India has taken another step toward expanding AI literacy in India with the launch of Kaushal Rath under the national programme Yuva AI for All. Flagged off from India Gate in New Delhi, the mobile initiative aims to bring foundational Artificial Intelligence (AI) education directly to students, youth, and educators, show more ...
particularly in semi-urban and underserved regions. For a country positioning itself as a global digital leader, the message behind Yuva AI for All is clear: AI cannot remain limited to elite institutions or metro cities. If Artificial Intelligence is to shape economies and governance, it must be understood by the wider population. Yuva AI for All: Taking AI to the Doorstep Launched by the Ministry of Electronics and Information Technology (MeitY) under the IndiaAI Mission in collaboration with AISECT, Yuva AI for All focuses on democratising access to AI education. Launching the initiative, the Minister of State Jitin Prasada stated, “Through the Yuva AI for All initiative and the Kaushal Rath, we are taking AI awareness directly across the country, especially to young people. The bus will travel across regions to familiarise students and youth with the uses and benefits of Artificial Intelligence, fulfilling the Prime Minister Narendra Modi’s vision of ensuring that awareness and access to opportunity transcend geography and demography.” Adding to this, he also said that “The Yuva AI for All with Kaushal Rath initiative is a precursor to the India AI Impact Summit 2026, which is set to take place in New Delhi next week. It is a great pride for India to be hosting a Summit of this kind for the first time, to be held in the Global South. “ [caption id="attachment_109449" align="aligncenter" width="600"] Image Source: PIB[/caption] At the centre of this effort is Kaushal Rath, a fully equipped mobile computer lab with internet-enabled systems and audio-visual tools. The vehicle will travel across Delhi-NCR and later other regions, visiting schools, ITIs, colleges, and community spaces. The aim is not abstract policy messaging, but practical exposure—hands-on demonstrations of AI and Generative AI tools, guided by trained facilitators and contextualised Indian use cases. The course structure is intentionally accessible. It is a four-hour, self-paced programme with six modules, requiring zero coding background. Participants learn AI concepts, ethics, and real-world applications. Upon completion, they receive certification, a move designed to add tangible value to academic and professional profiles. Kavita Bhatia, Scientist G, MeitY and COO of IndiaAI Mission highlighted, “Under the IndiaAI Mission, skilling is one of the seven core pillars, and this initiative advances our goal of democratising AI education at scale. Through Kaushal Rath, we are enabling hands-on AI learning for students across institutions using connected systems, AI tools, and structured courses, including the YuvAI for All programme designed to demystify AI. By combining instructor-led training, micro- and nano-credentials, and nationwide outreach, we are ensuring that AI skilling becomes accessible to learners across regions.” In a global context, this matters. Many nations speak of AI readiness, but few actively drive AI education beyond established technology hubs. Yuva AI for All attempts to bridge that gap. Building Momentum Toward the India AI Impact Summit 2026 The launch of Yuva AI for All and Kaushal Rath also builds momentum toward the upcoming India AI Impact Summit 2026, scheduled from February 16–20 at Bharat Mandapam, New Delhi. Positioned as the first global AI summit to be hosted in the Global South, the event is anchored on three pillars: People, Planet, and Progress. The summit aims to translate global AI discussions into development-focused outcomes aligned with India’s national priorities. But what distinguishes this effort is its nationwide groundwork. Over the past months, seven Regional AI Conferences were conducted across Meghalaya, Gujarat, Odisha, Madhya Pradesh, Uttar Pradesh, Rajasthan, and Kerala under the IndiaAI Mission. These conferences focused on practical AI deployment in governance, healthcare, agriculture, education, language technologies, and public service delivery. Policymakers, startups, academia, industry leaders, and civil society participated, ensuring that discussions were not limited to theory. Insights from these regional consultations will directly shape the agenda of the India AI Impact Summit 2026. A Nationwide AI Push, Not Just a Summit Several major announcements emerged from the regional conferences. Among them: A commitment to train one million youth under Yuva AI for All Expansion of AI Data Labs and AI Labs in ITIs and polytechnics Launch of Rajasthan’s AI/ML Policy 2026 Announcement of the Uttar Pradesh AI Mission Introduction of Madhya Pradesh’s SpaceTech Policy 2026 integrating AI Signing of MoUs with institutions including Google, IIT Delhi, and National Law University, Jodhpur Rollout of AI Stacks and cloud adoption frameworks for state-level governance These developments suggest that India’s AI roadmap is not confined to policy speeches. It is being operationalised across states, with funding commitments and institutional backing. For global observers, this signals something important. Emerging economies are not merely consumers of AI technologies—they are actively shaping governance models and skilling frameworks suited to their socio-economic realities. Why AI Literacy in India Matters Globally Artificial Intelligence is often discussed in terms of advanced research and frontier innovation. Yet the real challenge is adoption—ensuring people understand what AI is, what it can do, and how it should be used responsibly. By launching Yuva AI for All, India is placing emphasis on foundational awareness, not just high-end research. That approach reflects a broader recognition: AI will influence public service delivery, agriculture systems, healthcare models, and digital governance worldwide. Without widespread literacy, the risk of exclusion grows. At the same time, scaling AI education in a country as large and diverse as India is no small task. The success of Kaushal Rath will depend on sustained outreach, quality training, and long-term institutional support. Still, the initiative marks a visible shift. AI is no longer framed as a specialist subject—it is being positioned as a public capability. As preparations intensify for the India AI Impact Summit 2026, Yuva AI for All stands out as a reminder that AI’s future will not be shaped only in boardrooms or research labs, but also in classrooms, ITIs, and community spaces across regions often left out of the digital conversation.
Microsoft Patch Tuesday February 2026 addressed 54 vulnerabilities including six zero-days across Windows, Office, Azure services, Exchange Server, and developer tools. The latest patch update, rollout is notable not only for its smaller size but for the presence of six zero-day vulnerabilities that were already being show more ...
exploited in active attacks before patch availability. As part of the 2026 patch Tuesday, the release carries heightened urgency for enterprise defenders and system administrators. Microsoft Patch Tuesday February has Six New Zero-Day Fixes The most critical aspect of this Microsoft Patch Tuesday February update is the confirmation that six vulnerabilities were under active exploitation. These flaws impact core Windows components and productivity applications widely deployed in enterprise environments. The actively exploited zero-days are: CVE-2026-21510: Windows Shell Security Feature Bypass (Severity: Important; CVSS 7.8) CVE-2026-21513: MSHTML Platform Security Feature Bypass (Important; CVSS 7.5) CVE-2026-21514: Microsoft Word Security Feature Bypass (Important; CVSS 7.8) CVE-2026-21519: Desktop Window Manager Elevation of Privilege (Important; CVSS 7.8) CVE-2026-21525: Windows Remote Access Connection Manager Denial of Service (Important; CVSS 7.5) CVE-2026-21533: Windows Remote Desktop Services Elevation of Privilege (Important; CVSS 7.8) CVE-2026-21510 allows attackers to bypass the Mark of the Web (MoTW) mechanism in Windows Shell, preventing users from seeing security warnings on files downloaded from the internet. CVE-2026-21513, affecting the MSHTML engine, enables malicious shortcut or file-based payloads to bypass prompts and execute code without user awareness. CVE-2026-21514 similarly permits crafted Microsoft Word files to evade OLE mitigation protections. Privilege escalation vulnerabilities are also prominent. CVE-2026-21519 involves a type confusion flaw in the Desktop Window Manager that can grant attackers SYSTEM-level privileges. CVE-2026-21533 affects Windows Remote Desktop Services, allowing authenticated attackers to elevate privileges due to improper privilege handling. Meanwhile, CVE-2026-21525 can trigger a null pointer dereference in Windows Remote Access Connection Manager, leading to denial-of-service conditions by crashing VPN connections. Vulnerability Distribution and Impact Beyond the zero-days, Microsoft Patch Tuesday resolves a broad range of additional issues. Of the 54 vulnerabilities fixed, Elevation of Privilege (EoP) flaws account for 25. Remote Code Execution (RCE) vulnerabilities total 12, followed by 7 spoofing issues, 6 information disclosure flaws, 5 security feature bypass vulnerabilities, and 3 denial-of-service issues. High-risk vulnerabilities affecting enterprise infrastructure include: CVE-2026-21527: Microsoft Exchange Server Spoofing Vulnerability (Critical; potential RCE vector) CVE-2026-23655: Azure Container Instances Information Disclosure (Critical) CVE-2026-21518: GitHub Copilot / Visual Studio Remote Code Execution (Important) CVE-2026-21528: Azure IoT SDK Remote Code Execution (Important) CVE-2026-21531: Azure SDK Vulnerability (Important; CVSS 9.8) CVE-2026-21222: Windows Kernel Information Disclosure (Important) CVE-2026-21249: Windows NTLM Spoofing Vulnerability (Moderate) CVE-2026-21509: Microsoft Office Security Feature Bypass (Important) Azure-related services received multiple fixes, including Azure Compute Gallery (CVE-2026-21522 and CVE-2026-23655), Azure Function (CVE-2026-21532; CVSS 8.2), Azure Front Door (CVE-2026-24300; CVSS 9.8), Azure Arc (CVE-2026-24302; CVSS 8.6), Azure DevOps Server (CVE-2026-21512), and Azure HDInsights (CVE-2026-21529). Exchange Server remains a particularly sensitive asset in enterprise networks. CVE-2026-21527 highlights continued risks to messaging infrastructure, which has historically been a prime target for remote code execution and post-exploitation campaigns. Additional CVEs and Exploitability Ratings The official advisory states: “February 2026 Security Updates. This release consists of the following 59 Microsoft CVEs.” Among them: CVE-2023-2804: Windows Win32K - GRFX (CVSS 6.5; Exploitation Less Likely) CVE-2026-0391: Microsoft Edge for Android (CVSS 6.5; Exploitation Less Likely) CVE-2026-20841: Windows Notepad App (CVSS 8.8; Exploitation Less Likely) CVE-2026-20846: Windows GDI+ (CVSS 7.5) CVE-2026-21218: .NET and Visual Studio (CVSS 7.5; Exploitation Unlikely) CVE-2026-21231: Windows Kernel (CVSS 7.8; Exploitation More Likely) CVE-2026-21232: Windows HTTP.sys (CVSS 7.8) CVE-2026-21255: Windows Hyper-V (CVSS 8.8) CVE-2026-21256 and CVE-2026-21257: GitHub Copilot and Visual Studio CVE-2026-21258–21261: Microsoft Office Excel and Word CVE-2026-21537: Microsoft Defender for Linux (CVSS 8.8) Microsoft also republished one non-Microsoft CVE: CVE-2026-1861, associated with Chrome and affecting Chromium-based Microsoft Edge. Exploitability ratings range from “Exploitation Detected” and “Exploitation More Likely” to “Exploitation Less Likely” and “Exploitation Unlikely.” Most entries include FAQs, but workarounds and mitigations are generally listed as unavailable. Lifecycle Notes, Hotpatching, and Known Issues The advisory reiterates that Windows 10 and Windows 11 updates are cumulative and available through the Microsoft Update Catalog. Lifecycle timelines are documented in the Windows Lifecycle Facts Sheet. Microsoft is also continuing improvements to Windows Release Notes and provides servicing stack update details under ADV990001. The Hotpatching feature is now generally available for Windows Server Azure Edition virtual machines. Customers using Windows Server 2008 or Windows Server 2008 R2 must purchase Extended Security Updates to continue receiving patches; additional information is available under 4522133. Known issues tied to this 2026 Patch Tuesday release include: KB5075942: Windows Server 2025 Hotpatch KB5075897: Windows Server 23H2 KB5075899: Windows Server 2025 KB5075906: Windows Server 2022 Given the confirmed exploitation of multiple zero-days and the concentration of Elevation of Privilege and Remote Code Execution flaws, Microsoft Patch Tuesday 2026 represents a high-priority patch cycle. Organizations are advised to prioritize remediation of the six actively exploited vulnerabilities and critical infrastructure components, and to conduct rapid compatibility testing to reduce operational disruption.
The U.S. justice system has sent away an individual behind one of the largest global cryptocurrency investment scam cases, for two decades. While the sentence signals accountability, the individual remains a fugitive after cutting off his electronic ankle monitor and fleeing in December 2025. Daren Li, a 42-year-old show more ...
dual national of China and St. Kitts and Nevis, has been sentenced in absentia to 20 years in prison for carrying out a $73 million cryptocurrency fraud scheme that targeted American victims. Inside the $73 Million Global Cryptocurrency Investment Scam According to court documents, Li pleaded guilty in November 2024 to conspiring to launder funds obtained through cryptocurrency scams. Prosecutors revealed that the global cryptocurrency investment scam was operated from scam centers in Cambodia, a growing hotspot for transnational cyber fraud. The operation followed a now-familiar pattern often referred to as a “pig butchering scam.” Victims were approached through social media, unsolicited calls, text messages, and even online dating platforms. Fraudsters built professional or romantic relationships over weeks or months. Once trust was secured, victims were directed to spoofed cryptocurrency trading platforms that looked legitimate. In other cases, scammers posed as tech support or customer service representatives, convincing victims to transfer funds to fix non-existent viruses or fabricated technical problems. The numbers are staggering. Li admitted that at least $73.6 million flowed into accounts controlled by him and his co-conspirators. Of that, nearly $60 million was funneled through U.S. shell companies designed to disguise the origins of the stolen funds. This was not random fraud—it was organized, calculated, and industrial in scale. Crypto Money Laundering Through U.S. Shell Companies What makes this global cryptocurrency investment scam particularly troubling is the complex crypto money laundering infrastructure behind it. Li directed associates to establish U.S. bank accounts under shell companies. These accounts received interstate and international wire transfers from victims. The stolen money was then converted into cryptocurrency, further complicating efforts to trace and recover funds. Eight co-conspirators have already pleaded guilty. Li is the first defendant directly involved in receiving victim funds to be sentenced. Prosecutors pushed for the maximum penalty after hearing from victims who lost life savings, retirement funds, and, in some cases, their entire financial security. Assistant Attorney General A. Tysen Duva described the damage as “devastating.” And that word is not an exaggeration. Behind every dollar in this $73 million cryptocurrency scam is a real person whose trust was manipulated. “As part of an international cryptocurrency investment scam, Daren Li and his co-conspirators laundered over $73 million dollars stolen from American victims,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “The Court’s sentence reflects the gravity of Li’s conduct, which caused devastating losses to victims throughout our country. The Criminal Division will work with our law enforcement partners around the world to ensure that Li is returned to the United States to serve his full sentence.” Scam Centers in Cambodia Under Global Scrutiny The sentencing comes amid increasing international pressure to dismantle scam centers in Cambodia and across Southeast Asia. For years, these operations flourished with limited oversight. Now, authorities in the U.S., China, and other nations are escalating crackdowns. China recently executed members of two crime families accused of running cyber scam compounds in Myanmar. In Cambodia, the arrest and extradition of Prince Group chairman Chen Zhi—a key figure in cyber scam money laundering—triggered chaotic scenes as human trafficking victims and scam workers sought refuge at embassies. These developments show that the global cryptocurrency investment scam network is not isolated. It is part of a larger ecosystem of organized crime, human trafficking, and digital exploitation. Law Enforcement’s Expanding Response The U.S. Secret Service’s Global Investigative Operations Center led the investigation, supported by Homeland Security Investigations, Customs and Border Protection, the U.S. Marshals Service, and international partners. The Justice Department’s Criminal Division continues targeting scam centers by seizing cryptocurrency, dismantling digital infrastructure, and disrupting money laundering networks. Since 2020, the Computer Crime and Intellectual Property Section (CCIPS) has secured more than 180 cybercrime convictions and recovered over $350 million in victim funds. Still, the fact that Li escaped before serving his sentence highlights a sobering truth: enforcement is improving, but global coordination must move even faster. Why This Global Cryptocurrency Investment Scam Matters Technology has erased borders, but it has also erased barriers for criminals. The global cryptocurrency investment scam case shows how encrypted apps, fake trading platforms, and shell corporations can be stitched together into a seamless fraud machine. The bigger concern is scale. These operations are not small-time scams run from a basement. They are corporate-style enterprises with recruiters, relationship builders, financial handlers, and laundering specialists. For investors, the lesson is clear: unsolicited investment advice, especially involving cryptocurrency, should raise immediate red flags. For regulators and governments, the message is even stronger. Financial transparency laws, international cooperation, and aggressive enforcement are no longer optional—they are essential. Daren Li’s 20-year sentence may serve as a warning, but until fugitives like him are brought back to face prison time, the fight against the next $73 million cryptocurrency scam continues.
Union Home Minister Amit Shah on Tuesday announced that the Central government has cancelled 12 lakh SIM cards and ensured that IMEI numbers blocked exceeded 3 lakh mobile devices as part of a sweeping nationwide crackdown on cybercrime. He added that 20,853 accused individuals have been arrested in connection with show more ...
cyber offences up to December 2025. Shah shared these figures while addressing the National Conference on “Tackling Cyber-Enabled Frauds and Dismantling the Ecosystem,” organized by the Central Bureau of Investigation (CBI) and the Indian Cyber Crime Coordination Centre (I4C). The conference focused on strategies to dismantle the growing organized ecosystem of cybercrime. The large-scale action involving SIM cards being cancelled and IMEI numbers being blocked is aimed at cutting off the communication channels frequently used by fraud networks. According to Shah, these measures are part of a coordinated national effort to prevent and respond effectively to cybercrime. Multi-Agency Coordination Strengthened to Combat Organized Cybercrime The Home Minister underlined that tackling cybercrime requires close cooperation among multiple institutions. Agencies, including I4C, State Police forces, the CBI, the National Investigation Agency (NIA), the Enforcement Directorate (ED), the Department of Telecommunications, the banking sector, the Ministry of Electronics and Information Technology (MeitY), the Reserve Bank of India (RBI), and the judiciary, are collectively engaged in sustained enforcement efforts. Emphasising the importance of inter-agency coordination, Shah said each institution has a clearly defined role and responsibility. Seamless cooperation among stakeholders, he noted, is essential to deliver effective outcomes, especially when cybercrime operations span across states and international jurisdictions. He described the initiative taken by the CBI and I4C as “extremely significant,” stating that it brings various departments together and strengthens the implementation of anti-cybercrime measures. Through this integrated framework, authorities aim not only to make arrests but also to dismantle the broader infrastructure supporting cybercrime activities. Shah also stressed the crucial role of the CBI and NIA, particularly in addressing cybercrimes originating outside India. He pointed out that lapses in maintaining the chain of custody of digital evidence often hinder convictions and remain a key challenge in prosecuting cyber offenders. Digital Growth, 181 Billion UPI Transactions and Rising Cybercrime Risks Highlighting India’s digital transformation over the past 11 years under the Digital India initiative, Shah said the country’s digital expansion has been remarkable. The number of internet users has risen from 250 million to over 1 billion, while broadband connections have grown nearly sixteenfold, also crossing the 1-billion mark. He further noted that the cost of one gigabyte of data has dropped by 97 per cent, expanding internet access and usage. Connectivity through the BharatNet project has also seen dramatic growth. Eleven years ago, only 546 village panchayats were connected, whereas more than 2 lakh village panchayats are now covered, ensuring connectivity from Parliament to Panchayats. Shah also pointed to the surge in digital financial transactions. In 2024 alone, India recorded more than 181 billion Unified Payments Interface (UPI) transactions with a total value exceeding Rs 233 trillion. The rapid expansion of digital payments, he indicated, has made the fight against cybercrime even more critical. He warned that cybercrime, which was once largely individual-driven, has now become institutionalised. Criminal groups are using advanced technologies and continuously adapting their methods. In this environment, actions such as SIM cards cancelled and IMEI numbers blocked are intended to disrupt the operational backbone of fraudulent networks. Calling for collective responsibility, Shah urged all agencies to identify vulnerabilities and minimise risks at every level. He said the Centre has adopted a comprehensive, multi-dimensional strategy to combat cybercrime. The key pillars include real-time cybercrime reporting, strengthening forensic networks, capacity building, research and development, promoting cyber awareness, and encouraging cyber hygiene. He cautioned that without timely intervention, cyber fraud could have escalated into a national crisis. Shah called on stakeholders to act simultaneously, whether by identifying fraudulent call centres, enhancing awareness campaigns, improving the 1930 cybercrime helpline, reducing response times, or strengthening coordination between banks and I4C.
Every year, scammers cook up new ways to trick people, and 2025 was no exception. Over the past year, our anti-phishing system thwarted more than 554 million attempts to follow phishing links, while our Mail Anti-Virus blocked nearly 145 million malicious attachments. To top it off, almost 45% of all emails worldwide show more ...
turned out to be spam. Below, we break down the most impressive phishing and spam schemes from last year. For the deep dive, you can read the full Spam and Phishing in 2025 report on Securelist. Phishing for fun Music lovers and cinephiles were prime targets for scammers in 2025. Bad actors went all out creating fake ticketing aggregators and spoofed versions of popular streaming services. On these fake aggregator sites, users were offered “free” tickets to major concerts. The catch? You just had to pay a small “processing fee” or “shipping cost”. Naturally, the only thing being delivered was your hard-earned cash straight into a scammer’s pocket. Free Lady Gaga tickets? Only in a mousetrap With streaming services, the hustle went like this: users received a tempting offer to, say, migrate their Spotify playlists to YouTube by entering their Spotify credentials. Alternatively, they were invited to vote for their favorite artist in a chart — an opportunity most fans find hard to pass up. To add a coat of legitimacy, scammers name-dropped heavy hitters like Google and Spotify. The phishing form targeted multiple platforms at once — Facebook, Instagram, or email — requiring users to enter their credentials to vote hand over their accounts. This phishing page mimicking a multi-login setup looks terrible — no self-respecting designer would cram that many clashing icons onto a single button In Brazil, scammers took it a step further: they offered users the chance to earn money just by listening to and rating songs on a supposed Spotify partner service. During registration, users had to provide their ID for Pix (the Brazilian instant payment system), and then make a one-time “verification payment” of 19.9 Brazilian reals (about $4) to “confirm their identity”. This fee was, of course, a fraction of the promised “potential earnings”. The payment form looked incredibly authentic and requested additional personal data — likely to be harvested for future attacks. This scam posed as a service for boosting Spotify ratings and plays, but to start “earning”, you first had to pay up The “cultural date” scheme turned out to be particularly inventive. After matching and some brief chatting on dating apps, a new “love interest” would invite the victim to a play or a movie and send a link to buy tickets. Once the “payment” went through, both the date and the ticketing site would vanish into thin air. A similar tactic was used to sell tickets for immersive escape rooms, which have surged in popularity lately; the page designs mirrored real sites to lower the user’s guard. Scammers cloned the website of a well-known Russian ticketing service Phishing via messaging apps The theft of Telegram and WhatsApp accounts became one of the year’s most widespread threats. Scammers have mastered the art of masking phishing as standard chat app activities, and have significantly expanded their geographical reach. On Telegram, free Premium subscriptions remained the ultimate bait. While these phishing pages were previously only seen in Russian and English, 2025 saw a massive expansion into other languages. Victims would receive a message — often from a friend’s hijacked account — offering a “gift”. To activate it, the user had to log in to their Telegram account on the attacker’s site, which immediately led to another hijacked account. Another common scheme involved celebrity giveaways. One specific attack, disguised as an NFT giveaway, stood out because it operated through a Telegram Mini App. For the average user, spotting a malicious Mini App is much harder than identifying a sketchy external URL. Scammers blasted out phishing bait for a fake Khabib Nurmagomedov NFT giveaway in both Russian and English simultaneously. However, in the Russian text, they forgot to remove a question from the AI that generated the text, “Do you need bolder, formal, or humorous options?” — which points to a rushed job and a total lack of editing Finally, the classic vote for my friend messenger scam evolved in 2025 to include prompts to vote for the “city’s best dentist” or “top operational leader” — unfortunately, just bait for account takeovers. Another clever method for hijacking WhatsApp accounts was spotted in China, where phishing pages perfectly mimicked the actual WhatsApp interface. Victims were told that due to some alleged “illegal activity”, they needed to undergo “additional verification”, which — you guessed it — ended up with a stolen account. Victims were redirected to a phone number entry form, followed by a request for their authorization code Impersonating Government Services Phishing that mimics government messages and portals is a “classic of the genre”, but in 2025, scammers added some new scripts to the playbook. In Russia, vishing attacks targeting government service users picked up steam. Victims received emails claiming an unauthorized login to their account, and were urged to call a specific number to undergo a “security check”. To make it look legit, the emails were packed with fake technical details: IP addresses, device models, and timestamps of the alleged login. Scammers also sent out phony loan approval notifications: if the recipient hadn’t applied for a loan (which they hadn’t), they were prompted to call a fake support team. Once the panicked victim reached an “operator”, social engineering took center stage. In Brazil, attackers hunted for taxpayer numbers (CPF numbers) by creating counterfeit government portals. Since this ID is the master key for accessing state services, national databases, and personal documents, a hijacked CPF is essentially a fast track to identity theft. This fraudulent Brazilian government portal of surprisingly high quality In Norway, scammers targeted people looking to renew their driver’s licenses. A site mimicking the Norwegian Public Roads Administration collected a mountain of personal data: everything from license plate numbers, full names, addresses, and phone numbers to the unique personal identification numbers assigned to every resident. For the cherry on top, drivers were asked to pay a “license replacement fee” of 1200 NOK (over US$125). The scammers walked away with personal data, credit card details, and cash. A literal triple-combo move! Generally speaking, motorists are an attractive target: they clearly have money and a car and a fear of losing it. UK-based scammers played on this by sending out demands to urgently pay some overdue vehicle tax to avoid some unspecified “enforcement action”. This “act now!” urgency is a classic phishing trope designed to distract the victim from a sketchy URL or janky formatting. Scammers pressured Brits to pay purportedly overdue vehicle taxes “immediately” to keep something bad from happening Let us borrow your identity, please In 2025, we saw a spike in phishing attacks revolving around Know Your Customer (KYC) checks. To boost security, many services now verify users via biometrics and government IDs. Scammers have learned to harvest this data by spoofing the pages of popular services that implement these checks. On this fraudulent Vivid Money page, scammers systematically collected incredibly detailed information about the victim What sets these attacks apart is that, in addition to standard personal info, phishers demand photos of IDs or the victim’s face — sometimes from multiple angles. This kind of full profile can later be sold on dark web marketplaces or used for identity theft. We took a deep dive into this process in our post, What happens to data stolen using phishing? AI scammers Naturally, scammers weren’t about to sit out the artificial intelligence boom. ChatGPT became a major lure: fraudsters built fake ChatGPT Plus subscription checkout pages, and offered “unique prompts” guaranteed to make you go viral on social media. This is a nearly pixel-perfect clone of the original OpenAI checkout page The “earn money with AI” scheme was particularly cynical. Scammers offered passive income from bets allegedly placed by ChatGPT: the bot does all the heavy lifting while the user just watches the cash roll in. Sounds like a dream, right? But to “catch” this opportunity, you had to act fast. A special price on this easy way to lose your money was valid for only 15 minutes from the moment you hit the page, leaving victims with no time to think twice. You’ve exactly 15 minutes to lose €14.99! After that, you lose €39.99 Across the board, scammers are aggressively adopting AI. They’re leveraging deepfakes, automating high-quality website design, and generating polished copy for their email blasts. Even live calls with victims are becoming components of more complex schemes, which we detailed in our post, How phishers and scammers use AI. Booby-trapped job openings Someone looking for work is a prime target for bad actors. By dangling high-paying remote roles at major brands, phishers harvested applicants’ personal data — and sometimes even squeezed them for small “document processing fees” or “commissions”. “$1000 on your first day” for remote work at Amazon. Yeah, right In more sophisticated setups, “employment agency” phishing sites would ask for the phone number linked to the user’s Telegram account during registration. To finish “signing up”, the victim had to enter a “confirmation code”, which was actually a Telegram authorization code. After entering it, the site kept pestering the applicant for more profile details — clearly a distraction to keep them from noticing the new login notification on their phone. To “verify the user”, the victim was told to wait 24 hours, giving the scammers, who already had a foot in the door, enough time to hijack the Telegram account permanently. Hype is a lie (but a very convincing one) As usual, scammers in 2025 were quick to jump on every trending headline, launching email campaigns at breakneck speed. For instance, following the launch of $TRUMP meme coins by the U.S. President, scam blasts appeared promising free NFTs from “Trump Meme Coin” and “Trump Digital Trading Cards”. We’ve previously broken down exactly how meme coins work, and how to (not) lose your shirt on them. The second the iPhone 17 Pro hit the market, it became the prize in countless fake surveys. After “winning”, users just had to provide their contact info and pay for shipping. Once those bank details were entered, the “winner” risked losing not just the shipping fee, but every cent in their account. Riding the Ozempic wave, scammers flooded inboxes with offers for counterfeit versions of the drug, or sketchy “alternatives” that real pharmacists have never even heard of. And during the BLACKPINK world tour, spammers pivoted to advertising “scooter suitcases just like the band uses”. Even Jeff Bezos’s wedding in the summer of 2025 became fodder for “Nigerian” email scams. Users received messages purportedly from Bezos himself or his ex-wife, MacKenzie Scott. The emails promised massive sums in the name of charity or as “compensation” from Amazon. How to stay safe As you can see, scammers know no bounds when it comes to inventing new ways to separate you from your money and personal data — or even stealing your entire identity. These are just a few of the wildest examples from 2025; you can dive into the full analysis of the phishing and spam threat landscape over at Securelist. In the meantime, here are a few tips to keep you from becoming a victim. Be sure to share these with your friends and family — especially kids, teens, and older relatives. These groups are often the main targets in the scammers’ crosshairs. Check the URL before entering any data. Even if the page looks pixel-perfect, the address bar can give the game away. Don’t follow links in suspicious messages, even if they come from someone you know. Their account could easily have been hijacked. Never share verification codes with anyone. These codes are the master keys to your digital life. Enable two-factor authentication everywhere you can. It adds a crucial extra hurdle for hackers. Be skeptical of “too good to be true” offers. Free iPhones, easy money, and gifts from strangers are almost always a trap. For a refresher, check out our post, Phishing 101: what to do if you get a phishing email. Install robust protection on all your devices. Kaspersky Premium automatically blocks phishing sites, malicious attachments, and spam blasts before you even have a chance to click. Plus, our Kaspersky for Android app features a three-tier anti-phishing system that can sniff out and neutralize malicious links in any message from any app. Read more about it in our post, A new layer of anti-phishing security in Kaspersky for Android.
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around show more ...
the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers. Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions of systems, turning poorly secured IoT devices like TV streaming boxes, digital picture frames and routers into relays for malicious traffic and abnormally large distributed denial-of-service (DDoS) attacks. I2P is a decentralized, privacy-focused network that allows people to communicate and share information anonymously. “It works by routing data through multiple encrypted layers across volunteer-operated nodes, hiding both the sender’s and receiver’s locations,” the I2P website explains. “The result is a secure, censorship-resistant network designed for private websites, messaging, and data sharing.” On February 3, I2P users began complaining on the organization’s GitHub page about tens of thousands of routers suddenly overwhelming the network, preventing existing users from communicating with legitimate nodes. Users reported a rapidly increasing number of new routers joining the network that were unable to transmit data, and that the mass influx of new systems had overwhelmed the network to the point where users could no longer connect. I2P users complaining about service disruptions from a rapidly increasing number of routers suddenly swamping the network. When one I2P user asked whether the network was under attack, another user replied, “Looks like it. My physical router freezes when the number of connections exceeds 60,000.” A graph shared by I2P developers showing a marked drop in successful connections on the I2P network around the time the Kimwolf botnet started trying to use the network for fallback communications. The same day that I2P users began noticing the outages, the individuals in control of Kimwolf posted to their Discord channel that they had accidentally disrupted I2P after attempting to join 700,000 Kimwolf-infected bots as nodes on the network. The Kimwolf botmaster openly discusses what they are doing with the botnet in a Discord channel with my name on it. Although Kimwolf is known as a potent weapon for launching DDoS attacks, the outages caused this week by some portion of the botnet attempting to join I2P are what’s known as a “Sybil attack,” a threat in peer-to-peer networks where a single entity can disrupt the system by creating, controlling, and operating a large number of fake, pseudonymous identities. Indeed, the number of Kimwolf-infected routers that tried to join I2P this past week was many times the network’s normal size. I2P’s Wikipedia page says the network consists of roughly 55,000 computers distributed throughout the world, with each participant acting as both a router (to relay traffic) and a client. However, Lance James, founder of the New York City based cybersecurity consultancy Unit 221B and the original founder of I2P, told KrebsOnSecurity the entire I2P network now consists of between 15,000 and 20,000 devices on any given day. An I2P user posted this graph on Feb. 10, showing tens of thousands of routers — mostly from the United States — suddenly attempting to join the network. Benjamin Brundage is founder of Synthient, a startup that tracks proxy services and was the first to document Kimwolf’s unique spreading techniques. Brundage said the Kimwolf operator(s) have been trying to build a command and control network that can’t easily be taken down by security companies and network operators that are working together to combat the spread of the botnet. Brundage said the people in control of Kimwolf have been experimenting with using I2P and a similar anonymity network — Tor — as a backup command and control network, although there have been no reports of widespread disruptions in the Tor network recently. “I don’t think their goal is to take I2P down,” he said. “It’s more they’re looking for an alternative to keep the botnet stable in the face of takedown attempts.” The Kimwolf botnet created challenges for Cloudflare late last year when it began instructing millions of infected devices to use Cloudflare’s domain name system (DNS) settings, causing control domains associated with Kimwolf to repeatedly usurp Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. James said the I2P network is still operating at about half of its normal capacity, and that a new release is rolling out which should bring some stability improvements over the next week for users. Meanwhile, Brundage said the good news is Kimwolf’s overlords appear to have quite recently alienated some of their more competent developers and operators, leading to a rookie mistake this past week that caused the botnet’s overall numbers to drop by more than 600,000 infected systems. “It seems like they’re just testing stuff, like running experiments in production,” he said. “But the botnet’s numbers are dropping significantly now, and they don’t seem to know what they’re doing.”
Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall the region lagged in curbing Telnet traffic.
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of
_Dragos_Condrea_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
