Digital Forensics Research & Service Center - DFRSC
08/06/2026
Smart TVs and Free Apps May Be Quietly Using Your Internet for AI Web Scraping
A recent cybersecurity report highlights a hidden practice happening inside some free apps: they may be turning everyday devices like smart TVs, phones, and other connected systems into background “proxy nodes” for internet traffic.
Researchers discovered that certain apps include embedded software (SDKs) that can route web requests through users’ home internet connections often without users fully realizing the scale of what is happening.
How it works
Free apps integrate a third-party SDK
When installed, it connects your device to a proxy network
Your smart TV or phone may be used to fetch data from websites
This traffic can run silently in the background, especially on always-on devices like smart TVs
Why this is concerning
Your internet bandwidth is being used
Your home IP address may be part of proxy traffic
Consent screens may not clearly explain real usage
Smart TVs are particularly exposed due to constant connectivity
Why this is happening now
With the rise of AI, companies need massive amounts of web data for training and automation. Since many websites block data center IPs, residential internet connections are increasingly being used as an alternative source for scraping traffic.
What users can do
Review and remove unnecessary apps on smart TVs and mobile devices
Use network monitoring tools like Pi-hole or NextDNS
Block suspicious proxy-related domains at router level
Keep devices and apps updated
Final thought
This is not traditional hacking but it raises important questions about transparency, consent, and how “free” apps are actually funded and operated in the background.
20/05/2026
**Supply Chain Attack Alert: Compromised GitHub Actions Workflow**
A recent software supply chain incident has affected the popular GitHub Actions workflow **actions-cool/issues-helper**, exposing a serious risk to CI/CD pipelines.
Security researchers found that attackers compromised all existing tags in the repository and redirected them to a malicious “imposter commit.” This commit is not part of the original trusted history and was used to inject harmful code into workflows that rely on version tags.
What the malicious code does:
* Downloads the Bun JavaScript runtime on GitHub runners
* Extracts sensitive credentials from the CI/CD environment memory
* Exfiltrates stolen data to an attacker-controlled domain
Additionally, another related action, **actions-cool/maintain-one-comment**, was also found to be compromised in a similar way.
Why this is dangerous:
This attack highlights a critical weakness in how GitHub Actions are often used. When workflows reference actions by **tags instead of full commit SHAs**, they become vulnerable to upstream tampering. In this case, every tagged version now points to malicious code.
Key takeaway:
To stay protected, CI/CD pipelines should:
* Pin actions to a **specific full commit SHA**
* Regularly audit third-party GitHub Actions
* Monitor for unexpected changes in dependencies
GitHub has since disabled the affected repository due to policy violations, but the incident serves as another strong reminder that supply chain security is only as strong as its weakest dependency.
12/05/2026
New Banking Malware Alert: TCLBANKER
Cybersecurity researchers have discovered a dangerous Brazilian banking trojan called TCLBANKER targeting banks, fintech apps, and cryptocurrency platforms.
What makes it dangerous?
• Steals banking credentials and sensitive data
• Uses fake login overlays & fake Windows update screens
• Can remotely control victim devices
• Spreads through WhatsApp Web & Microsoft Outlook
• Sends malware directly from victims’ own accounts
The malware also uses advanced anti-detection techniques to avoid antivirus and security analysis tools.
Stay Safe:
Avoid opening unknown ZIP/MSI files
Verify email attachments before opening
Enable 2FA on financial accounts
Keep antivirus and software updated
Click here to claim your Sponsored Listing.
Website
Address
Lahore Garrison University. , Sector C DHA Phase 6
Lahore
Opening Hours
| Monday | 08:00 - 16:00 |
| Tuesday | 08:00 - 16:00 |
| Wednesday | 08:00 - 16:00 |
| Thursday | 08:00 - 16:00 |
| Friday | 08:00 - 15:00 |