Midnight Web by Rahul Banerjee

Naukri, a leading Indian jobs website, has patched a vulnerability that revealed the email IDs of recruiters posting jobs on its site to hunt for and recruit candidates online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri’s platform. The issue did not appear to affect the company’s website. The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch. He stated that open email IDs could be included in public breach databases or spam lists, and bulk scraping of email addresses can result in automated bot abuse or scams. TechCrunch confirmed the exposure after Gowda made disclosures regarding the bug. The researcher confirmed to TechCrunch that the bug was remediated earlier this week, which Naukri seco...

  Procolored, a Chinese printer manufacturer, has been sending infecting its customers with backdoors, infostealers, and cryptocurrency stealers - for six months. This information comes from cybersecurity researchers at G Data, who were alerted to the supply chain attack by a technical author and content creator, Cameron Coward. Apparently, Coward wanted to review one of Procolored’s printers. After attempting to install the accompanying software from a USB stick, he was alerted to the presence of the Floxif worm. He reached out to the company who dismissed the warning as a false positive. Unsatisfied with this response, Coward turned to Reddit, where his thread was picked up by G Data‘s cyber security researchers. G Data, however, discovered that 39 software downloads, hosted on mega.nz and last updated in October 2024, had been infected with two malware families, namely an information stealer and a backdoor. 1.Win32.Backdoor.XRedRAT.A 2.MSIL.Trojan-Stealer.CoinStealer.H ...

Seven Advanced Persistent Threat (APT) groups associated with Pakistan attempted to infiltrate Indian infrastructure, resulting in a staggering 99.99% failure rate despite launching over 1.5 million cyberattacks. Identified by Maharashtra Cyber, these groups employed various tactics including malware, DDoS attacks, GPS spoofing, and misinformation campaigns, with only 150 attacks achieving success and causing negligible disruption. 1.         APT36 (Transparent Tribe): Known for cyber espionage since 2013, it targets Indian defense and government sectors using CrimsonRAT malware via spear-phishing. 2.        Pakistan Cyber Force: Claimed breaches of Military Engineering Services and Manohar Parrikar Institute, and defaced Armoured Vehicle Nigam Limited’s website with Pakistan’s flag. 3.        Team Insane PK: Targeted Indian Army websites, like the Army College of Nursing, with provocative messaging. ...

Meta introduced Private Processing, an optional new feature aimed at allowing WhatsApp users to process messages with AI in a private, secure cloud environment. Meta stated this means that neither WhatsApp nor Meta any third party is able to access the messages, preserving end-to-end encryption. The news emphasized how AI has redefined technology engagement through the automation of activities and insights on data. However, traditional AI processing, which relies on server-based large language models, often requires providers to see user requests. This can challenge privacy, especially for sensitive messages. Meta stated that the Private Processing tackles this issue by supporting AI functions, such as summarizing messages or offering writing assistance, while upholding WhatsApp’s commitment to privacy. Meta defined three guiding principles for Private Processing: Optionality: Utilizing AI features, including Private Processing, is completely optional. Transparency: The fir...

After the recent terror attack at Pahalgam, Pakistani hacking groups have reportedly launched synchronized cyber attacks against Indian websites. At least four websites were hacked, including the official website of Army College of Nursing at Punjab, reports said. While the other three locations remain to be discovered, the hack serves to highlight persistent cyber hostility between India and Pakistan a virtual front line that often simmers in the aftermath of geopolitical crises. Attack Overview and Attribution Cybersecurity specialists are of the view that the Pakistan Cyber Army (PCA) is most probably behind the attacks, but other state-backed entities such as Transparent Tribe (APT36) and SideCopy are also active in this sphere. All these entities have generally employed phishing operations, server misconfiguration, and web app vulnerabilities to compromise Indian cyber infrastructure. Likely Tactics and Tools Although formal technical disclosures are yet to be published ...

                                                          This team was trained by the Indian Institute of Technology (IIT) Madras through its Pravartak Technologies Foundation. Training the first group of Cyber Commandos is a big move for India to boost its cyber security. The Union Ministry of Home Affairs has started this program to make the country's cyber defense stronger. The Cyber Commandos are a special team that will actively work to stop cyberattacks, protect important data, and maintain control over the digital space in India. Unlike existing units that only react to cyber crimes, the Cyber Commandos will work to prevent them. This initiative aims to provide law enforcement officers with advanced skills in handling cyber challenges. The training is tough, enabling both state and central police officers to become experts. These office...

  Big news recently broke in the email security space: Google has finally made it simple for Gmail business users to send encrypted emails to anyone on any device. That is correct, people, there are no longer any cumbersome certificate needs or business difficulties. When you write an email in Gmail and enable the additional encryption option, it will automatically decrypt it if the recipient is another Gmail user with an Enterprise or personal account. However, for recipients who use non-Gmail email clients or Google's mobile app, they will receive a link to sign in and view their encrypted email in a restricted version of Gmail. Additionally, for those who have set up on their accounts, Gmail will send the email via S/MIME configured, as it does now. This new feature is part of Google Workspace and is a game Cher for businesses looking to protect their sensitive data. What this means for you is that companies can now send fully encrypted emails to anybody without worrying about s...

Chapter 1: The Hidden Dangers of Always-On Connections Stop and ask yourself: Is your Wi-Fi always on? How about Bluetooth? If so, you might be unintentionally broadcasting your personal data to anyone curious enough to listen including that neighbor next door who might have a secret passion for hacking. Sure, it's convenient to stay connected 24/7, but there’s a darker side. Leaving these antennas active exposes your location, identity, and a treasure trove of details hackers can exploit. Whether you're an aspiring hacker eager to show off your sniffing skills or just an everyday user who wants a stress-free connection, it’s crucial to understand how Wi-Fi and Bluetooth work behind the scenes. As long as your phone is shouting “Connect with me!” to every Starbucks router or passing Bluetooth device, you're handing out free samples of your digital footprint. Let’s dive in and see how this seemingly harmless convenience comes with hidden risks. Chapter 2: Wi-Fi A Hidden ...

  In the ever-evolving world of artificial intelligence, Grok 3 is quickly making waves both for its cutting-edge capabilities and its shocking, unfiltered personality. Developed by Elon Musk’s xAI, Grok 3 is an AI chatbot that has taken the internet by storm, especially among regular X (formerly Twitter) users in India. Known for its snarky responses, irreverent tone, and ability to learn from the unpredictable and sometimes profane language of users, Grok 3 is far from your average chatbot. Launched in February 2025, Grok 3 is a powerhouse of computational prowess, utilizing 12.8 trillion tokens to deliver responses that range from wildly intelligent to oddly rebellious. It’s trained with data from a variety of sources everything from legal filings to X posts giving it a diverse range of knowledge and a unique ability to engage in conversation that feels real, yet sometimes, unsettlingly raw. But it’s not just Grok 3’s wealth of knowledge that’s making headlines. The chatbot ...

  YouTube has warned that scammers are using fake videos made by AI, showing YouTube's CEO, to trick people into giving away their account details. The scammers are sending these videos in emails that seem to say YouTube is changing its rules about making money on the platform. The emails include a link to a private video that looks like it's from YouTube. YouTube says in a post that it will never send you private videos or ask for information this way. If you get a private video claiming to be from YouTube, it's a scam. The phishing emails also warn you that YouTube won't contact you through private videos. The email tells you to report the sender if you think the email looks fake. The fake video in the email asks you to click a link. This link takes you to a fake page that looks like YouTube, where it asks you to log in to "confirm new rules." But the page is actually designed to steal your login details. Technical details of the phishing attack invo...

  The Illusion of VPN Encryption Many people believe that VPN encryption is a solid shield against prying eyes. However, for 99% of internet users, this encryption doesn’t add much protection. Most websites and apps already encrypt connections using HTTPS or TLS protocols, which provide strong protection without the need for a VPN. VPN encryption simply adds another layer that, in many cases, is redundant. Even worse, you have to trust your VPN provider to keep your data safe. If they are logging your activity (and most do), they can see everything you do online. Not just them any server they use could potentially access your data, too. And you have no way of auditing their practices or ensuring they are living up to their privacy claims. You essentially trust a middleman with your sensitive data, and that’s never a good idea. VPNs Were Never Designed for Consumer Privacy It’s important to understand the origin of VPNs. They were primarily designed for businesses to securely connec...

  What is Android System SafetyCore? Android System SafetyCore is an app automatically installed by Google on Android devices as part of their security and child protection updates introduced in October 2024. Its primary function is to scan and categorize content on your phone, helping users avoid undesirable material. It requires at least 2GB of RAM and Android 9 or newer to run, and is also compatible with Android Go devices. You won’t find it in your app drawer, as it only appears in the system app list. SafetyCore reportedly scans images and videos locally to flag inappropriate content, but Google clarifies that it only scans images shared through the Messages app. Should You Be Concerned About SafetyCore? Despite Google’s assurances that all scanning is done locally with no data sent off your device, the app's sudden, unannounced appearance and its deep system access have raised concerns. It feels intrusive, as users weren’t given a clear heads-up, and many wonder why it...

Tata Technologies Ltd., a subsidiary of Tata Motors, has temporarily suspended some of its IT services following a ransomware attack that disrupted its network. The company, which specializes in automotive design, aerospace engineering, and R&D, employs over 11,000 people across 18 locations worldwide. In a notification to India’s national stock exchange, Tata Technologies confirmed that the attack had impacted certain IT assets but assured that these have now been restored. The company emphasized that its client delivery services remained fully operational, and no customer operations were affected. “As a precautionary measure, some IT services were suspended temporarily,” the company stated, “but has now been restored. Our Client delivery services have remained fully functional and unaffected throughout.” A thorough investigation is underway in partnership with cybersecurity experts, though no major ransomware groups have claimed responsibility for the attack. It remains unc...

  AI has made incredible strides, and GPT has undoubtedly been the star of the show—writing essays, debugging code, and even cracking jokes. But what if I told you there’s a new contender that’s not just competing with GPT but surpassing it? Enter  DeepSeek R1 , the AI that’s pushing the boundaries of what’s possible. DeepSeek R1 isn’t just another language model. It’s smarter, faster, and more versatile than GPT, and the data backs it up. In this blog, we’ll explore the facts, figures, and real-world applications that position DeepSeek R1 as a true game-changer. Are you ready for the ultimate AI showdown? Let’s dive in.   Overview of AI Models DeepSeek: Domain-specific AI (medical, legal, technical). Strengths: High accuracy in niche areas, robust privacy. Weaknesses: Limited general-purpose use, high computational costs. ChatGPT: General-purpose conversational AI. Strengths: Versatile, user-friendly. Weaknesses: Less depth in specialized domains, occasional inac...

  Many of us are aware that apps collect data, but do you know what happens to that information? Some companies sell it, others use it for targeted ads, or to help you connect with nearby users. However, there are even more ways this data can be used. In a troubling situation, hackers have gained access to the data collected by thousands of apps, and they are threatening to release it to the public. This data includes personal information like customer lists, details about businesses, and even location history gathered from smartphones. According to a report from 404Media, the hackers have warned that millions of users' personal data has been compromised. They gave Gravy Analytics, the company collecting this data, just 24 hours to respond before they begin releasing it. Gravy's subsidiary, Venntel, has previously sold similar data to the U.S. government for immigration-related operations at the border. Wired published a list of thousands of apps that collected this data, inclu...

                                       DarkBERT is the first AI language model designed specifically for the Dark Web. A language model is an AI system that understands human language and has a lot of knowledge, which helps it solve many tasks related to language. DarkBERT is especially good at working with the messy and hard-to-understand data found on the Dark Web. Unlike other language models that have trouble with the strange words and different formats on the Dark Web, DarkBERT has been trained to understand this type of content. It improves its skills by using a method called Masked Language Modeling (MLM) on text collected from the Dark Web, using a version of the RoBERTa model. One big challenge in training DarkBERT is gathering the right data. The company S2W is well-known for its ability to collect and analyze data from the Dark Web, even including hidden or copied websites. ...