#NSBCS.074 - Your Digital Twin: Safeguarding Your Shadow Self
Source: NSB Cyber
Your Digital Twin: Safeguarding Your Shadow Self
Your digital twin — an AI-driven simulation of you — exists in data lakes and predictive models, built from your online actions, interests, and digital footprints. It predicts your purchases, votes, or fears, and is exploited by marketers, political groups, insurers, and cybercriminals to influence or manipulate you. Here’s what digital twins are, how they’re used, what you must do, and key prevention methods — clear and concise.
What Is a Digital Twin?
Your digital twin is a virtual mirror of your behaviour, shaped by machine learning from data like websites you visit, social media posts, app permissions, or public records. It’s a “shadow account” — an AI that tracks your habits and shares insights with anyone who can access the data. It forecasts your actions, identifies persuasive messages, and pinpoints emotional triggers.
Who Uses It and How?
Marketers target you with tailored ads based on your behaviour. Political campaigns micro-target you to sway opinions. Insurers set premiums using your lifestyle data, often without consent. Cybercriminals are the worst, crafting phishing emails, creating deepfakes, mimicking your habits to bypass security, guessing passwords, or manipulating you through social engineering.
How Is It Built?
Threat actors use social media posts, data breaches (e.g., LinkedIn), dark web marketplaces, tracking cookies, over-permissive apps, and open-source intelligence (OSINT) from public records or employer sites. These fragments form a mosaic of your habits and vulnerabilities.
Why It Matters
Your digital twin impacts credit scores, job eligibility, or insurance rates without your approval. Unregulated and opaque, it can be weaponised to deceive or manipulate, threatening your autonomy and privacy.
What You Must Do
Limit personal exposure by avoiding sharing sensitive data like locations or videos publicly. Enable multi-factor authentication (MFA) on all accounts. Use a password manager for random, unique passwords. Monitor breaches with HaveIBeenPwned and update passwords if exposed. Verify suspicious messages through trusted channels. Pause before clicking links in tailored messages to avoid phishing.
Key Prevention Methods
Reduce Data Trails: Use ad blockers, anti-tracking extensions (e.g., uBlock Origin), and private browsing. Opt out of data collection when possible.
Be Cautious: Free services monetise your data — share minimally and check privacy policies.
Secure Devices: Update software, revoke app permissions, and use VPNs on public Wi-Fi.
Stay Skeptical: Question personalised content and support digital rights laws for data control.
Take Control
Your digital twin is out there, used by brands or criminals. Audit your online presence, tighten security, and demand data control. Ask: Who’s using your shadow self, and for what? Act now to protect your privacy.
What we read this week
Multiple China-Linked APTs Exploit SAP NetWeaver Vulnerability to Target Critical Infrastructure - A critical SAP NetWeaver flaw, CVE-2025-31324, is being exploited by multiple China-linked APTs—including UNC5221, UNC5174, and CL-STA-0048—to breach critical infrastructure in the UK, US, and Saudi Arabia. The unauthenticated RCE vulnerability allows attackers to deploy web shells, conduct reconnaissance, and install second-stage payloads such as Sliver and GOREVERSE. Over 580 systems have been compromised, with 800 additional SAP NetWeaver domains likely earmarked for future attacks. Researchers also warn of a second flaw, CVE-2025-42999, being abused in tandem. SAP customers are urged to immediately apply patches in Security Notes 3594142 and 3604119 to mitigate further exploitation.
BianLian and RansomExx Join Exploitation of SAP NetWeaver Vulnerability - ReliaQuest has identified cybercrime groups BianLian and RansomExx exploiting the SAP NetWeaver flaw CVE-2025-31324, joining multiple China-linked APTs already leveraging the vulnerability. BianLian’s involvement was confirmed via infrastructure links to known C2 servers, while RansomExx—tracked by Microsoft as Storm-2460—was observed deploying Brute Ratel through inline MSBuild tasks. Additionally, the PipeMagic trojan, previously tied to CLFS zero-day attacks (CVE-2025-29824), was dropped post-exploitation. This broad exploitation underscores the urgent need for SAP customers to patch NetWeaver systems immediately and monitor for lateral movement and post-exploitation tools used by both APT and e-crime actors.
Australian Human Rights Commission Discloses Data Breach Exposing Sensitive Submissions - The Australian Human Rights Commission (AHRC) has confirmed a data breach that exposed 670 sensitive documents online, some indexed by search engines. The leak involved submissions containing names, contact details, health and education information, and photographs, linked to public complaints and projects such as the 'Speaking from Experience' initiative and the National Anti-Racism Framework. AHRC stated the breach was not due to a malicious attack but likely stemmed from a misconfiguration. Affected individuals will be notified, and the Office of the Australian Information Commissioner has been informed. A helpline and mental health resources have been made available for support.
New Malware Campaign Hides Payload in Single Character, Abuses Google Calendar for Delivery - Cybercriminals are exploiting Google Calendar to deliver malware using an obfuscation method that conceals malicious code within a single visible character. Security researchers discovered that an npm package, os-info-checker-es6, used invisible Unicode characters within what looked like a pipe symbol (“|”) to encode base64 instructions. These led to Google Calendar URLs containing malicious payloads. Other packages, including skip-tot and vue-dummyy, were also compromised. The technique allows attackers to bypass traditional email defences. Google advises enabling “known senders” in Calendar, while experts warn users to scrutinise invites, verify senders, and report suspicious activity.
Ivanti Discloses Two Zero-Day Flaws Exploited in Limited Attacks - Ivanti has disclosed two chained zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) platform—CVE-2025-4427 (auth bypass) and CVE-2025-4428 (RCE)—being exploited in the wild against a small number of customers. The flaws, tied to unnamed open-source libraries, allow unauthenticated remote code execution via exposed APIs. Ivanti released patches and advised using ACLs or web application firewalls to restrict access, cautioning this may disrupt certain integrations. This follows a pattern of Ivanti vulnerabilities exploited by China-linked threat actors.
Referenceshttps://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html
https://www.bleepingcomputer.com/news/security/australian-human-rights-commission-leaks-docs-to-search-engines/
https://cybersecuritynews.com/google-calendar-invites/
https://www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-flaws-exploited