data exfiltration Archives

Winsage

December 1, 2025

Microsoft confirms that its new AI agent in Windows 11 hallucinates like every other chatbot and poses security risks to users

Microsoft has introduced agentic AI capabilities for Windows 11 through the 26220.7262 update, aligning with the trend of using large language models to enhance user experiences. The company has warned about potential risks associated with these new features, including the possibility of "hallucinations" and "novel security risks," specifically highlighting a vulnerability known as cross-prompt injection (XPIA). This flaw could allow malicious content to override agent instructions, leading to unintended actions like data exfiltration or malware installation. Microsoft’s move to integrate these AI features reflects a response to competitive pressures in the tech industry, despite the known flaws and security vulnerabilities associated with them.

Winsage

December 1, 2025

Microsoft says AI agents are “risky”, but it’s moving ahead with the plan on Windows 11

Microsoft is integrating AI agents into Windows 11, despite acknowledging risks such as hallucinations, unpredictable behavior, and vulnerabilities to cyber threats like Cross Prompt Injection (XPIA). The company plans to transform every Windows 11 PC into an AI-powered machine by introducing features like Copilot Voice, Copilot Vision, and Copilot Actions. The Windows 11 taskbar will feature a new "Ask Copilot" interface for users to interact with AI agents. These agents will operate under separate accounts with limited permissions, controlled folder access, and tamper-evident logs, but still have access to personal folders like Documents and Downloads. The Agent Workspace is a key feature that allows AI agents to perform tasks in a controlled environment, separate from the user's session. Agents can interact with applications and execute multi-step tasks while being monitored. Microsoft employs the Model Context Protocol (MCP) to regulate agent interactions with applications, ensuring security and proper permissions. Despite concerns over privacy and security, Microsoft believes that integrating AI is essential for keeping Windows competitive. The company has faced backlash over previous features like Recall, which raised privacy issues, and must work to rebuild trust with users. The experimental AI features are currently optional, and Microsoft aims to demonstrate their value to encourage acceptance.

Winsage

November 30, 2025

Microsoft Issues Warning To Windows 11 Users – This AI Feature Can Install Viruses

Microsoft is transitioning to Windows 11 with the introduction of an "agentic OS," featuring experimental components called Agent Workspace, currently available to select Windows Insiders. These agentic features will be disabled by default due to potential security risks, including cross-prompt injection (XPIA) that could allow unauthorized access to user files. When activated, agent accounts can access the user profile directory, which raises concerns about data exfiltration and malware installation. The AI applications, including Copilot, will have visibility into the entire display, prompting users to consider privacy implications. Agent workspaces are designed to provide scoped authorization and runtime isolation, allowing users to manage access to files while using their devices. However, initial user reactions have been mixed, with ongoing concerns about security and functionality.

Winsage

November 20, 2025

Sure, Why Not: Windows 11 AI Agents Might Install Malware On Your PC

Microsoft's recent update highlights the risks associated with its new "Experimental Agentic Features" in AI, which are designed to interact with user applications and files. These AI agents can perform complex tasks but may also produce unexpected outputs and introduce security risks, such as cross-prompt injection (XPIA), leading to potential data exfiltration or malware installation. While Microsoft emphasizes the need for human oversight in AI-generated decisions, concerns about data integrity and system safety persist. The term "hallucinations" is used to describe instances of erroneous outputs from AI, suggesting a broader issue within generative AI technology. Currently, Windows 11’s agentic workspace feature is disabled by default, but the long-term status of this safeguard is uncertain as Microsoft integrates AI further into its products.

Winsage

November 19, 2025

Your AI May Install Malware: Microsoft Stock (NASDAQ:MSFT) Slips With New Agentic AI Warning

Microsoft has issued a cautionary note regarding its upcoming agentic AI feature in Windows 11, advising users to approach it with care. The feature will be disabled by default due to potential risks, including cross-prompt injection (XPIA), which could lead to data exfiltration or malware installation. This warning has caused a slight dip in Microsoft's stock as investors reassess the implications of the technology. Analysts on Wall Street maintain a positive outlook on Microsoft’s stock, with a consensus rating of Strong Buy and an average price target suggesting a promising upside potential of 28.44%.

AppWizard

November 14, 2025

Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover

A recent investigation revealed significant security vulnerabilities in Android-powered digital photo frames, particularly those using the Uhale app (version 4.2.0). These vulnerabilities allow preinstalled applications to autonomously download and execute malware, granting remote attackers complete control of the device without user interaction. The malware is sourced from infrastructure linked to China, with domains like dc168888888.com and webtencent.com distributing malicious content. Many antivirus applications inadequately detect these threats. The Uhale app has high-risk vulnerabilities, including insecure HTTPS trust management and insufficient input validation, enabling remote code execution with root access. Brands associated with Uhale include BIGASUO, Canupdog, Euphro, and others. Exploits can lead to data exfiltration, access to private photos, and further attacks within home and enterprise environments. Technical oversights include outdated Android 6 firmware, disabled SELinux, weak cryptographic protections, and lack of authentication for incoming file transfers. Compromised frames can serve as surveillance tools or points for data exfiltration, posing risks to both home and enterprise networks. Users are advised to disconnect affected frames and monitor for unusual behavior.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

Tech Optimizer

November 13, 2025

Emotet: The horse returns to a gallop more dangerous than ever

Emotet is a Trojan Horse malware that emerged in 2014, impacting over 1.6 million devices and originally designed to steal banking credentials. Developed by the MealyBug criminal organization, it evolved into a modular Trojan-dropper, enabling it to download various payloads and act as Malware-as-a-Service on the dark web. Emotet spreads primarily through spam emails, often using malicious Word or Excel files, and has been disseminated via local area networks and password-protected zip folders. The malware operates through botnets categorized into epochs, with Epochs 1, 2, and 3 dismantled in 2021 by a coordinated international operation. Following this, Emotet resurfaced in November 2021 as Epochs 4 and 5, incorporating a Cobalt Strike beacon for enhanced propagation. Recommended precautions include keeping software updated, using two-factor authentication, and educating employees about email threats. Network administrators are advised to block unscannable email attachments, configure specific email filters, and maintain secure backups.

Tech Optimizer

November 13, 2025

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Security researchers have identified a malware campaign using the ClickFix social engineering technique to spread information-stealing malware on Windows and macOS. The campaign targets users searching for cracked software, leading them to malicious Google-hosted landing pages. Victims encounter fake security warnings that prompt them to execute a malicious command, resulting in the installation of infostealer malware. Windows users receive the ACR stealer, while macOS users get the Odyssey stealer, both delivered in password-protected ZIP files. ACR also loads additional malware like SharkClipper, which hijacks cryptocurrency clipboard data. The campaign has seen a 700% increase in ACR logs in May 2025, with ClickFix becoming the most common initial access method, accounting for 47% of all initial access schemes. The malware collects various user data, including passwords and cryptocurrency wallets, and operates in a fileless manner to evade detection. Security experts advise against executing unverified commands and recommend enhancing endpoint detection capabilities to combat these threats.

AppWizard

October 30, 2025

NFC Relay Attack: 700+ Android Apps Harvest Banking Login Details

Researchers at zLabs have identified over 760 malicious Android applications that exploit Near Field Communication (NFC) technology to steal banking credentials and facilitate fraudulent transactions. This cybercrime campaign has expanded from isolated incidents in April 2024 to a widespread operation targeting financial institutions in countries including Russia, Poland, the Czech Republic, Slovakia, and Brazil. The malware utilizes social engineering tactics by impersonating around 20 legitimate banking institutions and government services, such as VTB Bank, Tinkoff Bank, and the Central Bank of Russia. The malware ecosystem is supported by over 70 command-and-control servers and private Telegram channels for data exfiltration. Attackers deceive victims into granting dangerous NFC permissions, allowing the malware to intercept payment data during contactless transactions. Some campaigns use paired applications for data extraction and fraudulent purchases, while others focus solely on data exfiltration. The malware maintains communication with its command-and-control infrastructure, enabling real-time relay attacks to conduct transactions using victims' payment credentials. The rapid spread of this NFC-based payment malware highlights the adaptability of cybercriminals as contactless payment technologies become more common. Financial institutions are urged to enhance fraud detection systems, mobile device manufacturers should tighten NFC permission controls, and users are advised to be cautious when granting NFC access to applications.