cybersecurity

Cert-In issues high-severity warning for WhatsApp desktop users

Cert-In has issued a high severity security alert for WhatsApp desktop users. The vulnerability allows hackers to disguise malicious files, potentially leading to unauthorised access, data theft, and arbitrary code execution. Users are strongly advised to update their WhatsApp desktop application immediately.

Tata Tech's confidential business info, employee details leaked on dark web by hackers

The ransomware group behind the move, Hunters International, claims the data trove contains more than 730,000 documents totaling about 1.4 terabytes, including Excel spreadsheets, PowerPoint presentations, and PDFs

Cyber fraud in India: $12.2 mn lost, 13,384 cases reported in first nine months of 2024-25

According to the data, fraud cases involving ₹100,000 or more ($1,150) have risen drastically over the years. The amount lost to these cybercrimes reached a record ₹177 crore ($20.2 million) in FY 2024

Chinese espionage group Silk Typhoon has new tactics to target US networks

Since late 2024, Silk Typhoon has been observed leveraging stolen API keys and credentials to infiltrate IT providers, managed service providers (MSPs), and cloud data management firms

US exposes ‘hacker-for-hire ecosystem’, charges 12 with hacking American agencies for China

The case shines a light on what American officials have described as a booming hacking-for-hire ecosystem in China, where government agencies and officers hire private companies to target victims of particular interest

Biggest crypto heist ever: How did hackers steal $1.5 billion from Bybit?

Hackers stole $1.5 billion worth of Ethereum from Dubai-based crypto exchange Bybit in what is believed to be the largest digital heist to date. The breach occurred during a routine transfer from a cold wallet, with attackers exploiting security vulnerabilities. Bybit confirmed all client assets remain backed 1:1, despite over $5.5 billion in withdrawal requests. Investigations suggest North Korea’s Lazarus Group may be behind the attack

Hacker claims he stole over 20 million credentials from OpenAI, AI company says no evidence of breach

Cybersecurity experts at Malwarebytes Labs uncovered a post on a cybercrime forum by a user known as ‘emirking,’ who alleged they had access to a massive dataset containing millions of OpenAI account details. While OpenAI denies a breach, such leaks can have serious consequences

Several iOS and Android apps infected with malware that steals crypto info, 'reads' screenshots

SparkCat's is concerning because it has bypassed stringent app store reviews, infecting apps that seemed completely legitimate. SparkCat has been embedded in several apps across the Apple App Store and Google Play and is designed to steal sensitive cryptocurrency wallet data

Italian data protection watchdog goes after DeepSeek, seeks detailed info on personal data collection

In an official statement, Italian Data Protection Authority, Garante, revealed that it has reached out to both DeepSeek's offices in Hangzhou and Beijing to understand what personal data its chatbot collects, the purposes for which this data is used, and where it is stored

Google to step up cyber defences after employee faced a devastating phishing attack

The phishing attempt was particularly convincing, as the scammer used a genuine Google phone number and a well-crafted email to trick the victim. The email appeared official, coming from a valid Google domain, ‘workspace-noreply@google.com’