thecybershark, Author at The Cyber Shark

Police Say Former Odisha IT Minister Loses Rs 1.4 Crore to Cybercriminals

Former Odisha IT Minister and MLA Tusharkanti Behera lost Rs 1.4 crore to cyber fraud, allegedly through a friend’s misuse of his trading account. Police have arrested seven suspects and frozen Rs 15 lakh while continuing the investigation. Bhubaneswar: On March 31, 2025, a top police officer here stated that an Odisha IT Minister A and former information technology minister had lost Rs 1.4 due to cyber fraud in around a month and a half.In relation to the crime, seven people were taken into custody by the police: three from Tamil Nadu and four from Karnataka. But in January, the former minister filed a police complaint in this respect, alleging that a buddy had been using his trading account and misappropriated the funds. Odisha IT Minister to say the police officer claimed that the accused and their colleagues used to pretend to be trade analysts in order to get individuals to invest money in shares, IPOs, and other trades by promising them large profits. Between November 13, 2024, and January 1, 2025, the accused obtained Rs 1.40 crore fraudulently from the complainant, according to the Crime Branch’s cybercrime unit, which conducted the inquiry, he added. Sarthak Sarangi, the IG for the Crime Branch, stated during a news conference that on January 13 of this year, “we received a complaint that cyber fraudsters swindled Rs 1.4 crore from the complainant through a mobile app.” He did not, however, identify the complainant because he believed it would interfere with the inquiry. The complainant, according to police sources, is an IIT graduate, a current Odisha IT Minister , and a former minister of information technology. However, former IT minister and BJD Odisha IT Minister Tusharkanti Behera told reporters: “My friend used my trading account and lost the money to cyber fraud.” I don’t know anything about the fraud directly. According to Sarangi, bank accounts in Karnataka, Kerala, Tamil Nadu, Telangana, West Bengal, Delhi, Himachal Pradesh, Assam, and Maharashtra have received the funds. Seven people were taken into custody by crime branch teams that were dispatched to Karnataka, Tamil Nadu, and Kerala during the first phase. “Very soon we will send our teams to Hyderabad, West Bengal and Delhi to arrest other accused persons in this case,” the officer said. According to him, the Crime Branch has frozen Rs 15 lakh in the accused individuals’ bank accounts and recovered Rs 4 lakh from them thus far.According to Sarangi, a Navy commander and a university vice-chancellor were lately the targets of cyber fraud.

Business fraud losses of 9.5 lakhs are recovered by a cybercrime team A Major Victory

Hyderabad Cyber Crime Unit recovered ₹9.5 lakh from fraudsters who tricked a businessman with a fake business fraud opportunity fraud. Authorities warn against upfront payment scams and advise verifying company legitimacy. A businessman who was defrauded by cybercriminals was successfully refunded ₹9,50,531 by the Hyderabad City Cyber Crime Unit. The police emphasized that the likelihood of recovering lost money can be increased by reporting such fraud right away. To receive assistance, victims can call the cybercrime helpline 1930 or visit cybercrime.gov.in. According to the police, a 32-year-old complainant in this case was tricked into sending the money to bank accounts that the scammers had offered under the guise of a business fraud opportunity. Inspector K. Prasada Rao headed a squad that located and detained the accused in Sector-7, Dwarka, New Delhi, together with SI Abhishek, HC Satish, and PCs Srinivas Reddy and Kranthi Kumar Reddy. A demand draft was used to successfully return the whole money to the victim. Authorities have issued warnings to entrepreneurs about fraudulent schemes in which fraudsters demand upfront fees for website construction, ISO certification, and registration in exchange for lucrative business fraud negotiations. It is advised that victims check the legitimacy of the company, refrain from making sizable upfront payments, and be wary of unsolicited offers.

Goa Police Bust Cybercrime Recruitment Ring, Arrest Three for Exploiting Victims

Goa Police arrested three individuals for defrauding people into working for cybercrime centres in Thailand and planning to expand operations internationally. PANAJI: According to the Goa Police , three persons, including a Kazakh national of Chinese descent, have been taken into custody for allegedly defrauding people into working for cybercrime centres in Thailand. On March 26, the accused, named as 22-year-old Talaniti Nulaxi, was taken into custody at Indira Gandhi International Airport in New Delhi. On that same day, authorities issued a lookout notice for him when he tried to leave the country, according to the police. Following the arrest of Adithya Ravichandran, 22, of Bengaluru, and his supervisor, Rupnarayan Gupta, 36, of Mumbai, who claimed to be operating an organization that assisted individuals in finding employment overseas, Goa Police located Nulaxi. Additionally, the gang hired victims to perpetrate forced financial fraud through WeChat, Zoom, Telegram, WhatsApp, and other social media sites. Rahul Gupta, the superintendent of Goa Police , stated that the gang held Zoom interviews and meetings to talk about how they operate. Adithya was employed by the second defendant, Rupnarayan Gupta, who owns and operates Ivanka, a Mumbai-based employment agency in Mulund West. The Ministry of External Affairs has not registered the agency to transport Indians overseas. According to Gupta, Rupnarayan forwards candidate data to recruiters overseas for interviews after receiving it from his national agents. During her five days in Bengaluru, Talaniti Nulaxi assisted with setting up a call centre. Chinese people are living in Thailand, Cambodia, and other places. They have a hierarchical, well-organized apparatus. He is a member of this wider network. Gupta added, “This is a component of the broader investigation that will continue over the next few days.” The inquiry also showed that the group was recruiting young women under the guise of “work from home,” who were subsequently used for extortion and honey traps, according to Goa’s Director General of Goa Police Alok Kumar. We are also looking into some information that has surfaced so far that suggests this group was considering opening contact centres in India, Nepal, and a few other nations they had identified that were comparable to those in Thailand, Myanmar, and Cambodia. Additionally, he was in negotiations to rent space in multi-story buildings for the same purpose, according to Alok Kumar.

Mozilla Fixes a Serious Firefox Issue Like the New Zero-Day Vulnerability in Chrome

Mozilla has patched a critical sandbox escape vulnerability (CVE-2025-2857) in Firefox for Windows, with no evidence of active exploitation. Only a few days after Google patched a similar vulnerability in Chrome that was actively exploited as a zero-day, Mozilla has published fixes to fix a serious security weakness affecting its Firefox browser for Windows. According to descriptions, the security flaw CVE-2025-2857 is an instance of an improper handle that could result in a sandbox escape. “Following the recent Chrome , Mozilla sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC [inter-process communication] code,” an alert from Mozilla stated. “A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.” In Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1, the flaw that impacts both Firefox and Firefox ESR has been fixed. CVE-2025-2857 has not been exploited in the wild, according to any evidence. To address CVE-2025-2783, which has been used in the wild as part of attacks on Russian government agencies, media outlets, and educational institutions, Google published Chrome version 134.0.6998.177/.178 for Windows. The infection happened when unidentified victims clicked on a specifically constructed link in phishing emails and used Chrome to access the attacker-controlled website, according to Kaspersky, which discovered the activity in mid-March 2025. According to reports, CVE-2025-2783 was linked to another unidentified browser exploit to bypass the sandbox’s restrictions and accomplish remote code execution. Nevertheless, fixing the flaw successfully stops the whole assault chain. Since then, the vulnerability has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) database, and federal agencies are required to implement the required mitigations by April 17, 2025. To protect themselves from potential threats, users are advised to update their browser instances to the most recent versions.

Over 13 Million Indian Banking Customers’ Data Allegedly Leaked and Sold on Dark Web

A threat actor claims to have stolen and is selling sensitive financial data of over 13 million Indian banking customers on the dark web. A threat actor has surfaced on a well-known dark web forum, claiming to have gained access to and exfiltrated sensitive financial data belonging to over 13 million Indian banking customers. This shocking revelation has raised serious concerns about the state of data security in India’s banking ecosystem. The purported data dump, which is allegedly the product of a significant breach, is currently being offered for $10,000 to one buyer alone. Scope of the Leak According to the dark web article, the compromised data include financial and personal details like: Full names of account holders Indian Banking Customers account numbers Indian Banking Customers IFSC codes Indian Banking Customers Registered mobile numbers Indian Banking Customers Email addresses The threat actor has allegedly supplied a sample of 6,000 data from the purported breach to bolster the veracity of the claim. The entire dataset, which is 11.2 GB in size, is reportedly formatted in CSV. By declaring that only one buyer would be considered and that escrow services would be accepted to complete the transaction, the threat actor further highlighted the gravity of the sale. This unusual approach demonstrates the actor’s faith in the veracity of the breach. Top Banks Allegedly Affected The forum post claims that the customer datasets of numerous well-known Indian financial institutions are impacted by the incident, including: State Bank of India (SBI) HDFC Bank ICICI Bank Kotak Mahindra Bank Several other private and public sector banks Cyber intelligence specialists are conjecturing about a potential vulnerability exploited through third-party banking APIs or KYC data aggregators, even though the exact manner of infiltration is still unknown. Potential Risks and Implications Experts in cybersecurity caution that if confirmed, such a vulnerability might have serious repercussions: Financial fraud: Access to account numbers and phone numbers could allow cybercriminals to launch targeted phishing or vishing attacks. Identity theft: The combination of email, phone numbers, and bank data could allow for large-scale impersonation and KYC fraud. Reputational damage: If major banks are indeed involved, the fallout could impact consumer trust and regulatory compliance in the fintech space. A senior analyst at a top cybersecurity company declared, “This is not just a leak; if verified, it’s a bombshell.” The scale and extent point to either extreme neglect or a profound penetration. By using escrow, the seller demonstrates their expertise in high-value cybercrime activities. Authorities and Institutions on Alert The Reserve Bank of India (RBI) and the Indian Computer Emergency Response Team (CERT-In) have not yet released a formal statement. Additionally, no confirmations or rejections have been made by representatives of the banks listed in the leak. Dark Web Marketplace Trends This hack is just one more illustration of how the dark web is developing into a marketplace for strategic and private information. Threat actors are increasingly acting like businesses by offering escrow, negotiating exclusive deals with buyers, and supplying samples. Because of the growth of fintech apps and digital banking, there is still a high demand for banking data in particular. Previous instances have demonstrated how these leaks support account takeovers, loan fraud, and social engineering.

Crackdown on digital fraud by the Indian government: What to anticipate soon

India is ramping up digital security by blocking millions of fraudulent SIM cards and accounts while implementing AI-driven measures to combat cybercrime. With cyber fraud on the rise, the Indian government has been intensifying its efforts to safeguard digital security. Over the past few months, they have reportedly blocked more than 7.8 lakh SIM cards, 83,000+ WhatsApp accounts, and 3,000+ Skype IDs. The government has also taken a firm stand against online threats. But what does this mean for the future of India’s cybersecurity? Government’s crackdown on digital fraud Sanjay Kumar, Minister of State for Home Bundi of the Union, has recientemente revealed in the Lok Sabha que India has imposed stringent medidas against ciberdelincuentes. In addition to outlawing fake SIM cards, the government has deactivated 2,08,469 IMEI numbers, which is a crucial step in preventing misuse of devices that have been damaged or obtained illegally. Tighter regulations on messaging and video platforms Currently, authorities focus on messaging and video chatting apps, which are frequently used for fraudulent purposes. Already, the Indian Cyber Crime Coordination Centre (I4C) has detected and blocked: 3,962 Skype IDs 83,668 WhatsApp accounts This action suggests that stricter regulations may be implemented in digital fraud communication networks to reduce abuse. I4C and the Future of Cybercrime Prevention I4C, which was established in 2021, has played a crucial role in preventing financial fraud. It has already contribution a salvaguardar Rs 4,389 crore on possible presides de mas de 13.36 lakh reclamations. As cryptocurrency develops, more cryptocurrency monetization systems driven by artificial intelligence and time after quick responses to digital fraud crimes are anticipated. What’s Next? AI-powered cybersecurity measures It is anticipated that the government will use AI-powered monitoring technologies to quickly identify questionable activity. Future initiatives may include: Automated fraud detectors for telecommunications services financier’s Mas strictest medias KYC (Know Your Customer) para la emission de SIM cards Citizen-centric cybersecurity In initiatives To enable a person to report and monitor cases of cyber fraud, the government has implemented: 1930’s National Cyber Helpline for prompt fraud reporting Sanchar Saathi Portal and app that enables users to block stolen devices and report fake calls India is moving closer to a more secure digital fraud future by putting these measures into place, which will give its citizens more protection against cyberattacks.

Microsoft Unveils Six New Agentic AI Solutions to Boost Cybersecurity

Microsoft launched six new Agentic AI solutions to enhance cybersecurity, focusing on phishing, data security, and identity management. These AI agents aim to automate tasks and strengthen defences against complex cyber threats. Software major Microsoft announced on March 25 its six new Agentic Artificial intelligence (AI) agents designed to autonomously assist with critical areas such as phishing, data security, and identity management. This is important as the company now processes 84 trillion signals daily, including 7,000 password attacks per second. Scaling cyber defences through AI agents is now imperative to keep pace with this threat landscape. “We are expanding Security Copilot with six security agents built by Microsoft and five security agents built by our partners—available for preview in April 2025. The relentless pace and complexity of cyberattacks have surpassed human capacity and establishing AI agents is a necessity for modern security,” the company said in a release. Microsoft launched its earlier version of Security Copilot a year ago to empower defenders to detect, investigate, and respond to security incidents swiftly and accurately. Between January and December 2024, the company detected over 30 billion phishing emails targeting customers. The volume of these cyberattacks overwhelms security teams relying on manual processes and fragmented defences, making it difficult to both triage malicious messages promptly and leverage data-driven insights for broader cyber risk management. To solve this, the latest version unveiled can handle routine phishing alerts and cyberattacks, freeing up human defenders to focus on more complex cyber threats and proactive security measures. The six Copilot agents enable teams to autonomously handle high-volume security and IT tasks while seamlessly integrating with Microsoft Security solutions. Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework. With security teams fully in control, agents accelerate responses, prioritise risks, and drive efficiency to enable proactive protection and strengthen an organization’s security posture. Moreover, as organisations rapidly adopt generative AI, there is a growing urgency to secure and govern the creation, adoption, and use of AI in the workplace. According to Microsoft’s new report, 57 per cent of organizations report an increase in security incidents from AI usage. While most firms recognise the need for AI controls, 60 per cent have not yet started.

Uttarakhand Police Bust International Cybercrime Gang, Arrest Two

Uttarakhand Police arrested two cyber criminals involved in international fraud using fake business accounts and cryptocurrency transactions. The accused operated via Telegram, earning commissions by converting illicit funds into Indian currency. Dehradun: The Uttarakhand Police claimed to have busted a gang of international cybercriminals by arresting two of its members, including a trainer, who is a tenth pass out, officials said. The Special Task Force (STF) also found huge funds in the shape of cryptocurrency in the mobile phones of the accused. The accused Harjinder Singh and Sandeep Singh would provide fake business accounts to other cybercriminals to transact money and exchange funds with international gangs in cryptocurrencies. This comes weeks after the central government brought 540 Indians back from Myanmar, who were trafficked by a Chinese network of cyber criminals on the pretext of jobs in Thailand. At least 22 of the victims were from Uttarakhand Police, which prompted the state government police to form an STF under the supervision of Senior Superintendent of Police (SSP) Navneet Bhullar. Uttarakhand Police Following the joint probe with CBI and the Indian Cyber Crime Coordination Centre (I4C), two persons, Harjinder Singh and Sandeep Singh, were arrested near Zila Panchayat Chungi on Thanon Road ahead of Maharana Pratap Chowk under the Raipur Police Station area. The STF team recovered one laptop, seven mobile handsets, one passport, two chequebooks, three debit cards, two PAN cards, one passbook, one stamp seal and four SBI bank forms stamped in the name of some firm from the possession of the accused. According to officials, Sandeep and Harjinder, both friends, would use Telegram to connect with criminals and open fake bank accounts under various firm names for cybercriminals to use for illegal transactions globally. Later, they would receive payments in cryptocurrency (USDT), take a 1% fee per transaction and convert it into Indian currency. “Over the past year, the accused made about Rs 1.2 crore in profit, including Rs 25 lakh in March alone,” officials added.

Government Implements Stricter Rules to Curb Child Sexual Abuse and Cybercrime Online

The Indian government is enhancing regulations to curb online child sexual abuse and cybercrime, with stricter rules for digital platforms. Measures include content removal, grievance redressal, and international collaboration. The Indian government is working harder to control internet content and stop the spreading of sexually graphic materials, especially when it comes to child sex abuse. Ashwini Vaishnaw, the Union Minister for Railways, Information & telecast, and Electronics & IT, told the Lok Sabha that some steps are being taken to guarantee a secure online environment under the Information Technology Act of 2000 and the IT Rules of 2021. The publication or transmission of pornographic material is already illegal under the Information Technology Act of 2000, with more severe penalties for content involving minors. Digital platforms, including social media intermediaries, must adhere to due diligence under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. They are no longer legally shielded from accountability for content hosted by third parties on their platforms if they don’t comply. Notably, major social media platforms that offer messaging services are now required to make it possible to identify the original creator of communications about offences like child sexual abuse , rape, or sexually explicit content. Intermediaries are also required to take down any content that shows someone having sex, exposing their private parts, or depicting nudity within 24 hours. The government has also established Grievance Appellate Committees to improve user grievance redressal, enabling users to challenge decisions made by social media companies on the removal the content of child sexual abuse. Controlling pornographic material on OTT platforms and in movies The Central Board of Film Certification (CBFC) still oversees public film screenings in the entertainment industry, making sure that adult material is categorized correctly following the Cinematograph Act of 1952 and its certification guidelines. The IT Rules, 2021, require OTT platforms to follow a code of ethics that includes limiting access to youngsters, classifying content according to age appropriateness, and implementing age verification for adult-rated content. The government’s multifaceted strategy to combat cybercrime The Indian government has taken several steps to fight cybercrime in addition to regulating content of child sexual abuse. National Cyber Crime Reporting Portal: The Ministry of Home Affairs has a website called www.cybercrime.gov.in where anyone can report any kind of cybercrime, with a concentration on crimes against minors. Indian Cyber Crime Coordination Centre (I4C): a specialized organization that plans actions to combat online crimes, such as child exploitation of child sexual abuse. Financial aid for cybercrime prevention: Under the Cyber Crime Prevention against Women and Children (CCPWC) program, the government has provided funding to states and Union Territories so they can set up cyber forensic labs and provide law enforcement training. Blocking CSAM websites: The Central Bureau of Investigation (CBI) and Interpol provide information that is used to periodically block websites that include child sexual abuse material (CSAM). ISPs are also required to dynamically block certain websites using lists provided by Project Arachnid (Canada) and the Internet Watch Foundation (UK). Parental control and awareness initiatives: Internet service providers have been asked to advertise parental control filters, and the government is running awareness campaigns on cybercrime through educational handbooks, radio broadcasts, and the @CyberDost Twitter handle. International collaboration: The National Center for Missing and Exploited Children (NCMEC), USA, has teamed with India’s National Crime Records Bureau (NCRB) to gather information on online child exploitation. These reports are subsequently forwarded to states and Union Territories for additional action.

Businessman from Hyderabad loses Rs 1.22 crores to online scammers.

Hyderabad businessman was scammed of Rs 1.22 crores through a fake online trading scheme. Police arrested Ankit Arora, while the main accused, Deepak Kumar, remains at large. Hyderabad: After being tricked into investing in an internet trading company that promised enormous earnings, a Hyderabad businessman lost Rs 1.22 crores to cyber criminals. The victim, a resident of Secunderabad, received a message on Telegram ID Doll6726@Navyaand from a stranger who lured him to invest in online trading over time. He assured me that the profits would be huge and asked him to download an application on his mobile phone. Initially, the person invested some amount for investment and in return received some profits on the investment. After businessman being mesmerized by the profits, the man sent Rs 1, 22, 87,120 to the account that the stranger, who claimed to be Deepak Kumar, had provided. After a few weeks, Deepak failed to withdraw the winnings from the victim’s wallet and asked him to transfer more money. He became suspicious and filed a report with the police. Based on the evidence they gathered, police were able to hold on to Ankit Arora, a 38-year-old native of Uttar Pradesh who had provided Deepak Kumar with his bank account credentials. Under the guise of internet trading, Deepak was able to defraud a Hyderabad man out of Rs 1, 22, 87,120 using the bank account details. Ankit Arora’s bank account received the money from the victim, and Deepak subsequently moved it to other accounts. Cybercrime police officials claimed that Deepak had given Ankit a commission. After learning that Deepak operates out of Thailand, the police will issue a Look Out Circular (LoC) for him.

Author: thecybershark