The Union government of India, the country’s central federal administration, on Monday confirmed several instances of GPS spoofing near Delhi’s Indira Gandhi International Airport (IGIA) and other major airports. Officials said that despite the interference, all flights continued to operate safely and without disruption. The clarification came after reports pointed to digital interference affecting aircraft navigation systems during approach procedures at some of the busiest airports in the country.

What Is GPS Spoofing?

GPS spoofing is a form of signal interference where false Global Positioning System (GPS) signals are broadcast to mislead navigation systems. For aircraft, it can temporarily confuse onboard systems about their true location or altitude. While pilots and air traffic controllers are trained to manage such situations, repeated interference requires immediate reporting and stronger safeguards.

Government Confirms Incidents at Multiple Airports

India’s Civil Aviation Minister Ram Mohan Naidu informed Parliament that several flights approaching Delhi reported GPS spoofing while using satellite-based landing procedures on Runway 10. In a written reply to the Rajya Sabha, the minister confirmed that similar signal interference reports have been received from several India’s major airports, including Mumbai, Kolkata, Hyderabad, Bengaluru, Amritsar, and Chennai. He explained that when GPS spoofing was detected in Delhi, contingency procedures were activated for flights approaching the affected runway. The rest of the airport continued functioning normally through conventional ground-based navigation systems, preventing any impact on overall flight operations.

Safety Procedures and New Reporting System

The Directorate General of Civil Aviation (DGCA) has issued a Standard Operating Procedure (SOP) for real-time reporting of GPS spoofing and Global Navigation Satellite System (GNSS) interference around IGI Airport. The minister added that since DGCA made reporting mandatory in November 2023, regular interference alerts have been received from major airports across the country. These reports are helping regulators identify patterns and respond more quickly to any navigation-related disturbances. India continues to maintain a network of traditional navigation and surveillance systems such as Instrument Landing Systems (ILS) and radar. These systems act as dependable backups if satellite-based navigation is interrupted, following global aviation best practices.

Airports on High Cyber Vigilance

The government said India is actively engaging with global aviation bodies to stay updated on the latest technologies, methods, and safety measures related to aviation cybersecurity. Meanwhile, the Airports Authority of India (AAI) is deploying advanced cybersecurity tools across its IT infrastructure to strengthen protection against potential digital threats. Although the cyber-related interference did not affect flight schedules, the confirmation of GPS spoofing attempts at major airports has led to increased monitoring across key aviation hubs. These airports handle millions of passengers every year, making continuous vigilance essential.

Recent Aviation Challenges

The GPS spoofing reports come shortly after a separate system failure at Delhi Airport in November, which caused major delays. That incident was later linked to a technical issue with the Automatic Message Switching System (AMSS) and was not related to cyber activity. The aviation sector also faced another challenge recently when Airbus A320 aircraft required an urgent software update. The A320, widely used in India, led to around 388 delayed flights on Saturday. All Indian airlines completed the required updates by Sunday, allowing normal operations to resume. Despite reports of interference, the Union government emphasised that there was no impact on passenger safety or flight operations. Established procedures, trained crews, and reliable backup systems ensured that aircraft continued operating normally. Authorities said they will continue monitoring navigation systems closely and strengthening cybersecurity measures across airports to safeguard India’s aviation network.

A look at why identity security is failing in the age of deepfakes and AI-driven attacks, and how biometrics, MFA, PAD, and high-assurance verification must evolve to deliver true, phishing-resistant authentication.

The post How AI Threats Have Broken Strong Authentication  appeared first on Security Boulevard.

Caller ID spoofing causes nearly $1 billion (EUR 850 million) in financial losses from fraud and scams each year, according to a new Europol position paper that calls for technical and regulatory solutions to fight the problem. Phone calls and texts are the primary attack vectors, accounting for about 64% of reported cases, Europol said in the report. Caller ID spoofing is accomplished by manipulating the information displayed on a user’s caller ID, typically using Voice over Internet Protocol (VoIP) services or specialized apps to show a fake name or number “that appears legitimate and trustworthy,” Europol said. “The ability of malicious actors to conceal their true identity and origin, severely impedes the capacity of law enforcement agencies (LEAs) to trace and prosecute cybercriminals,” Europol said.

Caller ID Spoofing Attack Types

Europol outlined some of the caller ID spoofing attack types seen by EU law enforcement agencies. Criminals often spoof caller IDs to impersonate organizations like banks, government agencies, utility companies, or even family members, in scam calls to get recipients to reveal sensitive information, make fraudulent payments, or initiating money transfers under false pretenses. Tech support scammers impersonate legitimate tech support services to convince victims of non-existent computer issues in order to demand payment, install malware or obtain remote access for exploitation. Caller ID spoofing can also be used in swatting attacks to make it appear that an emergency call originated from a victim’s address. Organized crime networks have even set up “spoofing-as-a-service” platforms to automate caller ID spoofing, “with the aim of lowering the barrier for others to be able to commit crimes,” Europol said. “By offering such services, criminals can easily impersonate banks, LEAs or other trusted entities.”

Europol Calls for Regulatory and Technical Response

Europol surveyed law enforcement agencies across 23 countries and found significant barriers to implementing anti-caller-ID spoofing measures. “This means that the combined population of approximately 400 million people remain susceptible to these types of attacks,” the report said. The law enforcement agency said there is an “urgent need for a coordinated, multi-faceted approach to mitigate cross-border caller ID spoofing.” “The transnational nature of spoofing attacks demands seamless information sharing and coordinated action among Internet Service Providers (ISPs), telecommunications providers, law enforcement and regulatory bodies,” the agency said. Among the technical controls that are needed are “robust international traceback mechanisms” that include a neutral, cross-jurisdictional system for hop-by-hop tracing, standardized processes for information sharing, and APIs and signaling checks. Also needed are mechanisms for validating inbound international calls, and vendor-neutral tools with standardized interfaces for Do Not Call (DNC)/ Do Not Originate (DNO) lists, unallocated number lists, blacklisting, and malformed number detection. “Through multi-stakeholder collaboration, to address emerging threats and develop effective countermeasures, digital security can be significantly enhanced,” Europol said. “This will ensure citizens are better protected from the adverse effects of caller ID spoofing.” The report also acknowledged the importance of being prepared for other mobile threats such as SIM-based scams, anti-regulatory subleasing, the use of anonymous prepaid services in cybercrime, callback scams and smishing attacks.

This site turns your URL into something sketchy-looking.

For example, www.schneier.com becomes
https://cheap-bitcoin.online/firewall-snatcher/cipher-injector/phishing_sniffer_tool.html?form=inject&host=spoof&id=bb1bc121&parameter=inject&payload=%28function%28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof.

Found on Boing Boing.

Apple has released security updates for iPhones, iPads, Apple Watches, Apple TVs, and Macs as well as for Safari, and Xcode to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data.

How to update your devices

How to update your iPhone or iPad

For iOS and iPadOS users, you can check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

How to update macOS on any version

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

• Click the Apple menu in the upper-left corner of your screen.
• Choose System Settings (or System Preferences on older versions).
• Select General in the sidebar, then click Software Update on the right. On older macOS, just look for Software Update directly.
• Your Mac will check for updates automatically. If updates are available, click Update Now (or Upgrade Now for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.
• Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).
• Make sure your Mac stays plugged in and connected to the internet until the update is done.

How to update Apple Watch

• Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.
• Keep your Apple Watch on its charger and close to your iPhone.
• Open the Watch app on your iPhone.
• Tap General > Software Update.
• If an update appears, tap Download and Install.
• Enter your iPhone passcode or Apple ID password if prompted.

Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.

How to update Apple TV

• Turn on your Apple TV and make sure it’s connected to the internet.
• Open the Settings app on Apple TV.
• Navigate to System > Software Updates.
• Select Update Software.
• If an update appears, select Download and Install.

The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.

Updates for your particular device

Apple has today released version 26 for all its software platforms. This new version brings in a new “Liquid Glass” design, expanded Apple Intelligence, and new features. You can choose to update to that version, or just update to fix the vulnerabilities:

iOS 26 and iPadOS 26	iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
iOS 18.7 and iPadOS 18.7	iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iOS 16.7.12 and iPadOS 16.7.12	iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
iOS 15.8.5 and iPadOS 15.8.5	iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
macOS Tahoe 26	Mac Studio (2022 and later), iMac (2020 and later), Mac Pro (2019 and later), Mac mini (2020 and later), MacBook Air with Apple silicon (2020 and later), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), and MacBook Pro with Apple silicon (2020 and later)
macOS Sequoia 15.7	macOS Sequoia
macOS Sonoma 14.8	macOS Sonoma
tvOS 26	Apple TV HD and Apple TV 4K (all models)
watchOS 26	Apple Watch Series 6 and later
visionOS 26	Apple Vision Pro
Safari 26	macOS Sonoma and macOS Sequoia
Xcode 26	macOS Sequoia 15.6 and later

Technical details

Apple did not mention any actively exploited vulnerabilities, but there are two that we would like to highlight.

A vulnerability tracked as CVE-2025-43357 in Call History was found that could be used to fingerprint the user. Apple addressed this issue with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26, and iPadOS 26.

A vulnerability in the Safari browser tracked as CVE-2025-43327 where visiting a malicious website could lead to address bar spoofing. The issue was fixed by adding additional logic.

Address bar spoofing is a trick cybercriminals might use to make you believe you’re on a trusted website when in reality you’re not. Instead of showing the real address, attackers exploit browser flaws or use clever coding so the address bar displays something like login.bank.com even though you’re not on your bank’s site at all. This would allow the criminals to harvest your login credentials when you enter them on what is really their website.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.