The Breach News

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

Microsoft Collaborates with CBI to Disrupt Japanese Tech Support Scam Operated from India June 6, 2025 In a significant crackdown on cybercrime, India’s Central Bureau of Investigation (CBI) has arrested six suspects and shuttered two illicit call centers engaged in a sophisticated tech support scam targeting Japanese citizens. This operation,…

Read More

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…

Read More

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT October 15, 2024 Cybersecurity experts have unveiled a newly identified malware campaign that utilizes a loader known as PureCrypter to deploy the DarkVision remote access trojan (RAT). This activity, first detected by Zscaler ThreatLabz in July 2024, entails a multi-phase…

Read More

New Malware Campaign Deploys PureCrypter Loader to Distribute DarkVision RAT

October 15, 2024
Malware / Cybercrime

Cybersecurity experts have revealed a recent malware campaign utilizing the PureCrypter loader to disseminate the commodity remote access trojan (RAT) known as DarkVision RAT. Observed by Zscaler ThreatLabz in July 2024, this operation comprises multiple stages to effectively deliver the RAT payload. According to security researcher Muhammed Irfan V A, “DarkVision RAT establishes communication with its command-and-control (C2) server using a custom network protocol via sockets.” The RAT boasts a variety of commands and plugins for enhanced functionality, including keylogging, remote access, password theft, audio recording, and screen capture. PureCrypter, initially disclosed in 2022, is a commercially available malware loader that enables users to distribute information stealers, RATs, and ransomware on a subscription basis. The method of initial access for deploying PureCrypter remains under investigation.

Do Kwon Admits Guilt in $40 Billion Fraud Case

Read more on Blockchain & Cryptocurrency, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Breaking: Trump Signs Pro-Crypto Executive Order, Credix Disappears Post $4.5M Hack Written by Rashmi Ramesh (@rashmiramesh_) • August 14, 2025 Read more Image: Shutterstock This week’s cybersecurity roundup by Information Security Media Group highlights significant incidents in…

Read MoreDo Kwon Admits Guilt in $40 Billion Fraud Case

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…

Weekly Cybersecurity Report: Chrome Exploit, Data Destruction Tools, and Zero-Click iPhone Breaches On June 9, 2025, significant developments in cybersecurity have come to light, shedding light on the evolving landscape of digital threats. At the core of these events is the ongoing battle for system integrity and public trust. This…

Read More

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…

Mass Data Breach Strikes Italian Hotels Since June, Government Confirms • The Register

Italy’s digital agency, AGID, has confirmed the authenticity of claims made by a cybercriminal known as mydocs, regarding a series of data breaches that have compromised several hotels across the nation. The attacker alleges to have infiltrated the booking systems of various Italian hotels, capturing sensitive identification documents from thousands…

Read MoreMass Data Breach Strikes Italian Hotels Since June, Government Confirms • The Register

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…

Blind Eagle Exploits Proton66 Hosting for Cyber Attacks on Colombian Banks June 30, 2025 Cybersecurity Update A recent report by Trustwave SpiderLabs has traced the activities of the cyber threat group known as Blind Eagle, attributing their operations with high confidence to the Russian hosting service Proton66. This analysis arose…

Read More

Blind Eagle Exploits Proton66 Hosting for Phishing and RAT Operations Targeting Colombian Banks

June 30, 2025
Cybercrime / Vulnerability

The cybercriminal group known as Blind Eagle has been definitively linked to the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs reported last week that they established this connection through digital assets associated with Proton66, unveiling an active threat cluster that utilizes Visual Basic Script (VBS) files as its entry point and deploys ready-made remote access trojans (RATs). While VBS may appear outdated, it remains a favored choice among threat actors. They often utilize bulletproof hosting providers like Proton66, which disregard abuse reports and legal requests for takedowns. This tolerance allows attackers to operate phishing websites, command-and-control servers, and malware delivery systems seamlessly. Trustwave identified a series of domains with similar naming conventions (e.g., gfast.duckdns[.]org, njfast.duckdns[.]org) starting in…