A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India's defence partnerships with other countries.
Cybersecurity firm Athenian Tech, which analyzed the data, believes it was taken from the personal device of a former Defence Ministry official. Among the leaked files are emergency evacuation procedures for high-ranking government officials, including the President and Prime Minister, in the event of an aerial attack. This has raised serious concerns about national security.
Defence Agency denies data breach
The Defence Research and Development Organisation (DRDO), which is responsible for developing military technology, is known for its strict security rules. Employees are not even allowed to carry personal mobile phones in certain areas. However, the stolen data has been linked to DRDO, raising concerns about how such critical information was accessed.
Despite these claims, DRDO officials have denied that their systems were breached. They stated that the stolen files do not belong to their organization but have not provided further details to clarify the situation.
Hackers Claim Responsibility
A ransomware group called Babuk Locker 2.0 announced on March 10, 2025, that it was behind the attack. The hackers claim to have stolen 20 terabytes of sensitive defence data from DRDO’s servers, including classified military documents and login credentials. They released a small portion of this data, approximately 753 MB, as proof of their claims.
The sample files include technical details about upgrades to the T9 Bhishma Tank, along with records of India’s defence collaborations with countries such as Finland, Brazil, and the United States.
Athenian Tech examined conversations between the hackers and found that they were communicating in Indonesian, suggesting they may be based in Indonesia. However, after further analysis, the firm believes the hackers might have exaggerated the scale of the breach.
The report indicates that much of the leaked data is linked to Puneet Agarwal, who served as a Joint Secretary in the Defence Ministry between 2019 and 2021. His personal information, including Aadhaar details, financial records, and travel documents, were found in the files. This suggests that the breach might have come from his personal device rather than DRDO’s secured internal network.
Major Security Risks
The exposure of such sensitive information highlights major cybersecurity vulnerabilities. It raises concerns about insider threats and whether India’s defence infrastructure is adequately protected from sophisticated cyberattacks.
Athenian Tech has stressed the need for stronger security measures, tighter access controls, and constant monitoring to prevent such incidents from happening again.
One of the biggest concerns is that classified documents were stored on a personal device, which indicates serious gaps in data security policies. If the hackers also obtained login credentials, they could use them to infiltrate more secure systems and gain access to additional classified information.
A major online platform for collectible items, Collectibles.com, has accidentally exposed the private information of nearly a million users. This security flaw could put many people at risk of identity theft, fraud, and online scams, according to cybersecurity experts.
How the Data Was Leaked
Cybersecurity researchers from Cybernews discovered that the website had an unprotected database, meaning anyone could access it without a password. This database contained 300GB of data and over 870,000 records, each linked to a different user. The leaked information included full names, email addresses, profile pictures, account details, records of collectible card sales, and other transaction history.
Experts warn that such leaks can be dangerous because cybercriminals might use this data for fraudulent activities, such as identity theft or phishing scams. Phishing is when scammers send fake emails or messages pretending to be from a trusted company to trick users into revealing passwords or financial information.
What Is Collectibles.com?
Previously known as Cardbase, Collectibles.com is an online marketplace where users can buy, sell, and track trading cards, comics, and memorabilia. In 2024, the company announced it had around 300,000 users. However, this data leak suggests the number of affected users might be much higher.
Company’s Response and Security Concerns
Cybernews contacted Collectibles.com to inform them about the security issue. However, aside from an automated response, the company did not take immediate action. It took ten days for the exposed database to be secured, but it remains unclear how long the data was accessible before it was discovered.
There is also uncertainty about whether hackers accessed the information before Cybernews reported it. If cybercriminals obtained this data, they could already be using it for scams or fraud.
Why Do These Leaks Happen?
One of the main reasons for data leaks is unsecured cloud databases. Many companies store customer information online but do not always follow proper security practices. Some businesses assume that cloud providers are fully responsible for security, but in reality, companies must also take steps to protect their data.
Cybercriminals and researchers alike use tools to search the internet for unprotected databases. Once found, these databases can be exploited in different ways, from selling private information to launching scams.
How Users Can Protect Themselves
If you have an account on Collectibles.com, consider taking the following steps:
1. Change your password immediately to ensure your account remains secure.
2. Enable two-factor authentication (2FA) to add an extra layer of protection.
3. Be cautious of phishing emails that may try to trick you into revealing personal details.
4. Monitor your accounts for suspicious activity and report anything unusual.
Cybersecurity experts emphasize that companies must take data security seriously to prevent such leaks. At the same time, users should remain cautious and take steps to protect their personal information online.
WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.
The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.
A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.
How the Attack Worked
Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.
Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.
Who Was Targeted?
According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.
Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.
Spyware Linked to Government Agencies
Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.
Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.
Who Is Behind Paragon Spyware?
Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.
Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.
In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.
Protecting Yourself from Spyware
While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:
1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.
2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.
3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.
4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.
Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.
For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers.
Employees often copy, paste, upload, or transfer information online without realizing the risks. Web apps, personal accounts, AI tools, and browser extensions have made it harder to track where the data goes. Old security methods can no longer catch these new risks.
How Data Slips Out Through Browsers
Data leaks no longer happen only through obvious channels like USB drives or emails. Today, normal work tasks done inside browsers cause unintentional leaks.
For example, a developer might paste secret codes into an AI chatbot. A salesperson could move customer details into their personal cloud account. A manager might give an online tool access to company data without knowing it.
Because these activities happen inside approved apps, companies often miss the risks. Different platforms also store data differently, making it harder to apply the same safety rules everywhere.
Simple actions like copying text, using extensions, or uploading files now create new ways for data to leak. Cloud services like AWS or Microsoft add another layer of confusion, as it becomes unclear where the data is stored.
The use of multiple browsers, Chrome, Safari, Firefox — makes it even harder for security teams to keep an eye on everything.
Personal Accounts Add to the Risk
Switching between work and personal accounts during the same browser session is very common. People use services like Gmail, Google Drive, ChatGPT, and others without separating personal and office work.
As a result, important company data often ends up in personal cloud drives, emails, or messaging apps without any bad intention from employees.
Studies show that nearly 40% of web use in Google apps involves personal accounts. Blocking personal uploads is not a solution. Instead, companies need smart browser rules to separate work from personal use without affecting productivity.
Moving Data Is the Most Dangerous Moment
Data is most vulnerable when it is being shared or transferred — what experts call "data in motion." Even though companies try to label sensitive information, most protections work only when data is stored, not when it moves.
Popular apps like Google Drive, Slack, and ChatGPT make sharing easy but also increase the risk of leaks. Old security systems fail because the biggest threats now come from tools employees use every day.
Extensions and Unknown Apps — The Hidden Threat
Browser extensions and third-party apps are another weak spot. Employees often install them without knowing how much access they give away.
Some of these tools can record keystrokes, collect login details, or keep pulling data even after use. Since these risks often stay hidden, security teams struggle to control them.
Today, browsers are the biggest weak spot in protecting company data. Businesses need better tools that control data flow inside the browser, keeping information safe without slowing down work.
The Federal Bureau of Investigation (FBI) has warned corporate executives about a new scam designed to trick them into paying large sums of money. Criminals are sending threatening letters claiming to have stolen sensitive company data and demanding a ransom. They are falsely using the name of a well-known hacker group to appear more convincing. However, the FBI has found no actual link between the scammers and the group they claim to represent.
How the Scam Operates
According to an FBI alert issued on March 6, 2025, the scammers are mailing letters to company executives marked as urgent. These letters state that hackers have broken into their company's systems and taken confidential data. The scammers then demand a payment of anywhere between 250,000 and 500,000 dollars to prevent the data from being exposed online.
To pressure victims into paying, the letter includes a QR code that directs them to a Bitcoin wallet for the ransom payment. The message also warns that the criminals will not negotiate, adding to the urgency.
The letter claims to be from a group known for past cyberattacks, but investigators have found no evidence that the real organization is behind these threats. Instead, scammers are using the group's name to make their claims seem more credible and to scare victims into complying.
Why Executives Are Being Targeted
Top business leaders often have access to critical company information, making them valuable targets for cybercriminals. Attackers believe that these individuals will feel pressured to act quickly when they receive threats about stolen data. By creating a sense of urgency, the scammers hope their victims will pay the ransom without questioning its legitimacy.
The FBI has stressed that companies should not assume the threats are real just because they mention a well-known hacking group. Instead, businesses should focus on improving their cybersecurity defenses and educating employees about potential scams.
How to Protect Against This Scam
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have shared several important steps businesses can take to safeguard themselves against such scams:
1. Inform and Educate – Business executives and employees should be aware of this type of scam so they can identify suspicious threats and avoid panic.
2. Strengthen Security Systems – Companies should ensure that their firewalls, antivirus software, and security protocols are up to date and functioning effectively.
3. Establish a Response Plan – Organizations should have a clear strategy in place for handling extortion threats. They should not respond or pay the ransom but instead follow proper security procedures.
4. Report Suspicious Activity – If a business receives one of these extortion letters, it should immediately inform the FBI or report the incident through the Internet Crime Complaint Center (IC3). Reporting such cases helps authorities track cybercriminals and take action against them.
Why Awareness is Crucial
This scam highlights the growing trend of cybercriminals using fear to manipulate victims into handing over large amounts of money. While there is no confirmation that the real hacker group mentioned in the letter is involved, this situation serves as a reminder for businesses to stay cautious.
The best way to prevent falling victim to such scams is through strong security measures, employee awareness, and prompt reporting of suspicious activity. The FBI is closely monitoring the situation and urges companies to take cybersecurity seriously to avoid financial and reputational damage.