The past 24 hours have seen a surge in cybersecurity incidents, from sophisticated AI-driven job scams to high-profile data breaches and infrastructure developments. This roundup covers six critical events, offering insights into emerging threats, law enforcement actions, and corporate responses to cyber risks.
AI Job Scams on the Rise
AI-powered job scams are escalating, targeting even seasoned professionals with convincing deepfake interviews, fake listings, and impersonation tactics. According to a report by CNET, scammers now leverage generative AI to create fraudulent recruiter personas, fake company pages, and synthetic video interviews to extract personal data or install malware.
McAfee’s Scam Detector tool, which uses AI to flag suspicious messages, reported a 1,000% surge in job-related scams in early 2025, primarily via texts, emails, and malicious websites. Key red flags identified by experts include:
- Unrealistic offers: High pay for minimal work or requests for upfront payments (e.g., ‘application fees’).
- Platform migration pressure: Scammers often push victims to communicate via Telegram or WhatsApp to evade detection.
- Unpaid ‘assessments’: Fake tests designed to harvest free labor or sensitive data.
- Impersonation: Verified LinkedIn profiles or company pages may be cloned with subtle inconsistencies (e.g., recently created accounts, vague job descriptions).
LinkedIn’s VP of Trust, Oscar Rodriguez, advises users to check for verification badges, enable harmful message detection, and report suspicious activity. Meanwhile, IdentityIQ’s Michael Scheumack recommends reversing the hiring process by asking recruiters to verify their identity in real time (e.g., sending an email from a corporate domain during a call). For additional protection, tools like McAfee’s Scam Detector allow users to upload screenshots of suspicious messages for real-time analysis.
Infrastructure Developments and Risks
In a strategic move to bolster its technological infrastructure, Uber announced a collaboration with the Adani Group to establish its first data center in India. The facility will support the company’s global operations, with a significant focus on innovation driven from India. This follows Adani Enterprises’ prior partnership with Google to build India’s largest AI data center campus in Visakhapatnam, powered by green energy and subsea cable connectivity.
Why It Matters: The data center aligns with India’s push to become a global AI hub while addressing sustainability goals. However, cybersecurity experts warn that such high-value infrastructure could become a target for state-sponsored attacks or supply chain compromises. The integration of green energy and AI capabilities also raises questions about third-party risk management in critical infrastructure projects. The related URL is https://www.devdiscourse.com/article/business/3906413-uber-and-adani-group-set-to-revolutionize-tech-landscape-with-first-data-center-in-india?amp.
Cyber Fraud Crackdown and Phishing Scams
Giridih district police in Jharkhand, India, arrested six cyber criminals involved in a phishing operation. The gang used fake apps ‘RTO e-Challan Check.apk’ and ‘MGL Gas.apk’ to siphon money from victims. Operating from Kalaria jungle, the scammers tricked victims into downloading malicious APK files, gaining remote access to their devices. Police seized 11 mobile phones, 13 SIM cards, and five motorcycles during the raid.
Modus Operandi: The scammers distributed fraudulent links via SMS or messaging apps, exploiting victims’ trust in government-related services. Once installed, the apps granted attackers control over bank accounts. This incident highlights the persistence of social engineering tactics in regions with lower digital literacy.
Law Enforcement Response: Giridih SP Bimal Kumar credited the Pratibimb portal for actionable intelligence. Experts recommend public awareness campaigns to educate users about sideloading risks and the dangers of downloading apps from untrusted sources.
Ransomware in Education and OAuth Abuse
The recent Vercel breach exposed a critical flaw in modern SaaS security: OAuth abuse. Attackers compromised an AI tool connected via OAuth, using its trusted access to infiltrate Vercel’s internal systems—without exploiting traditional vulnerabilities like malware or zero-days. The incident reflects a broader trend where threat actors leverage pre-approved integrations to move laterally across environments.
Instructure, the parent company of the Canvas learning management system (LMS), confirmed a deal with the hacking group ShinyHunters to delete data stolen from 275 million users across 9,000 schools. The breach, which disrupted finals for students worldwide, involved threats to leak names, email addresses, and student IDs unless a ransom was paid by May 6 (later extended). The related URL is here.
Controversial Resolution: Instructure received ‘shred logs’ as proof of data deletion but acknowledged no absolute certainty the data was erased. Cybersecurity experts, including former FBI Cyber Division deputy director Cynthia Kaiser, warn that paying ransoms rarely guarantees data safety. A federal lawsuit alleges Instructure’s lax security made it ‘easy prey’ for cybercriminals.
Impact: The outage locked students and faculty out of Canvas during critical exam periods, exposing vulnerabilities in education sector cybersecurity. Instructure has since engaged forensic vendors to ‘harden’ its systems and review the breached data. The related URL is here.
Broader Implications: The incident highlights the rising targeting of edtech platforms, which hold sensitive student data but often lack robust defenses. Experts recommend:
- Zero-trust architecture to limit lateral movement.
- Regular third-party audits of cloud-hosted LMS platforms.
- Student data minimization (e.g., avoiding storage of unnecessary PII).
Final words
Cyber threats are increasingly asymmetric, leveraging AI, trusted integrations, and human psychology to bypass traditional defenses. Organizations must adopt a proactive, intelligence-driven approach to stay ahead of adversaries. Security is no longer about building walls but about managing access, validating identities, and assuming breach. Be cautious of AI job scams and OAuth abuses. For more information, contact our support team here.