illegal digital content. Joining unknown groups without caution may expose users to harmful or suspicious activity.

Fake admins and impersonation accounts are another growing problem. Scammers often pretend to be trusted group admins or support staff to trick users into sharing OTPs, passwords, or payment information.

To stay safe, avoid downloading files from unknown users, never share sensitive information in public groups, enable privacy settings, and verify links before clicking. Users should also leave suspicious groups immediately and report harmful content when necessary.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Why CAPTCHA Alone Cannot Stop Bots

Deepak Sharma — Thu, 07 May 2026 10:30:17 +0000

CAPTCHA systems are designed to distinguish real users from automated bots by asking users to complete simple tasks like identifying images, solving puzzles, or typing distorted text. While CAPTCHAs can block basic automated attacks, they are no longer enough to stop modern bots on their own.

Today’s cybercriminals use advanced bots powered by artificial intelligence and machine learning. These bots can solve many CAPTCHA challenges with high accuracy, especially image-based or text-based systems. Some attackers even use CAPTCHA-solving services where real humans complete the challenge for a small fee.

Another problem is automation tools that bypass CAPTCHAs entirely. Sophisticated bots can imitate human behavior, including mouse movements, typing speed, and browsing patterns, making them harder to detect.

CAPTCHAs also create usability issues. Many users find them frustrating, time-consuming, or difficult to solve, especially on mobile devices. Complex CAPTCHAs can negatively affect user experience without fully stopping malicious traffic.

Some bots avoid CAPTCHA protection by targeting weak APIs or backend systems directly instead of interacting with the visible website interface. This means the CAPTCHA never gets triggered at all.

Cybercriminals also use stolen session cookies, compromised accounts, or residential proxy networks to make automated traffic appear legitimate. In these cases, CAPTCHA alone provides very limited protection.

Modern cybersecurity strategies now rely on multiple layers of defense, including behavioral analysis, rate limiting, device fingerprinting, AI-based threat detection, and strong authentication systems alongside CAPTCHA protection.

While CAPTCHA still helps reduce spam and simple automated attacks, it should not be considered a complete cybersecurity solution by itself.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

Can Your Fitness App Leak Your Location?

Deepak Sharma — Thu, 07 May 2026 10:28:21 +0000

Yes, fitness apps can accidentally expose your location and personal movement patterns if privacy settings are not managed properly. Many fitness and health apps collect GPS data to track activities like running, cycling, walking, and workouts. While this feature is useful for users, it can also create serious privacy and security risks.

Fitness apps often store detailed information such as routes, workout times, frequently visited places, and daily routines. If this data becomes public or falls into the wrong hands, it can reveal where you live, work, exercise, or travel regularly.

One major risk comes from public activity sharing. Some apps automatically share workout maps or activity details with other users unless privacy settings are changed manually. Hackers or stalkers may use this information to track someone’s habits and location patterns.

There have also been cases where fitness tracking data exposed sensitive locations, including military bases and restricted areas, because users unknowingly uploaded GPS activity maps online.

Another concern is third-party data sharing. Some fitness apps may share user data with advertisers, analytics services, or partner companies. If the platform suffers a data breach, personal location information could become exposed.

Weak passwords and poor account security can also allow attackers to access fitness app accounts directly. Once inside, they may view location history, personal information, and connected health data.

To stay safe, users should review app privacy settings, disable public activity sharing, avoid sharing live locations, and regularly check which permissions the app has access to. Using strong passwords and enabling two-factor authentication can also improve account security.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.

The Security Risks of Voice Cloning Technology

Deepak Sharma — Thu, 07 May 2026 10:26:40 +0000

Voice cloning technology uses artificial intelligence to copy and recreate a person’s voice with surprising accuracy. While this technology has useful applications in entertainment, accessibility, and customer service, it also creates serious cybersecurity and privacy risks.

One major danger is fraud and impersonation. Hackers can use cloned voices to pretend to be family members, company executives, or trusted individuals. In some scams, victims receive phone calls that sound completely real and are pressured into sending money or sharing sensitive information.

Voice cloning is also becoming a threat to businesses. Attackers may use AI-generated voices to trick employees into transferring funds, revealing confidential data, or bypassing internal verification systems. Since many people trust familiar voices, these scams can be highly convincing.

Another risk involves biometric security systems. Some services use voice recognition for authentication. If a cloned voice is realistic enough, hackers may attempt to bypass these systems and gain unauthorized access to accounts or sensitive information.

Social media and online videos make the problem even worse. Publicly available audio clips can be collected and used to train AI models capable of replicating someone’s voice with only a short recording.

Voice cloning can also be used to spread misinformation, fake statements, or manipulated audio clips that damage reputations and create confusion online.

To stay safe, people should avoid sharing sensitive information over calls without verification, use multi-factor authentication, and be cautious of urgent requests involving money or private data. Businesses should also strengthen identity verification processes beyond voice-based confirmation alone.

For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.