Midnight Web by Rahul Banerjee

Ten apps are required to block anyone under 16 from holding an account: YouTube, TikTok, Snapchat, Instagram, Facebook, Reddit, X, Threads, Kick and Twitch in Australia. As children seek ways to circumvent the ban, little-known social media apps Lemon8, Yope and Coverstar remain accessible and have shot to the top of Apple's App Store charts. Other apps that are included in the restrictions appear not to be enforcing them. One teenager writes on reddit he'd been kicked off platforms owned by Meta - which include Instagram, Facebook and Whatsapp - but still had access to Snapchat. Others have written of trying to fool the age verification algorithm using makeup and other strategies. Some teens have posted on TikTok declaring they "survived" the ban. Law & Regulatory Framework It prohibits minors under 16 from holding accounts on specified age-restricted social media platforms. Platforms must take “reasonable steps” to prevent under-16s from creating...

The Indian telecom department describes Sanchar Saathi as a citizen-centric tool that "brings robust security features and fraud-reporting capabilities directly to users' smartphones. The app complements the existing Sanchar Saathi portal by providing convenient, on-the-go protection against identity theft, forged KYC, device theft, banking fraud, and other cyber risks.’’ Last week, the Department of Telecommunications ordered mobile manufacturers and importers to facilitate the availability and accessibility of the Sanchar Saathi app on devices for users in India. According to my research, the Indian government had asked companies such as Apple, Samsung and Xiaomi to pre-install the app within 90 days. Reports also said that Apple was unlikely to oblige to the diktat from the government. The directive, as expected, created a wide outrage with privacy advocates raising concerns over the government overreach and possibilities of government snooping. The move also met crit...

Google on Tuesday unveiled its new artificial intelligence model, Gemini 3, which brings significant changes to how the search engine works. It means more artificial intelligence everywhere, including in search results. Google promises that the new model will improve its existing AI summaries and AI Mode. Initially, the Gemini 3 will be available to paying customers in the United States. Google is adding AI because the company fears that Chat GPT and similar AI bots will replace it in information search, and now wants to offer quick answers to everything like them. Google used to be a search engine, now it's striving to become an answer engine. This is problematic in many ways. Already now, Google users in USA are increasingly seeing an artificial intelligence summary at the top of their search results. Many users are content with this summary instead of going to research the sources of information themselves. There are plenty of pitfalls: First, AI can make things up, or h...

Microsoft just confirmed a nasty bug that can randomly fire up the BitLocker recovery screen on Windows 11 25H2, 24H2, and even Windows 10. Boom you’re staring at a blue screen demanding your 48-digit recovery key. Don’t, have it? Kiss your data goodbye. The silver lining: That key is usually auto-saved to your Microsoft account. Log in at account.microsoft.com/devices/recoverykey and grab it before you panic. The updates that broke it: Win 11 25H2, 24H2 - KB5066835 & Win 10 22H2 - KB5066791 A fix is rolling out now. Home users will get it automatically; enterprise folks, your IT crew will have to push it manually. Bonus nerd note: Run powercfg /a in an admin Command Prompt. If you see Standby (S0 Low Power Idle) , your machine uses Modern Standby . Microsoft hasn’t said a word about the connection, but here’s my take: The October 2025 updates probably messed with the boot chain or Secure Boot validation. On Intel + Modern Standby (S0) rigs, the update path failed to s...

  The feature, powered by a local computer vision model, now protects users from scam pop-ups long before traditional security systems can react. Scareware, the kind of scam that locks your screen with fake “Virus Alert!” or “Your PC is infected” messages, has plagued users for years. Edge’s Scareware blocker identifies these full-screen scam pages instantly, shutting them down before panic sets in. Microsoft says the model runs locally on devices with at least 2 GB RAM and four CPU cores, ensuring it won’t slow down browsing. Enterprise admins can also improve the feature or create allow-lists for internal sites. During preview testing, the blocker proved highly effective. Microsoft claims that users were protected hours or even days before those same scams appeared on global blocklists. Starting with Edge version 142, a new “scareware sensor” takes protection a step further. When Edge detects suspicious full-screen activity, it can immediately notify Microsoft Defender Smar...

  After October 14, 2025, Microsoft will end all support for Windows 10, which means key features and updates will stop. Specifically, Windows 10 will no longer receive feature updates, security updates or patches, technical support, or bug fixes from Microsoft. Key Feature Support That Stops No more feature updates: Microsoft will not release new features or improvements for Windows 10. Security updates end: Regular security patches protecting from viruses and vulnerabilities will stop, making systems more exposed to risks. Bug fix updates stop: No further patches for non-security bugs will be issued. Technical support gone: Microsoft will no longer offer customer or technical support for issues related to Windows 10. Microsoft 365 support reduced: Support for Microsoft 365 Apps on Windows 10 will be affected, although your Office applications may continue to run but with limited or no support. What if my Windows 10 computer doesn't meet the requirements for Windows 11...

A major security vulnerability in India's income tax filing portal has been fixed, TechCrunch reported. The flaw, discovered by security researchers Akshay CS and "Viral" in September, allowed logged-in users to access real-time personal and financial information of other taxpayers. This included sensitive details such as full names, home addresses, email addresses, dates of birth, phone numbers and bank account information. Exposed Aadhaar numbers of individuals The security flaw in the income tax filing portal also exposed Aadhaar numbers, a unique government-issued identification number used for identity verification and accessing government services. TechCrunch verified the data by allowing researchers to search its records on the portal. The researchers confirmed on October 2 that the vulnerability had been patched. Discovery process Researchers found bug while filing tax returns The researchers found the security flaw while filing their recent income tax return on...

  WhatsApp the app that's become so much a part of our daily lives now that it's second nature to our thumbs. From group chats with family members to office messages that could very easily have been an email, WhatsApp is the undisputed monarch. With over 500 million users in India alone, it's a sure bet that it's the monarch of the messaging jungle. But, keep your encrypted data to yourself there's competition on the horizon: Arattai. Yes, you heard that right, an Indian-developed messaging app that is all ready to challenge WhatsApp and find its own place. Arattai, developed by Chennai company Zoho, is making headway as a domestic substitute for the likes of WhatsApp, Telegram, and the whole messaging fraternity. "Arattai" is indeed "casual chat" in Tamil. That relaxed, informal chat that doesn't have you questioning whether the government is tapping in. But, wait until we get all fired up about having a WhatsApp alternative, let's talk ...

  The Emergence of Digital Mobilization In spite of the ban, the protesters, who were mostly Generation Z, discovered ways to bypass the ban. They made use of VPNs and the limited platforms that were still available, such as TikTok, to mobilize and organize. The protests turned violent and claimed a huge number of lives very quickly, worsening public anger and prompting the Prime Minister's resignation.   Discord as a Digital Parliament In the wake of the political meltdown, a fresh, and surprising, chapter took place. The youth movement, rallying under the heading "Youth Against Corruption," made its way to Discord. This chat forum, initially infamous for its gaming forums, was the de facto "parliament" in which more than 145,000 members debated and voted on a new temporary leader. Following a series of emotive debates and surveys, they chose former Chief Justice Sushila Karki to head the government of transition. Her appointment, due to her standing ...

     The light from a dozen monitors reflected in Ramesh's weary eyes as he sagged in his chair. The Security Operations Centre was a constant storm of red alerts, each one a flash of digital lightning. "Analysts drown in alerts," he muttered to himself, the grim cliché of his profession. Today, the storm was a hurricane. A new threat had emerged a phantom, moving with the speed of a nation-state attack, leaving no clear trail for their traditional tools to follow. It wasn't just detection; it was a full-scale assault on critical infrastructure, a ransomware attack that was spreading like wildfire. Their systems flagged the initial breach, but every attempt at manual log correlation, every cross-reference, every deep dive into the dark web chatter was a dead end. The threat was faster and more unpredictable than ever, and ramesh and his team were reacting too late, always a step behind. This was the kind of crisis that demanded hours, even days, of tireless, manual...

  As someone who’s been following tech closely for over a decade, I’ve seen countless innovations come and go but few have stirred as much excitement and debate as ChatGPT. ChatGPT has developed, and launch ChatGPT 5, it genuinely seems that the enhancements have significantly slowed down. Previous iterations led to significant advancements in AI capabilities, particularly in assisting with coding. However, the enhancements now seem minor and somewhat gradual. It feels as though we’re experiencing diminishing returns in the extent to which these models improve at truly substituting real coding tasks. The vast majority of people say that AI is going to replace software engineers very soon. Yes, AI can perform simple activities and support routine activities, but where there are intricate things like planning the system, tackling more challenging problems, grasping actual business needs, and collaboration with others, it hasn't been able to catch up yet. T hese require creativity...

  OpenAI removed a controversial sharing option and began working to de-index exposed content. OpenAI has removed a controversial opt-in feature that had led to some private chats appearing in Google search results, following reporting by wired that found sensitive conversations were becoming publicly accessible. Earlier this week, wired   revealed that private ChatGPT conversations some involving highly sensitive topics like drug use and sexual health were unexpectedly showing up in Google search results. The issue appeared to stem from arguably vague language in the app’s “Share” feature, which included an option that may have misled users into making their chats publicly searchable. When users clicked “Share,” they were presented with an option to tick a box labeled “Make this chat discoverable.” Beneath that, in smaller, lighter text, was a caveat explaining that the chat could then appear in search engine results. Within hours of the backlash spreading on social media...

To get a Tatkal train ticket, which permits last-minute reservations, is frequently a race against time for millions of Indians. However, a sophisticated internet illicit market is progressively rigging this competition. According to an inquiry, organized organizations are taking advantage of weaknesses in the Indian Railway Catering and Tourism Corporation (IRCTC) system to make it extremely difficult for regular people to secure a confirmed seat. The Tools The speed at which these rackets operate is astonishing. They rely on advanced “bots” automated software programs like Dragon, JETX, Ocean, Black Turbo and Formula One are used, which specifically work to sell 'Tatkal Booking Bots'. These tools are designed to fill in all booking details, from login credentials and train information to passenger names and payment details, in less than a minute. This lightning-fast process overwhelms the IRCTC system, pushing genuine users out. To avoid being caught by IRCTC’s security s...

    A viral message is making the rounds on WhatsApp and social media in India, claiming to offer zero monthly fees and unlimited internet  via a device called   Starlink Mini.While the offer may sound tempting but it is completely misleading and has been flagged by the Indian government as unauthorized and false. Starlink Is Not Yet Operational in India As of June 2025 The satellite internet service by Elon Musk’s SpaceX has not launched its commercial operations in India. Although the company has received a Letter of Intent from the Department of Telecommunications (DoT), it still requires key regulatory approvals including: 1.Spectrum allocation 2.Clearance from IN-SPACE (Indian National Space Promotion and Authorization Centre) Until these approvals are granted, no official Starlink services including Starlink Mini are available in India. Once Starlink gets the green light to operate in India, here’s what consumers can realistically expect: Monthly ...

Naukri, a leading Indian jobs website, has patched a vulnerability that revealed the email IDs of recruiters posting jobs on its site to hunt for and recruit candidates online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri’s platform. The issue did not appear to affect the company’s website. The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch. He stated that open email IDs could be included in public breach databases or spam lists, and bulk scraping of email addresses can result in automated bot abuse or scams. TechCrunch confirmed the exposure after Gowda made disclosures regarding the bug. The researcher confirmed to TechCrunch that the bug was remediated earlier this week, which Naukri seco...

  Procolored, a Chinese printer manufacturer, has been sending infecting its customers with backdoors, infostealers, and cryptocurrency stealers - for six months. This information comes from cybersecurity researchers at G Data, who were alerted to the supply chain attack by a technical author and content creator, Cameron Coward. Apparently, Coward wanted to review one of Procolored’s printers. After attempting to install the accompanying software from a USB stick, he was alerted to the presence of the Floxif worm. He reached out to the company who dismissed the warning as a false positive. Unsatisfied with this response, Coward turned to Reddit, where his thread was picked up by G Data‘s cyber security researchers. G Data, however, discovered that 39 software downloads, hosted on mega.nz and last updated in October 2024, had been infected with two malware families, namely an information stealer and a backdoor. 1.Win32.Backdoor.XRedRAT.A 2.MSIL.Trojan-Stealer.CoinStealer.H ...

Seven Advanced Persistent Threat (APT) groups associated with Pakistan attempted to infiltrate Indian infrastructure, resulting in a staggering 99.99% failure rate despite launching over 1.5 million cyberattacks. Identified by Maharashtra Cyber, these groups employed various tactics including malware, DDoS attacks, GPS spoofing, and misinformation campaigns, with only 150 attacks achieving success and causing negligible disruption. 1.         APT36 (Transparent Tribe): Known for cyber espionage since 2013, it targets Indian defense and government sectors using CrimsonRAT malware via spear-phishing. 2.        Pakistan Cyber Force: Claimed breaches of Military Engineering Services and Manohar Parrikar Institute, and defaced Armoured Vehicle Nigam Limited’s website with Pakistan’s flag. 3.        Team Insane PK: Targeted Indian Army websites, like the Army College of Nursing, with provocative messaging. ...

Meta introduced Private Processing, an optional new feature aimed at allowing WhatsApp users to process messages with AI in a private, secure cloud environment. Meta stated this means that neither WhatsApp nor Meta any third party is able to access the messages, preserving end-to-end encryption. The news emphasized how AI has redefined technology engagement through the automation of activities and insights on data. However, traditional AI processing, which relies on server-based large language models, often requires providers to see user requests. This can challenge privacy, especially for sensitive messages. Meta stated that the Private Processing tackles this issue by supporting AI functions, such as summarizing messages or offering writing assistance, while upholding WhatsApp’s commitment to privacy. Meta defined three guiding principles for Private Processing: Optionality: Utilizing AI features, including Private Processing, is completely optional. Transparency: The fir...

After the recent terror attack at Pahalgam, Pakistani hacking groups have reportedly launched synchronized cyber attacks against Indian websites. At least four websites were hacked, including the official website of Army College of Nursing at Punjab, reports said. While the other three locations remain to be discovered, the hack serves to highlight persistent cyber hostility between India and Pakistan a virtual front line that often simmers in the aftermath of geopolitical crises. Attack Overview and Attribution Cybersecurity specialists are of the view that the Pakistan Cyber Army (PCA) is most probably behind the attacks, but other state-backed entities such as Transparent Tribe (APT36) and SideCopy are also active in this sphere. All these entities have generally employed phishing operations, server misconfiguration, and web app vulnerabilities to compromise Indian cyber infrastructure. Likely Tactics and Tools Although formal technical disclosures are yet to be published ...

                                                          This team was trained by the Indian Institute of Technology (IIT) Madras through its Pravartak Technologies Foundation. Training the first group of Cyber Commandos is a big move for India to boost its cyber security. The Union Ministry of Home Affairs has started this program to make the country's cyber defense stronger. The Cyber Commandos are a special team that will actively work to stop cyberattacks, protect important data, and maintain control over the digital space in India. Unlike existing units that only react to cyber crimes, the Cyber Commandos will work to prevent them. This initiative aims to provide law enforcement officers with advanced skills in handling cyber challenges. The training is tough, enabling both state and central police officers to become experts. These office...

  Big news recently broke in the email security space: Google has finally made it simple for Gmail business users to send encrypted emails to anyone on any device. That is correct, people, there are no longer any cumbersome certificate needs or business difficulties. When you write an email in Gmail and enable the additional encryption option, it will automatically decrypt it if the recipient is another Gmail user with an Enterprise or personal account. However, for recipients who use non-Gmail email clients or Google's mobile app, they will receive a link to sign in and view their encrypted email in a restricted version of Gmail. Additionally, for those who have set up on their accounts, Gmail will send the email via S/MIME configured, as it does now. This new feature is part of Google Workspace and is a game Cher for businesses looking to protect their sensitive data. What this means for you is that companies can now send fully encrypted emails to anybody without worrying about s...

Chapter 1: The Hidden Dangers of Always-On Connections Stop and ask yourself: Is your Wi-Fi always on? How about Bluetooth? If so, you might be unintentionally broadcasting your personal data to anyone curious enough to listen including that neighbor next door who might have a secret passion for hacking. Sure, it's convenient to stay connected 24/7, but there’s a darker side. Leaving these antennas active exposes your location, identity, and a treasure trove of details hackers can exploit. Whether you're an aspiring hacker eager to show off your sniffing skills or just an everyday user who wants a stress-free connection, it’s crucial to understand how Wi-Fi and Bluetooth work behind the scenes. As long as your phone is shouting “Connect with me!” to every Starbucks router or passing Bluetooth device, you're handing out free samples of your digital footprint. Let’s dive in and see how this seemingly harmless convenience comes with hidden risks. Chapter 2: Wi-Fi A Hidden ...