Midnight Web by Rahul Banerjee

MEERUT,India  The website belonging to the Meerut Development Authority (MDA) in Meerut has been defaced recently following an attack by some anonymous threat actors that resulted in the defacement of the government-run website with anti-India and pro-Pakistan messages. Those attempting to visit the MDA website recently were met with a black screen with political slogans, instead of visiting the normal interface of the website offering services like construction approval, announcements, etc. The attackers have also revealed their identity through the defacement of the site, with "Overthrush1337" being the name used by them. This is obviously a typical case of website defacement in which the attackers gain access to the web server and deface it to make changes to the content available on the website. Attack Timeline Initial Compromise and Defacement of Website Based on preliminary reports, it appears that the hackers could have taken advantage of an unpatched vul...

Recently, attackers took over high-profile Instagram accounts, including the official Obama’s White House account and a United States Space Force chief officer. The attacker didn't break any Instagram code or crack passwords. They convinced Meta's own AI support chatbot to hand over the accounts. Meta uses an AI-powered support chatbot to help users recover locked accounts, change recovery emails, and handle account issues. The chatbot is trained to verify identity through questions and decide whether a request looks legitimate. Attackers figured out how to manipulate that decision making process. Video Credit-  x.com/chetaslua The attack consists of four main steps. Step 1: The attacker contacts Meta's AI support chatbot claiming to be the legitimate owner of a target account. They simply use Instagram's help interface and start an account recovery conversation. For high-profile targets, attackers use publicly available information such as display names, profile bios, ...

  A new wave of malicious iOS applications has been uncovered on Apple’s App Store, disguising themselves as legitimate cryptocurrency wallets to steal users’ sensitive data. The campaign, identified by cybersecurity researchers at Kaspersky and dubbed FakeWallet , has reportedly been active since at least late 2025. According to the findings, at least 26 fraudulent apps were distributed through the platform, impersonating popular crypto wallet services. These apps used cloned logos, familiar branding, and slight variations in names to appear authentic and rank in search results. Their primary goal was to trick users into entering their recovery phrases critical credentials that grant full access to cryptocurrency funds. The campaign appears to have been particularly active in regions like the Chinese App Store, where restrictions on official crypto apps create a gap that malicious actors can exploit with convincing imitations. Fake website impersonating Ledger Source: Kaspersky Af...

  I am going to break down the story of a tool that I'm willing to bet you've used, but whose incredible business journey you probably know nothing about. Honestly, this is a master class for any founder looking to build something valuable from scratch. I am calling it the Bootstrapper’s Playbook. A Wild Reality Check Let’s just start with a wild fact. There's a website out there, a deceptively simple one, that in places like India pulls in more traffic than Amazon. I'm serious. Millions and millions of people rely on it every single day. Any guesses? It's iLovePDF. If you've ever needed to quickly merge, split, or compress a PDF file, you've almost definitely landed on this site. But what most people have no idea about is how this massive global platform was built. And that is where the real story begins. Born from Frustration So, let's go all the way back to the beginning. Because this whole thing wasn't born from some grand business plan or a fanc...

In a move that signals a major shift in the artificial intelligence race, Anthropic has unveiled Claude Mythos its most powerful AI model to date. But unlike previous releases, this one comes with a surprising twist: the public can’t use it. Instead, the company has locked the model behind restricted access, offering it only to a small group of partners focused on cybersecurity. The decision highlights a growing reality in the tech world AI is becoming so powerful that open access is no longer always the safest option. A Leap Forward in AI Power Claude Mythos represents a significant jump in capability over earlier models. According to Anthropic’s system report, it excels in complex reasoning, software engineering, and advanced research tasks. In some areas, it even approaches expert-level performance. What stands out most is its ability to operate across domains analyzing code, synthesizing scientific research, and solving multi-step problems with remarkable efficiency. Fo...

Who Is Handala? Handala (also stylized as Handala_hack) first appeared on December 18, 2023, launching both its Telegram channel and X/Twitter account simultaneously. The most recent major attack linked to Handala happened on March 11, 2026, targeting the U.S. medical technology company Stryker. What happened? Handala claimed responsibility for a destructive cyberattack on Stryker’s global systems. The attack disrupted internal networks and Microsoft systems, leaving many employees unable to access devices. The group said the attack was retaliation tied to the ongoing Iran U.S. Israel conflict. Impact Handala claimed it: Wiped over 200,000 devices Stole up to 50 TB of data The company experienced global operational disruption, affecting multiple countries. The FBI this week seized two domains operated by Handala one used as a data leak site and another allegedly used to target individuals with possible links to Israeli defense contractors. Both domai...

A major cyber incident has struck Stryker Corporation, one of the world’s largest manufacturers of medical devices and hospital technology, triggering widespread disruption across the company’s global IT systems. According to early reports, the attack forced the company to shut down portions of its internal network as a precaution while cybersecurity teams began investigating the breach. Employees in several regions reportedly lost access to corporate systems, including laptops, internal communication tools, and network services. Global systems affected The disruption appears to have affected a large portion of the company’s digital infrastructure. Internal systems used for communication and operations were temporarily taken offline, and some office locations experienced interruptions in normal workflows. While the company has not confirmed the full scope of the incident, cybersecurity analysts believe thousands of devices connected to the company’s network may have been im...

Adidas is investigating allegations of a significant data breach involving one of its external partners. The German sportswear giant confirmed that it was made aware of a "potential data protection incident" at an independent licensing partner responsible for martial arts products.  The investigation was triggered after a user claiming affiliation with the notorious Lapsus$ group reported compromising the company's extranet. The company emphasized that its own IT infrastructure and consumer e-commerce platforms were not affected. On February 16, the threat actor known as Lapsus$ Group posted a message on a dark web forum claiming responsibility for the incident. According to the statement, the group exfiltrated approximately 815,000 records. The allegedly stolen data includes sensitive personally identifiable information (PII), such as:  • First and last names • Email addresses • Passwords • Company names • Dates of birth • Additional unspecified technical dat...

In recent weeks, a massive release of documents, photos, and videos related to the Jeffrey Epstein investigation has flooded the internet, sparking intense public interest. The files in question come from the U.S. Department of Justice (DOJ) and are part of what is being referred to as the “Epstein files” an enormous collection of evidence tied to the late financier and convicted sex offender.  Unfortunately, this flood of material has also led to many unofficial and potentially unsafe versions of the “videos” circulating online, some shared-on file-sharing sites, social media platforms, forums, and private groups. Downloading or watching these unofficial copies can expose you to graphic, explicit, and highly disturbing content, including material involving sexual exploitation and minors that is extremely harmful to view. Mental health professionals caution that exposure to graphic sexual violence, especially involving minors, can cause trauma, distress, and long-term p...

                       Indian IT stocks were bleeding on Wednesday, February 4. The trigger was news that Anthropic had launched new AI tools capable of automating tasks in legal, compliance, marketing, and data analysis areas traditionally serviced by software firms and IT service providers. Adding to the pressure was the strength in the Indian Rupee, which typically weighs on export-heavy IT companies by hurting margin expectations. Indian IT stocks (Infosys, TCS, Wipro) are down 6% today following the global SaaSpocalypse. On February 3 and 4, 2026, global markets saw a $285B software sell-off. Traders called this the SaaSpocalypse. On February 2, 2026, Anthropic AI (a rival to OpenAI) launched Claude Cowork, a tool causing the IT sector crash today. Anthropic built Cowork using its own AI, Claude Code, in only 1.5 weeks. This is an Agentic AI tool for businesses, which is a new category of AI that acts without human ...

‘’A phone farm is a collection of multiple smartphones used simultaneously to generate income through various apps and services, such as watching ads, completing surveys, or mining cryptocurrency.’’ Back in October, word started making the rounds of an AI startup called Doublespeed. Backed by venture capital firm Andreessen Horowitz, Doublespeed offers customers a unique service: access to a massive phone farm that could be used to operate hundreds of AI-generated social media accounts. Now, 404 Media reports in an explosive scoop that Doublespeed has been hacked. This wasn’t just one account associated with the startup, but the entire backend used to manage its phone farm — so it provides an extraordinary glimpse at how the service is actually being used to manipulate social media at scale. Speaking to 404 on condition of anonymity, the hacker said they can “see the phones in use, which manager [computers controlling the phones] they had, which TikTok accounts ...

  India's cybersecurity landscape faces a critical new threat a shockingly simple phone scam that requires no technical sophistication from fraudsters yet bypasses nearly all modern digital security measures. The Indian Cyber Crime Coordination Centre (I4C) has issued an urgent nationwide alert about a social engineering attack that uses fundamental telecom features to hijack victims' financial lives. Unlike phishing or malware, this scam exploits the trusted USSD protocol, making every mobile user from smartphone owners to basic feature phone users equally vulnerable. This is where the technical deception occurs. The provided code isn't a verification string but a  USSD command activating unconditional call forwarding.   Typically formatted as *21*[Scammer's Phone Number] #, this sequence when dialled and pressed call silently reroutes all incoming calls to the fraudster's device. The victim might hear a standard confirmation tone or see a "service activated...

  The Indian government has issued an emergency order to X (formerly Twitter), directing the Elon Musk-owned platform to immediately overhaul the safeguards on its AI chatbot, Grok. The directive follows user reports and a lawmaker’s complaint that the tool was being used to generate “obscene” AI-altered images, including non-consensual edits of women into bikinis. In an order issued Friday, India’s IT Ministry gave X 72 hours to implement “technical and procedural changes” that prevent Grok from creating content involving nudity, sexualization, or any other unlawful material. The platform must also submit a detailed report outlining the corrective steps taken. The government’s warning was stark: failure to comply could strip X of its “safe harbour” protections in India the legal shield that protects platforms from liability for user-generated content. The crackdown began after users demonstrated how Grok could easily alter images of individuals, primarily women, to make them...

Ten apps are required to block anyone under 16 from holding an account: YouTube, TikTok, Snapchat, Instagram, Facebook, Reddit, X, Threads, Kick and Twitch in Australia. As children seek ways to circumvent the ban, little-known social media apps Lemon8, Yope and Coverstar remain accessible and have shot to the top of Apple's App Store charts. Other apps that are included in the restrictions appear not to be enforcing them. One teenager writes on reddit he'd been kicked off platforms owned by Meta - which include Instagram, Facebook and Whatsapp - but still had access to Snapchat. Others have written of trying to fool the age verification algorithm using makeup and other strategies. Some teens have posted on TikTok declaring they "survived" the ban. Law & Regulatory Framework It prohibits minors under 16 from holding accounts on specified age-restricted social media platforms. Platforms must take “reasonable steps” to prevent under-16s from creating...

The Indian telecom department describes Sanchar Saathi as a citizen-centric tool that "brings robust security features and fraud-reporting capabilities directly to users' smartphones. The app complements the existing Sanchar Saathi portal by providing convenient, on-the-go protection against identity theft, forged KYC, device theft, banking fraud, and other cyber risks.’’ Last week, the Department of Telecommunications ordered mobile manufacturers and importers to facilitate the availability and accessibility of the Sanchar Saathi app on devices for users in India. According to my research, the Indian government had asked companies such as Apple, Samsung and Xiaomi to pre-install the app within 90 days. Reports also said that Apple was unlikely to oblige to the diktat from the government. The directive, as expected, created a wide outrage with privacy advocates raising concerns over the government overreach and possibilities of government snooping. The move also met crit...

Google on Tuesday unveiled its new artificial intelligence model, Gemini 3, which brings significant changes to how the search engine works. It means more artificial intelligence everywhere, including in search results. Google promises that the new model will improve its existing AI summaries and AI Mode. Initially, the Gemini 3 will be available to paying customers in the United States. Google is adding AI because the company fears that Chat GPT and similar AI bots will replace it in information search, and now wants to offer quick answers to everything like them. Google used to be a search engine, now it's striving to become an answer engine. This is problematic in many ways. Already now, Google users in USA are increasingly seeing an artificial intelligence summary at the top of their search results. Many users are content with this summary instead of going to research the sources of information themselves. There are plenty of pitfalls: First, AI can make things up, or h...

Microsoft just confirmed a nasty bug that can randomly fire up the BitLocker recovery screen on Windows 11 25H2, 24H2, and even Windows 10. Boom you’re staring at a blue screen demanding your 48-digit recovery key. Don’t, have it? Kiss your data goodbye. The silver lining: That key is usually auto-saved to your Microsoft account. Log in at account.microsoft.com/devices/recoverykey and grab it before you panic. The updates that broke it: Win 11 25H2, 24H2 - KB5066835 & Win 10 22H2 - KB5066791 A fix is rolling out now. Home users will get it automatically; enterprise folks, your IT crew will have to push it manually. Bonus nerd note: Run powercfg /a in an admin Command Prompt. If you see Standby (S0 Low Power Idle) , your machine uses Modern Standby . Microsoft hasn’t said a word about the connection, but here’s my take: The October 2025 updates probably messed with the boot chain or Secure Boot validation. On Intel + Modern Standby (S0) rigs, the update path failed to s...

  The feature, powered by a local computer vision model, now protects users from scam pop-ups long before traditional security systems can react. Scareware, the kind of scam that locks your screen with fake “Virus Alert!” or “Your PC is infected” messages, has plagued users for years. Edge’s Scareware blocker identifies these full-screen scam pages instantly, shutting them down before panic sets in. Microsoft says the model runs locally on devices with at least 2 GB RAM and four CPU cores, ensuring it won’t slow down browsing. Enterprise admins can also improve the feature or create allow-lists for internal sites. During preview testing, the blocker proved highly effective. Microsoft claims that users were protected hours or even days before those same scams appeared on global blocklists. Starting with Edge version 142, a new “scareware sensor” takes protection a step further. When Edge detects suspicious full-screen activity, it can immediately notify Microsoft Defender Smar...

  After October 14, 2025, Microsoft will end all support for Windows 10, which means key features and updates will stop. Specifically, Windows 10 will no longer receive feature updates, security updates or patches, technical support, or bug fixes from Microsoft. Key Feature Support That Stops No more feature updates: Microsoft will not release new features or improvements for Windows 10. Security updates end: Regular security patches protecting from viruses and vulnerabilities will stop, making systems more exposed to risks. Bug fix updates stop: No further patches for non-security bugs will be issued. Technical support gone: Microsoft will no longer offer customer or technical support for issues related to Windows 10. Microsoft 365 support reduced: Support for Microsoft 365 Apps on Windows 10 will be affected, although your Office applications may continue to run but with limited or no support. What if my Windows 10 computer doesn't meet the requirements for Windows 11...

A major security vulnerability in India's income tax filing portal has been fixed, TechCrunch reported. The flaw, discovered by security researchers Akshay CS and "Viral" in September, allowed logged-in users to access real-time personal and financial information of other taxpayers. This included sensitive details such as full names, home addresses, email addresses, dates of birth, phone numbers and bank account information. Exposed Aadhaar numbers of individuals The security flaw in the income tax filing portal also exposed Aadhaar numbers, a unique government-issued identification number used for identity verification and accessing government services. TechCrunch verified the data by allowing researchers to search its records on the portal. The researchers confirmed on October 2 that the vulnerability had been patched. Discovery process Researchers found bug while filing tax returns The researchers found the security flaw while filing their recent income tax return on...