1. Businessman Loses ₹43.5 Lakh in Fake Stock Market Investment Scheme
A Pune businessman fell victim to a sophisticated stock investment scam, losing ₹43.5 lakh over several months. The fraudsters promised unrealistic returns through a manipulated trading platform. In a parallel case, cybercriminals stole ₹9.99 lakh from a senior citizen in Vadgaon Budruk by phishing his banking credentials through a fake KYC update request. Maharashtra Cyber Police have registered cases under relevant IT Act sections and are tracing digital footprints across multiple payment gateways.
2. ₹45 Lakh WhatsApp Stock Fraud Exposes Group Admin Tactics
Delhi Police uncovered an elaborate scam where a victim was added to a WhatsApp group with 111 members, including two admins posing as representatives of a major brokerage firm. The fraudsters shared "verified" investment tips before directing the victim to download a malicious trading app that displayed fake profits while siphoning funds. Forensic analysis revealed the app contained spyware that captured banking credentials. Investigators warn about similar groups operating under different brokerage names.
3. Ascension Healthcare Confirms Second Major Data Breach in 12 Months
Ascension Health disclosed a breach affecting 2.3 million patients' sensitive data, including Social Security Numbers, contact details, and complete medical histories. The intrusion occurred through a zero-day vulnerability in a legacy medical billing system from a former vendor. This marks the second major breach for the healthcare provider since April 2024. The organization is offering affected individuals 24 months of credit monitoring while implementing new network segmentation protocols.
4. New Phishing Kit Targets Indian Banking Customers With Fake UPI Alerts
Cybersecurity researchers identified a new phishing toolkit specifically designed to mimic Indian banking UPI payment alerts. The campaign sends SMS messages appearing to come from legitimate bank shortcodes, directing victims to cloned banking portals. Over 1,200 cases were reported across Maharashtra, Delhi, and Karnataka in April alone. The kit dynamically generates bank-specific pages and even includes CAPTCHA verification to appear genuine.
5. Ransomware Gang Exploits VPN Flaws in 37 Asian Manufacturing Firms
The LockBit 4.0 group has compromised manufacturing companies across India, Japan, and South Korea by exploiting unpatched vulnerabilities in industrial VPN solutions. Attackers demand Bitcoin payments ranging from $250,000 to $2 million, threatening to leak sensitive blueprints and client data. CERT-In has issued an advisory urging immediate patching of CVE-2025-1473 and multi-factor authentication implementation for all remote access systems.
"The 2025 threat landscape shows cybercriminals blending psychological manipulation with technical sophistication - the most dangerous attacks now bypass firewalls by targeting human vulnerabilities first."
Protective Measures Recommended
• Verify investment opportunities through SEBI's SCORES portal before transferring funds
• Enable transaction alerts and biometric authentication for all financial accounts
• Patch VPN and remote access systems immediately (refer to CERT-In advisory IN-2025-0145)
• Use official app stores and check developer credentials before downloading financial apps
• Report suspicious messages to the Cyber Crime Portal (cybercrime.gov.in)
