Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Rockrose Development Notifies Over 47,000 People of July 2025 Data Breach Linked to Play Ransomware Gang

  Rockrose Development confirmed over the weekend that it has notified 47,392 individuals about a data breach that occurred in July 2025. T...

All the recent news you need to know
Tech Support Scam
Bitcoin ATM Scam Call Center Scam Cross Border Cybercrime Cryptocurrency Fraud Cyber Fraud CyberCrime Cybersecurity Investigation Fake Microsoft Support Tech Support Scam

Fake Microsoft Support Call Center Scam Targeting US Citizens Brought Down


 

An investigation by the Bengaluru police has revealed that a sophisticated cyber fraud operation was operating in the city masquerading as Microsoft Technical Support, targeting U.S. citizens in an attempt to defraud them, bringing an end to a transnational scam network that has been working from the city for some time. 

On Saturday, the Special Cell of the Cyber Command, in coordination with the Cyber Crime Police of the Whitefield Division, conducted a raid at the premises of a firm known as Musk Communications in response to certain intelligence. 

The raid was conducted based on specific intelligence. A number of investigations have revealed that the company, which began operations in August, has established a scam center that is fully functional and consists of approximately 4,500 square feet of space, where employees allegedly pose as Microsoft support technicians in order to deceive foreign nationals and defraud them. 

Several individuals have been arrested from the facility for being directly involved in the fraudulent activities, according to police. This operation was designed with the intent of systematically exploiting overseas victims through carefully orchestrated technical support scams, and according to police, 21 individuals have been arrested. Several rented office spaces were used by the racket, where callers dressed up as Microsoft representatives and targeted residents throughout the country as a whole. 

A number of victims have been targeted either directly or through deceptive pop-up messages that falsely stated that their computer was infected with malware or had been compromised, leading them to be lured in. Once the callers had established a connection with the target, they convinced them to install remote access applications like AnyDesk or TeamViewer, which allowed the fraudsters to take control of the target computer system. 

During these scams, police allege that the accused intentionally generated false technical glitches, frozen computer screens, or generated fake virus alerts to increase anxiety in victims and coerce them into paying for services that were unnecessary, nonexistent, or unreliable. 

According to investigators, the group has been charging amounts ranging from several hundred dollars up to several thousand dollars for sham repairs, extended warranties, and counterfeit security subscriptions. According to investigators, the organization may have facilitated the funneling of crores of rupees through international payment gateways designed to obscure financial records for over a year. 

The raid resulted in the discovery of 35 computers, 45 mobile phones, Voice over IP-based communication systems, scripted call templates, and extensive customer data logs which contained the details of hundreds of prospective targets and a variety of other items. It has been reported that the arrestees were trained to adopt an American accent so as not to raise suspicion, underscoring the systematic and calculated nature of the fraud.

As a result of this case, the police said that cross-border technology support scams are becoming increasingly prevalent, preying on seniors and digitally vulnerable individuals overseas, and that further investigations are currently underway to find out who was behind the fraud, who provided the money, and who was involved in it overseas.

According to Bengaluru Police Cyber Crime Division officials, the syndicate targeted victims both in the United States and in the United Kingdom. It falsely appeared to represent itself as Microsoft's technical support department. 

During the course of the investigation, it was learned that callers escalated the deception by citing fabricated Federal Trade Commission violations, informing victims that their systems were being compromised or that they were being involved in unlawful online activity. This fraudster has allegedly demanded substantial payments in Bitcoin as a means of resolving these purported threats, and instructed victims to deposit money at cryptocurrency ATMs. 

According to police estimates, the individual losses are estimated to have averaged around $10,000. A number of intimidation tactics were employed to pressure compliance by the operation, including false legal penalties and urgent cyber alerts. Senior IPS officers confirmed that the majority of those targeted were elderly individuals who are not familiar with digital security practices. 

Further inquiries revealed that there were nearly 85 people employed in Bengaluru to manage the company's data, handle calls, and simulate foreign technology executives, in a professionally layered setup. There were a number of elements involved in the operation, including American accents, detailed scripts, and email addresses that were designed to mimic official Microsoft and U.S. regulatory addresses. 

It was the task of those arrested to extract personal and financial information during staged troubleshooting sessions, which then allowed payments to be converted to cryptocurrency, which disguised the financial trail in the process. It has been reported that backend systems linked the operation to foreign digital wallets and crypto exchanges that are already under scrutiny by US authorities. 

As a result of this investigation, the investigators are now looking at tracking Bitcoin transactions and identifying international collaborators involved in routing the proceeds. The government is collaborating with Interpol and the federal government to map digital wallet movements and preliminary findings indicate that between August and November 2025, at least $13.5 crore was transferred in multiple tranches through Bitcoin ATMs in multiple batches. 

Additionally, analysts are analyzing the seized servers to find out how the syndicate sourced contact information of overseas victims. As officials pointed out, Bengaluru is becoming increasingly vulnerable to cybercrime networks worldwide. 

It is due to this that skilled manpower and readily available digital infrastructure are being exploited by fraud rings operating under the cover of technology support firms in Bengaluru, prompting tighter monitoring of the registration of startups, co-working spaces, and tech parks around the city. 

Since August, investigators have discovered that the network has contacted 150 victims across the United States and the United Kingdom, coercing them into depositing large sums of money-often close to $10,000-through Bitcoin ATMs, causing them to withdraw substantial sums. In a statement to the IPS, a senior officer stated that authorities are currently extracting and verifying financial information about victims. 

The officer also stated that preliminary findings indicate cryptocurrency kiosks are the primary means by which illicit payments are collected. A police report states that the accused posed as a technical support representative for Microsoft around the world and invoked fabricated Federal Trade Commission violations as a way of instilling fear in the public. Under the guise of mandatory security fixes and regulatory compliance procedures, the accused demanded money. 

According to the reports, the operation's three key masterminds remain absconding and are believed to have orchestrated similar scams targeting victims across the U.S. and the U.K. since 2022. In a scheme of this magnitude, Musk Communications rented a 4,500-square-foot office space in August at a monthly charge of Rs. 5 lakh, where the gang planned to deploy malicious Facebook ads that were targeted at American users as part of its campaign against the US government.

 In the ads, investigators found embedded code that mimicked legitimate security alerts; when clicked on, it would freeze the user's system and trigger a fake pop-up message that appeared to be from Microsoft's global support center with a counterfeit helpline number, which claimed to originate from that support center. 

According to the alleged victim, who contacted the number was told that their computer systems had been hacked, IP addresses had been compromised, and their banking information had been compromised, and they were subsequently pressured into making high-value payments using Bitcoin ATMs, which subsequently triggered the scam.

According to the Police, the company employed 83 employees, including 21 technical operators who were directly involved in the fraud. The salaries for these employees ranged from $15k to $25k per month. Among the other arrests confirmed by investigators in this case was Ravi Chauhan, an Ahmedabad resident, alleged to have been a major part of recruiting nearly 85 staff members for this operation. This brings the total number of arrests in this case to 22 as the investigation continues to pursue remaining suspects and the financial flows that are tied to this scheme. 

There has been a surge in organized cybercrime syndicates operating across borders in recent years, and authorities have issued warnings about the evolving tactics and techniques they are using, particularly those that exploit the trust people have in recognized technology brands internationally. 

Moreover, the police emphasized that legitimate companies such as Microsoft should not initiate unsolicited technical support calls, issue pop-up warnings butting into the system immediately, or seek payments through cryptocurrency channels in order to receive support. 

It was urged by officials that users, particularly those who were unfamiliar with digital platforms and elderly, should exercise caution when faced with alarming online messages or calls claiming legal or security violations, and that they should verify the claims by going to official websites or using authorised service channels.

It has also been emphasized by cybercrime investigators that the need for stronger awareness campaigns needs to be strengthened, short-term commercial rentals need to be closely scrutinized, and online advertising platforms need to be more tightly regulated so they can deliver malicious content on a more regular basis.

This investigation is continuing to trace financial flows and international connections, and authorities are stating that the case serves as a reminder of how sophisticated and large-scale modern tech-support fraud really is, underscoring the need for digital literacy, cross-border cooperation, and timely reporting as a way of counteracting scams that take advantage of fear, urgency, and misinformation.
Read more »
Software
GitHub malware PyStoreRAT Remote Access Trojan Software

PyStoreRAT Campaign Uses Fake GitHub Projects to Target OSINT and IT Professionals

 


Cybersecurity researchers have identified a previously undocumented malware operation that leverages GitHub to distribute a threat known as PyStoreRAT. The campaign primarily targets individuals working in information technology, cybersecurity, and open-source intelligence research, exploiting their reliance on open-source tools.

The findings were published by Morphisec Threat Labs, which described the operation as a coordinated and deliberate effort rather than random malware distribution. The attackers focused on blending into legitimate developer activity, making the threat difficult to detect during its early stages.

PyStoreRAT functions as a Remote Access Trojan, a type of malware that enables attackers to maintain hidden and persistent access to an infected system. Once deployed, it can gather detailed system information, execute commands remotely, and act as a delivery mechanism for additional malicious software.

According to the research, the attackers began by reviving dormant GitHub accounts that had shown no activity for extended periods. These accounts were then used to upload software projects that appeared polished, functional, and credible. Many of the repositories were created with the help of artificial intelligence, allowing them to closely resemble genuine open-source tools.

The fake projects included OSINT utilities, decentralized finance trading bots, and AI-based applications such as chatbot wrappers. Several of these repositories gained visibility and user trust, with some rising through GitHub’s trending rankings. Only after achieving engagement did the attackers introduce subtle updates that quietly embedded the PyStoreRAT backdoor under the guise of routine maintenance.

Once active, PyStoreRAT demonstrates a high degree of adaptability. Morphisec researchers found that it profiles infected systems and can deploy additional payloads, including known data-stealing malware families and Python-based loaders. The malware also modifies its execution behavior when it detects certain endpoint protection products, reducing its exposure to security monitoring.

The threat is not limited to a single delivery method. PyStoreRAT can propagate through removable storage devices such as USB drives and continuously retrieves updated components from its operators. Its command-and-control infrastructure relies on a rotating network of servers, allowing attackers to issue new instructions quickly while complicating takedown efforts.

Researchers also identified non-English language elements within the malware code, including Russian-language terms. While this does not confirm attribution, Morphisec noted that the level of planning and operational maturity places the campaign well beyond low-effort GitHub-based malware activity.

GitHub has removed the majority of the malicious repositories linked to the campaign, though a small number were still accessible at the time of analysis. Security experts stress that developers and researchers should remain cautious when downloading tools, carefully review code changes, and avoid running projects that cannot be independently verified.

Morphisec concluded that the campaign surfaces a vastly growing trend, where attackers combine AI-generated content, social engineering, and resilient cloud infrastructure to bypass traditional security defenses, making awareness and verification more critical than ever.



Read more »
Social Security number leak
700Credit data breach credit data exposure fintech data breach Michigan data breach Social Security number leak

700Credit Data Breach Exposes Sensitive Information of 5.6 Million Individuals

 

U.S.-based fintech and data services firm 700Credit has confirmed a major data breach that compromised the personal information of at least 5.6 million individuals. The exposed data includes names, residential addresses, dates of birth, and Social Security numbers.

Headquartered in Michigan, 700Credit provides credit reporting, soft-pull prequalification, identity verification, fraud prevention, and compliance solutions to auto, RV, marine, and powersports dealerships nationwide. The company works with nearly 18,000 dealerships, integrating its services directly into dealer systems to access credit bureau data, conduct compliance screenings, and generate mandatory disclosures.

According to the company, the breach occurred in October and involved unauthorized access to personal data collected from dealerships between May and October 2025. The incident was disclosed through a notification posted on 700Credit’s website.

“700Credit regrets to inform you that our industry was attacked again by a bad actor who had unauthorized access to some of our personally identifiable information (PII) including name, address and social security number.” reads the data breach notification published by the company on its website. “The investigation is ongoing and most importantly there is no indication of any identity theft, fraud, or other misuse of information in relation to this event”

Following the discovery, 700Credit brought in external cybersecurity specialists who determined that the breach was confined to the application layer and did not compromise the company’s internal network or core operations. The firm has since notified affected dealers and begun outreach to impacted consumers.

The company also reported the incident to federal authorities, including the FBI and the Federal Trade Commission, and coordinated regulatory notifications on behalf of dealerships. It plans to notify state attorneys general and is offering credit monitoring services to those affected.

“We pledge to take extraordinary steps necessary to assist consumers and notify required parties on behalf of dealers. We timely notified the FBI and the FTC and confirmed with the FTC that 700Credit’s filing on behalf of all dealers is sufficient to meet dealer obligations to notify the FTC.” continues the notification. In addition, we will be notifying State AG offices on behalf of dealers. Impacted consumers will also be notified and offered credit monitoring services and assistance they may need. 700Credit has also been working directly with NADA.”

Michigan Attorney General Dana Nessel has reissued a consumer alert following the breach, which impacted nearly 6 million people nationwide, including more than 160,000 Michigan residents.

“If you get a letter from 700Credit, don’t ignore it. It is important that anyone affected by this data breach takes steps as soon as possible to protect their information.” said Michigan attorney general Dana Nessel.” A credit freeze or monitoring services can go a long way in preventing fraud, and I encourage Michiganders to use the tools available to keep their identity safe.”

700Credit is advising consumers to remain vigilant against phishing attempts and scams, strengthen and update passwords, and remove unnecessary stored data. The company also recommends enabling multifactor authentication and regularly reviewing credit reports. Consumers can access free weekly credit reports from Equifax, Experian, and TransUnion through the Annual Credit Report website.
Read more »
Urban VPN Proxy
Chatbot Surveillance Chrome Extensions Cyber Security Data Harvesting Urban VPN Proxy

Chrome ‘Featured’ Urban VPN Extension Caught Harvesting Millions of AI Chats

 

A popular browser extension called Urban VPN Proxy, available for users of Google’s Chrome browser, has been discovered secretly sniffing out and harvesting confidential AI conversation data of millions of users across sites such as ChatGPT, Claude, Copilot, Gemini, Grok, Meta AI, and Perplexity. 

The browser extension, known for providing users with a safe and private manner of accessing any blocked website through a virtual private network, was recently upgraded in July of 2025 and has an added function enabling it to fish out all conversation data between users and AI chat bot systems by injecting specific JavaScript code into these sites.

By overriding browser network APIs, the extension is able to collect prompts, responses, conversation IDs, timestamps, session metadata, and the particular AI model in use. The extension's developer, Urban Cyber Security Inc., which also owns BiScience, a company well-known for gathering and profiting from user browsing data, then sends the collected data to remote servers under their control. 

The privacy policy of Urban VPN, which was last updated in June 2025, confesses to collecting AI queries and responses for the purposes of "Safe Browsing" and marketing analysis, asserting that any personal data is anonymized and pooled. However, BiScience shares raw, non-anonymized browsing data with business partners, using it for commercial insights and advertising. 

Despite the extension offering an “AI protection” feature that warns users about sharing personal information, the data harvesting occurs regardless of whether this feature is enabled, raising concerns about transparency and user consent.The extension and three other similar ones—1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker—all published by Urban Cyber Security Inc., collectively have over eight million installations. 

Notably, these extensions bear the “Featured” badge on Chrome and Edge marketplaces, which is intended to signal high quality and adherence to best practices. This badge may mislead users into trusting the extensions, underlining the risk of data misuse through seemingly legitimate channels. 

Koi Security’s research highlights how extension marketplaces’ trust signals can be abused to collect sensitive data at scale, particularly as users increasingly share personal details and emotions with AI chatbots. The researcher calls attention to the vulnerability of user data, even with privacy-focused tools, and underscores the need for vigilance and stricter oversight on data collection practices by browser extensions.
Read more »
Personal Data Breach
Cyberattacks Data Breach Data breaches attacks Data Leak data security INC Ransom gang Inc ransomware Library Personal Data Breach

Pierce County Library System Data Breach Exposes Information of Over 340,000 People

 

A cyber attack on the Pierce County Library System in the state of Washington has led to the compromise of personal data of over 340,000 people, which is indicative of the rising threat of cybersecurity breaches being posed to public services. This attack has impacted library services in the entire county, along with library users and staff. The incident was made known to the public through breach notification letters published on the website of the Pierce County Library System. 

The incident, as revealed in the notification letters, occurred when the library system detected the incident on April 21 and decided to shut all library systems in an effort to control the breach. The library system conducted an investigation that confirmed the breach had taken place. 

The library network was also able to identify that the exfiltration of data from individuals who utilized or were part of the institution was successful on May 12. It was established that the hackers had access to the network from April 15 to April 21. Access to sensitive information was gained and exfiltrated during this time. The level of information that was vulnerable varied depending on who was targeted. 

The data that was breached for the benefit of the library patrons included names and dates of birth. Though very limited compared to the data for employees, this data is still significant for use in identity-related fraud. The breach had severe implications for current and former employees who worked within the library system. The data that was stolen for them included Social Security numbers, financial accounts, driver’s license numbers, credit card numbers, passports, health insurance, and certain data related to medical matters. 

This particular ransomware assault would later be attributed to the INC ransomware gang, which has been responsible for a number of highly detrimental attacks on government bodies over 2025. The gang has previously conducted attacks on bodies such as the Office of the Attorney General of Pennsylvania and a countrywide emergency alert service used by local authority bodies. This type of situation is not the first that has occurred on the level of Pierce County. 

In the year 2023, Pierce County was the victim of a ransomware attack on the public transit service that the community utilized heavily because the service was used by 18,000 riders on a daily basis. Public library networks have become a common target for ransomware attacks in recent years. This is because cybercriminals also perceive public libraries as high-stakes targets since community members depend on them for internet access to their catalogs and other digital services, creating a challenge where an organization may feel pressured into paying a ransom demand to resume operations. Such attacks also include national and city library networks in North America. 

The current threat environment has led to calls for developing targeted programs within the government in the United States that would evaluate risks for libraries' cybersecurity environments. This involves enhancing data sharing related to cyber attacks and providing libraries with more support and advanced services from firewalls that target libraries specifically. 

The increasing digitization efforts by libraries as government institutions further solidify that a breach such as that which Pierce County experienced is a reminder that a continued investment in cybersecurity measures is a necessity.
Read more »
Third-Party Vendor Risk
Akira Ransomware Group Data Breach Healthcare Cyber Threats HIPAA Business Associate Medical Supply Cybersecurity Ransomware attack Third-Party Vendor Risk

Data Breach at Fieldtex Affects 274000 as Ransomware Gang Takes Credit

The Fieldtex Products Corporation, a company that makes contract sewing products and fulfills medical supply orders from U.S. manufacturers, has notified hundreds of thousands of individuals after confirming an attack which compromised sensitive health-related information as a result of ransomware. 

It was found out that the incident occurred after the company detected strange activity within its network in the middle of August, which led to an internal investigation that went on for a while, but which eventually revealed an unauthorized intrusion into systems containing protected health information relating to affiliated health plans. 

According to Fieldtex's breach notification, which was published on November 20, exposed data may include information about people's names, residential addresses, dates of birth, health insurance membership number, plan information, and coverage, as well as genders, health insurance insurance membership numbers and member identification numbers.

It has been reported that the breach has affected approximately 238,615 individuals, according to regulatory filings submitted by the U.S. Department of Health and Human Services. The disclosure came in the wake of a public claim made by Akira, a ransomware group that listed Fieldtex's E-First Aid Supplies division on its Tor-based leak site on November 5, asserting that it had exfiltrated over 14 gigabytes of internal data, such as employee, customer, and financial data. 

Despite the group's threat of publishing the stolen data, Fieldtex's notice was issued only after no materials had been made public. It has been disclosed that Fieldtex has submitted the incident disclosures to federal regulators in its capacity as a HIPAA business associate, stating that the company is providing direct notice to affected individuals on behalf of clients who have authorized the company to do so.

According to Fieldtex's breach disclosure, the organization is a medical supply fulfillment company that provides members with over-the-counter healthcare products delivered through their respective health plans. Fieldtex's role involves handling certain categories of protected health information, which is necessary in the fulfillment of the breach disclosure. As the company reported, it became aware of unauthorized activity on or around August 19. 

The company responded by securing its network as well as engaging an independent forensic investigation company to determine the nature and extent of the intrusion. The breach has been caused by the way Fieldtex handled protected health information obtained from members' health plans in its healthcare fulfillment operations, which resulted in this breach. 

In a statement issued by the company on August 19, it is said that it detected unauthorized activities within the company's computer systems. As soon as the company became aware of the intrusion, it immediately secured its network and retained an external forensic firm to determine the extent of the breach. However, Fieldtex stated that there is no indication that any data has been misused, even though Fieldtex did not have any conclusive findings of access to protected health information. 

It is likely that patients' names, residential addresses, dates of birth, health insurance member identification numbers, plan names, coverage periods, and gender were potentially exposed information. Fieldtex reported that by September 30 it had finished its analysis of the affected data and had immediately notified the associated health plans, which had subsequently offered complimentary credit monitoring services to individuals whose information could have been exposed. 

Furthermore, the company added that it has tightened up its network security controls and has reviewed its data protection policies to respond to the incident in response. Requests for more information, including whether any data was exfiltrated or a ransom demand was issued, were not immediately returned. 

The Fieldtex team conducted an extensive internal review after becoming aware that sensitive information was in danger of being accessed. This review included determining the type of information contained in the affected files and identifying the individuals whose information was involved. In addition to assessing potentially impacted data, the company also informed the appropriate health plans promptly on September 30, 2025, initiating coordinated response efforts to address the situation. 

The company is acting on behalf of clients of the health plan that authorized Fieldtex to provide direct notice to their members and is providing credit monitoring services as a precautionary measure in order to inform potentially affected members. 

Meanwhile, the company also reported that it has strengthened security controls across all areas of its network and is currently undergoing a broader review of its data protection policies and procedures with the aim of reducing the likelihood of similar incidents occurring again. 

According to Fieldtex, there has been no evidence of an actual or attempted misuse of the information related to the incident, but they advised affected individuals to remain vigilant and to review their account statements and explanations of benefits regularly for any irregularities or errors.

In addition to recommending individuals to place fraud alerts with the major credit reporting agencies, such as Equifax, TransUnion, and Experian, in order to provide additional protection, the company also advised them to do so. In the wake of this incident, healthcare-related vendors, who operate behind the scenes of patient care, but tend to deal with large volumes of sensitive personal and insurance data, are being exposed to an increasing risk of cyberattacks. 

The cyber security community has repeatedly warned that ransomware groups target third-party service providers with increasing frequency, observing them as a high-value entry point into complex healthcare ecosystems where multiple undesirable effects can be manifested. 

It is important that people affected by the breach maintain an active level of vigilance in order to avoid becoming victims of such attacks in the future. This vigilance includes reviewing insurance statements regularly, monitoring credit activity, and responding promptly to any anomalies that may arise.

As the Fieldtex incident shows, healthcare organizations and their vendors must take serious steps to ensure they manage their vendors' risk appropriately, monitor their activity continuously, and perform regular security audits in order to reduce their chances of suffering similar attacks in the future. 

Organizations that handle protected health information may be faced with increasing pressure as regulatory scrutiny continues to intensify and threat actors refine their tactics. 

It is imperative that organizations handle protected health information demonstrate not only compliance with federal requirements, but also a commitment to fostering cybersecurity resilience in order to protect patient trust and operational continuity in the future.
Read more »
Subscribe to: Comments (Atom)

Featured