Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Google Password Warning Explained: Why Gmail Users Should Switch to Passkeys Now

  Despite viral claims that Google is instructing every Gmail user to urgently change their password because of a direct breach, the reality...

All the recent news you need to know
Tesla
AI Humanoids Optimus Robots Technology Tesla

Tesla’s Humanoid Bet: Musk Pins Future on Optimus Robot

 

Elon Musk envisions human-shaped robots, particularly the Optimus humanoid, as a pivotal element in Tesla's future AI and robotics landscape, aiming to revolutionize both industry and daily life. Musk perceives these robots not merely as automated tools but as advanced entities capable of performing complex tasks in the physical world, interacting seamlessly with humans and their environments.

A core motivation behind developing humanoid robots lies in their potential to address various practical challenges, from industrial automation to personal assistance. Musk believes that these robots can work alongside humans in workplaces, handle repetitive or hazardous tasks, and even serve in caregiving roles, thus transforming societal and economic models. Tesla plans include the manufacturing of a large-scale Optimus factory in Fremont, with aims to produce millions of units, emphasizing the strategic importance Musk attaches to this venture.

Technologically, the breakthrough for these robots extends beyond bipedal mechanics. Critical advancements involve sensor fusion—integrating multiple data inputs for real-time decision-making—energy density to ensure longer operational periods, and edge reasoning, which allows autonomous processing without constant cloud connectivity. These innovations are crucial for creating robots that are not only physically capable but also intelligent and adaptable in diverse environments.

The idea of robots interacting with humans in everyday scenarios has garnered significant attention. Musk envisions Optimus playing a major role in daily life, helping with chores, assisting in services like hospitality, and contributing to industries like healthcare and manufacturing. Tesla's ambitious plans include building a factory capable of producing one million units annually, signaling a ratcheting up of competition and investment in humanoid robotics.

Overall, Musk's emphasis on human-shaped robots reflects a strategic vision where AI-powered humanoids are integral to Tesla's growth in artificial intelligence, robotics, and beyond. His goal is to develop robots that are not only functional but also capable of integration into human environments, ultimately aiming for a future where such machines coexist with and assist humans in daily life.
Read more »
US scam statistics
Broker Chooser report Cryptocurrency Fraud Cyber Fraud investment scam 2025 pig butchering scam social media scams US scam statistics

Investment Scams Surge Across the US as Fraudsters Exploit Social Media, Texts, and Crypto Boom

 

If you've ever received a random “Hi, how are you?” message from a stranger on text or social media, it may not be an accident. While sometimes harmless, these unexpected greetings are increasingly being used by cybercriminals attempting to draw victims into investment schemes.

According to data from broker comparison platform Broker Chooser, investment-related fraud has become the fifth most common scam in the US. In just the first six months of 2025, more than 66,700 incidents were reported, with losses surpassing $3.5 billion. Cryptocurrencies remain a major target, and scammers pocketed $939 million in digital assets—an increase of $261 million from the same period last year.

Because these schemes prey on individuals hoping to grow their money quickly, the financial damage is substantial. The median loss per victim hit $10,000 in early 2025, rising from 2024’s median of $9,300. Broker Chooser notes this is the highest median loss of any scam category, dwarfing the second-highest—business and job fraud—by 376%.

Certain states are being hit harder than others. Nevada ranks first, logging 211 cases per million residents and more than $40.4 million in losses. Arizona follows with 202 cases per million and over $95.1 million lost. Florida comes in third with 185 reports per million residents and a staggering $241 million in total losses.

A major tactic driving these numbers is the “pig butchering” scam. In this approach, criminals initiate contact on dating platforms or social networks and spend months building trust. Once they establish a rapport, they persuade their targets to invest in fake cryptocurrency platforms, often showing fabricated account growth. As the victim invests more, the scammer eventually disappears with the funds, leaving the person with nothing.

Social media remains the leading gateway for these scams, with 13,577 reports and $589.1 million in losses in the first half of 2025. Many victims turn to these platforms for financial guidance, making them easy targets. Fraudulent websites and apps—often made more convincing through AI—rank second, with 6,007 incidents and $266 million in losses.

Text messages are another tool scammers use to start conversations. A simple, friendly opener can quickly evolve into targeted manipulation once the criminal identifies an opportunity.
Read more »
Transnational Fraud
Cryptocurrency Fraud cyber attack Cyber Fraud Cybercrime Scam Cybersecurity Alert Digital Forensics FTC Impersonation Malware Attack online deception tech support fraud Transnational Fraud

Tech Park Operation in Bengaluru Uncovered in Cross-Border Malware Scam


 

The Bengaluru police have made a major breakthrough in their fight against a far-reaching cybercrime syndicate that was operating inside one of the city's bustling technology parks by uncovering and dismantling an alleged tech-support fraud operation that was operating within. 

The officials stated that the group, which is based out of an office operating under the name Musk Communications situated on the sixth floor of the Delta building in Sigma Soft Tech Park, Whitefield, was posing as Microsoft technical support representatives to terrorize unsuspecting victims in the United States by issuing fabricated Federal Trade Commission (FTC) violation alerts. 

Using a judicial search warrant as well as credible intelligence, Cyber Command's special cell and Whitefield division cyber crime police mounted a series of coordinated raids on Friday and Saturday following the receipt of credible intelligence. According to investigators, the operation was sophisticated, and it siphoned off several crores of rupees by largely using cryptocurrency channels, a process that investigators believe is highly sophisticated. 

It was found, according to the Times of India, that the fraud network employed a carefully choreographed playbook of deception, which included utilizing fake security pop-ups and falsified FTC violation notifications to convince victims into transferring money by using counterfeit security pop-ups and false FTC violation notices. It was found that the Cyber Command's special cell, along with Whitefield division officers, were receiving a credible tip-off which prompted a swift and coordinated response to the operation. 

Upon receiving the intelligence, police conducted a court-ordered search over the weekend at Musk Communications headquarters on the sixth floor of the Delta building, which is located on Whitefield Main Road within Sigma Soft Tech Park. There was a cache of computers, laptops, hard drives, mobile phones, and other digital tools seized inside the building that were thought to have powered the scam. All of the employees present at the scene were detained and later appeared in court, where they were remanded to police custody while the investigation was being conducted.

It was noted by law enforcement officials that the company's owner, who recruited and trained the detained employees, remains on the loose even though the police have arrested only six people in connection with the operation. According to investigators, there may have been more than 500, possibly more than 1,000, US citizens defrauded by this network, based upon preliminary estimates. Investigators believe the network went far beyond the 21 employees caught at the scene. 

As the head of the CCU and DGP, Pronab Mohanty, has stated that the scam involved a carefully layered approach to social engineering combined with deceptive technology that led to a successful exploitation scheme. The officers observed that the group began by deploying malicious Facebook advertisements aimed at users living in the United States. The advertisements were designed to deliver harmful code embedded in links disguised as legitimate company notifications to American users.

It was designed to lock the victim's computer once they clicked on the code, triggering a fake alert, posing as "Microsoft Global Technical Support," complete with a fraudulent helpline number, to click OK. The trained impersonators who greeted victims when they contacted them escalated their fears by claiming they had been compromised, their IP addresses had been breached and that sensitive financial data was about to be exposed. 

Upon attempting to resolve fictitious FTC compliance violations and urgent security fixes, the callers were then coerced into transferring significant amounts of money, often in cryptocurrency, under the guise of resolving fictitious compliance violations. Various CCU teams had been placed under discreet surveillance by the SSTP detectives after receiving specific intelligence regarding the operation of the scam in a 4,500 square foot building that masqueraded as a call center in the Delta building at Sigma Soft Tech Park, which had been operating under the cover of a call centre.

In the case of a suo motu lawsuit filed under the provisions of the Information Technology Act, a team led by Superintendent Savitha Srinivas, the Superintendent of Police, stepped in and conducted a planned raid that lasted from Friday night until Saturday morning. According to the authorities, the arrested employees had been hired for unusually high salaries and had been provided with systematic training. Their educational and professional histories are being verified now. 

Investigators are currently examining all digital devices recovered from the premises in order to identify the individual members who are still involved with the operation. In addition, investigators will attempt to identify those individuals responsible for creating the malicious software, the trainers, and those who manage the network's finances. 

In addition, it is necessary to determine the total extent of the fraud by analyzing all the digital devices recovered from the premises. A senior officer of the company described the operation as a meticulously planned fraud network, one which relied heavily on deception and psychological pressure to perpetrate the fraud. As reported by investigators, the group ran targeted Facebook ads targeted towards U.S. users, encrypting malicious code in messages that appeared to be routine service messages or security alerts, and directing them to them. 

One click of the mouse was enough for a victim's computer to freeze and trigger a pop-up that appeared to mimic the appearance of a genuine technical support warning from Microsoft, including a fake helpline number. Upon calling victims and seeking assistance, trained impersonators dressed as Microsoft technicians spun alarming narratives claiming their computers had been hacked, their IP addresses had been compromised, and their sensitive banking information was immediately at risk. They used fabricated FTC violation notices that enticed the victims to pay hefty amounts for supposed security fixes or compliance procedures that never existed in the first place. 

Upon preliminary analysis of the financial flows, it seems that the syndicate may have siphoned off hundreds of crores through cryptocurrency channels, with Director General of Police, Cyber Command Unit, Mr. Pronab Mohanty noting that he believes the crypto transactions might have been of a large scale. 

A more complete picture of the case would emerge as the suspects were further questioned, he said, adding that investigators already had significant electronic evidence at their disposal. According to official officials, the sophisticated nature of the operation, as well as its technological infrastructure, as well as its widespread reach, suggest that it may be linked to a wider transnational cybercrime network. 

A team of experts is currently reviewing seized devices, tracking cryptocurrency wallets, reviewing communications logs, and mapping the victim footprints across multiple jurisdictions as part of the investigation. Authorities are coordinating with central agencies in order to determine if the group had counterparts operating outside of the city or overseas as part of the investigation. The scope of the investigation has continued to expand. 

There is also an investigation underway into whether shell companies, falsified paperwork, or layered financial channels were used to conceal the true leadership and funding network of the operation. As new leads emerge from digital forensics as well as financial analysis in the coming days, officers expect that the investigation will grow significantly in the coming days. According to the authorities who are investigating the incident, tech parks, digital advertisers, and online platforms are being urged to strengthen monitoring systems in order to prevent similar infiltration attempts in the future. 

Cybersecurity experts say the case underscores the growing need to raise public awareness of deceptive pop-ups, unsolicited alerts, and remote support scams—tactics that are becoming more sophisticated as time goes by. As a reminder to users, legitimate agencies will never charge money for compliance or security fixes, and users are advised to verify helplines directly through official websites to ensure they are trustworthy. It is expected that the crackdown will set a critical precedent in dismantling multi-national cyber-fraud operations by setting a critical precedent in international coordination.
Read more »
Travel
Gen AI LLMs MCP prompt injection Open AI Perplexity Technology Travel

How MCP is preparing AI systems for a new era of travel automation

 




Most digital assistants today can help users find information, yet they still cannot independently complete tasks such as organizing a trip or finalizing a booking. This gap exists because the majority of these systems are built on generative AI models that can produce answers but lack the technical ability to carry out real-world actions. That limitation is now beginning to shift as the Model Context Protocol, known as MCP, emerges as a foundational tool for enabling task-performing AI.

MCP functions as an intermediary layer that allows large language models to interact with external data sources and operational tools in a standardized way. Anthropic unveiled this protocol in late 2024, describing it as a shared method for linking AI assistants to the platforms where important information is stored, including business systems, content libraries and development environments.

The protocol uses a client-server approach. An AI model or application runs an MCP client. On the opposite side, travel companies or service providers deploy MCP servers that connect to their internal data systems, such as booking engines, rate databases, loyalty programs or customer profiles. The two sides exchange information through MCP’s uniform message format.

Before MCP, organizations had to create individual API integrations for each connection, which required significant engineering time. MCP is designed to remove that inefficiency by letting companies expose their information one time through a consolidated server that any MCP-enabled assistant can access.

Support from major AI companies, including Microsoft, Google, OpenAI and Perplexity, has pushed MCP into a leading position as the shared standard for agent-based communication. This has encouraged travel platforms to start experimenting with MCP-driven capabilities.

Several travel companies have already adopted the protocol. Kiwi.com introduced its MCP server in 2025, allowing AI tools to run flight searches and receive personalized results. Executives at the company note that the appetite for experimenting with agentic travel tools is growing, although the sector still needs clarity on which tasks belong inside a chatbot and which should remain on a company’s website.

In the accommodation sector, property management platform Apaleo launched an MCP server ahead of its competitors, and other travel brands such as Expedia and TourRadar are also integrating MCP. Industry voices emphasize that AI assistants using MCP pull verified information directly from official hotel and travel systems, rather than relying on generic online content.

The importance of MCP became even more visible when new ChatGPT apps were announced, with major travel agencies included among the first partners. Experts say this marks a significant moment for how consumers may start buying travel through conversational interfaces.

However, early adopters also warn that MCP is not without challenges. Older systems must be restructured to meet MCP’s data requirements, and companies must choose AI partners carefully because each handles privacy, authorization and data retention differently. LLM processing time can also introduce delays compared to traditional APIs.

Industry analysts expect MCP-enabled bookings to appear first in closed ecosystems, such as loyalty platforms or brand-specific applications, where trust and verification already exist. Although the technology is progressing quickly, experts note that consumer-facing value is still developing. For now, MCP represents the first steps toward more capable, agentic AI in travel.



Read more »
Malware Attack
APT44 Cyber Attacks Cyber Hackers Data Hackers Data protection data security data wipers Data Wiping Malware Hacker attack Malware Attack

Russian Sandworm Hackers Deploy New Data-Wipers Against Ukraine’s Government and Grain Sector

 

Russian state-backed hacking group Sandworm has intensified its destructive cyber operations in Ukraine, deploying several families of data-wiping malware against organizations in the government, education, logistics, energy, and grain industries. According to a new report by cybersecurity firm ESET, the attacks occurred in June and September and form part of a broader pattern of digital sabotage carried out by Sandworm—also known as APT44—throughout the conflict. 

Data wipers differ fundamentally from ransomware, which typically encrypts and steals data for extortion. Wipers are designed solely to destroy information by corrupting files, damaging disk partitions, or deleting master boot records in ways that prevent recovery. The resulting disruption can be severe, especially for critical Ukrainian institutions already strained by wartime pressures. Since Russia’s invasion, Ukraine has faced repeated wiper campaigns attributed to state-aligned actors, including PathWiper, HermeticWiper, CaddyWiper, WhisperGate, and IsaacWiper.

ESET’s report documents advanced persistent threat (APT) activity between April and September 2025 and highlights a notable escalation: targeted attacks against Ukraine’s grain sector. Grain exports remain one of the country’s essential revenue streams, and ESET notes that wiper attacks on this industry reflect an attempt to erode Ukraine’s economic resilience. The company reports that Sandworm deployed multiple variants of wiper malware during both June and September, striking organizations responsible for government operations, energy distribution, logistics networks, and grain production. While each of these sectors has faced previous sabotage attempts, direct attacks on the grain industry remain comparatively rare and underscore a growing focus on undermining Ukraine’s wartime economy. 

Earlier, in April 2025, APT44 used two additional wipers—ZeroLot and Sting—against a Ukrainian university. Investigators discovered that Sting was executed through a Windows scheduled task named after the Hungarian dish goulash, a detail that illustrates the group’s use of deceptive operational techniques. ESET also found that initial access in several incidents was achieved by UAC-0099, a separate threat actor active since 2023, which then passed control to Sandworm for wiper deployment. UAC-0099 has consistently focused its intrusions on Ukrainian institutions, suggesting coordinated efforts between threat groups aligned with Russian interests. 

Although Sandworm has recently engaged in more espionage-driven operations, ESET concludes that destructive attacks remain a persistent and ongoing part of the group’s strategy. The report further identifies cyber activity linked to Iranian interests, though not attributed to a specific Iranian threat group. These clusters involved the use of Go-based wipers derived from open-source code and targeted Israel’s energy and engineering sectors in June 2025. The tactics, techniques, and procedures align with those typically associated with Iranian state-aligned hackers, indicating a parallel rise in destructive cyber operations across regions affected by geopolitical tensions. 

Defending against data-wiping attacks requires a combination of familiar but essential cybersecurity practices. Many of the same measures advised for ransomware—such as maintaining offline, immutable backups—are crucial because wipers aim to permanently destroy data rather than exploit it. Strong endpoint detection systems, modern intrusion prevention technologies, and consistent software patching can help prevent attackers from gaining a foothold in networks. As Ukraine continues to face sophisticated threats from state-backed actors, resilient cybersecurity defenses are increasingly vital for preserving both operational continuity and national stability.
Read more »
Scattered Spider
Cyber Attacks DragonForce Marks & Spencer Ransomware Scattered Spider

M&S Cyberattack: Retailer Issues Fresh Warning to Shoppers

 

Marks & Spencer (M&S) suffered a severe cyberattack in April 2025, orchestrated by the ransomware group known as Scattered Spider, with the ransomware called DragonForce. This breach forced M&S to halt all online transactions for nearly six weeks, disrupting its operations during a traditionally strong trading period around Easter. 

The attackers first infiltrated M&S's network through social engineering tactics aimed at a third-party IT helpdesk contractor, Tata Consultancy Services, tricking staff into granting access. This human error allowed the hackers to steal sensitive customer personal data, including names, addresses, emails, phone numbers, birthdates, and order histories, though no payment details or passwords were compromised.

As a result, M&S had to suspend online shopping completely and revert to manual processes for inventory and logistics, which led to empty shelves and disrupted service in many stores. Contactless payments and order collection systems failed at the outset of the incident, adding to customer frustration. M&S publicly apologized and reset all customer passwords on affected accounts as a precaution against subsequent phishing attacks using the stolen data.

Financially, the incident is estimated to have cost M&S approximately £300 million in lost profits, which significantly impacted its half-year results. Despite the disruption, M&S’s revenue during the affected period remained relatively stable, reflecting growth in grocery and clothing/home segments, though online market share was partly lost to competitors like Next. The full impact on profits and sales was to be revealed in M&S’s upcoming financial report.

The cyber attack highlighted vulnerabilities in traditional cybersecurity defenses focused on inbound threats, as the ransomware attack involved a "double extortion" technique where data was exfiltrated before encryption, and legacy tools failed to detect the outbound data theft. Experts suggest that more advanced anti-data exfiltration capabilities could have mitigated damage. M&S is reviewing its cybersecurity posture and continuing to recover operationally while managing costs and store investments moving forward.

M&S shoppers were urged to remain vigilant against phishing scams, as criminals exploit stolen personal data for targeted attacks. The incident underscores the evolving threats retailers face from ransomware and social engineering attacks on supply chains and third-party vendors. Overall, the attack marked a significant challenge for M&S’s digital and retail operations with a wide-reaching customer impact and financial implications.
Read more »
Subscribe to: Comments (Atom)

Featured