More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
Such services have been leveraging human solvers to perform CAPTCHA-breaking tasks instead of utilizing machine learning and optical character recognition, a report from Trend Micro showed.
Real-time CAPTCHA transmission through API calls has been made possible by bot operators' access to the complete workflow of the CAPTCHA-solving process. Aside from using CAPTCHA-breaking services, attackers have also been leveraging proxyware offerings to better bypass antibot protections, with a proxyware network utilized in a CAPTCHA-breaking service aimed at the Poshmark social commerce marketplace.
"CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective. While online web services can block abusers' originating IPs, the rise of proxyware adoption renders this method as toothless as CAPTCHAs," said Trend Micro researcher Joey Costoya.
Air Canada has confirmed being impacted by a data breach that compromised some of its employees' limited personal data and other records, reports The Record, a news site by cybersecurity firm Recorded Future.
GitHub has introduced passkeys for general availability two months after the feature was released in beta as part of its efforts to bolster phishing protections with wider passwordless security adoption, according to BleepingComputer.