Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing

Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in...

All the recent news you need to know
US
AT&T CyberCrime scams technology telecom US

U.S. Lawmakers Press Telecom Providers for More Action Against Growing Scam Epidemic

 



A congressional committee is seeking answers from some of the largest telecommunications providers in the United States as financial losses linked to scams continue to rise across the country.

The inquiry comes from the Joint Economic Committee, whose leadership has asked major wireless carriers AT&T, Verizon, and T-Mobile to provide details about the measures they use to detect, monitor, and disrupt fraudulent activity occurring across their networks.

In a letter sent to the companies, committee chairman David Schweikert and ranking member Maggie Hassan said consumers should be able to trust the phone calls and text messages they receive from legitimate sources such as schools, healthcare providers, and other essential services. However, they noted that scam messages have become increasingly convincing, making it harder for people to distinguish fraudulent communications from authentic ones. The lawmakers argued that too much responsibility currently falls on consumers to identify suspicious activity on their own.

As part of the request, the committee is seeking information about how telecom providers gather intelligence on scams, monitor cybercrime-related activity, and respond to malicious actors who abuse communication networks to target the public.

The congressional review reflects broader concern in Washington over the rapid growth of cyber-enabled fraud. Scam operations have become a significant economic issue in recent years, with estimates indicating that Americans lost roughly $200 billion to various forms of fraud and cybercrime during 2024. Criminal groups increasingly use text messages, phone calls, social engineering techniques, and online platforms to reach potential victims at scale.

Telecommunications companies are not the only organizations facing scrutiny. Lawmakers have also examined the role played by satellite internet providers, online dating services, artificial intelligence firms, data brokerage companies, and federal agencies in either facilitating, detecting, or responding to cyber-enabled scams.

Efforts to address fraudulent communications are not new. In 2019, Congress passed the TRACED Act, legislation designed to curb robocalls and caller ID spoofing. The law, together with actions by the Federal Communications Commission, required major carriers to implement caller authentication technologies intended to help verify the origin of calls and improve investigators' ability to identify criminal operators.

Despite those measures, scam campaigns continue to reach consumers in large numbers. Security experts have repeatedly noted that many fraud networks operate across international borders, making enforcement and disruption efforts more difficult.

Industry data highlights both the scale of telecom intervention and the persistence of the problem. According to CTIA, wireless providers blocked approximately 55 billion spam and scam text messages during 2024 while also flagging or blocking around 45 billion suspected scam calls each year. Yet fraudulent communications continue to bypass filtering systems and reach consumers.

Additional industry estimates suggest the volume remains substantial. Robocall monitoring company YouMail reported that Americans received more than 50 billion robocalls during 2025. Separate data from RoboKiller indicated that spam text traffic exceeded 19 billion messages per month throughout 2024.

Federal Trade Commission statistics further illustrate the role of telecommunications channels in scam activity. The agency's data shows that text messages were among the most commonly reported methods used by scammers to contact victims, while phone calls also ranked near the top of reported contact methods.

Industry representatives argue that telecom providers are actively engaged in combating the problem. Josh Bercu, senior vice president of policy at USTelecom, said companies support scam prevention efforts through call traceback programs, disruption of unlawful activity, and cooperation with law enforcement investigations. He added that addressing fraud requires coordination across multiple industries rather than action from a single sector alone.

At the same time, some telecommunications providers have introduced paid security-focused services, including advanced call-filtering tools and branded caller identification features. These offerings aim to provide customers with additional protection against unwanted communications.

Consumer advocates, however, believe stronger incentives may be necessary to encourage broader action. Eden Iscil of the National Consumers League argued that companies may not implement the fullest possible protections unless greater accountability or financial consequences are attached to failures in consumer protection.

The discussion reflects a larger challenge facing governments, technology companies, and telecom providers worldwide. As scammers adopt increasingly sophisticated tactics and make greater use of automation, artificial intelligence, and stolen personal data, organizations responsible for digital communications face mounting pressure to strengthen detection systems while ensuring legitimate messages continue to reach consumers without disruption.

Read more »
VPN Takedown
Criminal Infrastructure Cybercrime Investigation Cybercrime Network Data Theft Europol Operation First VPN Ransomware Infrastructure Threat Intelligence VPN Takedown

First VPN Service Taken Offline Following Ransomware and Data Theft Investigation


 

Cybercrime has become increasingly challenging as efforts to disrupt it have shifted beyond the threat actors themselves towards the infrastructure that enables them to operate at scale have increased. First VPN has been dismantled in a significant enforcement action targeting that ecosystem by authorities. First VPN was alleged to be used as a means of concealing malicious activity and evading investigation by ransomware operators, fraud networks, and data thieves. 

Through the coordinated operation, infrastructure spanning dozens of countries was seized, a suspected administrator was identified, and a service disrupted that investigators say had become a recurring element within major cybercrime investigations.

In light of this development, the focus has shifted away from pursuing the individuals responsible for carrying out illicit operations to dismantling the technical foundations which support illicit operations. Despite playing a legitimate role in modern cybersecurity by encrypting internet traffic, masking IP addresses, and facilitating secure communications across untrusted networks, virtual private network services have also been used to conceal malicious activities.

It has been alleged that First VPN developed beyond a conventional privacy service, becoming an integral part of the cybercriminal infrastructure stack, providing threat actors with a means for concealing operating footprints, anonymizing network activity, and complicating attribution. Europol reports that references to the service have surfaced repeatedly throughout nearly every major cybercrime investigation it has assisted, highlighting its extensive use in preventing money laundering, fraud, and identity theft.

On the 19th and 20th of May, authorities conducted a coordinated enforcement action targeting the infrastructure supporting the service, interviewed its suspected administrator, and conducted a house search in Ukraine while at the same time dismantling 33 servers and disrupting global systems thought to facilitate criminal activity. 

Additionally, the operation resulted in the seizure of core domains, including 1vpns.com, 1vpns.net, and 1vpns.org, and associated onion services, effectively removing key access points relied upon by its user base. Further, investigators informed users that the service had been discontinued and that they were being scrutinized by law enforcement.

The platform was taken down as a result of an investigation initiated in December 2021 in which Europol's European Cybercrime Centre and cybersecurity firm Bitdefender assisted authorities in gaining access to the platform's infrastructure and user database. By analysing the collected data, investigators were able to map VPN connections that were believed to facilitate criminal activity, uncovered intelligence on thousands of users, and generated actionable leads related to ransomware campaigns, fraud networks, and other serious cyber-enabled crimes across multiple jurisdictions. 

The investigation has also revealed a fundamental contradiction in the core of criminal anonymity services, namely, that the promise of complete invisibility is very often dependent on the trustworthiness of the very operators who earn their profits from that promise.

It has been alleged that intelligence recovered during Operation Saffron included a database of VPN users which was capable of identifying specific VPN activities and individuals. This raises serious concerns about the extent to which a service that reportedly marketed itself as unreachable by law enforcement retains data. These findings are consistent with a recurring reality within the underground economy, in which threat actors routinely entrust operational trust in infrastructure providers whose internal practices remain opaque and largely undisclosed. 

Considering the investigation of First VPN as part of the cybercrime supply chain, First VPN plays an essential role in enabling malicious actors to maintain operations while minimizing their vulnerability to detection and attribution. The dismantling of its operations aligns with Europol’s broader strategic approach to targeting shared infrastructure rather than individual groups in isolation. 

By disrupting common operational dependencies, multiple criminal networks can be affected simultaneously, resulting in cascading effects. It is evident that this approach has both effectiveness and limitations, as demonstrated by enforcement actions against Safe-Inet in 2020 and VPNLab.net in 2022. 

Cybercriminal operators frequently migrate to alternative providers during such operations; however, the intelligence obtained as a result of such operations frequently exceeds the value of infrastructure seizures over the long run. The investigation into First VPN resulted in a significant amount of operational intelligence obtained by investigators. This information has already been translated into tangible investigation outcomes for the investigation. 

Over 80 intelligence packages have been disseminated globally, 506 known users of the service were identified, and at least 21 investigations have been supported by the information derived from the operation. 

The recovered dataset not only exposes individuals allegedly involved in ransomware campaigns and fraud operations, but also enables law enforcement agencies to map relationships, infrastructure dependencies, and historical activity patterns that would otherwise remain concealed behind layers of anonymity.

According to industry observers, this intelligence-driven approach is increasingly based on the evolving nature of cybercrime disruption, in which not only is it advantageous to eliminate malicious infrastructure but also to turn seized systems into sources of actionable intelligence that can assist law enforcement efforts across jurisdictions in coordinating enforcement efforts. 

Dismantling First VPN illustrates an emerging reality in cybercrime enforcement: it is becoming increasingly necessary to target infrastructure providers and technology companies that enable malicious activity, as well as the actors committing the crime. 

Cybercriminal ecosystems have repeatedly demonstrated the capability to adapt and rebuild, but the information recovered from such operations can serve as a lasting investigative tool that extends beyond the initial takedown. 

As a result of this development, organizations must continuously evaluate the assumptions surrounding trust regarding anonymization services, proxy networks, and other privacy-focused infrastructure within security monitoring strategies, especially since they serve as a reminder. 

Continuing to evolve threat actors' tactics, it is critical to maintain visibility into remote access activity, strengthen identity controls, and apply risk-based authentication. In addition to the increasing efforts of law enforcement and cybersecurity partners against cybercrime's infrastructure layer, the contest is increasingly driven by intelligence, attribution, and operational resilience.
Read more »
U.S. Crypto
CFTC CLARITY Act Cyber Security U.S. Crypto

CLARITY Act Explained: How the 2025 U.S. Crypto Bill Ends a Decade of Regulatory Chaos

 

For over a decade, the U.S. cryptocurrency industry has faced crippling regulatory uncertainty, with the SEC and CFTC locked in a bureaucratic tug-of-war over jurisdiction. The CLARITY Act (Digital Asset Market Clarity Act of 2025) is Washington’s most serious attempt to resolve this conflict by writing clear regulatory rules into federal law. Passed by the House in July 2025 with strong bipartisan support, the bill recently cleared the Senate Banking Committee on May 14, 2026, marking a pivotal turning point for crypto regulation in America. 

The core purpose of the CLARITY Act is to divide crypto oversight between two agencies: the SEC regulates digital assets that behave like securities (investment contracts sold by centralized teams), while the CFTC gains exclusive authority over digital commodities like Bitcoin and Ethereum that operate on decentralized networks. The legislation creates three distinct categories: digital commodities (CFTC), investment contract assets (SEC), and permitted payment stablecoins (joint oversight). This framework ends the legal vapor that has forced companies like Coinbase and Binance to spend millions on litigation instead of building products. 

For crypto businesses and developers, the Act offers transformative benefits including easier compliance, reduced risk of surprise enforcement actions, and expanded innovation opportunities in payments and trading. Crucially, it provides safe harbors for DeFi developers who write open-source code without touching user funds, stopping smart contract publication from being treated as running an unlicensed money transmitter. Banks also gain a legal on-ramp for custody, settlement, and tokenized assets, transforming these from regulatory grenades into normal business lines. 

However, three major fights could still derail the legislation before it reaches President Trump’s desk. First, law enforcement groups argue the bill makes illicit finance through DeFi too easy, with Senator Warner negotiating stricter provisions. Second, Senate Democrats demand ethics language preventing officials (including President Trump, who holds significant crypto holdings) from profiting from industry regulation, which the White House opposes. Third, banks panic over stablecoin rewards, with the current compromise blocking direct yield but permitting activity-linked rewards to protect traditional banking deposits. 

If passed, the CLARITY Act would establish the first actual statutory framework for digital assets in the United States, written by Congress and binding on every regulator, exchange, developer, and investor. A merged Senate bill is plausible by late summer 2026, with final passage by year-end realistic if the three open conflicts resolve. For the first time since Satoshi’s Bitcoin whitepaper, crypto purgatory might finally be ending, bringing the U.S. in line with regulatory clarity already enjoyed in Singapore, Switzerland, and Dubai.
Read more »
Digital Token
cryptocurrency Cryptocurrency Cybersecurity Cyber Networks Cyber Security Cyber Vulnerabilities Digital Token

MAPO Token Crashes 96% After Cross-Chain Bridge Exploit Triggers Massive Unauthorized Mint

 

A major shock hit cryptocurrency markets when the MAPO token crashed nearly 96% after a vulnerability in the Butter Network cross-chain bridge was exploited. The attacker created an enormous number of unauthorized tokens, flooding the market with supply far beyond legitimate circulation. 

The sudden imbalance disrupted trading across Ethereum-linked decentralized finance platforms and triggered widespread panic selling. Blockchain security researchers found that the flaw allowed the creation of one quadrillion MAPO tokens, vastly exceeding the project’s intended supply. Investors reacted quickly, dumping holdings as confidence collapsed. 

Within hours, the token’s value fell from nearly $0.003 to around $0.0001, wiping out significant market value and damaging trust in the ecosystem. The attack centered on Butter Network bridge infrastructure. Investigators reported that a newly created external wallet was used to move roughly one billion MAPO tokens into decentralized exchanges. 

During the exploit, nearly 52 ETH, worth about $180,000 at the time, was drained from Uniswap liquidity pools. Analysts traced the activity back to the bridge vulnerability and the attacker’s newly established account. Although a large portion of the unauthorized tokens was sold, researchers noted that the attacker still controlled nearly a trillion MAPO tokens. 

Those remaining holdings continue to threaten liquidity pools and exchanges supporting the token. The incident once again highlights the security challenges facing cross-chain bridges, which remain attractive targets because of their complexity and large asset reserves. The exploit adds to a growing list of attacks affecting blockchain and decentralized finance projects.

Security experts have repeatedly warned that systems connecting multiple networks create additional risks. Vulnerabilities within cross-chain infrastructure can remain hidden until specific conditions trigger them, making these platforms particularly difficult to secure. Following the breach, Map Protocol confirmed that the issue originated within its Solidity-based smart contracts. 

The project temporarily paused mainnet operations and began migration efforts while the investigation continued. Butter Network also suspended ButterSwap services as a precaution, though officials stated that user funds were not directly compromised. The team later announced plans for a new contract deployment and a snapshot of token holdings to support recovery efforts. 

Any assets remaining in attacker-controlled wallets will be invalidated and excluded from future migration or conversion processes. Blockchain records showed that nearly one billion MAPO tokens were transferred to Uniswap shortly after the unauthorized minting occurred. Further analysis revealed that the attacker first submitted a legitimate oracle multisignature message before deploying a malicious smart contract at a carefully selected address. 

A manipulated retry message was then resent with the same transaction hash, making it appear authentic. Because the bridge incorrectly validated the altered message, it approved the creation of the massive token supply. Researchers emphasized that no private keys were stolen and no light-client systems were compromised. 
Instead, the breach resulted from a smart contract validation flaw involving dynamic fields in Solidity code. 
The incident demonstrates how weaknesses in contract logic can create severe consequences, putting liquidity ecosystems, blockchain projects, and investor funds at risk even without traditional network-level compromises.
Read more »
YouTube
Cloud Data Instagram Meta Roblox Technology TikTok YouTube

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety

Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety

According to a report by Ofcom, YouTube and TikTok have failed to implement steps to safeguard British children from harmful online content. Data suggests widespread exposure to underage kids on these platforms. 

TikTok, YouTube ignoring child safety

Ofcom media regulators said none of the company made any serious efforts to make recommendations feeds/explore pages safer, despite proof that these platforms are the main entry point through which underage kids face harm. 

Platforms not safe enough

Ofcom said the platforms are “not safe enough”. The report comes after Ofcom’s call for stricter action on children’s online safety, saying Roblox, meta, and Snap had each complied to stronger anti-grooming actions.

TikTok said it was quite disappointing that Ofcom didn’t acknowledge its safety measures, whereas Youtube said it worked with child safety researchers to give industry grade, age-appropriate experiences for children. 

About the Ofcom report

Ofcom’s latest report explains how five large social media and video platforms responded to its call for safety measures. The report said that, "Notably, TikTok and YouTube failed to commit to any significant changes to reduce harmful content being served to children, maintaining their feeds are already safe for children.” Ofcom added, "Our wealth of evidence, published today, suggests they are still not safe enough."

What did YouTube and TikTok say?

Responding to the criticism, YouTube and TikTok said that safety measures already existed. YouTube’s short-form video timer allowed parents to control scrolling time for Shorts feed, whereas TikTok stopped direct messaging (DM) for under-16 children.

Governments have taken measures to address online child safety. UK PM Keir Starmer has urged social media platforms to take greater responsibility. Britain is discussing tighter restrictions, this includes a potential ban on under-16 children that use social media, inspired from Australia's landmark decision that tackled addictive design features. 

According to social media analyst Matt Navarra, the report has shown a shift in how we perceive online harm as a “product problem.” Earlier, the debate was, “did the platform remove harmful content quickly enough?' - the new one has shifted towards, 'why did the platform show it to a child in the first place?”

What does the data say?

Ofcom reported that 73% of 11-17 year olds were exposed to malicious content for four weeks, primarily through recommendation feeds. TikTok was the most cited, followed by YouTube, Instagram and Snapchat. Experts stress that YouTube and TikTok said their existing platforms were adequate, but media regulators have found their feeds to be unsafe.

Read more »
Technology
Access control AI Layoffs cybersecurity risks Data Exposure Environment Variables Insider Threats Software Security Source Code Security Tech Industry Trends Technology

Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions


 

As artificial intelligence continues to transform software development workflows and corporate staffing strategies, discussions regarding automation-driven job displacement have gained increasing prominence across the technology sector. Against this backdrop, a Bengaluru software engineer has captured widespread attention online with a satirical hardware project combining workplace anxiety with developer joking. 

Designed as a "I GOT FIRED" emergency button, the device humorously claims to initiate a series of catastrophic actions, including exposing source code repositories and publishing sensitive environment variables. As a technical themed commentary on modern tech culture and the uneasy relationship between AI, employment, and corporate trust, the book transforms a growing industry concern into a commentary on this growing industry concern. 

The project was presented with the intention of responding humorously to the growing discussion regarding AI-driven layoffs and shrinking engineering teams, as a response to workplace uncertainty. 

In an interview with Pankaj Tanwar, a software engineer who is popular online as @the2ndfloorguy, Pankaj Tanwar described the device as a "I GOT FIRED" button capable of initiating a fictional chain of retaliatory actions upon pressing. 

Using the satirical scenario described in his post, this button would publish a company's codebase, store sensitive .env configuration secrets, delete the staging database, and notify his lawyer. There is a compact programmable keypad attached to his laptop that has labels, including "Gaslight Them," "Decode Corporate BS," and a prominent red button that reads "I Got Fired.". 

On-screen notifications, emphasizing the joke's technical undertones, displayed messages claiming environment secrets had been released to the public and that the user was "out of office." It was evident that the post was intended as developer satire rather than a functional cyber sabotage tool, however it received widespread attention on social media, generating a mix of amusement, curiosity and debate from technology professionals who appreciated the humour and frustrations embedded within it. 

Besides its novelty, the rapid spread of the post was mainly driven by its author's reputation as a Bengaluru-based developer known for designing unconventional technology projects combining engineering concepts with internet humour. Many members of the software community, however, were particularly affected by this satire in this instance. 

The button was described as a fictional last-resort mechanism that could launch a cascade of catastrophic actions as a response to mounting concerns about the reduction of workforce through automation. It can expose proprietary code, expose sensitive environment variables, delete a staging database and alert legal counsel to a multitude of catastrophic events.

Using a compact programmable keypad alongside a laptop that was running a workflow ominously titled "I Got Fired," the accompanying images enhanced the dramatic narrative by creating the visual impression of an emergency shutoff switch for developers. Despite the obvious exaggeration in the scenario for comedic effect, the post was resonating because it expressed familiar industry anxieties in a technically recognisable manner. 

The responses varied from users asking for information about similar programmable keys available in India to others imagining humorous scenarios driven by artificial intelligence in which a decision-making system would determine whether to press a button. 

The project has been dismissed by critics as nothing more than engagement bait, while others have pointed out that any attempt to carry out the actions outlined would come with severe legal and professional consequences. There was some lighthearted joke that activating the switch would result in a salary being traded for prison accommodation, with some comparing the concept to a developer-oriented “dead man’s switch.”

The joke revealed a deeper sentiment, though, beneath the humour. It resonated with many technology professionals as it reflected a common concern about employees feeling replaceable amid continuous restructuring, automation initiatives, and artificial intelligence-driven efficiency initiatives. Therefore, the device functioned less as a fictional tool and more as a satirical tool for discussing the industry’s growing concerns about job security, workplace pressure and the future role of human talent in software development. Its popularity underscores a broader reality faced by today's technological workforce despite its intended purpose as satire. 

Not only did the joke resonate due to the fictional cyber sabotage it portrayed, but it also tapped into a genuine concern regarding automation, organisational restructuring, and employee uncertainty. From a cybersecurity perspective, the scenario also reminds us the importance of strong access controls, credential management, insider risk monitoring, and clearly defined offboarding processes. 

AI is reshaping the workplace, so organizations will need to maintain a balance between technological efficiency and transparency, trust and workforce resilience to ensure innovation does not undermine security and culture, but rather strengthens it instead of becoming a source of anxiety for employees.
Read more »
Subscribe to: Posts (Atom)

Featured