1. ₹3.66 Cr Online Trading Scam Busted: All 6 Accused Nabbed by Chandigarh Police
Chandigarh Police arrested the sixth accused in a ₹3.66 crore online trading scam. The victim was duped via a fake WhatsApp group posing as stock market experts. The accused created a fake trading platform and lured the complainant with high-return stock tips. Five others were earlier held from Rajasthan.
2. Cyber Scammers Exploit Exam Results to Target Students and Parents
With exam results out, cyber fraudsters are targeting students and parents in Karnataka with fake scholarship scams. Using calls and texts, they seek personal and banking details. Police urge vigilance, advising not to click unknown links or share OTPs. Victims should report immediately to the cyber helpline at 1930.
3. Pune Man Arrested for Aiding Pakistan-Based Cyber Fraud Network
Pimpri-Chinchwad Police arrested one for supplying mule bank accounts to a cyber fraud gang run by a Pakistani national and an associate in Dubai. Linked to a ₹2.52 crore investment scam targeting a senior citizen, he provided 15-20 accounts from Marathwada and earned ₹2.5 lakh in commission.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
4. IndusInd Bank Employee in Gurugram Caught in Cyber Fraud Case
Gurugram Police arrested IndusInd Bank employee for aiding a Rs 35.69 lakh cyber fraud via a fake firm account. He received commissions for opening mule accounts. Another bank staffer was earlier held. So far, 32 bank officials have been arrested in similar cases amid rising cyber fraud complaints in 2025.
5. 2 Cyber Fraudsters from Gujarat Held for Duping Berhampur University VC
Two men from Gujarat were arrested for duping Berhampur University VC Geetanjali Dash of ₹14 lakh through a fake “digital arrest” scam. Posing as CBI officers, the gang threatened her with a money laundering case. Police seized phones and documents, and are probing their wider cyber fraud network across India.
INTERNATIONAL
6. Fortinet Alerts: Hackers Maintain FortiGate Access Even After SSL-VPN Patching
Fortinet revealed that attackers exploited SSL-VPN vulnerabilities to retain read-only access to FortiGate devices even after patching. Using symlinks, they bypassed detection and accessed configurations. Fortinet released fixes and urged updates. CISA and CERT-FR warned of ongoing risks, as attackers now deploy persistent backdoors that survive patches and resets.
7. ‘Paper Werewolf’ Hackers Use PowerModul Malware in Targeted Russian Attacks
Threat actor Paper Werewolf (aka GOFFEE) targeted Russian sectors with a new PowerModul implant between July and December 2024. Using phishing emails and macro-laced documents, they deployed PowerShell-based malware for espionage and sabotage. Tools like PowerTaskel and FlashFileGrabber enabled file theft, privilege escalation, and lateral movement across infected systems.
ALSO READ: “DFIR Capability Maturity Assessment Framework” by ALGORITHA
8. Initial Access Brokers Slash Prices, Shift Tactics in Underground Market
Initial Access Brokers (IABs) are shifting tactics by selling lower-cost access to more networks, focusing on volume over high-value targets. Operating discreetly and supporting Ransomware-as-a-Service groups, IABs streamline cyberattacks. Their evolving role poses rising threats to smaller organizations, demanding stronger cybersecurity, real-time monitoring, and awareness to counter these growing risks.
9. SpyNote, BadBazaar, and MOONSHINE Malware Pose Threat via Fake Mobile Apps
Researchers uncovered fake Google Play pages spreading SpyNote malware via deceptive APKs, mainly targeting Android users. Linked to Chinese threat actors, SpyNote, BadBazaar, and MOONSHINE are used for spying on Uyghur, Tibetan, and Taiwanese communities. These trojans steal personal data and enable full remote access to compromised devices, raising global cybersecurity concerns.
10. OttoKit WordPress Plugin Flaw Exploited to Create Rogue Admin Accounts
A critical flaw (CVE-2025-3102) in the OttoKit WordPress plugin is being actively exploited, allowing attackers to create admin accounts and hijack sites. The bug affects versions up to 1.0.78 when not configured with an API key. Users are urged to update to version 1.0.79 and check for rogue accounts.