News

Authorities apprehended a key suspect in a massive cryptocurrency fraud case involving approximately Rs 20,000 crore while he was attempting to flee to Sri Lanka. The arrest marks a significant development in one of India's largest crypto-related financial crimes. Investigators have been tracking the accused's movements as part of their ongoing probe into the elaborate scheme. The case highlights the growing menace of cryptocurrency-based frauds targeting Indian investors and the need for enhanced border vigilance to prevent accused criminals from absconding. Further details about the investigation and the accused's role in the scam are expected to emerge as authorities continue their inquiry. Source: NDTV.

Microsoft has released its March 2026 security updates, addressing 77 vulnerabilities across its Windows operating systems and additional software applications. Unlike previous months, there are no critical 'zero-day' vulnerabilities reported this time. However, organizations using Windows should prioritize some of these patches due to potential risks. It's important for users and IT administrators to stay informed about the updates to ensure their systems remain secure against possible cyber threats. Regular application of patches can help maintain the safety of user data and enhance overall cybersecurity posture. Source: CyberSathi.in.

Artificial Intelligence-based assistants are becoming increasingly popular among developers and IT professionals. These autonomous programs can access a user's computer, files, and online services to automate various tasks. However, their rapid adoption is raising new security concerns for organizations. The use of these tools is reshaping security priorities and creating challenges in distinguishing between trusted colleagues and potential insider threats. This blurring of roles is further complicated by the varying levels of expertise among users, from advanced hackers to beginners. As AI becomes more integrated into workplace processes, it is crucial for organizations to address these emerging risks. Source: [publication name].

A statistical analysis spanning 2008 to 2024 documents the growing trend of bank fraud cases across India. The data reveals how fraudulent activities targeting financial institutions have evolved over this 16-year period, reflecting changing tactics used by cybercriminals and fraudsters. This comprehensive overview helps understand the scale of banking sector vulnerabilities in the country. The statistics underscore the importance of strengthened security measures, customer awareness, and regulatory oversight to combat fraud. Banks and customers alike must remain vigilant against evolving threats including phishing, identity theft, and unauthorized transactions. The data serves as a crucial reference point for policymakers and financial institutions working to reduce fraud incidents and protect depositors' interests. Source: Statista.

Security researcher KrebsOnSecurity recently uncovered details about a major botnet named Kimwolf, which has become one of the largest and most disruptive of its kind. The person behind Kimwolf, who uses the online handle 'Dort', is alleged to have orchestrated various cyber-attacks, including distributed denial-of-service (DDoS) attacks and harassment against individuals who disclosed vulnerabilities related to the botnet. Reports indicate that Dort's actions have escalated to severe threats, including the deployment of a SWAT team to a researcher's home. This investigation sheds light on who Dort is based on the available public information. Source: KrebsOnSecurity.

An Indore family fell victim to a sophisticated scam involving deepfake technology. Scammers used fabricated video calls depicting a family member in apparent distress, claiming kidnapping and demanding ransom. The fraudsters successfully extracted Rs 1 lakh from the victims before the deception was discovered. This incident highlights the emerging threat of deepfake videos being weaponized for extortion purposes. Authorities warn residents to verify claims through alternative means before making payments and to report such incidents immediately. Source: The Indian Express.

The Space Industry Association India and CERT-In have jointly released comprehensive cybersecurity guidelines to protect India's space ecosystem. These guidelines establish security standards and best practices for organizations operating in the space sector, addressing vulnerabilities and cyber threats specific to space infrastructure. The initiative aims to strengthen India's space security posture as the sector expands its capabilities and commercial activities. The joint effort between the industry body and the government's cybersecurity authority represents a coordinated approach to safeguarding critical space assets and data from cyber attacks. Source: PIB.

A technical analysis reveals significant inaccuracies in Windows documentation for the GetProcessHandleFromHwnd API, which was exploited in a UAC bypass vulnerability via Quick Assist. The API's documented security properties don't match its actual implementation. Claims about UI Access requirements, Windows hook usage, and user-level restrictions were found to be incomplete or incorrect. The API was first introduced in Windows Vista through oleacc.dll. Historical code analysis shows the API has evolved significantly over the years, with the Win32k kernel implementation differing substantially from documented behavior. Understanding these discrepancies is crucial for identifying potential security vulnerabilities in Windows privilege escalation attacks.

Indian citizens are becoming victims of sophisticated fraud networks operating through fake overseas job offers. Scammers lure job seekers with lucrative employment opportunities abroad, then trap them in criminal operations or extract money through various fraudulent schemes. Victims often face coercion to participate in further illegal activities or money laundering. Authorities have reported increasing cases of digital arrests—where victims are held virtually or physically threatened. These networks operate across borders, making law enforcement coordination challenging. Victims lose savings and personal data while becoming unwitting participants in larger crime syndicates. The scam highlights the vulnerability of job seekers desperate for overseas employment. Source: The Hindu.

A new phishing service named 'Starkiller' allows fraudsters to trick victims by using real login pages for popular websites. This service works by connecting users to the actual site while capturing their login credentials and multi-factor authentication (MFA) codes. As a result, victims unwittingly provide their sensitive information, which is then relayed to the real website. Traditional phishing sites are often short-lived as security measures quickly remove them, but Starkiller’s approach makes it harder for authorities to shut down these operations. Users should remain cautious and ensure they are on legitimate websites before entering any personal information. Source: [publication name].

A new wave of 'digital arrest' scams is targeting Indian citizens, exploiting fear of legal consequences to extract money and personal information. Scammers impersonate law enforcement officials, threatening victims with fake arrest warrants related to money laundering or drug smuggling. Victims are coerced into transferring funds or revealing sensitive details while being held in virtual detention. These scams exploit weaknesses in cybersecurity awareness and psychological manipulation. Authorities warn citizens to verify official communications directly with police departments and never share OTPs or banking credentials based on unsolicited calls or messages. Source: Frontline Magazine.

Large-scale ransomware attacks are creating serious problems for businesses worldwide, with India, the United States, and Europe becoming primary targets. These coordinated infection events are affecting enterprises across multiple sectors, disrupting operations and threatening data security. Organizations in these regions face escalating risks from sophisticated ransomware campaigns designed to encrypt critical systems and demand ransom payments. The incidents highlight the vulnerability of corporate infrastructure to organized cyber threats and underscore the urgent need for stronger security measures, employee training, and incident response capabilities. Businesses are urged to strengthen defenses and prepare contingency plans. Source: ET Edge Insights.