Chicago IT Support & Cyber Security | Forward Technologies

Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.

Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads

by

A sinister campaign known as ShadowCaptcha is using over 100 compromised WordPress sites as unwitting hosts, redirecting visitors to fake CAPTCHA pages. These deceptive pages trigger malware delivery ranging from credential stealers to ransomware and cryptocurrency miners.

Researchers from Israel’s National Digital Agency revealed that ShadowCaptcha merges social engineering with living-off-the-land tactics. Attackers aim to steal credentials, exfiltrate browser information, deploy cryptomining software, or trigger ransomware—depending on the route the victim takes. [Read more…]

Federal Court Cyberattacks Are a National Security Crisis, Wyden Warns

by

Cartoon-style illustration of a courthouse with digital security lock overlay, representing federal court cybersecurity risks.Cyberattacks on U.S. federal courts are no longer just IT problems. They now pose a national security threat.

That is Senator Ron Wyden’s warning in a blunt letter to Chief Justice John Roberts this week, urging the Supreme Court to address repeated breaches of the judiciary’s document filing and email systems. Wyden called the hacks “unacceptable” and said weak practices have left the courts “an inviting target” for foreign adversaries. [Read more…]

Hackers Hide Malware in DNS Records to Evade Detection

by

An endpoint computer receiving a DNS response, which reassembles into a malicious script, shown as puzzle pieces forming a bug icon at the user’s terminal.A new cybersecurity threat is emerging as attackers use DNS records—the very system that directs internet traffic—to hide malware. Instead of relying on email attachments or suspicious downloads, bad actors are embedding malicious payloads into DNS TXT records. This method sneaks malicious code past traditional defenses because security tools often ignore DNS traffic.

DNS, or Domain Name System, acts like the internet’s phonebook, translating domain names into IP addresses. It is so fundamental and routine that most security systems allow it without scrutiny. That makes it a perfect hiding place. According to researchers at Infoblox, attackers are disguising shellcode—malicious binary instructions—inside base64-encoded TXT records. These look like harmless text but are reassembled and executed by compromised devices once fetched.  [Read more…]

Stalkerware App Meant for “Parental Control” Leaks Passwords and User Data

by

A cartoon-style smartphone with glowing eyes hidden under a trench coat, sneaking data into a dark web dashboard while a folder labeled “Passwords” leaks out onto the ground.A surveillance app marketed as a stealthy tool for parents has exposed sensitive data from over 62,000 users, raising fresh concerns about the real audience for apps like it.

The app, called Catwatchful, claims to offer invisible monitoring for Android phones. According to its creators, it’s intended to help parents keep tabs on their children’s digital activity. But the app’s heavy emphasis on secrecy and undetectability tells a different story. On its website, Catwatchful boasts that it “cannot be detected,” “cannot be uninstalled,” and “only you can access the information it collects.” [Read more…]

Microsoft Plugs One Secure Boot Flaw While Leaving Another Wide Open

by

A cartoon-style illustration of a worried programmer sitting at a desk with a laptop that has a red padlock icon. Behind him, a menacing robot labeled "VULNERABILITIES" holds two scrolls marked "EXPLOIT." A yellow "SECURE BOOT" sign with a padlock and boot icon hangs on the wall, symbolizing compromised device security. The background is a textured purple.Security researchers have identified two major exploits in the Secure Boot system, both capable of sidestepping one of the most important protections on modern PCs. Microsoft has issued a patch for one of them. The other remains untouched, even as it offers attackers a nearly universal method to bypass security during the startup process.

This week’s patch from Microsoft addresses a vulnerability known as CVE-2025-3052. It impacts over 50 manufacturers whose systems rely on Linux modules to support boot processes. The flaw allows someone with physical access to a device to disable Secure Boot entirely. Once that’s done, they can install malware that loads before the operating system starts. The attack is particularly concerning because it’s stealthy and persistent, and in cases where a hacker already has administrative access, it can be triggered remotely. [Read more…]

Social Media

Forward Technologies
747 N LaSalle
STE 500B
Chicago, IL 60654
(312) 715-7806