A new kind of digital scam is spreading across the UK, where criminals trick people using fake QR codes. This type of scam is called “quishing,” and it has been growing quickly. In 2023, there were over 1,300 reports of this scam, compared to only 100 cases in 2019, showing just how fast it's increasing.
How These Scams Work
Scammers take advantage of everyday places where QR codes are used for payments or information. This includes locations like parking spots or restaurant tables where you scan codes to pay or view menus. What these scammers do is cover the real QR codes with fake ones that they control.
When someone scans the fake code, it sends them to a fake website. The site may ask them to enter payment details, thinking it's a normal payment page. In some cases, clicking the link may even install harmful software on the person’s phone without them knowing.
Why It’s Hard to Notice
These scams can be hard to detect. Unlike large frauds that take big sums of money at once, these scams often take small amounts over time, making it less likely for someone to notice. The charges might look like monthly fees or parking payments, so they often go unnoticed.
Cyber experts say that what makes this scam dangerous is how real the fake websites appear. The links that come up after scanning look just like real ones, so people don’t think twice before entering their card numbers or other personal information.
What You Can Do to Stay Safe
Here are some simple steps to protect yourself:
1. Only scan QR codes that you trust. If the code looks tampered with or placed unevenly, avoid using it.
2. Never enter sensitive information like card numbers on a website you reached through a QR code unless you’re sure it’s safe.
3. Before submitting any details, double-check the website’s name or URL for spelling errors or anything unusual.
4. Use a reliable security app on your phone that can detect harmful links or files.
QR codes were created to make daily tasks faster and more convenient. But now, scammers are misusing them to steal people’s information and money. As these scams become more common, the best defense is to be alert and avoid scanning any QR code that looks even slightly suspicious.
A major security problem has been found in a widely used file-sharing platform, and hackers have already started taking advantage of it. This tool, called CentreStack, is often used by IT service providers to help businesses manage and share files.
The issue is being tracked under the name CVE-2025-30406. It is considered a serious flaw and has been actively misused since March, though it was only officially revealed to the public in early April.
The problem is related to how the platform protects certain types of information. A key used to secure data was either left exposed or was built into the software in a way that made it easy to find. If someone with bad intentions gets hold of this key, they can send fake data that the system will wrongly accept as safe. This can allow the attacker to run harmful code on the servers, potentially giving them full control.
This becomes even more concerning because CentreStack is especially popular among managed service providers (MSPs). These companies use the platform to support several clients at once. If one provider is hacked, all of their customers could be at risk too. This kind of setup, known as multi-tenancy, means a single breach could affect many organizations.
The U.S. government’s cybersecurity team, CISA, officially added this bug to their list of known threats on April 9. They have given federal agencies until April 29 to fix the problem. The software maker, Gladinet, confirmed that the bug has already been used in real attacks.
Experts in the field warn that this bug allows cybercriminals to run programs on affected systems without permission. That’s why it’s extremely important for all users of the platform to install the latest updates right away.
Over the past few years, hackers have increasingly focused on software used by IT service providers. In one past incident, a separate tool used by providers was attacked, leading to the spread of ransomware to many businesses.
Businesses that rely on CentreStack are strongly advised to apply all updates and follow the safety steps recommended by the company. Taking action quickly can prevent much larger problems down the line.
A criminal group known for using ransomware was recently caught off guard when its own website was tampered with. The website, which the gang normally uses to publish stolen data from their victims, was replaced with a short message warning against illegal activity. The message read: “Don’t do crime. CRIME IS BAD. xoxo from Prague.” What a sneaky way to reference gossip girl, isn't it?
At the time of this report, the website remained altered. It is not yet known if the person or group behind the hack also accessed any files or data belonging to the ransomware gang.
The group, known by the name Everest, has been involved in several cyberattacks since it first appeared in 2020. It is believed to be based in Russia. Over the years, Everest has taken credit for stealing large amounts of data, including information from a popular cannabis store chain, which affected hundreds of thousands of customers. Government agencies in the United States and Brazil have also been listed among their victims.
Ransomware attacks like these are designed to scare companies and organizations into paying money in exchange for keeping their private information from being made public. But recent reports suggest that fewer victims are giving in to the demands. More businesses have started refusing to pay, which has made these attacks less profitable for criminals.
While international law enforcement agencies have had some success in shutting down hacking groups, Everest has managed to stay active. However, this incident shows that even experienced cybercriminals are not safe from being attacked themselves. Some believe this could have been done by a rival group, or possibly even someone from within the gang who turned against them.
It’s also not the first time that cybercrime groups have been sabotaged. In the past few years, other well-known ransomware gangs have faced setbacks due to both police actions and internal leaks.
This unusual case is forces us to face the inevitable reality that no one is completely untouchable online. Whether it’s a company or a hacker group, all digital systems can have weak points. People and organizations should always keep their online systems protected and stay alert to threats.
Karnataka has taken a big step to fight the rising number of online crimes. It has launched the country’s first Cyber Command Centre. This new centre will handle all matters related to cyber safety and crime under one roof. It aims to respond faster and more effectively to online threats.
The number of cybercrime cases in the state has grown a lot in the past three years. In 2022, about 18,000 cases were reported. That number rose to 22,000 in 2023 and around 23,000 in 2024. In total, Karnataka has seen over 60,000 cybercrime cases in just three years. Officials say that 20% of all cybercrime cases in India are reported from this state.
These cases include many serious issues. Some examples are online scams, hacking, blackmail, cyberstalking, fake news, and financial fraud. Crimes targeting women and children have also increased. Criminals are using fake profiles, deepfakes, and other tricks to fool people and steal their money or personal data.
A senior officer explained that many of these crimes are hard to solve. Very few cases are taken to court, and almost none end in punishment. There is also concern that many investigating officers do not have the right training to deal with high-tech crimes. To fix this, the new command centre will provide special training for both police and legal teams.
The new command will also focus on protecting the state’s digital systems. A major hacking incident recently affected the Kaveri 2.0 portal, which is used for property records. This caused major delays and losses for the state government. Officials say such incidents show how important it is to secure public digital platforms.
The officer leading this new centre is Pronab Mohanty. He is already in charge of internal security and cybercrime for the state. Now, all 45 cyber police stations in Karnataka will report directly to him. This central system is expected to improve coordination and case tracking.
The officer will also serve as the Chief Information Security Officer, or CISO, for Karnataka. That means he will look after both investigations and the security of government digital systems.
The goal of the Cyber Command Centre is not just to track and stop cybercriminals, but to make sure they face legal action. Officials believe that stronger action and more convictions will help create fear among those involved in online crimes.
This new setup could become a model for other states to follow. As cybercrime spreads its rampant growth across India, Karnataka’s decision to create a single, expert-led team could lead the way for better digital safety in the country.
The reported flaws are CVE-2025-24061 (Mark of the Web bypass) and CVE-2025-24071 (File Explorer spoofing), which Microsoft fixed in its March 2025 Patch Tuesday updates, giving credit to the reporter as ‘SkorikARI.’ In this absurd incident, the actor had dual identities—EncryptHub and SkorikARI. The entire case shows us an individual who works in both cybersecurity and cybercrime.
Outpost24 linked SkorikARI and EncryptHub via a security breach, where the latter mistakenly revealed their credentials, exposing links to multiple accounts. The disclosed profile showed the actor’s swing between malicious activities and cybersecurity operations.
Outpost24’ security researcher Hector Garcia said the “hardest evidence was from the fact that the password files EncryptHub exfiltrated from his system had accounts linked to both EncryptHub” such as credentials to EncryptRAT- still in development, or “his account on xss.is, and to SkorikARI, like accesses to freelance sites or his own Gmail account.”
Garcia also said there was a login to “hxxps://github[.]com/SkorikJR,” which was reported in July’s Fortinet story about Fickle Stealer; this helped them solve the puzzle. Another big reveal of the links to dual identity was ChatGPT conversations, where activities of both SkorikARI and EncryptHub could be found.
Evidence suggests this wasn't EncryptHub's first involvement with zero-day flaws, as the actor has tried to sell it to other cybercriminals on hacking forums.
Outpost24 highlighted EncryptHub's suspicious activities- oscillating between cybercrime and freelancing. An accidental operational security (OPSEC) disclosed personal information despite their technical expertise.
Outpost24 found EncryptHub using ChatGPT to build phishing sites, develop malware, integrate code, and conduct vulnerability research. One ChatGPT conversation included a self-assessment showing their conflicted nature: “40% black hat, 30% grey hat, 20% white hat, and 10% uncertain.” The conversation also showed plans for massive (although harmless) publicity stunts affecting tens of thousands of computers.
EncryptHub has connections with ransomware groups such as BlackSuit and RansomHub who are known for their phishing attacks, advanced social engineering campaigns, and making of Fickle Stealer- a custom PowerShell-based infostealer.
The Middle East is seeing a sharp rise in SIM swapping scams, where criminals find ways to take over people’s mobile numbers and misuse them for financial fraud. A new report by cybersecurity experts reveals that scammers are using smarter tricks to fool both people and phone companies.
What Is SIM Swapping?
In this type of fraud, scammers get their hands on personal information like ID numbers and bank details. They usually collect this information through fake websites that look like real ones — such as those of insurance companies, government services, or job portals.
Once they have enough details, they contact the victim’s mobile service provider and request a SIM card replacement or number transfer. If the trick works, the victim’s phone number gets linked to a new SIM card controlled by the scammer.
With access to the phone number, the scammer can receive all calls and messages, including important security codes sent by banks. This allows them to break into accounts, approve transactions, and steal money without the victim knowing immediately.
Why the Threat Is Increasing
The new wave of these scams targets services that are commonly used in the region. Criminals create convincing fake websites that copy platforms offering car insurance, domestic help services, or government schemes. People often fall into the trap, thinking they are using a genuine site.
In one case, many users complained their SIM cards stopped working after interacting with a fake insurance site. Investigations found that the same fraudster was running several fake websites. They even used small changes in website spellings to avoid getting caught — a tactic known as typosquatting.
The financial damage from these attacks is growing. Studies show that in many cases, victims lose money more than once in a single attack. Losses can range from a few hundred dollars to more than $160,000 in extreme cases. Once the scammer controls the phone number, they reset passwords, move money to fake accounts, and make payments through digital wallets.
How to Stay Safe
Both companies and individuals must take action to reduce the risk of falling victim to such frauds.
For Banks and Mobile Companies:
• Block or double-check risky transactions if a SIM change is detected.
• Ask for extra proof of identity before processing sensitive requests.
• Share important security updates with other banks and telecom firms to stay alert.
For People:
• Stop using SMS codes for two-factor authentication if possible. Switch to apps like Google Authenticator or Duo, which are safer.
• Think twice before sharing personal details online. Always check the website’s name and spelling carefully.
• If your phone suddenly stops working or you’re locked out of your accounts, report it immediately — it could be a sign of a SIM swap.
SIM swapping is becoming a serious problem, especially as criminals improve their techniques. Staying alert, using better security methods, and acting fast in case of suspicious activity are the best ways to protect your personal information and money.
As technology furthers, scams are becoming more advanced, but the way scammers manipulate people hasn't changed. Despite using modern tools, they still rely on the same psychological tactics to deceive their victims.
Clinical psychologist Dr. Khosi Jiyane explains that scammers understand how human behavior works and use it to their advantage. Even though scams look different today, the methods of tricking people remain similar.
Thinking You're Safe Can Make You a Target
One major reason people fall for scams is the belief that it can't happen to them. This mindset, known as optimism bias, makes people think they're less likely to be scammed compared to others.
Because of this, people often ignore clear warning signs in suspicious emails, messages, or offers. They assume they’re too smart to get fooled, which lowers their guard and makes it easier for scammers to succeed.
Scammers Play on Trust
Another trick scammers use is truth bias, where people naturally believe what they are told unless there's a clear reason to doubt it. Scammers pretend to be trustworthy figures like bank officials or family members to gain trust.
By appearing credible, they can convince people to share personal information, make payments, or click harmful links without hesitation. This works even on cautious people because trust often overrides suspicion.
Creating Urgency to Trick You
Scammers often create a sense of urgency to rush people into making quick decisions. Messages like "Act now to protect your account!" or "Claim your prize before time runs out!" are designed to trigger panic and fast responses.
Dr. Jiyane explains that when people feel rushed, they think less critically, making them easier targets. Scammers use this tactic, especially during busy times, to pressure people into acting without verifying facts.
How to Protect Yourself
The best way to avoid scams is to always pause and verify before taking action. Whether you receive a call, email, or message asking for personal information or urgent action, always confirm with the source directly.
It’s also important to stay aware of your vulnerability. No one is completely immune to scams, and understanding this can help you stay cautious. Avoid making quick decisions under pressure and take time to think before responding.
By staying alert and verifying information, you can reduce the risk of falling for scams, no matter how convincing they appear.
A security issue has surfaced involving an unprotected database linked to Mars Hydro, a Chinese company known for making smart devices like LED grow lights and hydroponic equipment. Security researcher Jeremiah Fowler discovered this database was left open without a password, exposing nearly 2.7 billion records.
What Data Was Leaked?
The database contained sensitive details, including WiFi network names, passwords, IP addresses, and device identifiers. Although no personal identity information (PII) was reportedly included, the exposure of network details still presents serious security risks. Users should be aware that cybercriminals could misuse this information to compromise their networks.
Why Is This Dangerous?
Many smart devices rely on internet connectivity and are often controlled through mobile apps. This breach could allow hackers to infiltrate users’ home networks, monitor activity, or launch cyberattacks. Experts warn that leaked details could be exploited for man-in-the-middle (MITM) attacks, where hackers intercept communication between devices.
Even though there’s no confirmation that cybercriminals accessed this database, IoT security remains a growing concern. Previous reports suggest that 57% of IoT devices have critical security weaknesses, and 98% of data shared by these devices is unencrypted, making them prime targets for hackers.
Rising IoT Security Threats
Cybercriminals often target IoT devices, and botnet attacks have increased by 500% in recent years. Once a hacker gains access to a vulnerable device, they can spread malware, launch large-scale Distributed Denial-of-Service (DDoS) attacks, or infiltrate critical systems. If WiFi credentials from this breach fall into the wrong hands, attackers could take control of entire networks.
How Can Users Protect Themselves?
To reduce risks from this security lapse, users should take the following steps:
1. Update Device Passwords: Many IoT gadgets use default passwords that are the same across multiple devices. Changing these to unique, strong passwords is essential.
2. Keep Software Up-to-Date: Manufacturers release software patches to fix security flaws. Installing these updates regularly reduces the risk of exploitation.
3. Monitor Network Activity: Watch for unusual activity on your network. Separating IoT devices from personal computers and smartphones can add an extra layer of security.
4. Enhance Security Measures: Using encryption tools, firewalls, and network segmentation can help defend against cyberattacks. Consider investing in comprehensive security solutions for added protection.
This massive data leak stresses the importance of IoT security. Smart devices provide convenience, but users must stay proactive in securing them. Understanding potential risks and taking preventive measures can help safeguard personal information and prevent cyber threats.
A major international police operation has resulted in the arrest of two individuals suspected of carrying out ransomware attacks worldwide. The operation also led to the takedown of dark web platforms associated with a notorious cybercrime group.
Suspects Arrested in Thailand
Law enforcement authorities apprehended two Russian nationals in Phuket, Thailand, accusing them of orchestrating cyberattacks on businesses and institutions across multiple countries. Reports suggest that their activities led to financial losses amounting to millions of dollars, with ransom payments made in cryptocurrency.
The investigation was conducted in collaboration with Swiss authorities, who have requested the extradition of the suspects. Officials believe that these individuals were behind ransomware attacks on at least 17 Swiss organizations between April 2023 and October 2024.
How the Cyberattacks Were Carried Out
The hackers allegedly infiltrated computer networks, encrypting crucial data and demanding payment in digital currency in exchange for restoration. Victims who refused to pay faced the risk of having their sensitive information leaked online.
Authorities revealed that the attackers used Phobos ransomware, a type of malicious software designed to lock files and prevent access unless a ransom is paid. Over time, the hackers are believed to have amassed around $16 million from their victims.
To make tracking difficult, the ransom payments were processed through cryptocurrency mixing services, which obscure transaction details and the final destination of funds.
Dark Web Platforms Shut Down
In a simultaneous effort, law enforcement agencies also took control of websites used by the 8Base ransomware group. These platforms functioned as communication hubs where cybercriminals engaged with victims, demanded ransoms, and published stolen data when their demands were not met.
Now, visitors attempting to access these sites see a law enforcement notice confirming that they have been seized. The operation was an international effort, with agencies from Europe, the United States, and Asia working together to dismantle the group's online infrastructure.
Who Are the 8Base Hackers?
The 8Base cybercriminal group surfaced in early 2022 but remained relatively unnoticed until mid-2023, when they intensified their ransomware operations. While they publicly identified themselves as "ethical hackers" conducting penetration testing, cybersecurity experts argue that their activities were anything but legal.
Some researchers suspect that 8Base could be linked to an older ransomware group, as their ransom notes and data leak strategies resemble those used by another criminal organization. However, this connection has yet to be verified.
How Their Ransomware Worked
Once inside a company's system, these hackers moved through different devices, gaining deeper access to networks. Their ultimate goal was to control the central system managing all devices. When they achieved this, they deployed Phobos ransomware, encrypting files and appending .8base or .eight extensions to the locked data.
Victims would then receive a ransom note demanding a payment, sometimes reaching millions of dollars — to restore access and prevent public data leaks.
Cyberattacks like these have severe financial and operational consequences for businesses, hospitals, and governments. In 2023, authorities warned that 8Base was increasingly targeting healthcare organizations, raising concerns over the security of sensitive medical records.
This recent crackdown represents a substantial step in combating ransomware threats, but experts warn that cybercriminals are constantly developing their tactics.
Cybercriminals are exploiting leaked cryptographic keys to manipulate authentication systems, decode protected data, and install harmful software on vulnerable web servers. These attacks can give hackers unauthorized control over websites and would allow them to maintain access for long periods.
How Hackers Use Publicly Available Keys
Microsoft's cybersecurity experts have recently detected a new wave of Internet threats in which attacking groups use exposed ASP.NET machine keys to break into web applications. These keys are sometimes kept private, but they were nonetheless discovered in public code repositories so that hackers could easily gain access to and misuse them.
Once the criminal possess this key, he would be able to manipulate ViewState, a methodology in ASP.NET Web Forms considered to store and manipulate user data between page interactions. If ViewState data with malicious content is injected by the attacker, the web server would then validate it and process it, allowing the hacker to execute harmful commands on that system.
Microsoft, on its part, is tracking that more than 3,000 machine keys have been publicly leaked, putting numerous web applications at risk of code injection attacks.
The Godzilla Malware Threat
In December 2024, evidence was found that an unidentified hacker group installed the military-grade malware Godzilla in a compromised machine with long-term access and control through an exposed ASP.NET machine key:
Once this malware makes its way into the compromised system, the hackers can:
- Run unauthorized commands on the web server.
- Install additional malware to expand their control.
- Maintain access even if initial security gaps are patched.
Microsoft states these attacks are particularly concerning since leaked keys are available to the public, thus allowing many attackers to take advantage of this vulnerability.
Why Publicly Exposed Machine Keys Are Dangerous
Previously, attackers sold stolen cryptographic keys in underground markets, but Microsoft now finds this case to be many freely exposed keys on public sites. It sure enhances the risks of exploitation.
The threats include:
- Developers could unwittingly copy exposed keys into genuinely existing projects, thereby rendering their applications exploitable.
- Attackers could set up a script to carry out attacks against the known keys, which would allow for widespread exploitation.
- One compromised key can cause a breach in multiple applications.
Recommendations From Microsoft Security
To defend against these attacks, Microsoft thus recommends that organizations carry out the following:
- Never use publicly available machine keys; generate application-specific keys at all times.
- To limit the risks of long-term exposure, regular updates and rotations to cryptographic keys should be put into practice.
- Check for exposed keys using Microsoft security tools and revoke any that are found.
- Securely upgrade ASP.NET applications to the most recent version, preferably ASP.NET 4.8, which will have the strongest security protections.
- Strengthening Windows Servers from persistent malwares through enabling security modules like Antimalware Scan Interface (AMSI) and attack surface reduction rules.
What to Do If a System Has Been Compromised
If an organization feels its servers are under attack, it is insufficient to merely replace machine keys to avert any subsequent attacks. Microsoft suggests:
1. To pay for a complete security investigation in order to search for backdoors and unauthorized users.
2. Clear all malicious scripts and files from the system.
3. Rebuild the server if necessary, to clear any other prospects of threats.
Organizations using ASP.NET applications in web farms should replace remaining machine keys with automatically generated values that are securely stored in the system registry.
Over 3,000 exposed cryptographic keys entail a major concern for cybersecurity since attacking groups can easily compromise web applications. Such a breach also becomes dreadful because it allows hackers to stay undetected in the system for long-spanning periods of time.
Thus, in a bid to stay safe, businesses and developers ought to avoid using public keys, update their security settings regularly and harden defenses against malware. Every step above can assist the organizations in keeping unauthorized people out thus securing their web applications against exploitation.