Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for FTC Files Complaint ...

 Compliance

The Federal Trade Commission (FTC) has filed a complaint against social app Sendit and its CEO Hunter Rice, alleging that the company unlawfully harvested children’s data, misled users about privacy protections, and violated federal children’s privacy law. The complaint, lodged in the U.S. District Court for the   show more ...

Central District of California, accuses the app’s parent company, Iconic Hearts, of building its business on deceptive practices while targeting one of the most vulnerable demographics online: children under 13. According to the FTC’s complaint, Sendit—an app that integrates with Snapchat and Instagram and allows users to ask anonymous questions and play interactive games—has been downloaded more than 30 million times. Its youthful user base, the agency said, was no accident. The app allegedly positioned itself as a fun, social environment for teenagers while simultaneously tracking their activity, collecting identifiers, and using the data for targeted advertising without parental consent. Alleged COPPA Violations At the core of the lawsuit is the Children’s Online Privacy Protection Act (COPPA), which requires companies to obtain verifiable parental consent before collecting personal information from children under 13. The FTC alleges Sendit not only failed to do this but also knowingly ignored evidence that its user base included large numbers of minors. The complaint cites internal company communications showing executives were aware that children as young as 11 years old were active on the app. Despite this, Iconic Hearts allegedly continued to collect data points such as device identifiers, IP addresses, and usage patterns, then monetized that information by selling ad space through third-party networks. “The defendants knowingly and unlawfully collected personal information from numerous children under the age of 13, without informing parents or obtaining their consent,” the filing said. Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, added to it saying, “Sendit’s operator and CEO were well aware that many of its users were under the age of 13 and still failed to comply with COPPA. At the same time, they manipulated many users, including children, into signing up for their weekly subscription service by sending fake messages and promising to reveal the identity of message senders but failing to deliver.” Deceptive Privacy Disclosures The FTC also accuses Sendit of misleading users about its privacy protections. The app’s disclosures and marketing promised control over who viewed personal data, but in practice those features were minimal and misleading. Furthermore, the FTC contends Sendit employed “dark patterns”—interface tactics that pushed users to share more information and stay active—even when they may not have understood the tradeoffs. Iconic Hearts and Rice are also accused of willfully targeting a juvenile audience. Rather than tailoring policies for children, the FTC alleges that Sendit fostered growth by minimizing friction at every turn, capturing attention and data while sidestepping transparency. The CEO is named personally to emphasize accountability at decision-making levels. The case against Sendit is the latest in a string of FTC enforcement efforts aimed at social media apps popular with minors. Just this month, Disney agreed to pay $10 million to settle similar allegations of unlawful data collection on children’s platforms. Regulators say the Sendit case illustrates how smaller, fast-growing apps can become blind spots in the broader fight over kids’ online safety. Also read: Disney to Pay $10M After FTC Finds It Enabled Children’s Data Collection Via YouTube Videos If Sendit and Rice lose, they face civil fines, orders to delete unlawfully obtained data, and ongoing oversight. The complaint seeks injunctive relief that could ban the company from collecting children’s data unless strict safety controls are in place. Sendit has yet to comment publicly. But the FTC’s strategy is to go after platforms targeting minors. These platforms need to include compliance into growth strategies—any app masking data extraction behind youthful engagement risks becoming the next enforcement headline.

image for EU Threat Landscape: ...

 Cyber News

The EU threat landscape is dominated by hacktivism, DDoS attacks and ransomware, according to the new 2025 ENISA Threat Landscape report. ENISA, the EU Agency for Cybersecurity, released the report today. It examines nearly 4,900 cyberattacks that occurred between July 2024 and June 2025 and offers insights into the   show more ...

broad cyber trends affecting the continent. Key findings include: DDoS attacks – largely launched by hacktivists – were by far the most common cyber incident, accounting for just under 77% of reported incidents. Intrusions were a distant second at just under 18%. Supply chain attacks are on the rise, and the lines between hacktivism, cybercrime and state-sponsored threats continue to blur, with “increasingly shared toolsets and modus operandi.” Ransomware was by far the most dominant malware type, accounting for 83.5% of all malware identified in intrusions. Backdoors, spyware, infostealers, RATs, banking trojans, webshells and keyloggers all accounted for 5% or less (chart below). [caption id="attachment_105675" align="aligncenter" width="372"] Most common EU malware (ENISA)[/caption] “The reporting period highlights a maturing threat environment characterised by rapid exploitation of vulnerabilities and growing complexity in tracking adversaries,” the report said. “Intrusion activity remains significant, with ransomware at its core.” Phishing, Vulnerability Exploits and Mobile Threats Dominate EU Threat Landscape Phishing was the most common initial intrusion vector at 60%, well ahead of vulnerability exploitation at 21.3%. Botnets and malicious applications were at 9.9% and 8%, and insider threats at just under 1% (chart below). [caption id="attachment_105673" align="aligncenter" width="345"] EU initial intrusion vector (ENISA)[/caption] Vulnerability exploits are much more likely than phishing to result in malware deployment, by 68% to 23%. “Overall, the distribution underscores that while phishing dominates the threat landscape, technical exploits, malware delivery mechanisms and insider risks remain meaningful concerns,” the report said. Artificial intelligence (AI) “has become a defining element of the threat landscape,” accounting for more than 80 percent of worldwide social engineering activity, with jailbroken models, synthetic media and model poisoning techniques being used to enhance threat actor effectiveness. ClickFix-style scams and the weaponization of compromised WordPress sites to distribute infostealers are other growing threat trends. Of recorded intrusions, 68.6% led to data breaches that were offered for sale on cybercrime forums, and 2.8% of those advertised breaches were presented as a direct outcome of a ransomware attack. Data exfiltration, including credential theft (8.9%) and strategic data collection (21.3%), accounted for 30.2% of intrusion outcomes, and fraud was an outcome in 1.2% of cases. Mobile threats account for the largest share of threats at 42.4%, followed by web threats at 27.3% (chart below). Operational technology (OT) threats represent 18.2% of threats and supply chain risks comprise 10.6% of threats, “showing that attackers are actively leveraging indirect pathways through third-party providers and dependencies.” [caption id="attachment_105672" align="aligncenter" width="360"] EU threats by attack type (ENISA)[/caption] Hacktivism, Cyberespionage and Cybercriminals in the EU State-aligned threat groups “intensified their long-term cyberespionage campaigns against the telecommunications, logistics networks and manufacturing sectors in the EU, demonstrating advanced tradecraft such as supply chain compromise, stealthy malware frameworks and abuse of signed drivers,” the report said. While hacktivist activity - much of it aligned with Russia - continues to dominate the EU threat landscape, accounting for nearly 80% of recorded incidents, it is “driven primarily by low-level distributed denial-of-service operations.” While only 2% of hacktivism incidents result in service disruption, “these campaigns demonstrate how low-cost tools are scaled for ideology-driven operations,” ENISA said. In terms of sectoral targeting, public administration networks remain a primary focus of attacks at 38%, notably for hacktivists and state-sponsored threat actors. Transportation has emerged as a high-value sector, particularly maritime and logistics. Aviation and freight operations have been the target of ransomware attacks, while “digital infrastructure and services remain strategic targets for both cyberespionage and ransomware operators,” ENISA said. Cybercriminals, meanwhile, have “notably responded to the actions of law enforcement by decentralising operations, adopting aggressive extortion tactics and capitalising on regulatory compliance fears.” Below is a breakdown of EU cyberattacks by motivation, with ideologically-driven attacks far outpacing financially-motivated attacks and cyberespionage. [caption id="attachment_105677" align="aligncenter" width="430"] EU cyberattack objectives (ENISA)[/caption]

 Feed

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel

 Feed

AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, "Workflow Clarity: Where AI Fits in Modern Automation," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed how organizations think about automation.

 Feed

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data

 Feed

Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an

 Feed

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy,

 Feed

In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution

 Feed

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of

 Android

Most of the apps on your phone are talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a goldmine. Read more in my article on the Fortra blog.

2025-10
Aggregator history
Wednesday, October 01
WED
THU
FRI
SAT
SUN
MON
TUE
OctoberNovember