Thursday , September 18 2025

CAPTCHA-breaking services being offered for sale to bypass systems

infosecbulletin Tuesday , May 30 2023 Hot Topic

Cybersecurity researchers are warning that CAPTCHA-breaking services are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic.

These services work by farming out CAPTCHA-breaking tasks to actual human solvers. This makes it easy for customers of CAPTCHA-breaking services to develop automated tools against online web services. And because actual humans are solving CAPTCHAs, the purpose of filtering out automated bot traffic through these tests are rendered ineffective.

Hacker claim to breach Link3; 189,000 Users data up for sale

By infosecbulletin / Wednesday , September 17 2025
A threat actor claims to have breached Link3, a major IT solutions and internet service provider based in Bangladesh. The...
Read More
Hacker claim to breach Link3; 189,000 Users data up for sale

Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

By infosecbulletin / Wednesday , September 17 2025
Check point, a cyber security solutions provider hosts an event titled "securing the hyperconnected world in the AI era" at...
Read More
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

Microsoft Confirms 900+ XSS Vulns Found in IT Services

By infosecbulletin / Tuesday , September 16 2025
Cross-Site Scripting (XSS) is one of the oldest and most persistent vulnerabilities in modern applications. Despite being recognized for over...
Read More
Microsoft Confirms 900+ XSS Vulns Found in IT Services

Daily Security Update Dated : 15.09.2025

By infosecbulletin / Monday , September 15 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.09.2025

IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

By infosecbulletin / Monday , September 15 2025
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users...
Read More
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

Major Australian Banks using Army of AI Bots to Scam Scammers

By infosecbulletin / Monday , September 15 2025
Australian banks are now using bots to combat scammers. These bots mimic potential victims to gather real-time information and drain...
Read More
Major Australian Banks using Army of AI Bots to Scam Scammers

F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

By infosecbulletin / Saturday , September 13 2025
F5 plans to acquire CalypsoAI, which offers adaptive AI security solutions. CalypsoAI's technology will be added to F5's Application Delivery...
Read More
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

By infosecbulletin / Saturday , September 13 2025
The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes....
Read More
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

By infosecbulletin / Saturday , September 13 2025
Samsung released its monthly Android security updates, addressing a vulnerability exploited in zero-day attacks. CVE-2025-21043 (CVSS score: 8.8) is a...
Read More
CVE-2025-21043 Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

By infosecbulletin / Saturday , September 13 2025
Albania has appointed the first AI-generated government minister to help eliminate corruption. Diella, the digital assistant meaning Sun, has been...
Read More
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

Threat actors have also been observed purchasing CAPTCHA-breaking services and combining them with proxyware offerings to obscure the originating IP address and evade antibot barriers.

ALSO READ:

World see transmission at a record speed of 200 gigabits per second

Proxyware, although marketed as a utility to share a user’s unused internet bandwidth with other parties in return for a “passive income,” essentially turns the devices running them into residential proxies.

In one instance of a CAPTCHA-breaking service targeting popular social commerce marketplace Poshmark, the task requests emanating from a bot are routed via a proxyware network.

“CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective,” said security researcher Joey Costoya. “While online web services can block abusers’ originating IPs, the rise of proxyware adoption renders this method as toothless as CAPTCHAs.”

To mitigate such risks, online web services are recommended to supplement CAPTCHAs and IP blocklisting with other anti-abuse tools.

Here are some additional tips for mitigating the risks posed by CAPTCHA-breaking services:

  • Use a variety of anti-abuse tools, including CAPTCHAs, IP blocklisting, and anomaly detection.
  • Monitor your traffic for signs of abuse, such as unusual spikes in traffic or requests from unusual IP addresses.
  • Keep your software up to date with the latest security patches.
  • Train your staff to be aware of the signs of abuse and how to report it.

Check Also

L7 DDoS

L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks

On September 1, 2025, Qrator Lab identified and managed a major attack from the largest …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin