LinkedIn’s website injects JavaScript that checks for web‑accessible resources tied to specific extensions, encrypts the findings, and sends them to LinkedIn’s servers, Fairlinked report reveals.
Group says the data—some of which is shared with cybersecurity partner HUMAN Security—could indirectly reveal sensitive traits such as religion, political views, health status, or job‑seeking activity, given that LinkedIn profiles are tied to real identities.
Fairlinked claims the scans cover more than 200 competing software products—such as Salesforce, HubSpot, Apollo, Lusha, and ZoomInfo—raising concerns about competitive intelligence gathering.
A coalition representing commercial LinkedIn users, Fairlinked e.V., alleges the professional networking giant has secretly scanned visitors’ browsers to detect more than 6,000 extensions, compiling and transmitting the results without explicit consent in what the group brands “BrowserGate,” potentially impacting up to 405 million people.
According to Fairlinked’s report, LinkedIn’s website injects JavaScript that checks for web‑accessible resources tied to specific extensions, encrypts the findings, and sends them to LinkedIn’s servers. The group says the data—some of which is shared with cybersecurity partner HUMAN Security—could indirectly reveal sensitive traits such as religion, political views, health status, or job‑seeking activity, given that LinkedIn profiles are tied to real identities.
Data harvesting
LinkedIn disputes the characterisation. In a public comment, the company said extension detection is used to identify tools that violate its terms, strengthen anti‑scraping defenses, and diagnose abnormal data harvesting that could harm site stability.
“We do not use this data to infer sensitive information about members,” a LinkedIn representative wrote, adding that a German court rejected related claims by an individual whose account had been restricted for scraping.
Privacy advocates warn the practice may trigger European Union GDPR obligations, including the need for explicit consent if special‑category data can be inferred. Fairlinked also claims the scans cover more than 200 competing software products—such as Salesforce, HubSpot, Apollo, Lusha, and ZoomInfo—raising concerns about competitive intelligence gathering.
Fairlinked says its campaign highlights one of the “largest corporate espionage and data breach scandals in digital history,” while LinkedIn maintains the measures is security‑driven and disclosed via observable network and console activity. Regulators and data protection authorities have not yet announced formal investigations.
A post on a dark‑net site, includes a $50,000 challenge to anyone who can detect its presence in the airport’s network.
Group claims it will withhold data on Emirati citizens to avoid exploitation.
A hacktivist group calling itself Nasir Security, or “Nasir Resistance,” claims it infiltrated systems at Dubai International Airport for months and has begun leaking data in support of “regional resistance.”
The airport has not confirmed any breach, and the claims have not been independently verified.
Nasir’s statement, posted on a dark‑net site, includes a $50,000 challenge to anyone who can detect its presence in the airport’s network. The group, described by analysts as pro‑Iran and aligned with Hezbollah narratives, says it will time additional releases to the anniversary of a Hezbollah attack on Israel.
The data leak reportedly includes passport photos from multiple nationalities and airport security imagery such as luggage contents and scanner images; downloads appear to be limited to one image at a time. The group claims it will withhold data on Emirati citizens to avoid exploitation.
Regional context includes heightened cyber activity tied to Iran‑linked operators amid broader geopolitical tensions. Open-source threat reporting has noted pro‑Iran operations and long‑dwell intrusions during this period, though direct attribution to the Dubai incident remains unproven in public sources.
Dubai Airports and UAE authorities have not issued public statements confirming the intrusion at press time.
Incident aligns with threats issued by Iran’s Islamic Revolutionary Guard Corps to target major Western tech companies and named sites across the Gulf beginning April.
Bahrain’s Interior Ministry said civil defense teams extinguished a fire at a company facility on Wednesday following “Iranian aggression,” with no injuries reported. Multiple outlets, citing a person familiar, reported the facility belonged to Amazon Web Services (AWS), indicating physical damage to the company’s Bahrain operations.
The incident aligns with threats issued by Iran’s Islamic Revolutionary Guard Corps (IRGC) to target major Western tech companies and named sites across the Gulf beginning April 1, though Amazon was not listed among the IRGC’s specific company targets in posts circulating on messaging channels.
This would mark the second time AWS infrastructure in Bahrain has reportedly suffered physical effects in recent weeks, following early-March incidents that also included strikes on two AWS data centres in the United Arab Emirates. AWS previously acknowledged structural and power impacts from those events and advised customers to reroute traffic, back up data, and consider migrating workloads to other regions.
As of Wednesday, public AWS service status communications continued to reflect disruptions tied to the March incidents in Bahrain and the UAE. They did not yet show a distinct April 1 Bahrain event at publication time, and details on the weapon used in Wednesday’s strike remained unclear, according to prior reporting on regional drone activity affecting AWS services.
No casualties were reported in the Bahrain fire, and Amazon had not issued a fresh public comment on the Wednesday incident at press time.
Iran’s Islamic Revolutionary Guard Corps (IRGC) used a Telegram channel to warn that 18 major companies—spanning tech, finance, and aerospace—could face attacks across the Gulf starting April , urging employees to evacuate 29 listed facilities and advising civilians to avoid nearby areas 168.
Named firms reportedly include Google, Apple, Microsoft, Nvidia, Cisco, IBM, Palantir, JPMorgan, Tesla, Boeing, and others, signaling a shift from proxy tactics toward direct pressure on commercial infrastructure the IRGC accuses of aiding US-Israeli operations.
The threat follows early‑March strikes Iran claimed against Amazon Web Services and Microsoft facilities in the region, which Tehran framed as blows to “technological and information infrastructure,” highlighting the disruptive potential of data‑center attacks for banking, supply chains, cloud‑hosted datasets, and public alerting systems.
Group posted extortion demands on March 31, threatening “several annoying (digital) problems” unless paid by April 3.
A serious cybersecurity incident is suspected at US tech giant Cisco Systems after the criminal hacking group ShinyHunters claimed to have stolen more than three million Salesforce records containing personally identifiable information (PII), alongside internal GitHub repositories, AWS S3 buckets, and other corporate data.
The group posted extortion demands on March 31, threatening “several annoying (digital) problems” unless paid by April 3.
ShinyHunters shared screenshots to support its claims: one depicting the AWS EC2 Volumes console showing dozens of virtual storage drives with some creation dates listed as March 16–17, 2026, and another listing purported Cisco S3 buckets. While naming patterns suggest a Cisco environment, no public data dump has been verified as of publication.
Three breaches
The group says the trove stems from three breaches—voice phishing (UNC6040), Salesforce Aura, and AWS accounts. One cited vector echoes a previously disclosed incident in which a Cisco representative was targeted with voice phishing, enabling access to and export of a subset of basic profile information from a third‑party cloud CRM.
At the time, Cisco said no confidential or sensitive customer data was obtained.
The claim surfaces amid a recent supply‑chain compromise of Trivy, a popular vulnerability scanner. On March 19, threat actor TeamPCP injected malware into the “trivy-action” GitHub workflow, affecting downstream users. Some industry reports are probing whether there is any link between that incident and potential Cisco exposure, but no confirmed operational tie between ShinyHunters and TeamPCP has been established as of now.
ShinyHunters, active since 2019, has a track record of high‑impact data theft and extortion campaigns, while TeamPCP emerged in late 2025, focusing on worm‑driven operations against open‑source repositories.
Cisco has not publicly confirmed the new claims. No evidence of a broad data release was immediately available, and verification efforts are ongoing.
Most exposed secrets were embedded in JavaScript (84%), followed by HTML (8%) and JSON (7%), with AWS credentials comprising over 16% of verified leaks.
Security researchers at Stanford University scanned 10 million webpages and uncovered nearly 2,000 valid API credentials across 10,000 sites, exposing access to critical services including AWS, GitHub, Stripe, and OpenAI.
The findings, detailed in the preprint “Keys on Doormats: Exposed API Credentials on the Web,” warn that leaked keys grant programmatic access—often more dangerous than compromised usernames and passwords—potentially enabling large-scale data exfiltration and even real‑world harm.
Lead author and PhD candidate Nurullah Demir said that attackers could directly access cloud databases and key management systems; one global bank reportedly exposed cloud credentials on its own webpages. In another case, repository keys tied to firmware for drones and remote-controlled devices could have allowed adversaries to push malicious updates.
Most exposed secrets were embedded in JavaScript (84%), followed by HTML (8%) and JSON (7%), with AWS credentials comprising over 16% of verified leaks. While coordinated disclosures cut exposed keys by roughly 50%, researchers found many developers were unaware their credentials were public—and that exposures typically persist for about 12 months, sometimes years.
Why it matters:
API keys often bypass UI safeguards, offering direct, automated access to sensitive resources.
Leaks can cascade: from cloud takeover and data theft to supply-chain attacks via poisoned firmware or code.
What teams should do now:
Remove secrets from client-side code; use server-side proxies and short-lived tokens.
Enforce least privilege and key rotation; monitor usage anomalies.
Add CI/CD secret scanning, SAST/DAST, and CSP to block rogue script sources.
Implement incident playbooks for key revocation and attribution.
The researchers’ message is blunt: treat API keys like crown jewels—and assume the web will find anything left in plain sight.
The productivity challenge in industrial operations has never been about workforce capacity—it has been about the inability to continuously align effort with execution at scale.
AI introduces an intelligent layer of visibility that captures how time, movement, and behaviour translate into output.
Consider what happens when a large construction site in the Middle East begins to mobilise. Thousands of workers pass through entry gates, supervisors scan rosters, and operations appear to be running at full capacity.
By mid-morning, however, subtle inefficiencies begin to surface—workers waiting for permits, teams misaligned with tasks, delayed shift starts that go unrecorded. On paper, productivity is intact. In reality, it is already slipping.
This gap between recorded activity and actual output is one of the least visible challenges in industrial operations today. And it is precisely where AI is beginning to play a defining role.
The Middle East’s industrial expansion has been defined by scale—megaprojects under NEOM like The Line and Oxagon, accelerated infrastructure development under Saudi Vision 2030, and rapidly growing logistics and manufacturing ecosystems. Yet beneath this visible progress lies a quieter, more complex issue – a structural productivity gap that traditional systems have been unable to quantify or correct.
Across the region, AI-powered systems are transforming workforce monitoring from static attendance tracking into continuous operational intelligence—capturing not just who is present, but how work unfolds in real time.
Limits of traditional workforce oversight
Industrial workforce management has over the time relied on periodic supervision such as attendance logs, manual reporting, and physical site inspections. These methods were sufficient in less complex environments, but they are increasingly misaligned with the scale and diversity of modern Middle Eastern operations.
Gary Ng, CEO of viAct.
A single site today may involve multiple contractors, thousands of workers, and overlapping shifts across vast physical areas. In such conditions, supervision becomes intermittent, and productivity becomes an inferred metric rather than a measured one.
The result here, is a persistent disconnect in the ecosystem. Workers may be present but not effectively deployed. Teams may be assigned but not synchronised. Delays occur not as isolated incidents, but as recurring patterns that remain largely invisible within traditional systems.
McKinsey & Company has highlighted how large-scale industrial projects routinely experience significant productivity losses due to fragmented workflows, poor visibility, and inconsistent execution on the ground. Most of the projects than run over their budget by 70 per cent and over schedule by 60 per cent.
This ascertains the suggestion by the International Labour Organisation that a sustainable productivity environment through integrated multilevel interventions is important across different sectors to address these issues.
AI-enabled modules specialising in industrial productivity monitoring introduce a layer of continuous intelligence that connects identity, location, and activity. Contactless face recognition ensures accurate attendance while eliminating proxy check-ins and manual errors. More importantly, it establishes a verified digital baseline from which workforce movement and deployment can be analyzed.
From there, the intelligent systems reconcile gate-level attendance with on-ground presence, ensuring that workers are not only on-site but operating within their assigned zones. This capability addresses one of the most overlooked inefficiencies in industrial operations—the assumption that headcount reflects productivity.
By aligning roster data with real-time activity, organisations can detect misallocation, close coverage gaps, and deploy the right skills where they are actually needed.
Using AI to engineer discipline at scale
Productivity is not only a function of workforce size; it is a function of consistency. In high-density industrial environments like Middle East, even minor deviations in shift discipline like recurring late arrivals, not adhering to SOPs, extended breaks and early exits among workforces can accumulate into significant output loss.
Through continuous video analytics, patterns of shift adherence can be observed and benchmarked across teams, contractors, and operational zones using KPIs such as schedule adherence (planned vs actual shift start time), effective working time and relate them to labour utilisation rate.
In a Dairy and Beverage Facility in UAE, operational managers were facing constant challenges of workforce hygiene maintenance. Despite strict protocols, variations in adherence such as missed sanitisation steps, improper PPE usage, and inconsistent zone discipline—were impacting both product quality and audit readiness.
To match the required levels of compliance, the unit deployed AI monitoring. This led to 30 per cent improvement in workforce discipline with an achievement of more than 95 per cent hygiene compliance accuracy. More importantly, hygiene was no longer dependent on manual enforcement—it became a measurable, trackable operational KPI, embedded directly into daily workflows.
This transition marks a critical evolution: discipline is no longer managed through policy alone, but through data-driven operational design.
Uncovering the hidden cost of idle time
Beyond discipline, a substantial portion of productivity loss originates from idle time—moments when workers are present but unable to proceed due to external constraints.
These constraints often stem from systemic inefficiencies like delays in material availability, bottlenecks in approvals, or gaps in coordination between teams. Individually, they may seem insignificant. Collectively, they represent one of the largest drains on productivity.
AI systems can detect these patterns by analysing workforce movement, inactivity, and workflow disruptions. Repeated waiting periods, unnecessary movement across zones, and clustering of inactivity signals can all indicate deeper operational issues.
By surfacing these insights, organisations can move beyond reactive problem-solving toward proactive optimisation—addressing not just worker behaviour, but the structural inefficiencies that shape it.
Accountability in a multi-contractor ecosystem
The Middle East’s industrial landscape is heavily reliant on multi-contractor models, where different vendors operate simultaneously within the same site. This creates inherent challenges in maintaining consistent standards of productivity and accountability.
AI introduces a unifying framework by enabling contractor-level benchmarking based on consistent, objective metrics. Output per man-hour, adherence to schedules, and workforce utilization can be measured across all contractors, regardless of size or scope.
This level of transparency has implications beyond productivity. It strengthens payroll accuracy, supports compliance with wage protection systems, and reduces disputes by providing verifiable records of workforce activity.
A structural shift in how productivity is governed in 2026
What is emerging is not simply a technological enhancement across the industrial sites in Middle East, but a redefinition of industrial productivity itself.
The productivity challenge in industrial operations has never been about workforce capacity—it has been about the inability to continuously align effort with execution at scale. AI introduces an intelligent layer of visibility that captures how time, movement, and behaviour translate into output.
This perspective reflects a broader transition across the industry, where, productivity is no longer assessed retrospectively through reports and audits. It is increasingly governed in real time, through continuous data and adaptive decision-making.
Gary Ng is the CEO and Co-Founder of viAct, one of Asia’s top Sustainability-focused AI company that provides “Scenario-based Vision Intelligence” solutions for risk prone workplaces.
