Phishing

The scammers sent out massive numbers of phishing SMS messages using a so-called SMS blaster—a device that mimics the operation of a cellular base station.

It forced nearby phones to connect to a less secure network, allowing them to bypass the operators’ security measures and send up to 100,000 messages per hour.

A group of suspects has been detained in connection with the case.

Starting October 4, new rules for connecting to public Wi-Fi networks will take effect in Kazakhstan.

Users will be able to log in in two ways: via a one-time SMS password sent to their phone number or using an electronic digital signature.

The changes are aimed at improving security when using public Wi-Fi networks, as such networks can pose risks to privacy, finances, and personal data.

However, the question remains as to who will identify malicious Wi-Fi hotspots that steal digital signatures or other user data, and how this will be done.

Fraudsters hacked blogger Hakim Mukaram's account to post a malicious link.

On November 9, 2025, a data breach occurred at Mixpanel, the analytics service used by OpenAI for web analytics.

According to OpenAI, this was not a breach of OpenAI’s systems: passwords, API keys, payment information, chats, requests, and responses were not compromised.

However, attackers may have obtained account names, email addresses, approximate locations, browser and system data, referral sources, as well as user or organization IDs.

The main risk of such a leak is phishing and more convincing scam emails sent on behalf of well-known services. OpenAI reported that it has stopped using Mixpanel and is notifying affected users.

The Prosecutor General's Office of Kazakhstan has warned users of a potential cyber threat following reports from the ShinyHunters hacking group claiming access to data from up to 2.5 billion Gmail accounts.

Google, however, states that there was no mass Gmail data breach and that the reports of a hack are false.

Let’s break down what happened, who to believe, and what security measures to take: enable 2FA, change reused passwords, and avoid clicking on suspicious links.

A data breach occurred on Discord following an attack on a contractor that handled user support requests.

The attackers may have gained access to tickets, files, and some personal information belonging to people who contacted support.

Users who submitted documents, photos, account details, or other personal information are at risk.

This article explains what data may have fallen into the hands of scammers, why it’s important to enable two-factor authentication, and how to check your active sessions.

A database containing the personal information of millions of Kazakhstani citizens has appeared online.

TSARKA experts are investigating the situation and working with government agencies to determine whether the database represents a new data breach or a compilation of old data.

Such databases can be used by scammers to make calls impersonating banks, the police, the Public Service Center, or other organizations.

The main risk is that personal data can be used for social engineering: scammers use a person’s real information to gain their trust and then trick them into revealing SMS codes, passwords, personal identification numbers (PINs), card details, or account access.

Users should check their data via NomadGuard or eGov Mobile, update their passwords, enable two-factor authentication, and warn their loved ones, especially elderly relatives.

Есептерге сәйкес, Instagram-ның 17,5 миллионнан астам қолданушысының жеке деректері жарияланған.

Аты-жөндері, электрондық пошта мекенжайлары мен телефон нөмірлері фишинг пен хакерлік шабуылдар үшін қолданылып жатқан болуы мүмкін.

Құпия сөзіңізді өзгертіңіз, екі факторлы аутентификацияны (2FA) қосыңыз және күдікті сілтемелерге баспаңыз.