The Trump administration has terminated all members of the Cyber Safety Review Board (CSRB), along with the Cybersecurity and Infrastructure Agency’s Cybersecurity Advisory Committee and other Department of Homeland Security (DHS) advisory panels. This move has halted the investigation into hacking group Salt Typhoon’s cyberattack on US telecommunications firms, raising significant concerns among cybersecurity advocates, according to CyberScoop.
While Acting DHS Secretary Benjamin Huffman suggested that outgoing members could reapply for their positions, the decision has faced criticism from lawmakers and experts. Representative Bennie Thompson (D-Miss.), of the House Homeland Security Committee, warned that this decision could delay the Salt Typhoon probe, which he emphasised must be ‘completed expeditiously.’
Cybersecurity expert Kevin Beaumont argued that dismantling the CSRB could shield Microsoft from accountability over security lapses tied to a separate Chinese hacking incident. Meanwhile, Jake Williams of IANS Research highlighted the broader implications of this decision, stating that removing such panels could undermine US national security.
However, House Homeland Security Chair Mark Green (R-Tenn.) defended the move, stating it offers the Trump administration an opportunity to appoint new members or reevaluate the mission of the CSRB for more effective oversight.
An agreement signed between Iran and Russia last week outlines commitments to enhance military, security, cyber and technological cooperation between the two nations. The comprehensive strategic partnership agreement, signed in Moscow by Russian President Vladimir Putin and Iranian President Masoud Pezeshkian, seeks to deepen bilateral relations and includes specific provisions for cooperation in cybersecurity and internet regulation.
The agreement aims to counter the use of information and communication technologies for criminal activities and includes plans to exchange expertise on managing national internet infrastructure. The text also adds that two countries will ‘promote the establishment of a United Nations-led system for ensuring international information security and the creation of a legally binding regime for the prevention and peaceful resolution of conflicts, based on the principles of sovereign equality and non-interference in the internal affairs of states’.
The agreement emphasises strengthening sovereignty and state-centric approach to international information security and internet governance. Other key commitments on cybersecurity also include:
Expanding joint efforts to combat the criminal misuse of ICTs, exchanging expertise, and promoting sovereignty in the international information domain.
Advocating for the internationalization of internet governance, equal rights for states in managing internet segments, and rejecting limitations on national sovereignty in regulating and securing the internet.
Enhancing sovereignty through regulating global ICT companies, sharing expertise on internet management, developing ICT infrastructure, and advancing digital development.
The founder and former CEO of GameOn, an AI startup in San Francisco, has been indicted for orchestrating a six-year-long fraud scheme that allegedly defrauded investors and the company out of over $60 million. Alexander Beckman, 41, faces 23 criminal charges, while his wife, Valerie Lau Beckman, 38, who worked as a lawyer for the company, is charged with 16 counts, including obstruction. Both have pleaded not guilty. The US Securities and Exchange Commission has also filed civil charges against the couple.
Beckman is accused of deceiving investors by inflating the company’s financial status, including fabricating fake customer relationships, overstating revenue, and creating fraudulent bank statements and audit reports. He allegedly went as far as impersonating individuals to share false information. Meanwhile, Lau Beckman allegedly assisted her husband by providing authentic audit reports to help fabricate false documents and delete critical files after an investigation began.
The Beckmans are also accused of misusing investor funds for personal expenses, including purchasing a luxury home, vehicles, and covering costs for their wedding. The fraudulent activities reportedly continued up until Beckman’s resignation as CEO in July 2024. GameOn, which has since been rebranded as On Platform, eventually admitted to the financial discrepancies and laid off most of its employees.
The case underscores the need for integrity in the tech industry, particularly within startups, as federal prosecutors emphasise that fraud cannot fuel innovation.
Several high-profile crypto influencers are facing backlash after amplifying the story of a purported US Treasury XRP wallet, which has now been exposed as a scam. On 22 January, influencers shared the wallet’s details, claiming it was linked to major institutions like JPMorgan and Bank of America. The story gained momentum on social media platforms but was soon debunked through on-chain analysis, which revealed the wallet was based in the Philippines, not the US Treasury.
The fraudulent wallet, identified by the address ‘rfHhX6hA54LBqA3j7r7EnCs6qyaRK2Lyfq’, was even KYC-verified, which added to its legitimacy. Critics within the crypto community have called out influencers for spreading misinformation, citing examples of previous false claims, including one about Ripple being a Central Bank Digital Currency.
This incident highlights the increasing number of crypto-related scams, which have been rising in tandem with the popularity of social media platforms like X. Recent data shows a dramatic spike in impersonation accounts and phishing schemes, with scammers hijacking major company handles and exploiting technical vulnerabilities in blockchain systems.
The rise in crypto scams serves as a stark reminder for users to be cautious and stay vigilant online.
Jobseekers are being targeted by a sophisticated scam that disguises malware as interview invitations. Masquerading as legitimate offers, these fraudulent emails claim to originate from reputable companies like CrowdStrike, a cybersecurity firm. However, the links they contain redirect victims to malicious websites, leading to the download of cryptomining software.
The malware, once installed, hijacks a computer’s CPU and GPU to mine cryptocurrency. This process severely degrades system performance, causing unresponsiveness, overheating, and increased energy consumption. The software also runs covertly, making it challenging to detect until significant harm is done.
CrowdStrike has acknowledged the scam, urging jobseekers to verify recruitment emails and avoid downloading files from unknown sources. Experts advise using robust antivirus software and remaining vigilant against unsolicited links or downloads during the job application process.
As cybercriminals continually innovate, individuals must exercise caution online. Even scams aimed at exploiting system resources can pave the way for far more invasive attacks, including financial theft and personal data breaches.
Educators are embracing AI to tackle academic dishonesty, which is increasingly prevalent in digital learning environments. Tools like ChatGPT have made it easier for students to generate entire assignments using AI. To counter this, teachers are employing AI detection tools and innovative strategies to maintain academic integrity.
Understanding AI’s capabilities is crucial in detecting misuse. Educators are advised to familiarise themselves with tools like ChatGPT by testing it with sample assignments. Collecting genuine writing samples from students early in the semester provides a baseline for comparison, helping identify potential AI-generated work. Tools designed specifically to detect AI writing further assist in verifying authenticity.
Requesting rewrites is another effective approach when AI usage is suspected. By asking an AI tool to rewrite a suspected piece, teachers can highlight the telltale signs of machine-generated text, such as a lack of personal style and overuse of synonyms. Strong evidence of AI misuse strengthens cases when addressing cheating with students and school administrators.
The rise of AI in education underscores the need for vigilance. Teachers must balance scepticism with evidence-based methods to ensure fairness. Maintaining a collaborative and transparent approach can help foster a culture of learning over shortcuts.
Russian state-linked hackers, operating under the unit Star Blizzard, have launched a new phishing campaign targeting the WhatsApp accounts of government ministers and officials worldwide. According to Britain’s National Cyber Security Centre (NCSC), Star Blizzard, linked to Russia’s FSB spy agency, aims to undermine political trust in the UK and other similar nations.
Victims receive an email impersonating a US government official, inviting them to join a WhatsApp group. The email contains a QR code that, when scanned, links the victim’s WhatsApp account to an attacker-controlled device or WhatsApp Web, granting the hacker access to sensitive messages. Microsoft confirmed that this tactic allows hackers to exfiltrate data but did not specify whether data was successfully stolen.
The campaign has targeted individuals involved in diplomacy, defence, and Ukraine-related initiatives. This marks the latest attempt by Star Blizzard, which had previously targeted British MPs, universities, and journalists. Microsoft noted that while the campaign seemed to have wound down by November, the use of QR codes in phishing attacks, or ‘quishing,’ shows the hackers’ continued efforts to gain access to sensitive information.
WhatsApp, owned by Meta, emphasised that users should avoid scanning suspicious QR codes and should only link their accounts through official services. Experts also recommend verifying suspicious emails by contacting the sender directly through a known, trusted email address.
Crypto scammers have increasingly turned to Telegram malware scams, with reports revealing a staggering 2,000% rise in such incidents since November. Unlike traditional phishing scams, these schemes involve fake verification bots within bogus trading, airdrop, and alpha groups, tricking users into downloading malware. Once installed, the malware allows attackers to steal passwords, crypto wallet keys, and browser data.
Security experts have noted this shift as scammers adapt to user awareness of phishing links. Malware tactics, such as fake Cloudflare verification pages and copied text injection, now dominate the landscape. Security firm Scam Sniffer highlighted that these scams target legitimate communities and rely on sophisticated social engineering to lure victims.
The consequences are severe yet difficult to measure, with $2.3 billion stolen in 2024 across 165 incidents, according to Cyvers. Whilst losses in December were lower than usual, scammers continue to evolve their methods, making these attacks increasingly challenging to counter.
Polymarket, a cryptocurrency-based prediction market, has come under fire for alleged violations of Singapore’s strict gambling laws. Authorities blocked access to the platform, deeming it an unlicensed gambling site. Those who attempt to bypass restrictions risk hefty fines and jail time under the Gambling Control Act 2022.
Further criticism erupted as Polymarket allowed users to bet on tragic events like the devastating Palisades wildfire in Los Angeles. The platform’s wildfire-related betting markets have been widely condemned as unethical, with accusations of profiting from human suffering. Polymarket’s attempts to defend its actions have done little to appease public outrage.
Meanwhile, Polymarket faces intense scrutiny in the US. The FBI recently raided CEO Shayne Coplan’s residence, seizing electronic devices, while the CFTC subpoenaed Coinbase for information on the platform’s activities. Despite its rapid growth during the US elections, with record-breaking trading volumes, Polymarket now grapples with plummeting activity and mounting regulatory challenges.
A French interior designer, identified as Anne, has fallen victim to a sophisticated scam in which she was tricked into believing she was in a relationship with actor Brad Pitt. Over the course of a year, the scammer, using AI-generated images and fake social media profiles, manipulated Anne into sending €830,000 for purported cancer treatment after a fabricated story involving the actor’s frozen bank accounts.
The scam began when Anne received messages from a fake ‘Jane Etta Pitt,’ claiming the Hollywood star needed someone like her. As Anne was going through a divorce, the AI-generated Brad Pitt sent declarations of love, eventually asking for money under the guise of urgent medical needs. Despite doubts raised by her daughter, Anne transferred large sums, believing she was saving a life.
The truth came to light when Anne saw Brad Pitt in the media with his current partner, and it became clear she had been scammed. However, instead of support, her story has been met with cyberbullying, including mocking social media posts from groups like Toulouse FC and Netflix France. The harassment has taken a toll on Anne’s mental health, and police are now investigating the scam.
The case highlights the dangers of AI scams, the vulnerabilities of individuals, and the lack of empathy in some online responses.
