Latest Edition
The Ministry of Cyber Affairs

Fake Indian e-Visa Websites: India's Pretoria Mission Names Five to Avoid
The High Commission of India in Pretoria named five fraudulent e-visa websites impersonating the official portal. Use only indianvisaonline.gov.in.

Fake 'Embassy of India' Calls Target Indian Students in Spain: The 'Rupesh Sharma' Document Scam
The Embassy of India in Madrid warns of caller-ID-spoofing scam calls: an imposter posing as 'Rupesh Sharma' phones Indian students demanding personal documents.

Kyiv Cyber Police Bust a Call Centre That Scammed Americans Out of $500,000 in Crypto Fraud
Ukraine's cyber police dismantled a Kyiv call centre that cold-called Americans with fake crypto investments, stealing over $500,000 from 20+ US victims.

World Cup 2026 Scams: Fake Betting Apps, 'Free Stream' Malware, and the Data They Steal
The 2026 World Cup is live, and so are the scams: fake betting apps, malware 'free streams' and cloned FIFA ticket sites are after your data and money.

Breaking: India Busts a Call Centre That Scammed Americans, 119 Arrested in Lucknow
Lucknow police busted an international call centre that scammed US citizens with fake FBI/FTC threats and crypto. 119 arrested, 103 laptops seized.

Quishing: Why QR-Code Scams Are Exploding (and How to Spot One)
QR-code phishing is surging worldwide. How quishing works, the UPI receive-vs-pay trap, where you meet it, and how to spot, avoid and report it.

I4C Warns of Fake 'Find My iPhone' Texts: How iPhone Thieves Phish Your Apple ID
India's I4C warns that criminals who steal or find an iPhone send fake Apple 'Find My' texts to trick victims into entering their Apple ID password and one-time code, letting thieves disable Activation Lock and resell the device. Here is how the trap works and how to stay safe.
India issues strong warning to WhatsApp over new username feature, gives 3 days to respond
In a move to protect 853 million users, Government has demanding the tech giant to halt the rollout of a new "username" feature or face potential regulatory action under the country's stringent technology laws.

Akira Ransomware: What the FBI, CISA and Europol Advisory Means for Defenders
A multi-agency joint advisory warns that Akira ransomware now threatens critical infrastructure and has claimed roughly $244 million, breaking in mainly through VPNs without MFA and unpatched Cisco, SonicWall and Veeam flaws. Here is how it operates and the official mitigations.

Emerging "Boss Scam": How Threat Actors Leverage DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
Ministry of Home Affair issues an alert on rising sophesticated boss scam utilizing DLL Sideloading and WhatsApp web compromise. Several high profile cases have been reported with the same MO.

Is 'Spro Deal' Safe? What 'Task' and 'Commission' Earning Apps Can Do to Your Bank Account
We checked what is actually known about the Spro Deal earning app, how task and commission scams turn users into unwitting money mules, and why bank accounts get frozen.

The Telegram Crackdown: Why India's 'New Dark Web' is Being Put on Notice
India's Delhi High Court upheld a 2026 Telegram block after the Centre called the app the "new dark web." How Telegram's design built a criminal pipeline, what the Durov arrest changed, and how six governments are now putting it on notice.

Digital Ekadashi Alerts: How Scammers Are Exploiting Religious Apps for Financial Fraud
On auspicious days, devotional apps, darshan bookings and donations surge, and so does fraud. Drawing on India's I4C advisory for pilgrims, here are the documented scam patterns, the red flags, and how to give and book safely.

CERT-In warns on the Hidden cybersecurity Risks targeting AI Agents and Applications
The Indian Computer Emergency Response Team (CERT-In) highlights this in its May 2026 Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure. The document devotes substantial attention not only to AI as an offensive tool but to the adversarial threats facing AI models, inference systems, agents, and integrated workflows.

India Unveils 60-Day Cybersecurity Blueprint to Combat AI-Driven Threats to Critical Infrastructure
India’s mandate is clear—if defenders aren’t fighting bots with bots and shrinking remediation from days to mere hours, they are already compromised.

Indian CERT Moves From Warnings to War Games as Frontier AI Reshapes the Cyber Threat
How CERT-In is protecting Indian Cyberspace the in an era of machine-speed attacks and Mythos

The AI Friend in Your Pocket: The Hidden Privacy and Safety Risks of Companion Chatbot Apps
AI companion apps are booming, but they harvest intimate data and can manipulate vulnerable users. The risks, the new laws, and how to use them more safely.
Indian Police Bust Gang Abusing Google Firebase and Hostinger in $4.6 Million Sideloaded Android Malware Scam
A single malicious APK disguised as a Mahanagar Gas utility file led investigators from one victim's drained bank account to 12.4 million intercepted text messages, 111 counterfeit apps, and a six-member ring operating out of Jharkhand, Bihar, and Delhi.

Quantum Sensing Technologies Introduce New Cyber Risks for Australian Organisations
ASD and ACSC primer warns leaders to guard against sensor tampering, data spoofing and supply-chain threats as precision quantum devices move into real-world use — and offers lessons the world can learn

Singapore's Scam Losses Fell in 2025 While America's Hit a Record - What Singapore Did Differently
Singapore's scam losses fell 17.9% in 2025 and India's also dipped, while US losses hit a record $20.9B. The common thread in the curve-benders: real-time freeze power.

Google Pay’s merchant KYC bypassed to build nationwide mule networks, Indian police investigation reveals loopholes in customer onboarding
Under the guidance of the SP Nagar, supervision of the CO Kotwali, and leadership of the SHO Kotwali, the Cyber Commando SI Upendra Singh, District Anti-Theft Team Gorakhpur, SI Aditya Kumar Pandey with Kotwali Team, arrested 3 accused, who were involved in bypassing Google Pay's onboarding process.