Risky Bulletin: Voice cloning defenses still weak, can be bypassed

Written by

Catalin Cimpanu

News Editor

This newsletter is brought to you by cloud security firm Prowler . You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed .

Modern security systems designed to protect user voices from getting cloned are still weak and can be bypassed with the proper tools.

These systems work by injecting random noise in voice audio recordings in order to prevent AI-based cloning technology from copying a user's voice. Voice cloning attacks are still possible, but they produce low quality output that can be easily detected and flagged by both manual reviewers and automated systems.

But three researchers from the University of Texas, in San Antonio, say that these systems are not complex enough and can be easily bypassed if attackers account for the added noise.

The research team has created a tool named VocalBridge that "purifies" the noise-injected tracks and restores the original voices.

The attack combines the work done by other researchers in denoising certain algorithms and creates a model that can account for different noise and perturbation patterns for increased effectiveness and performance.

According to tests against five voice perturbation/noising tools (AntiFake, SafeSpeech, POP, GAN-ADV, and Attack-VC), VocalBridge was able to restore original voices enough to bypass voice cloning defenses.

Authentication Restoration Rate (ARR), an indicator if the voice was able to bypass voice cloning defenses, was between 23% and 45%. The number looks small until you realize that voice authentication has been used to protect extremely sensitive accounts at banks and telcos.

The paper's results confirm early warnings about the shakiness and latent danger of " voice print " authentication that many banks and ISPs have rolled out across the US this decade.

"It's become easy for anyone to spoof the voice of other people if there are recordings of them talking," programmer and Techmeme editor Spencer Dailey wrote back in 2021.

With the explosion and proliferation of AI, some banks have realized their boo-boo and gone back on their initial rollouts. Voice prints have been demoted as a second-factor, but there are still a few places where they are the first and only factor for phone-based user interactions, like tech and customer support channels.

Regardless, bypassing a voice print as the MFA second challenge is still a holy grail for many attackers, even at seemingly low 20-40% success rates, if the end goal is attractive enough.

Risky Business Podcasts

In this special documentary episode , Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stoll’s famous Cuckoo’s Egg story.

Breaches, hacks, and security incidents

Target breach: American retailer Target has taken its Git server offline to investigate a possible breach. Hackers claimed to have accessed the company's internal code and developer documentation. Some of the data was posted online as proof, seeking buyers for the rest. [ BleepingComputer ]

JPMorgan Chase breach: American bank JPMorgan Chase is notifying customers that had their data stolen in a security breach at an outside law firm. Almost 700 customers were affected after hackers stole data from a shared network drive at Fried, Frank, Harris, Shriver & Jacobson. Goldman Sachs also notified customers last month related to the same incident.

McDonald's Romania fined for breach: Romania's data protection agency has fined McDonald's €8,000 for a security breach of one of its apps that exposed the data of its employees. [ HotNews.ro ] [ h/t Sergiu P. ]

Endesa breach: Spain's second-largest energy provider has disclosed a security breach. Endesa says hackers accessed customer contract-related information. This includes names, ID numbers, and even bank account information.

Kyowon Group ransomware attack: A ransomware attack has crippled the activity of South Korean e-learning company the Kyowon Group. The attack has taken down the company's Kumon and Red Pen educational portals. The attack took place on Monday and the company shut down the platforms while it restores systems. [ nGetNews ] [ h/t Cha Minseok ]

Nissan ransomware incident: The Everest ransomware group has listed Japanese automaker Nissan on its dark web leak site. The company has yet to confirm a breach. [ CyberDaily ]

Ransomware attack cripples Belgian hospitals: A ransomware attack has forced two hospitals owned by Belgian healthcare company AZ Monica to cancel operations. [ GVA ]

Betterment hack: The Betterment investment platform says hackers breached one of its marketing partners and emailed customers crypto scams. [ The Verge ]

Cyberattack on Polish power grid: Poland says it repelled a cyberattack that targeted its power grid in the last week of December. The attack targeted the communications between renewable installations and power distribution operators. Polish energy minister Milosz Motyka described it as the largest cyberattack in years against its power grid. Officials didn't attribute the attack. [ Reuters ]

South Korea considers Coupang CEO travel ban: South Korean authorities are considering imposing a travel ban on the Coupang CEO after the company suffered a catastrophic data breach last year. Harold Rogers was appointed interim CEO after the company's chief executive Park Dae-jun resigned at the start of December. Rogers failed to appear in front of a government committee at the start of the year. The Coupang data breach exposed the personal details of 33.7 million customers, covering most of South Korea's adult population. [ The Korea Times ]

General tech and privacy

Firefox 147: Mozilla has released Firefox 147. New features and security fixes are included. The biggest feature in this release is support for the Safe Browsing V5 protocol and the ability to auto-open videos in Picture-in-Picture mode if a tab is in the background.

Apple picks Gemini: Apple has selected Google's Gemini as the backbone for Siri's AI capabilities.

Government, politics, and policy

Malaysia bans Twitter: The Malay government has joined Indonesia in blocking access to Twitter after the site rolled out an AI feature that allows users to create nonconsensual nude photos of other users, a feature that was widely abused even for child pornographic content. [ Euronews ]

Roskomnadzor fines 33 telcos: Russia's telecommunications watchdog has fined 33 telecom operators for failing to install traffic inspection and content filtering equipment. Fines were imposed on both telcos and responsible employees. After Russia's invasion of Ukraine, the Roskomnadzor has mandated that all telcos must install equipment that inspects user traffic and blocks access to "undesired"  sites.

India tightens crypto KYC: The Indian government has updated know-your-customer (KYC) requirements for cryptocurrency exchanges operating in the country. Starting this year, crypto platforms will have to obtain a government ID scan, tax numbers, a selfie, and geolocation data for all customers. Platforms will also have to verify bank accounts, email addresses, and phone numbers before allowing users on their services. [ The Hindu ]

India wants access to smartphone source code: Indian officials are working on new legislation that will force all smartphone makers to share their source code with the government. The government will also be able to force companies to change their software if needed. Smartphone makers that refuse will be denied access to the Indian market. Officials say the measures are intended to fight fraud and malicious apps. Large manufacturers like Apple and Samsung are pushing back against the proposal. [ Reuters ]

Vietnam banks to block rooted devices: Vietnamese banks will be required to disable their mobile banking apps on rooted devices starting in March. Mobile apps will also be disabled if a debugger is attached to the device. The new requirements were imposed by the central bank to fight the rising number of fraud reports and malware infections. [ Vietnam.vn ]

Russia expert leaves Cyber Command: The commander of the Russia task force at Cyber Command was relieved from duty after a disagreement with his leadership. [ The Record ]

Sponsor section

In this Risky Business sponsor interview , Prowler founder and CEO Toni de la Fuente explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths’ in the context of cloud infrastructure and using them to minimise risk.

Arrests, cybercrime, and threat intel

AVCheck admin arrested: Dutch police have arrested the administrator of the AVCheck cybercrime service. A 33-year-old Dutch national was detained at the Amsterdam airport after returning from the United Arab Emirates. Dutch police seized AVCheck in May of last year. The service was used to test malware against a range of antivirus software before deploying it in real attacks. [ h/t RVD ]

Malicious Chrome extension: Socket Security has discovered a malicious Chrome extension that steals API keys for the MEXC cryptocurrency exchange. The extension is named the MEXC API Automator, was published in September last year, and is still active on the Chrome Web Store.

SmarterMail scanning: As expected, GreyNoise is seeing threat actors scan for SmarterMail servers after a major vulnerability was disclosed in the platform last month.

SpyX traced back to China: A leak of internal documents from stalkerware maker MSpy has indirectly exposed the owner of a rival operation. An analysis of the files traced the SpyX stalkerware to a Hong Kong tech company named Gbyte. The SpyX owner allegedly bought an MSpy license, refunded it and reported it as credit card fraud. The appeal process exposed his cardholder data and connection to MSpy's competitor. [ Maia blog ]

Stormous ransomware "alliance": Threat intelligence analyst Marco A. De Felice looks at how an " alliance " announced last October between seven ransomware platforms has failed to launch off the ground.

Malware technical reports

AsyncRAT: Trend Micro looks at the campaign of a threat actor that uses Cloudflare's free-tier and TryCloudflare tunneling services to host malicious infrastructure that later delivers the AsyncRAT trojan.

Remcos RAT: A Securonix report looks at SHADOW#REACTOR , a malware delivery campaign deploying the Remcos RAT.

CastleLoader: The ANY.RUN team has published a breakdown of CastleLoader , one of the new malware loaders that appeared towards the end of last year.

VoidLink: A new complex malware strain is infecting Linux-based cloud environments. The new VoidLink malware is focused on strength and comes with an extended modular structure. It includes plugins for reconnaissance, credential harvesting, privilege escalation, persistence, and lateral movement across Docker and Kubernetes environments. Check Point believes the malware was coded by Chinese-speaking developers.

Sponsor section

In this sponsored product demo, Prowler founder and CEO Toni de la Fuente walks Risky Business host Patrick Gray through the company's open-source cloud security platform. Toni demonstrates how Prowler can identify and remediate security issues across AWS, Azure, GCP, and Kubernetes. There's a pointy-clicky GUI interface and a CLI, and both come in handy in different ways. The Prowler platform is completely free and open source, but there is a hosted version you can pay for if you don't want to run it yourself.

APTs, cyber-espionage, and info-ops

UAC-0190 (Void Blizzard, Laundry Bear): Russian cyber-espionage group Laundry Bear has launched several campaigns against members of the Ukrainian military. The group poses as charitable foundations to lure servicemen to malicious sites. The campaign has been going on since October and victims are contacted via private messengers.

Contagious Interview infrastructure: Security firm Red Asgard has uncovered new infrastructure used by North Korean hackers for their Contagious Interview campaigns.

"We found North Korean malware in a client's Upwork project. Then we spent five days mapping the attackers' infrastructure."

Scottish independence Iranian info-op goes silent again: Back in June, when Israel and the US attacked Iran and the government shut down the internet across the country, accounts linked to a pro-Scottish independence movement also went silent on social media for weeks. Now, as Iran is dealing with massive protests and has shut down the internet again, the same network has once again gone silent. [ The Herald ]

Vulnerabilities, security research, and bug bounty

Instagram fixes password reset bug: Instagram has fixed a vulnerability in its password reset process. The bug has been abused in the wild to spam users with password reset emails. The company also denied recent reports that its API was scraped in 2024 and user data is now being sold online.

Mailpit vulnerabilities: The Mailpit email testing tool has fixed two vulnerabilities , a SSRF and a cross-site WebSocket hijacking bug.

OpenProject vulnerabilities: Mantodea researchers have discovered multiple vulnerabilities in OpenProject, an open-source project management platform.

ConnectPOS cred leak: A popular POS vendor has leaked its GitHub access token in its documentation for the past four years. ConnectPOS has revoked the token after being notified by Sansec researchers last week. The token would have allowed threat actors to steal credit card data from customer devices, insert backdoors, or poison software updates.

FortiSIEM bug write-up: Horizon3 has published a write-up and PoC for an August 2025 vulnerability in Fortinet's FortiSIEM product.

Patch Tuesday: Yesterday was the January 2026 Patch Tuesday. We had security updates from Adobe , Microsoft , IBM , Dell , SAP , Fortinet , VMware , AMD , Schneider Electric , Siemens , Netgear , Firefox , and Apache Camel . Android , Chrome , Cisco , Trend Micro , Moxa , Samsung , Qualcomm , ASUS , D-Link , HPE , Veeam , QNAP , ABB , n8n , Grafana , and Kubernetes released security updates last week as well.

Microsoft Patch Tuesday: This month, Microsoft patched 114 vulnerabilities , including fixes for an actively exploited zero-day, CVE-2026-20805 , a Windows desktop manager information disclosure.

Infosec industry

Threat/trend reports: Check Point , CyFirma , Dr.Web , Fortified Health Security , Recorded Future , SeaGlass , SpiderLabs , and the World Economic Forum have recently published reports and summaries covering various threats and infosec industry trends.

New tool—AuraInspector: Google's Mandiant division has released AuraInspector , a CLI tool to audit Salesforce Aura instances for any data exposure misconfigurations.

New tool—AfterShell: Security firm Logisek has released AfterShell , a collection of tools and utilities designed to support Windows post-exploitation activities.

New tool—W11 Shadow Copies: Security researcher Ricardo Ruiz has released W11 Shadow Copies , a script to create, delete or list Shadows Copies using the VSS API on Windows 11.

New tool—ADTrapper: Splunk security researcher Michael Haag has open-sourced ADTrapper , a security analysis platform to analyze Windows Active Directory authentication logs.

Acquisition news: Cybersecurity giant CrowdStrike will acquire Seraphic , a provider of in-browser security tools.

Risky Business podcasts

In this edition of Between Two Nerds , Tom Uren and The Grugq about the role of cyber operations in the US capture of Venezuela’s president Nicolas Maduro.