News Heading - 1

Savvy Seahorse Uses Facebook Ads to Run Investment Scams

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A DNS threat actor, named Savvy Seahorse, has been observed using sophisticated and advanced techniques to lure victims into fake investment platforms.

According to Infoblox researchers, the gang utilizes Facebook/Meta ads and promises high-return investment opportunities.

They trick victims into depositing funds, entering their personal and financial information into seemingly legitimate investment platforms by impersonating reputable brands like Meta and Tesla. Victims were instructed to utilize Visa/Mastercard, a crypto wallet, or Russian payment providers such as Qiwi and YooMoney to make investment payments.

In addition, using fake ChatGPT and WhatsApp bots, hackers are able to generate automated responses to directly interact with and convince potential victims.

The campaign is mainly directed at Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers. However, there were also victims from Ukraine, India, Fiji, Tonga, Zambia, Afghanistan, and Moldova.

The threat actors decided whether or not redirection will occur by following a series of validation checks on the user shared information, like IP address, geolocation, phone number, and email provided.

Moreover, by taking advantage of Domain Name System (DNS) in an obscure way, the hackers leverage DNS canonical name (CNAME) to create a traffic distribution system (TDS) for their financial campaign.

‘’As a result, Savvy Seahorse can control who has access to content and can dynamically update the IP addresses of malicious campaigns,’’ Infoblox researchers said .

‘’This technique of using CNAMEs has enabled the threat actor to evade detection by the security industry; to our knowledge, this is the first report to focus on the use of CNAMEs as a TDS engineered for malicious purposes.’’

Savvy Seahorse has been operational since at least August 2021, with short-lived individual campaigns lasting between 5 to 10 days. ‘’Although participating domains are sometimes flagged by security tools, the greater infrastructure and actor behind them have gone undetected by the security industry,’’ Infoblox revealed.

News Heading - 2

AI-Powered CutOut.Pro Data Breach Exposes PII of 20 Million Users

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Hong Kong-based AI service platform, Cutout.Pro, suffered a massive data breach wherein personal information of nearly 20 million users was compromised.

The February 2024 breach exposed member information, including email and IP addresses, names, profile pictures, account creation and other details, mobile phone numbers, API access keys, and hashed and salted passwords. Thus, triggering security and privacy concerns.

CutOut.Pro’s marketing department however, denied the data breach claims, labeling it as a ‘clear scam,’ reports Hackread . The company claimed to have “never received any emails from users stating that their accounts have been hacked or their information leaked.”

Data breach monitoring and alerting sites like, Hackread.com and Troy Hunt’s Have I Been Pwned ( HIBP ) independently verified the breached data, and their evidence proves the breach legitimacy.

Hackread verified 20 leaked email addresses by attempting to register on CutOut.Pro website, and it found accounts registered and in use for the said email addresses.

HIBP has also added the breach on its platform, confirming exposure of 19,972,829 user accounts.

Despite the company’s denial, both past and present CutOut.Pro users are advised to reset their passwords both on the platform and other websites where similar credentials have been used.

Furthermore, users should watch out for any suspicious activity linked to the online accounts and beware of targeted phishing attempts.

This is not the first time that CutOut.Pro users have had their data compromised. In early 2023 , researchers at Cybernews discovered that the company’s open Elasticsearch servers leaked 9 GB worth of user data.

Founded in 2018, CutOut.Pro is an AI-powered platform that refines photos and video content.