Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology
Adobe Photoshop AI ChatGPT OpenAI PDF Files Technology

Adobe Brings Photo, Design, and PDF Editing Tools Directly Into ChatGPT

 



Adobe has expanded how users can edit images, create designs, and manage documents by integrating select features of its creative software directly into ChatGPT. This update allows users to make visual and document changes simply by describing what they want, without switching between different applications.

With the new integration, tools from Adobe Photoshop, Adobe Acrobat, and Adobe Express are now available inside the ChatGPT interface. Users can upload images or documents and activate an Adobe app by mentioning it in their request. Once enabled, the tool continues to work throughout the conversation, allowing multiple edits without repeatedly selecting the app.

For image editing, the Photoshop integration supports focused and practical adjustments rather than full professional workflows. Users can modify specific areas of an image, apply visual effects, or change settings such as brightness, contrast, and exposure. In some cases, ChatGPT presents multiple edited versions for users to choose from. In others, it provides interactive controls, such as sliders, to fine-tune the result manually.

The Acrobat integration is designed to simplify common document tasks. Users can edit existing PDF files, reduce file size, merge several documents into one, convert files into PDF format, and extract content such as text or tables. These functions are handled directly within ChatGPT once a file is uploaded and instructions are given.

Adobe Express focuses on design creation and quick visual content. Through ChatGPT, users can generate and edit materials like posters, invitations, and social media graphics. Every element of a design, including text, images, colors, and animations, can be adjusted through conversational prompts. If users later require more detailed control, their projects can be opened in Adobe’s standalone applications to continue editing.

The integrations are available worldwide on desktop, web, and iOS platforms. On Android, Adobe Express is already supported, while Photoshop and Acrobat compatibility is expected to be added in the future. These tools are free to use within ChatGPT, although advanced features in Adobe’s native software may still require paid plans.

This launch follows OpenAI’s broader effort to introduce third-party app integrations within ChatGPT. While some earlier app promotions raised concerns about advertising-like behavior, Adobe’s tools are positioned as functional extensions rather than marketing prompts.

By embedding creative and document tools into a conversational interface, Adobe aims to make design and editing more accessible to users who may lack technical expertise. The move also reflects growing competition in the AI space, where companies are racing to combine artificial intelligence with practical, real-world tools.

Overall, the integration represents a shift toward more interactive and simplified creative workflows, allowing users to complete everyday editing tasks efficiently while keeping professional software available for advanced needs.




Read more »
wireless cameras
burglary prevention home security systems smart home security Technology Wi-Fi interference Wi-Fi jammer wired security wireless cameras

Wi-Fi Jammers Pose a Growing Threat to Home Security Systems: What Homeowners Can Do

  •  

Wi-Fi technology powers most modern home security systems, from surveillance cameras to smart alarms. While this connectivity offers convenience, it also opens the door to new risks. One such threat is the growing use of Wi-Fi jammers—compact devices that can block wireless signals and potentially disable security systems just before a break-in. By updating your security setup, you can reduce this risk and better protect your home.

Key concern homeowners should know:

  • Wi-Fi jammers can interrupt wireless security cameras and smart devices.
  • Even brief signal disruption may prevent useful footage from being recorded.

Wi-Fi jammers operate by overpowering a network with a stronger signal on the same frequency used by home security systems. Though the technology itself isn’t new, law enforcement believes it is increasingly being exploited by burglars trying to avoid identification. A report by KPRC Click2Houston described a case where a homeowner noticed their camera feed becoming distorted as thieves approached, allegedly using a backpack containing a Wi-Fi jammer. Similar incidents were later reported by NBC Los Angeles in high-end neighborhoods in California.

How criminals may use jammers:

  • Target wireless-only security setups.
  • Disable cameras before entering a property.
  • Avoid being captured on surveillance footage.

Despite these risks, Wi-Fi jammers are illegal in the Unite States under the Communications Act of 1934. Federal agencies including the Department of Justice, Homeland Security, and the Federal Communications Commission actively investigate and prosecute those who sell or use them. Some states, such as Indiana and Oregon, have strengthened laws to improve enforcement. Still, the devices remain accessible, making awareness and prevention essential.

Legal status at a glance:

  • Wi-Fi jammers are banned nationwide.
  • Selling or operating them can lead to serious penalties.
  • Enforcement varies by state, but possession is still illegal.

While it’s unclear how often burglars rely on this method, smart home devices remain vulnerable to signal interference. According to CNET, encryption protects data but does not stop jamming. They also note that casual use by criminals is uncommon due to the technical knowledge required. However, real-world cases in California and Texas highlight why extra safeguards matter.

Ways to protect your home:

  • Choose wired security systems that don’t rely on Wi-Fi.
  • Upgrade to dual-band routers using both 2.4 GHz and 5 GHz.
  • Opt for security systems with advanced encryption.
  • Regularly review and update your home security setup.

Taking proactive steps to safeguard your security cameras and smart devices can make a meaningful difference. Even a short disruption in surveillance may determine whether authorities can identify a suspect, making prevention just as important as detection.

Read more »
Microsoft
AI recruitment India AI technology Amazon Artifcial Intelligence Cyber Security Data Center Indian Market Microsoft

Amazon and Microsoft AI Investments Put India at a Crossroads

 

Major technology companies Amazon and Microsoft have announced combined investments exceeding $50 billion in India, placing artificial intelligence firmly at the center of global attention on the country’s technology ambitions. Microsoft chief executive Satya Nadella revealed the company’s largest-ever investment in Asia, committing $17.5 billion to support infrastructure development, workforce skills, and what he described as India’s transition toward an AI-first economy. Shortly after, Amazon said it plans to invest more than $35 billion in India by 2030, with part of that funding expected to strengthen its artificial intelligence capabilities in the country. 

These announcements arrive at a time of heightened debate around artificial intelligence valuations globally. As concerns about a potential AI-driven market bubble have grown, some financial institutions have taken a contrarian view on India’s position. Analysts at Jefferies described Indian equities as a “reverse AI trade,” suggesting the market could outperform if global enthusiasm for AI weakens. HSBC has echoed similar views, arguing that Indian stocks offer diversification for investors wary of overheated technology markets elsewhere. This perspective has gained traction as Indian equities have underperformed regional peers over the past year, while foreign capital has flowed heavily into AI-centric companies in South Korea and Taiwan. 

Against this backdrop, the scale of Amazon and Microsoft’s commitments offers a significant boost to confidence. However, questions remain about how competitive India truly is in the global AI race. Adoption of artificial intelligence across the country has accelerated, with increasing investment in data centers and early movement toward domestic chip manufacturing. A recent collaboration between Intel and Tata Electronics to produce semiconductors locally reflects growing momentum in strengthening AI infrastructure. 

Despite these advances, India continues to lag behind global leaders when it comes to building sovereign AI models. The government launched a national AI mission aimed at supporting researchers and startups with high-performance computing resources to develop a large multilingual model. While officials say a sovereign model supporting more than 22 languages is close to launch, global competitors such as OpenAI and China-based firms have continued to release more advanced systems in the interim. India’s public investment in this effort remains modest when compared with the far larger AI spending programs seen in countries like France and Saudi Arabia. 

Structural challenges also persist. Limited access to advanced semiconductors, fragmented data ecosystems, and insufficient long-term research investment constrain progress. Although India has a higher-than-average concentration of AI-skilled professionals, retaining top talent remains difficult as global mobility draws developers overseas. Experts argue that policy incentives will be critical if India hopes to convert its talent advantage into sustained leadership. 

Even so, international studies suggest India performs strongly relative to its economic stage. The country ranks among the top five globally for new AI startups receiving investment and contributes a significant share of global AI research publications. While funding volumes remain far below those of the United States and China, experts believe India’s advantage may lie in applying AI to real-world problems rather than competing directly in foundational model development. 

AI-driven applications addressing agriculture, education, and healthcare are already gaining traction, demonstrating the technology’s potential impact at scale. At the same time, analysts warn that artificial intelligence could disrupt India’s IT services sector, a long-standing engine of economic growth. Slowing hiring, wage pressure, and weaker stock performance indicate that this transition is already underway, underscoring both the opportunity and the risk embedded in India’s AI future.
Read more »
UK Schools
AI Classrooms Deepfake Teachers Remote Teaching Secondary SEO Tags Technology UK Schools

AI Avatars Trialled to Ease UK Teacher Crisis

 

In the UK, where teacher recruitment and retention is becoming increasingly dire, schools have started experimenting with new and controversial technology – including AI-generated “deepfake” avatars and remote teaching staff. Local media outlets are tracking these as answers to the mass understaffing and overwork in the education sector and delving into the ethics and practicalities. 

Emergence of the deepfake teacher

One of the most radical experiments underway is the use of AI to construct realistic digital avatars of real-life teachers. At the Great Schools Trust, for example, staff are trialling technology that creates video clones of themselves to teach . These "deepfake" teachers are mainly intended to help students state up on the curriculum if they have missed class for whatever reason. By deploying these avatars, schools hope they can provide students with reliable, high-quality instruction without further taxing the physical teacher’s time. 

Advocates including Mr. Ierston maintain the technology is not replacing human teachers but freeing them from monotonous work. The vision is that AI can take over the administrative tasks and the routine delivery, with human teachers concentrating on delivering personalised support and managing the classroom. In addition to catch-up lessons, the technology also has translation features, so schools can speak to parents in dozens of different languages, instantly. 

Alongside AI avatars, schools are turning increasingly to remote teaching models to fill holes in core subjects such as math. The report draws attention to a Lancashire secondary school which has appointed a maths teacher who is now living thousands of miles away. This now-remote staffer teaches a class of students from a classroom via live video link, a strategy forced by necessity in communities where finding qualified teachers is a pipe dream. 

Human cost of high-tech solutions 

Despite the potential efficiency gains, the shift has sparked significant scepticism from unions and educators. Critics argue that teaching is fundamentally an interpersonal profession that relies on human connection, empathy, and the ability to read a room—qualities that a screen or an avatar cannot replicate. 

There are widespread concerns that such measures could de-professionalize the sector and serve as a "sticking plaster" rather than addressing the root causes of the recruitment crisis, such as pay and working conditions. While the government and tech advocates view these tools as a way to "level the playing field" and reduce workload, many in the profession remain wary of a future where the teacher at the front of the room might not be there at all.
Read more »
UIDAI Regulations
Aadhaar Verification Biometric Data Protection Compliance Cybersecurity Governance Digital Identity Security DPDP Act India Facial Authentication Offline Identity Verification Privacy UIDAI Regulations

Aadhaar Verification Rules Amended as India Strengthens Data Compliance


 

It is expected that India's flagship digital identity infrastructure, the Aadhaar, will undergo significant changes to its regulatory framework in the coming days following a formal amendment to the Aadhaar (Targeted Determination of Services and Benefits Management) Regulations, 2.0.

Introducing a new revision in the framework makes facial authentication formally recognized as a legally acceptable method of verifying a person's identity, marking a significant departure from traditional biometric methods such as fingerprinting and iris scans. 

The updated regulations introduce a strong compliance framework that focuses on explicit user consent, data minimisation, and privacy protection, as well as a stronger compliance architecture. The government seems to have made a deliberate effort to align Aadhaar's operational model with evolving expectations about biometric governance, data protection, and the safe and responsible use of digital identity systems as they evolved. 

In the course of undergoing the regulatory overhaul, the Unique Identification Authority of India has introduced a new digital identity tool called the Aadhaar Verifiable Credential in order to facilitate a secure and tamper-proof identity verification process. 

Additionally, the authority has tightened the compliance framework governing offline Aadhaar verification, placing higher accountability on entities that authenticate identities without direct access to the UIDAI system in real time. Aadhaar (Authentication and Offline Verification) Regulations, 2021 have been amended to include these measures, and they were formally published by the UIDAI on December 9 through the Gazette as well as on UIDAI's website. 

UIDAI has also launched a dedicated mobile application that provides individuals with a higher degree of control over how their Aadhaar data is shared, which emphasizes the shift towards a user-centric identity ecosystem which is also concerned with privacy. 

According to the newly released Aadhaar rules, the use of facial recognition as a valid means of authentication would be officially authorised as of the new Aadhaar rules, while simultaneously tightening consent requirements, purpose-limitations, and data-use requirements to ensure compliance with the Digital Personal Data Protection Act. 

In addition, the revisions indicate a substantial shift in the scope of Aadhaar's deployment in terms of how it is useful, extending its application to an increased range of private-sector uses under stricter regulation, so as to extend its usefulness beyond welfare delivery and government services. This change coincides with a preparation on the part of the Unique Identification Authority of India to launch a newly designed mobile application for Aadhaar. 

As far as officials are concerned, the application will be capable of supporting Aadhaar-based identification for routine scenarios like event access, registrations at hotels, deliveries, and physical access control, without having to continuously authenticate against a central database in real-time. 

Along with the provisions in the updated framework that explicitly acknowledge facial authentication and the existing biometric and one-time password mechanisms, the updated framework is also strengthening provisions governing offline Aadhaar verification, so that identity verification can be carried out in a controlled manner without direct connection to UIDAI's systems. 

As part of the revised framework, offline Aadhaar verification is also broadened beyond the limited QR code scanning that was previously used. A number of verification methods have been authorised by UIDAI as a result of this notification, including QR code-based checks, paperless offline e-KYC, Aadhaar Verifiable Credential validation, electronic authentication through Aadhaar, and paper-based offline verification. 

Additional mechanisms can be approved as time goes by, with the introduction of the Aadhaar Verifiable Credential, a digitally signed document with cryptographically secure features that contains some demographic data. This is the most significant aspect of this expansion. With the ability to verify locally without constantly consulting UIDAI's central databases, this credential aims to reduce systemic dependency on live authentication while addressing long-standing privacy and data security concerns that have arose. 

Additionally, the regulations introduce offline face verification, a system which allows a locally captured picture of the holder of an Aadhaar to be compared to the photo embedded in the credential without having to transmit biometric information over an external network. Furthermore, the amendments establish a formal regulatory framework for entities that conduct these checks, which are called Offline Verification Seeking Entities.

 The UIDAI has now mandated that organizations seeking to conduct offline Aadhaar verification must register, submit detailed operational and technical disclosures, and adhere to prescribed procedural safeguards in order to conduct the verification. A number of powers have been granted to the authority, including the ability to review applications, conduct inspections, obtain clarifications, suspend or revoke access in the case of noncompliance. 

In addition to clearly outlining grounds for action, the Enforcement provisions also include the use of verification facilities, deviation from UIDAI standards, failure to cooperate with audits, and facilitation of identity-related abuse. A particularly notable aspect of these rules is that they require affected entities to be provided an opportunity to present their case prior to punitive measures being imposed, reinforcing the idea of respecting due process and fairness in regulations. 

In the private sector, the verification process using Aadhaar is still largely unstructured at present; hotels, housing societies, and other service providers routinely collect photocopies or images of identity documents, which are then shared informally among vendors, security personnel, and front desk employees with little clarity regarding how they will retain or delete those documents. 

By introducing a new registration framework, we hope to replace this fragmented system with a regulated one, in which private organizations will be formally onboarded as Offline Verification Seeking Entities, and they will be required to use UIDAI-approved verification flows in place of storing Aadhaar copies, either physically or digitally.

With regard to this transition, one of the key elements of UIDAI's upcoming mobile application will be its ability to enable selective disclosure by allowing residents to choose what information is shared for a particular reason. For example, a hotel may just receive the name and age bracket of the guest, a telecommunication provider the address of the guest, or a delivery service the name and photograph of the visitor, rather than a full identity record. 

Aadhaar details will also be stored in the application for family members, biometric locks and unlocks can be performed instantly, and demographic information can be updated directly, thus reducing reliance on paper-based processes. As a result, control is increasingly shifting towards individuals, minimizing the risk of exposure that service providers face to their data and curbing the indefinite circulation of identity documents. 

UIDAI has been working on a broader ecosystem-building initiative that includes regulatory pushes, which are part of a larger effort. In November, the organization held a webinar, in which over 250 organizations participated, including hospitality chains, logistics companies, real estate managers, and event planners, in order to prepare for the rollout. 

In the midst of ongoing vulnerability concerns surrounding the Aadhaar ecosystem, there has been an outreach to address them. Based on data from the Indian Cyber Crime Coordination Centre, Aadhaar Enabled Payment System transactions are estimated to account for approximately 11 percent of the cyber-enabled financial fraud of 2023, according to the Centre's data. 

Several states have reported instances where cloned fingerprints associated with Aadhaar have been used to siphon beneficiary funds, most often after public records or inadequately secure computer systems have leaked data. Aadhaar-based authentication has been viewed as a systemic risk by some privacy experts, saying it could increase systemic risks if safeguards are not developed in parallel with its extension into private access environments. 

Researchers from civil society organizations have highlighted earlier this year that anonymized Aadhaar-linked datasets are still at risk of re-identification and that the current data protection law does not regulate anonymized data sufficiently, resulting in a potential breakdown in the new controls when repurposing and processing them downstream. 

As a result of the amendments, Aadhaar's role within India's rapidly growing digital economy has been recalibrated, with greater usability balanced with tighter governance, as the amendments take into account a conscious effort to change the status of the system. Through formalizing offline verification, restricting the use of data through selective disclosure, and imposing clearer obligations on private actors, the revised regulations aim to curb informal practices that have long contributed to increased privacy and security risks. 

The success of these measures will depend, however, largely on the disciplined implementation of the measures, the continued oversight of the regulatory authorities, and the willingness of industry stakeholders to abandon legacy habits of indiscriminate data collection. There are many advantages to the transition for service providers. They can reduce compliance risks by implementing more efficient, privacy-preserving verification methods. 

Residents have a greater chance of controlling their personal data in everyday interactions with providers. As Aadhaar leaves its open access environments behind and moves deeper into private circumstances, continued transparency from UIDAI, regular audits of verification entities, and public awareness around consent and data rights will be critical in preserving trust in Aadhaar and in ensuring that convenience doesn't come at the expense of security.

There has been a lot of talk about how large-scale digital identity systems can evolve responsibly in an era where data protection expectations are higher than ever, so if the changes are implemented according to plan, they could serve as a blueprint for future evolution.
Read more »
Technology
AI tools Artificial Intelligence CyberCrime organizations Ransomware Technology

AI in Cybercrime: What’s Real, What’s Exaggerated, and What Actually Matters

 



Artificial intelligence is increasingly influencing the cyber security infrastructure, but recent claims about “AI-powered” cybercrime often exaggerate how advanced these threats currently are. While AI is changing how both defenders and attackers operate, evidence does not support the idea that cybercriminals are already running fully autonomous, self-directed AI attacks at scale.

For several years, AI has played a defining role in cyber security as organisations modernise their systems. Machine learning tools now assist with threat detection, log analysis, and response automation. At the same time, attackers are exploring how these technologies might support their activities. However, the capabilities of today’s AI tools are frequently overstated, creating a disconnect between public claims and operational reality.

Recent attention has been driven by two high-profile reports. One study suggested that artificial intelligence is involved in most ransomware incidents, a conclusion that was later challenged by multiple researchers due to methodological concerns. The report was subsequently withdrawn, reinforcing the importance of careful validation. Another claim emerged when an AI company reported that its model had been misused by state-linked actors to assist in an espionage operation targeting multiple organisations.

According to the company’s account, the AI tool supported tasks such as identifying system weaknesses and assisting with movement across networks. However, experts questioned these conclusions due to the absence of technical indicators and the use of common open-source tools that are already widely monitored. Several analysts described the activity as advanced automation rather than genuine artificial intelligence making independent decisions.

There are documented cases of attackers experimenting with AI in limited ways. Some ransomware has reportedly used local language models to generate scripts, and certain threat groups appear to rely on generative tools during development. These examples demonstrate experimentation, not a widespread shift in how cybercrime is conducted.

Well-established ransomware groups already operate mature development pipelines and rely heavily on experienced human operators. AI tools may help refine existing code, speed up reconnaissance, or improve phishing messages, but they are not replacing human planning or expertise. Malware generated directly by AI systems is often untested, unreliable, and lacks the refinement gained through real-world deployment.

Even in reported cases of AI misuse, limitations remain clear. Some models have been shown to fabricate progress or generate incorrect technical details, making continuous human supervision necessary. This undermines the idea of fully independent AI-driven attacks.

There are also operational risks for attackers. Campaigns that depend on commercial AI platforms can fail instantly if access is restricted. Open-source alternatives reduce this risk but require more resources and technical skill while offering weaker performance.

The UK’s National Cyber Security Centre has acknowledged that AI will accelerate certain attack techniques, particularly vulnerability research. However, fully autonomous cyberattacks remain speculative.

The real challenge is avoiding distraction. AI will influence cyber threats, but not in the dramatic way some headlines suggest. Security efforts should prioritise evidence-based risk, improved visibility, and responsible use of AI to strengthen defences rather than amplify fear.



Read more »
ShadyPanda campaign
Chrome Web Store malware Edge spyware extensions Koi Security report malicious browser extensions malware ShadyPanda campaign

Trusted Browser Extensions Turn Rogue in ShadyPanda Malware Campaign Affecting Chrome and Edge

 

Malicious browser extensions sometimes slip into official marketplaces like the Chrome Web Store by disguising themselves as genuine tools. Detecting them becomes even harder when they behave legitimately at first, only turning harmful after users have grown to trust them.

This tactic was recently uncovered on Google Chrome and Microsoft Edge. Researchers at Koi Security discovered several extensions on both platforms that functioned normally for years before being updated with malicious code. These updates enabled attackers to monitor user activity, collect sensitive information, and secretly send that data to external servers. The operation, dubbed ShadyPanda, amassed nearly four million downloads and continues to remain active on Edge.

Earlier this year, threat actors used a similar approach on Firefox. They first released harmless extensions designed to imitate popular cryptocurrency wallets. After gaining approval, downloads, and positive reviews, they later injected malicious functionality that logged user inputs in form fields, allowing attackers to access and steal crypto assets.

According to Koi Security, ShadyPanda originally began as an affiliate fraud scheme. Around 145 extensions posing as wallpaper and productivity tools were published across Chrome and Edge. In the initial phase, these add-ons inserted affiliate tracking codes and generated commission-based revenue through clicks to platforms like eBay, Amazon, and Booking.com. Over time, the campaign escalated to manipulating search results and eventually narrowed down to five extensions launched in 2018 that were later transformed into malware.

Some of these extensions gained significant credibility. They were labeled as Featured and Verified on Chrome, and one cache-cleaning tool called Clean Master achieved a 4.8-star rating from thousands of users. In 2024, updates to these extensions introduced malware capable of checking in hourly for commands, maintaining complete browser access, and transmitting user data back to ShadyPanda-controlled servers. These extensions have since been removed from Chrome.

In 2023, attackers also introduced five additional extensions to Microsoft Edge, including one called WeTab. Two of these functioned as full-scale spyware, and all remained active at the time of Koi Security’s report.

Because malicious extensions often masquerade as legitimate ones, simply scanning your installed add-ons may not reveal any obvious threats. Koi Security has published a list of extension IDs linked to the ShadyPanda campaign, which users should manually check.

On Chrome, users can enter chrome://extensions/ in the address bar, enable Developer mode, and view the IDs of installed extensions. These IDs can then be searched individually using the browser’s find function. If none match the listed malicious IDs, the browser is likely safe. If a match is found, the extension should be removed immediately. Edge users can follow the same steps via edge://extensions/.

This campaign highlights that even long-installed extensions can later be weaponized. Users should apply the same caution to browser add-ons as they do to mobile or desktop apps. Carefully review extension names, as fake ones often closely resemble legitimate tools. Watch for spelling errors, mismatched descriptions or images, and suspicious review patterns, such as an unusually high number of positive ratings in a short time. Conducting additional checks through online searches or community forums like Reddit can also help verify whether an extension is trustworthy.
Read more »
OpenAI
AI Model AI Models AI Systems ChatGPT ChatGPT. OpenAI Cyber Defenses Cyber Security cybersecurity risks OpenAI

OpenAI Warns Future AI Models Could Increase Cybersecurity Risks and Defenses

 

Meanwhile, OpenAI told the press that large language models will get to a level where future generations of these could pose a serious risk to cybersecurity. The company in its blog postingly admitted that powerful AI systems could eventually be used to craft sophisticated cyberattacks, such as developing previously unknown software vulnerabilities or aiding stealthy cyber-espionage operations against well-defended targets. Although this is still theoretical, OpenAI has underlined that the pace with which AI cyber-capability improvements are taking place demands proactive preparation. 

The same advances that could make future models attractive for malicious use, according to the company, also offer significant opportunities to strengthen cyber defense. OpenAI said such progress in reasoning, code analysis, and automation has the potential to significantly enhance security teams' ability to identify weaknesses in systems better, audit complex software systems, and remediate vulnerabilities more effectively. Instead of framing the issue as a threat alone, the company cast the issue as a dual-use challenge-one in which adequate management through safeguards and responsible deployment would be required. 

In the development of such advanced AI systems, OpenAI says it is investing heavily in defensive cybersecurity applications. This includes helping models improve particularly on tasks related to secure code review, vulnerability discovery, and patch validation. It also mentioned its effort on creating tooling supporting defenders in running critical workflows at scale, notably in environments where manual processes are slow or resource-intensive. 

OpenAI identified several technical strategies that it thinks are critical to the mitigation of cyber risk associated with increased capabilities of AI systems: stronger access controls to restrict who has access to sensitive features, hardened infrastructure to prevent abuse, outbound data controls to reduce the risk of information leakage, and continuous monitoring to detect anomalous behavior. These altogether are aimed at reducing the likelihood that advanced capabilities could be leveraged for harmful purposes. 

It also announced the forthcoming launch of a new program offering tiered access to additional cybersecurity-related AI capabilities. This is intended to ensure that researchers, enterprises, and security professionals working on legitimate defensive use cases have access to more advanced tooling while providing appropriate restrictions on higher-risk functionality. Specific timelines were not discussed by OpenAI, although it promised that more would be forthcoming very soon. 

Meanwhile, OpenAI also announced that it would create a Frontier Risk Council comprising renowned cybersecurity experts and industry practitioners. Its initial mandate will lie in assessing the cyber-related risks that come with frontier AI models. But this is expected to expand beyond this in the near future. Its members will be required to offer advice on the question of where the line should fall between developing capability responsibly and possible misuse. And its input would keep informing future safeguards and evaluation frameworks. 

OpenAI also emphasized that the risks of AI-enabled cyber misuse have no single-company or single-platform constraint. Any sophisticated model, across the industry, it said, may be misused if there are no proper controls. To that effect, OpenAI said it continues to collaborate with peers through initiatives such as the Frontier Model Forum, sharing threat modeling insights and best practices. 

By recognizing how AI capabilities could be weaponized and where the points of intervention may lie, the company believes, the industry will go a long way toward balancing innovation and security as AI systems continue to evolve.
Read more »
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
Windows Security
Credential Theft Lumma Stealer malware malware infection National Cyber Security Centre New Zealand Cyber Security Online fraud Windows Security

Malicious Software Compromises 26000 Devices Across New Zealand


Thousands of devices have been infected with malware through New Zealand's National Cyber Security Center, showing the persistent risk posed by credential-stealing cybercrime, which has been causing New Zealand's National Cyber Security Center to notify individuals after an exposure. 

About 26,000 people have been notified by the agency that it is sending an email advising them to visit the Own Your Online portal for instructions on how to remove malicious software from their accounts and strengthen their account security. 

As NCSC Chief Operating Officer Michael Jagusch informed me, the alerts were related to Lumma Stealer, which is a highly regarded strain of malware targeting Windows-based devices. There is a danger that this malware can be used to facilitate identity theft or fraud by covertly harvesting sensitive data like email addresses and passwords. 

Officials noted that Lumma Stealer and other information-stealing tools are still part of an international cybercrime ecosystem that continues to grow, and so users should be vigilant and take proactive security measures in order to protect themselves. It has been reported that the National Cyber Security Centre of the Government Communications Security Bureau has conducted an assessment and found that it is possible that the malicious activity may have affected approximately 26,000 email addresses countrywide. 

As detailed in its statement published on Wednesday, the U.S. Department of Homeland Security has warned that the malware involved in the incident, dubbed Lumma Stealer, is specifically designed to be able to steal sensitive data, including login credentials and other personally identifiable information, from targeted systems.

As noted by the NCSC, this threat primarily targets Windows-based devices, and cybercriminals use this threat to facilitate the fraud of personal information and financial fraud. Thus, it highlights the continued exposure of everyday users to sophisticated campaigns aimed at stealing personal data. 

The issue was discovered by the National Cyber Security Centre's cyber intelligence partnerships, after the agency first worked with government bodies and financial institutions in order to alert a segment of those affected before expanding the effort to notify the entire public. Introducing the NCSC Chief Operating Officer, Michael Jagusch, he said the center has now moved to a broader direct-contact approach and this is its first time undertaking a public outreach of this sort on such a large scale. 

A step he pointed out was that the notifications are genuine and come from the official email address no-reply@comms.ncsc.govt.nz, which helps recipients distinguish between the legitimate and fraudulent ones. It is noteworthy that a recent BNZ survey indicates similar exposure across small and medium businesses, which is in line with the current campaign, which is targeted at households and individuals. 

The research reveals that 65% of small and medium-sized businesses believe scam activity targeting their businesses has increased over the past year; however, 45% of these businesses do not place a high priority on scam awareness or cyber education, despite the fact that their employees routinely handle emails, payment information and customer information. 

There were approximately half of surveyed SMEs who reported that they had been scammed in the last 12 months and many of them had been scammed by clicking links, opening attachments, or responding to misleading messages. According to BNZ fraud operations head Margaret Miller, criminals are increasingly exploiting human behavior as a means of committing fraud rather than exploiting technical flaws, targeting business owners and employees who are working on a daily basis. 

A substantial number of small business owners reported business financial losses following breaches, with 21% reporting business financial losses, 26% a personal financial loss and 30% experiencing data compromise, all of which had consequences beyond business accounts. According to Miller, the average loss was over $5,000, demonstrating that scammers do not only attempt to steal company funds, but also to steal personal information and sensitive business data in the form of financial fraud. 

It is the country's primary authority for helping individuals and companies reduce their cyber risk, and it is housed within the Government Communications Security Bureau.

The National Cyber Security Centre offers help to individuals and organisations and is a chief authority on cyber security. It has three core functions that form the basis of its work: helping New Zealanders make informed decisions about their digital security, ensuring strong cyber hygiene is embedded within essential services and in the wider cyber ecosystem in collaboration with key stakeholders, and using its statutory mandate to combat the most serious and harmful cyber threats through the deployment of its specialist capability. 

Own Your Online, a central part of this initiative, provides practical tools, guidance and resources designed to make cybersecurity accessible for householders, small businesses, and nonprofit organizations, as well as clear advice on prevention and what to do when an incident occurs. In particular, the NCSC owns the Own Your Online platform, which provides practical tools, guidance, and resources. 

There is no doubt that the incident serves as a timely reminder of the increasing sophistication and reach of modern cybercrime, as well as the shared responsibility that must be taken to limit its effects on society. Many experts continue to emphasize the importance of maintaining a safe system, including the use of strong, unique passwords, and the use of multi-factor authentication whenever possible. They advise maintaining your operating system and software up to date as well as using the proper passwords. 

Furthermore, users are advised to remain cautious of any unexpected emails or messages they receive, even if they appear to have come from trusted sources. Likewise, users should exclusively communicate through official channels to avoid any confusion. 

The focus continues to remain on raising awareness and improving resilience among individuals and organisations with the aim of improving digital awareness and improving collaboration between the authorities and the business and financial sector. 

A new approach has been adopted by agencies to encourage early detection, clear communication, and practical guidance that are aimed at reducing immediate harm while also fostering long-term confidence among New Zealanders in navigating an increasingly complex online world.
Read more »
Ransomware
Data Breach Data Theft eCommerce Japan MFA Ransomware

Askul Discloses Scope of Customer Data Theft Following October Ransomware Incident

 



Japanese e-commerce firm Askul Corporation has officially confirmed that a ransomware attack earlier this year led to the unauthorized access and theft of data belonging to nearly 740,000 individuals. The company made the disclosure after completing a detailed investigation into the cyber incident that occurred in October.

Askul operates a large-scale online platform that provides office supplies and logistics services to both corporate clients and individual consumers. The company is part of the Yahoo! Japan corporate group and plays a significant role in Japan’s business-to-business supply chain.

The cyberattack caused serious disruptions to Askul’s internal systems, resulting in an operational shutdown that forced the company to suspend product shipments. This disruption affected a wide range of customers, including major retail partners such as Muji.

Following the conclusion of its internal review, Askul clarified the categories of data that were compromised. According to the company, service-related records of approximately 590,000 business customers were accessed. Data connected to around 132,000 individual customers was also involved. In addition, information related to roughly 15,000 business partners, including outsourcing firms, agents, and suppliers, was exposed. The incident further affected personal data linked to about 2,700 executives and employees, including those from group companies.

Askul stated that it is deliberately limiting the disclosure of specific details related to the stolen data to reduce the risk of further exploitation. The company confirmed that affected customers and business partners will be informed directly through individual notifications.

Regulatory authorities have also been notified. Askul reported the data exposure to Japan’s Personal Information Protection Commission and has implemented long-term monitoring measures to identify and prevent any potential misuse of the compromised information.

System recovery remains ongoing. As of December 15, shipping operations had not fully returned to normal, and the company continues to work toward restoring all affected services.

Responsibility for the attack has been claimed by the ransomware group known as RansomHouse. The group publicly disclosed the breach at the end of October and later released portions of the stolen data in two separate leaks in November and December.

Askul shared limited technical findings regarding how the attackers gained access. The company believes the intrusion began through stolen login credentials associated with an administrator account belonging to an outsourced partner. This account did not have multi-factor authentication enabled, making it easier for attackers to exploit.

After entering the network, the attackers conducted internal reconnaissance, collected additional authentication information, and expanded their access to multiple servers. Askul reported that security defenses, including endpoint detection and response tools, were disabled during the attack. The company also noted that several ransomware variants were deployed, some of which bypassed existing detection mechanisms despite recent updates.

The attack resulted in both data encryption and widespread system failures. The ransomware was executed simultaneously across multiple servers, and backup files were deliberately erased to prevent rapid system recovery.

In response, Askul disconnected affected networks, restricted communication between data centers and logistics facilities, isolated compromised devices, and strengthened endpoint security controls. Multi-factor authentication has since been enforced across critical systems, and all administrator account passwords have been reset.

The financial consequences of the incident have not yet been determined. Askul has postponed its earnings report to allow additional time for a comprehensive assessment of the impact.



Read more »
Threat Intelligence
Cyber Security Hybrid Threats SOC SOC Visibility Threat Intelligence

Fix SOC Blind Spots: Real-Time Industry & Country Threat Visibility

 

Modern SOCs are now grappling with a massive visibility problem, essentially “driving through fog” but now with their headlights dimming rapidly. The playbook for many teams is still looking back: analysts wait for an alert to fire, investigate the incident, and then try to respond. 

While understandable due to the high volume of noise and alert fatigue, this reactive attitude leaves the organization exposed. It induces a clouded vision from structural level, where teams cannot observe threat actors conducting attack preparations, they do not predict campaign sequences aimed at their own sector, and are not capable of modifying the defense until after an attack has been launched.

Operational costs of delay 

Remaining in a reactive state imposes severe penalties on security teams in terms of time, budget, and risk profile. 

  • Investigation latency: Without broader context, analysts are forced to research every suspicious object from scratch, significantly slowing down response times.
  • Resource drain: Teams often waste cycles chasing false positives or threats that are irrelevant to their geography or vertical because they lack the intelligence to filter them out.
  • Increased breach risk: Attackers frequently reuse infrastructure and target specific industries; failing to spot these patterns early hands the advantage to the adversary. 

According to security analysts, the only way out is the transition from the current reactive SOC model to an active SOC model powered by Threat Intelligence (TI). Tools like the ANY.RUN Threat Intelligence Lookup serve as a "tactical magnifying glass," converting raw data into operational assets .The use of TI helps the SOC understand the threats currently present in their environment and which alerts must be escalated immediately. 

Rise of hybrid threats 

One of the major reasons for this imperative change is the increased pace of change in attack infrastructure, specifically hybrid threats. The use of multiple attacks together has now been brought to the fore by recent investigations by the researchers, including Tycoon 2FA and Salty attack kits combining together as one kill chain attack. In these scenarios, one kit may handle the initial lure and reverse proxy, while another manages session hijacking. These combinations effectively break existing detection rules and confuse traditional defense strategies.

To address this challenge, IT professionals need behavioral patterns and attack logic visibility in real time, as opposed to only focusing on signatures. Finally, proactive protection based on industry and geo context enables SOC managers to understand the threats that matter to them more effectively while predicting attacks rather than reacting to them.
Read more »
cybersecurity vulnerability
Critical security flaw critical vulnerabilities Cyber Security cybersecurity risks cybersecurity vulnerability

Critical FreePBX Vulnerabilities Expose Authentication Bypass and Remote Code Execution Risks

 

Researchers at Horizon3.ai have uncovered several security vulnerabilities within FreePBX, an open-source private branch exchange platform. Among them, one severity flaw could be exploited to bypass authentication if very specific configurations are enabled. The issues were disclosed privately to FreePBX maintainers in mid-September 2025, and the researchers have raised concerns about the exposure of internet-facing PBX deployments.  

According to Horizon3.ai's analysis, the disclosed vulnerabilities affect several FreePBX core components and can be exploited by an attacker to achieve unauthorized access, manipulate databases, upload malicious files, and ultimately execute arbitrary commands. One of the most critical finding involves an authentication bypass weakness that could grant attackers access to the FreePBX Administrator Control Panel without needing valid credentials, given specific conditions. This vulnerability manifests itself in situations where the system's authorization mechanism is configured to trust the web server rather than FreePBX's own user management. 

Although the authentication bypass is not active in the default FreePBX configuration, it becomes exploitable with the addition of multiple advanced settings enabled. Once these are in place, an attacker can create HTTP requests that contain forged authorization headers as a way to provide administrative access. Researchers pointed out that such access can be used to add malicious users to internal database tables effectively to maintain control of the device. The behavior greatly resembles another FreePBX vulnerability disclosed in the past and that was being actively exploited during the first months of 2025.  

Besides the authentication bypass, Horizon3.ai found various SQL injection bugs that impact different endpoints within the platform. These bugs allow authenticated attackers to read from and write to the underlying database by modifying request parameters. Such access can leak call records, credentials, and system configuration data. The researchers also discovered an arbitrary file upload bug that can be exploited as part of having a valid session identifier, thus allowing attacks to upload a PHP-based web shell and use command execution against the underlying server. 

This can be used for extracting sensitive system files or establishing deeper persistence. Horizon3.ai noted that the vulnerabilities are fairly low-complexity to exploit and may enable remote code execution by both authenticated and unauthenticated attackers, depending on which endpoint is exposed and how the system is configured. It added that the PBX systems are an attractive target because such boxes are very exposed to the internet and also often integrated deeply into critical communications infrastructure. The FreePBX project has made patches available to address the issues across supported versions, beginning the rollout in incremental fashion between October and December 2025.

In light of the findings, the project also disabled the ability to configure authentication providers through the web interface and required administrators to configure this setting through command-line tools. Temporary mitigation guidance issued by those impacted encouraged users to transition to the user manager authentication method, limit overrides to advanced settings, and reboot impacted systems to kill potentially unauthorized sessions. Researchers and FreePBX maintainers have called on administrators to check their environments for compromise-especially in cases where the vulnerable authentication configuration was enabled. 

While several vulnerable code paths remain, they require security through additional authentication layers. Security experts underscored that, whenever possible, legacy authentication mechanisms should be avoided because they offer weaker protection against exploitation. The incident serves as a reminder of the importance of secure configuration practices, especially for systems that play a critical role in organizational communications.
Read more »
Rockrose Development data breach
construction company cyberattack Data Breach July 2025 ransomware attack Play ransomware gang real estate Rockrose Development data breach

Rockrose Development Notifies Over 47,000 People of July 2025 Data Breach Linked to Play Ransomware Gang

 

Rockrose Development confirmed over the weekend that it has notified 47,392 individuals about a data breach that occurred in July 2025. The incident exposed sensitive personal information belonging to both residents and employees.

According to the company, the compromised data includes names, Social Security numbers, taxpayer identification numbers, driver’s license and passport details, financial account and routing numbers, health insurance information, medical records, and online account credentials.

Soon after the breach, a ransomware group known as Play claimed responsibility. The group alleged it had accessed and stolen documents related to Rockrose’s clients, budgeting, payroll, accounting, and tax records, along with identification and financial information. Rockrose has not confirmed the authenticity of Play’s claims.

At this time, it remains unclear whether Rockrose paid a ransom, how much was demanded, or the specific method attackers used to gain access to the company’s systems. Comparitech has reached out to Rockrose for comment and stated it will update its reporting if a response is received.

“Rockrose determined that unauthorized individuals accessed Rockrose’s systems and claim to have acquired confidential information stored in certain of those systems,” the company stated in its notification to affected individuals.

To mitigate potential harm, Rockrose is offering eligible victims 24 months of complimentary identity protection services through Experian. Impacted individuals must enroll by March 31, 2026.

Play is a ransomware operation that has been active since June 2022, targeting organizations across sectors such as healthcare, finance, manufacturing, real estate, and education. The group uses a double-extortion strategy, demanding payment not only to decrypt compromised systems but also to prevent stolen data from being leaked or sold.

So far in 2025, Play has taken credit for 41 confirmed ransomware attacks, in addition to 339 unverified claims that have not been publicly acknowledged by the affected organizations.

Rockrose is not the only construction-related firm allegedly targeted by Play this year. Other organizations that have reported breaches attributed to the group include Rock Solid Stabilization & Reclamation, Gorham Sand & Gravel, Thomas Safran & Associates, and All States Materials Group.

Ransomware Trends in Construction and Real Estate

Comparitech researchers report that, as of 2025, there have been 12 confirmed ransomware attacks against U.S. construction companies and real estate developers, impacting a total of 69,513 records. The Rockrose incident accounts for the majority of these exposed records and is the largest such attack recorded since tracking began in 2018.

Additional recent incidents include breaches at Abhe & Svoboda and Barr & Barr, both reportedly linked to the Akira ransomware group.

Ransomware attacks can severely disrupt construction and real estate firms by locking access to systems, stealing sensitive data, and interrupting critical operations such as payroll, billing, communications, and website functionality. Organizations often face the difficult choice of paying a ransom or enduring prolonged downtime and increased fraud risk for customers.

Established in 1970, Rockrose Development has acquired, developed, or repositioned approximately 15,000 residential apartments across New York and Washington, DC. The company also manages nearly 6 million square feet of office space, according to information published on its website.
Read more »
Tech Support Scam
Bitcoin ATM Scam Call Center Scam Cross Border Cybercrime Cryptocurrency Fraud Cyber Fraud CyberCrime Cybersecurity Investigation Fake Microsoft Support Tech Support Scam

Fake Microsoft Support Call Center Scam Targeting US Citizens Brought Down


 

An investigation by the Bengaluru police has revealed that a sophisticated cyber fraud operation was operating in the city masquerading as Microsoft Technical Support, targeting U.S. citizens in an attempt to defraud them, bringing an end to a transnational scam network that has been working from the city for some time. 

On Saturday, the Special Cell of the Cyber Command, in coordination with the Cyber Crime Police of the Whitefield Division, conducted a raid at the premises of a firm known as Musk Communications in response to certain intelligence. 

The raid was conducted based on specific intelligence. A number of investigations have revealed that the company, which began operations in August, has established a scam center that is fully functional and consists of approximately 4,500 square feet of space, where employees allegedly pose as Microsoft support technicians in order to deceive foreign nationals and defraud them. 

Several individuals have been arrested from the facility for being directly involved in the fraudulent activities, according to police. This operation was designed with the intent of systematically exploiting overseas victims through carefully orchestrated technical support scams, and according to police, 21 individuals have been arrested. Several rented office spaces were used by the racket, where callers dressed up as Microsoft representatives and targeted residents throughout the country as a whole. 

A number of victims have been targeted either directly or through deceptive pop-up messages that falsely stated that their computer was infected with malware or had been compromised, leading them to be lured in. Once the callers had established a connection with the target, they convinced them to install remote access applications like AnyDesk or TeamViewer, which allowed the fraudsters to take control of the target computer system. 

During these scams, police allege that the accused intentionally generated false technical glitches, frozen computer screens, or generated fake virus alerts to increase anxiety in victims and coerce them into paying for services that were unnecessary, nonexistent, or unreliable. 

According to investigators, the group has been charging amounts ranging from several hundred dollars up to several thousand dollars for sham repairs, extended warranties, and counterfeit security subscriptions. According to investigators, the organization may have facilitated the funneling of crores of rupees through international payment gateways designed to obscure financial records for over a year. 

The raid resulted in the discovery of 35 computers, 45 mobile phones, Voice over IP-based communication systems, scripted call templates, and extensive customer data logs which contained the details of hundreds of prospective targets and a variety of other items. It has been reported that the arrestees were trained to adopt an American accent so as not to raise suspicion, underscoring the systematic and calculated nature of the fraud.

As a result of this case, the police said that cross-border technology support scams are becoming increasingly prevalent, preying on seniors and digitally vulnerable individuals overseas, and that further investigations are currently underway to find out who was behind the fraud, who provided the money, and who was involved in it overseas.

According to Bengaluru Police Cyber Crime Division officials, the syndicate targeted victims both in the United States and in the United Kingdom. It falsely appeared to represent itself as Microsoft's technical support department. 

During the course of the investigation, it was learned that callers escalated the deception by citing fabricated Federal Trade Commission violations, informing victims that their systems were being compromised or that they were being involved in unlawful online activity. This fraudster has allegedly demanded substantial payments in Bitcoin as a means of resolving these purported threats, and instructed victims to deposit money at cryptocurrency ATMs. 

According to police estimates, the individual losses are estimated to have averaged around $10,000. A number of intimidation tactics were employed to pressure compliance by the operation, including false legal penalties and urgent cyber alerts. Senior IPS officers confirmed that the majority of those targeted were elderly individuals who are not familiar with digital security practices. 

Further inquiries revealed that there were nearly 85 people employed in Bengaluru to manage the company's data, handle calls, and simulate foreign technology executives, in a professionally layered setup. There were a number of elements involved in the operation, including American accents, detailed scripts, and email addresses that were designed to mimic official Microsoft and U.S. regulatory addresses. 

It was the task of those arrested to extract personal and financial information during staged troubleshooting sessions, which then allowed payments to be converted to cryptocurrency, which disguised the financial trail in the process. It has been reported that backend systems linked the operation to foreign digital wallets and crypto exchanges that are already under scrutiny by US authorities. 

As a result of this investigation, the investigators are now looking at tracking Bitcoin transactions and identifying international collaborators involved in routing the proceeds. The government is collaborating with Interpol and the federal government to map digital wallet movements and preliminary findings indicate that between August and November 2025, at least $13.5 crore was transferred in multiple tranches through Bitcoin ATMs in multiple batches. 

Additionally, analysts are analyzing the seized servers to find out how the syndicate sourced contact information of overseas victims. As officials pointed out, Bengaluru is becoming increasingly vulnerable to cybercrime networks worldwide. 

It is due to this that skilled manpower and readily available digital infrastructure are being exploited by fraud rings operating under the cover of technology support firms in Bengaluru, prompting tighter monitoring of the registration of startups, co-working spaces, and tech parks around the city. 

Since August, investigators have discovered that the network has contacted 150 victims across the United States and the United Kingdom, coercing them into depositing large sums of money-often close to $10,000-through Bitcoin ATMs, causing them to withdraw substantial sums. In a statement to the IPS, a senior officer stated that authorities are currently extracting and verifying financial information about victims. 

The officer also stated that preliminary findings indicate cryptocurrency kiosks are the primary means by which illicit payments are collected. A police report states that the accused posed as a technical support representative for Microsoft around the world and invoked fabricated Federal Trade Commission violations as a way of instilling fear in the public. Under the guise of mandatory security fixes and regulatory compliance procedures, the accused demanded money. 

According to the reports, the operation's three key masterminds remain absconding and are believed to have orchestrated similar scams targeting victims across the U.S. and the U.K. since 2022. In a scheme of this magnitude, Musk Communications rented a 4,500-square-foot office space in August at a monthly charge of Rs. 5 lakh, where the gang planned to deploy malicious Facebook ads that were targeted at American users as part of its campaign against the US government.

 In the ads, investigators found embedded code that mimicked legitimate security alerts; when clicked on, it would freeze the user's system and trigger a fake pop-up message that appeared to be from Microsoft's global support center with a counterfeit helpline number, which claimed to originate from that support center. 

According to the alleged victim, who contacted the number was told that their computer systems had been hacked, IP addresses had been compromised, and their banking information had been compromised, and they were subsequently pressured into making high-value payments using Bitcoin ATMs, which subsequently triggered the scam.

According to the Police, the company employed 83 employees, including 21 technical operators who were directly involved in the fraud. The salaries for these employees ranged from $15k to $25k per month. Among the other arrests confirmed by investigators in this case was Ravi Chauhan, an Ahmedabad resident, alleged to have been a major part of recruiting nearly 85 staff members for this operation. This brings the total number of arrests in this case to 22 as the investigation continues to pursue remaining suspects and the financial flows that are tied to this scheme. 

There has been a surge in organized cybercrime syndicates operating across borders in recent years, and authorities have issued warnings about the evolving tactics and techniques they are using, particularly those that exploit the trust people have in recognized technology brands internationally. 

Moreover, the police emphasized that legitimate companies such as Microsoft should not initiate unsolicited technical support calls, issue pop-up warnings butting into the system immediately, or seek payments through cryptocurrency channels in order to receive support. 

It was urged by officials that users, particularly those who were unfamiliar with digital platforms and elderly, should exercise caution when faced with alarming online messages or calls claiming legal or security violations, and that they should verify the claims by going to official websites or using authorised service channels.

It has also been emphasized by cybercrime investigators that the need for stronger awareness campaigns needs to be strengthened, short-term commercial rentals need to be closely scrutinized, and online advertising platforms need to be more tightly regulated so they can deliver malicious content on a more regular basis.

This investigation is continuing to trace financial flows and international connections, and authorities are stating that the case serves as a reminder of how sophisticated and large-scale modern tech-support fraud really is, underscoring the need for digital literacy, cross-border cooperation, and timely reporting as a way of counteracting scams that take advantage of fear, urgency, and misinformation.
Read more »
Software
GitHub malware PyStoreRAT Remote Access Trojan Software

PyStoreRAT Campaign Uses Fake GitHub Projects to Target OSINT and IT Professionals

 


Cybersecurity researchers have identified a previously undocumented malware operation that leverages GitHub to distribute a threat known as PyStoreRAT. The campaign primarily targets individuals working in information technology, cybersecurity, and open-source intelligence research, exploiting their reliance on open-source tools.

The findings were published by Morphisec Threat Labs, which described the operation as a coordinated and deliberate effort rather than random malware distribution. The attackers focused on blending into legitimate developer activity, making the threat difficult to detect during its early stages.

PyStoreRAT functions as a Remote Access Trojan, a type of malware that enables attackers to maintain hidden and persistent access to an infected system. Once deployed, it can gather detailed system information, execute commands remotely, and act as a delivery mechanism for additional malicious software.

According to the research, the attackers began by reviving dormant GitHub accounts that had shown no activity for extended periods. These accounts were then used to upload software projects that appeared polished, functional, and credible. Many of the repositories were created with the help of artificial intelligence, allowing them to closely resemble genuine open-source tools.

The fake projects included OSINT utilities, decentralized finance trading bots, and AI-based applications such as chatbot wrappers. Several of these repositories gained visibility and user trust, with some rising through GitHub’s trending rankings. Only after achieving engagement did the attackers introduce subtle updates that quietly embedded the PyStoreRAT backdoor under the guise of routine maintenance.

Once active, PyStoreRAT demonstrates a high degree of adaptability. Morphisec researchers found that it profiles infected systems and can deploy additional payloads, including known data-stealing malware families and Python-based loaders. The malware also modifies its execution behavior when it detects certain endpoint protection products, reducing its exposure to security monitoring.

The threat is not limited to a single delivery method. PyStoreRAT can propagate through removable storage devices such as USB drives and continuously retrieves updated components from its operators. Its command-and-control infrastructure relies on a rotating network of servers, allowing attackers to issue new instructions quickly while complicating takedown efforts.

Researchers also identified non-English language elements within the malware code, including Russian-language terms. While this does not confirm attribution, Morphisec noted that the level of planning and operational maturity places the campaign well beyond low-effort GitHub-based malware activity.

GitHub has removed the majority of the malicious repositories linked to the campaign, though a small number were still accessible at the time of analysis. Security experts stress that developers and researchers should remain cautious when downloading tools, carefully review code changes, and avoid running projects that cannot be independently verified.

Morphisec concluded that the campaign surfaces a vastly growing trend, where attackers combine AI-generated content, social engineering, and resilient cloud infrastructure to bypass traditional security defenses, making awareness and verification more critical than ever.



Read more »
Subscribe to: Comments (Atom)