There was a huge panic in the Head Post Office and Postal Passport Seva Kendra of Civil Lines located in Prayagraj, Uttar Pradesh, when an email threatening to blow up the premises with a bomb surfaced. As soon as the information was received, the police and bomb disposal squad evacuated the premises and conducted an intensive checking operation for hours. However, this information turned out to be just a rumor and after hours of investigation no suspicious object was recovered. Both the offices were reopened to the general public after 3 pm.
How did you receive the bomb threat?
Giving information, Postmaster General Rajiv Umrao said that this threat was given through an email. At around 7:45 am, a mail was sent to the Regional Passport Office (RPO), Lucknow, through Hotmail in the name of ‘Saurabh Vishwas’. In this email, a direct threat was given to blow up the passport office with a bomb. This mail from Lucknow was forwarded to the Circle Office and from there the information reached Prayagraj Postmaster General Rajiv Umrao through WhatsApp.
Police arrived within 10 minutes, search operation lasted for hours
As soon as the threatening message was received, the postal department immediately alerted the Prayagraj Police Commissionerate. As soon as the information was received, teams of Civil Lines Police Station, Dog Squad and Bomb Disposal Squad (BDS) reached the spot within just 10 minutes. As a precautionary measure, the Postal Passport Seva Kendra and the Head Post Office were immediately evacuated. With the help of dog squad, metal detectors and other equipment, every nook and corner was thoroughly searched for several hours.
Information turned out to be fake, work resumed at 3 pm
After hours of intensive investigation, when no explosive or suspicious object was found in the premises, the officers and employees heaved a sigh of relief. Postmaster General Rajiv Umrao clarified that this was completely a hoax threat.
He appealed not to be misled by rumors and expressed his gratitude to the police, BDS and dog squad team for quick action. He said that the work has not been much affected by this incident and after a thorough investigation, the offices have been completely reopened for the general public from 3 pm onwards.
Access Denied
You don’t have permission to access “http://hindi.news18.com/cricket/yuzvendra-chahal-stopped-consuming-alcohol-he-wants-to-wins-first-ipl-trophy-for-punjab-kings-speaking-to-ab-de-villiers-on-his-youtube-show-ws-n-10286179.html” on this server.
The United States fell in the World Baseball Classic in a thriller on Tuesday night in Miami, while their All-Star closer kept a seat warm in the bullpen.
Mason Miller did not enter the championship game against Venezuela after getting saves against Canada and the Dominican Republic in the quarterfinals and semifinals on Friday and Sunday, respectively.
After Bryce Harper homered in the bottom of the eighth to tie the game at two, it prompted a perfect scenario for a closer to enter the game in the ninth, as typically, closers pitch in tie games as the home team in the top of the ninth.
Mason Miller of Team USA shakes hands with Manager Mark DeRosa after receiving this silver medal after the 2026 World Baseball Classic Championship game presented by Capital One between Team Venezuela and Team USA at loanDepot Park on Tuesday, March 17, 2026, in Miami, Florida.(Daniel Shirey/WBCI/MLB Photos via Getty Images)
Instead, Mark DeRosa opted for Boston Red Sox reliever Garrett Whitlock, who gave up the winning run.
DeRosa, who said before the game Miller was available, revealed that Miller’s availability was only under one condition.
“Honoring the [San Diego] Padres,” DeRosa said, hinting that the Padres told DeRosa that Miller could only be used in a save situation. “Had we taken the lead, he was coming in, but I wasn’t going to bring him in into a tie game.”
Mason Miller of Team United States pitches in the ninth inning against Team Dominican Republic during the ninth inning at loanDepot park on March 15, 2026, in Miami, Florida.(Gene Wang/Capture At Media/Getty Images)
Of course, a save situation was never going to happen once the United States entered the ninth inning without a lead. Thus, Miller ultimately was never made available.
Contrary to apparently popular belief, the United States was not the only team in the WBC to abide by restrictions set out by MLB clubs. The FOX broadcast mentioned how Venezuela manager Omar Lopez was on the phone with MLB team officials the morning of the championship about regulations for specific pitchers.
For example, the Detroit Tigers would not allow reliever Enmanuel De Jesus to pitch under any circumstances on Tuesday, while the Chicago Cubs said closer Daniel Palencia, like Miller, was only allowed to pitch in a save situation.
The Venezuela team celebrates after defeating Italy at a World Baseball Classic semifinal game in Miami, Florida, on March 16, 2026.(AP Photo/Lynne Sladky)
There was pregame speculation that New York Yankees closer David Bednar was entirely unavailable for Team USA on Tuesday after also pitching Friday and Sunday.
Eugenio Suarez’s RBI double gave Venezuela its first World Baseball Classic title in the short history of the event, which began in 2006. For the U.S., it was its second consecutive loss in the title game after winning it all in 2017.
A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet apps.
DarkSword targets iPhones running iOS 18.4 through 18.7 and is linked to multiple actors, including UNC6353, suspected to be Russian, who used the Coruna exploit chain disclosed earlier this month.
Researchers at mobile security company Lookout discovered DarkSword while investigating the infrastructure used for the Coruna attacks. Google’s Threat Intelligence Group and iVerify also collaborated for a more comprehensive analysis of this previously unknown threat and the adversaries leveraging it.
iVerify’s findings indicate that all flaws (sandbox escape, privilege escalation, remote code execution) exploited in this exploit chain are known or documented, and Apple has already addressed them in the latest iOS releases.
The DarkSword exploit kit uses six vulnerabilities tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.
Loading the right exploit script based on the detected iOS version Source: Lookout
DarkSword attacks
In a report today, Google Threat Intelligence Group (GTIG) says that DarkSword has been used since at least November 2025 by several threat actors, who deployed three separate malware families:
GHOSTBLADE, a dataminer in JavaScript that steals a swath of information, including crypto wallet data, system and connectivity info, browser history, photos, location and mobility, communication data from iMessage, Telegram, WhatsApp, email, calls, and contacts
GHOSTKNIFE, a backdoor that can exfiltrate various types of data (signed-in accounts, messages, browser data, location history, recordings)
GHOSTSABER, a JavaScript backdoor that can enumerate devices and accounts, list files, execute JavaScript code, and steal data
The first adversary observed using the exploit chain is UNC6748, in attacks targeting Saudi Arabian users via a website impersonating Snapchat.
GTIG says that in late November 2025, DarkSword was used in Turkey, in activity associated with PARS Defense, a Turkish commercial surveillance vendor, on devices running iOS 18.4-18.7.
“Unlike the UNC6748 activity, this campaign was carried out with more attention to OPSEC, with obfuscation applied to the exploit loader and some of the exploit stages, and the use of ECDH and AES to encrypt exploits between the server and the victim,” GTIG notes.
Earlier this year, Google researchers noticed DarkSword being used in Malaysia by another PARS Defense customer delivering the GHOSTSABER backdoor.
UNC6353, a suspected Russian espionage actor, has been using the Coruna exploit kit since last summer, and in December 2025 started leveraging DarkSword exploits against Ukrainian targets.
The activity continued through March 2026 in watering hole attacks with compromised websites that deploy the GHOSTBLADE malware to exfitrate data from compromised targets.
An observation from Google researchers is that although “earlier DarkSword use attributed to UNC6748 and PARS Defense also supported iOS 18.7, we did not observe that from UNC6353, despite their later operational timeline.”
Actors using the DarkSword iOS exploit kit source: GTIG
According to Lookout researchers, both Coruna and DarkSword exhibit signs of codebase expansion using large language model (LLM) assistance. This is particularly visible in the case of DarkSword, which has multiple comments that explain the code functionality.
“This malware is highly sophisticated and appears to be a professionally designed platform enabling rapid development of modules through access to a high level programming language,” Lookout says.
“This extra step shows a significant effort put into the development of this malware with thoughts about maintainability, long-term development and extensibility.”
DarkSword delivery chain
Apart from the 1-click DarkSword exploit kit, iVerify also found a Safari exploit with “sandbox escape, privilege escalation, and in-memory implants” that stole sensitive data from devices.
DarkSword attacks begin in the Safari browser, where multiple exploits are used to obtain kernel read/write access, and then execute code through a main orchestrator component (pe_main.js).
It is unknown how the websites that launched these attacks were compromised in the first place, but the threat actors had sufficient rights to infect malicious iframes in the HTML code of these sites.
Malicious iframe on a Ukrainian government site Source: Lookout
The orchestrator injects a JavaScript engine into privileged iOS services such as App Access, Wi-Fi, Springboard, Keychain, and iCloud, and then activates data-stealing modules (e.g., GHOSTBLADE) that collect the following information:
Saved passwords
Photos, including screenshots and hidden image files
WhatsApp and Telegram databases
Cryptocurrency wallets (Coinbase, Binance, Ledger, and others)
Text messages (SMS)
Address book
Call history
Location history
Browser history
Cookies
Wi-Fi history and passwords
Apple Health data
Calendar
Notes
Installed applications
Connected accounts
Notably, DarkSword wipes temporary files and exits when the above is exfiltrated to the threat actors, indicating that it was not designed for long-term surveillance operations.
Lookout estimates that DarkSword is used by a Russian threat actor with financial objectives, while also conducting espionage aligned with Russian intelligence requirements.
iPhone users are recommended to upgrade to iOS 26.3.1 (latest), released earlier this month, and enable Lockdown Mode if at high risk of being targeted by malware.
For those using older devices that don’t qualify for an update to the latest iOS version, Apple may backport fixes as it did with the Coruna exploits, but this hasn’t been confirmed yet.
Update [March 18, 11:39]: Article updated with information from the Google Threat Intelligence Group about the DarkSide exploit kit, available to BleepingComputer after publishing time.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
If you are also thinking of booking a holiday after seeing advertisements of cheap foreign tour packages on social media, then be careful. Noida’s Cyber Crime Police has arrested a vicious swindler who used to give attractive advertisements on Facebook and Instagram to people dreaming of visiting places like Singapore and Vietnam and then defrauded them of lakhs of rupees.
DCP (Cyber) Shaivya Goyal said that the arrested accused has been identified as 33-year-old Aditya Raj. He is originally from Lakhisarai (Bihar) and Noida He was running a black business by living in ‘Amrapali Golf Homes Society’. Police have arrested this mastermind with the help of electronic surveillance.
What was the modus operandi of the fraud?
According to DCP Cyber, the accused’s method of cheating was very vicious. He used to run advertisements on Facebook, Instagram and Google for cheap ‘complete tour packages’ to Singapore, Nepal, Vietnam and Europe. When people contacted him after seeing the advertisement, he used to send them fake booking confirmations to trick them. By winning the trust of the people, he used to get the entire money transferred to his bank accounts. As soon as he received the money, he would get the booked tickets canceled and embezzle the refund money himself.
Fraud of Rs 12 lakh revealed, laptop-mobile recovered
Initial investigation by the police has revealed that the accused Aditya Raj has till now made dozens of people his victims and committed fraud of around Rs 12 lakh. Police have recovered 3 mobile phones and a laptop from him, which contains data of many victims. At present, the police is deeply investigating the bank accounts and social media advertisements of the accused so that other cases of fraud can also be exposed.
Japan will face Australia in the final of the 2026 AFC Women’s Asian Cup after beating South Korea 2-1 in the semifinal.
Published On 18 Mar 202618 Mar 2026
Riko Ueki and Maika Hamano scored first-half goals to set Japan on course for a 4-1 victory over South Korea and a spot in the Women’s Asian Cup final against Australia.
Japan dominated the semifinal on Wednesday at Sydney’s Stadium Australia against a South Korea lineup that edged the Australians on goal difference in the group stage after both teams finished with two wins and a draw apiece.
Recommended Stories
list of 3 itemsend of list
Japan thought they had gone ahead 3-0 before halftime with Aoba Fujino finding the back of the net in the 43rd minute, but the goal was disallowed after a VAR review.
Asia’s top-ranked team at No 7 in the FIFA list, Japan increased their tally to 27 goals in the continental championship when veteran defender Saki Kumagai headed in from Momoko Tanikawa’s swinging corner kick in the 75th.
The Nadeshiko finally conceded a goal for the first time in the tournament when Kang Chae-rim turned and fired in a right-foot shot from close range in the 78th.
Remina Chiba restored the three-goal buffer with a powerful strike to make it 4-1 in the 81st.
The final will be played Saturday in Sydney.
Japan beat Australia in back-to-back finals in 2014 and ’18 but neither team reached the championship decider in 2022, when China edged South Korea in the final.
Australia have reached the championship match four previous times since joining the Asian confederation but has only won the title once, in 2010. Japan lost four finals before finally clinching the title in 2014 for the first time.
Japan are the only Asian team to have won the Women’s World Cup – beating the United States on penalties in the 2011 final.
Sam Kerr scored the winner in the 58th minute to secure Australia’s 2-1 win in the first of the semifinals over defending champion China, two years after losing in the World Cup semifinals on home soil.
All four semifinalists here have qualified automatically for the 2027 Women’s World Cup.
In playoffs Thursday for two more spots in Brazil, Taiwan will take on North Korea and Philippines face Uzbekistan at the Gold Coast.
Tom Brady suggested he had to turn down the temperature between NFL players and Logan Paul as the two traded barbs about athleticism ahead of the Fanatics Flag Football Classic.
Brady appeared on “The Tonight Show Starring Jimmy Fallon” on Tuesday and spoke about what football fans can expect from the upcoming game set to take place Saturday at BMO Stadium. Paul is expected to play in the game along with iShowSpeed and Bud Crawford.
Tom Brady in attendance before Super Bowl LX between the Seattle Seahawks and the New England Patriots at Levi’s Stadium on Feb. 8, 2026.(Mark J. Rebilas/Imagn Images)
“They’re great athletes. Logan Paul is not really a great athlete. Just kidding!” Brady said with a smile. “He actually is. I saw a backflip from him today. But he literally called out these NFL players and I had all these guys come to me, ‘I’m gonna f–,’ and I’m like, ‘Guys, chill out. We’re not committing any crimes against Logan Paul.”
The feud began when Brady and Paul talked during Super Bowl week at radio row ahead of the Fanatics Flag Football Classic.
Brady and the WWE superstar had a conversation about the game.
“I’m actually a little worried for you. You’re a good athlete but you’re like … These guys are at another level,” Brady said of his NFL compatriots. “You’re not the level. You’re a good athlete.”
Logan Paul attends the boxing match between Jake Paul and Julio Cesar Chavez Jr. at Honda Center on June 28, 2025. (Gary A. Vasquez/Imagn Images)
“That’s cute. I love WWE. It’s very cute. But honestly, this is like real football. This is real competition,” Brady added.
Paul later posted a video showing how high he can leap, comparing himself to the way Barkley leaped over defenders during a Philadelphia Eagles game in 2024 on their way to a Super Bowl title.
Brady then called Paul a “b—h” while he was working out with Rob Gronkowski, who is also set to play in the game.
Later, Paul went further and challenged any NFL player to a boxing match. He said he was willing to put $1 million on the line. Former NFL star Le’Veon Bell was eager to challenge Paul, but any hope of the YouTuber fighting an NFL player seemingly was nixed quickly.
Tom Brady greets fans prior to the NFL Super Bowl LX football game between the Seattle Seahawks and the New England Patriots, at Levi’s Stadium on Feb. 8, 2026 in Santa Clara, California.(Kevin Sabitus/Getty Images)
Paul addressed the possibility of a physical confrontation with Brady, a seven-time Super Bowl champion, saying, “I wouldn’t be surprised if I throw hands with Tom Brady on the field.”
After the month of Ramzan, the festival of Eid holds special significance, that is why people eagerly wait to see the moon. The date of Eid is decided with the sighting of the moon in Saudi Arabia. Even on Thursday, March 18, the moon was not visible in Saudi Arabia. Saudi Arabia has announced the date of Eid ul Fitr 2026. Eid will be celebrated in Saudi Arabia on Friday (20 March).
There is enthusiasm among people regarding Eid. According to Saudi Press Agency, the Saudi Supreme Court has declared Thursday the last day of Ramadan and Friday the first day of Eid al-Fitr. The United Arab Emirates (UAE), Qatar and Bahrain have also declared Friday as the first day of Eid al-Fitr.
Actually, when Eid-ul-Fitr will happen depends on the sighting of the moon. The Islamic calendar is based on the movement of the moon. This is the reason that the exact date of Eid is not decided in advance. Every year, Eid is announced only after the moon is visible on the last day of Ramadan.
When Eid will be celebrated in India, it is decided on the basis of sighting of the moon in Gulf countries like Saudi Arabia. Eid moon has not been sighted in Saudi Arabia on March 18. After which Eid will be celebrated there on March 20.
When will Eid be celebrated in India?
Maulana Khalid Rashid said that the Eid moon will be seen on March 19 and if the moon is seen on that day then it will be celebrated on March 20, otherwise Eid-ul-Fitr will be celebrated on March 21. He said that it will be announced at 7.30 pm.
Eid-ul-Fitr is also called ‘Meethi Eid’. People reach mosques from early morning to offer namaz. After this, they embrace each other and congratulate each other on Eid. Dishes like kheer and vermicelli are prepared in homes on Eid. People celebrate this festival together with brotherhood.
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.
The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary Java code as root on an affected device.
According to data gleaned from the tech giant’s MadPotglobal sensor network, the security flaw is said to have been exploited as a zero-day since January 26, 2026, more than a month before it was publicly disclosed by Cisco.
“This wasn’t just another vulnerability exploit; Interlock had a zero-day in their hands, giving them a week’s head start to compromise organizations before defenders even knew to look. Upon making this discovery, we shared our findings with Cisco to help support their investigation and protect customers,” CJ Moses, chief information security officer (CISO) of Amazon Integrated Security, said in a report shared with The Hacker News.
The discovery, Amazon said, was made possible, thanks to an operational security blunder on the part of the threat actor that exposed their cybercrime group’s operational toolkit via a misconfigured infrastructure server, offering insights into its multi-stage attack chain, bespoke remote access trojans, reconnaissance scripts, and evasion techniques.
The attack chain involves sending crafted HTTP requests to a specific path in the affected software with an aim to execute arbitrary Java code, after which the compromised system issues an HTTP PUT request to an external server to confirm successful exploitation. Once this step is complete, the commands are sent to fetch an ELF binary from a remote server, which hosts other tools linked to Interlock.
The list of identified tools is as follows –
A PowerShell reconnaissance script used for systematic Windows environment enumeration, gathering details about operating system and hardware, running services, installed software, storage configuration, Hyper-V virtual machine inventory, user file listings across Desktop, Documents, and Downloads directories, browser artifacts from Chrome, Edge, Firefox, Internet Explorer, and 360 browser, active network connections, and RDP authentication events from Windows event logs.
Custom remote access trojans written in JavaScript and Java for command-and-control, interactive shell access, arbitrary command execution, bidirectional file transfer, and SOCKS5 proxy capability. It also supports self-update and self-delete mechanisms to replace or remove the artifact without having to reinfect the machine and challenge forensic investigation.
A Bash script for configuring Linux servers as HTTP reverse proxies to obscure the attacker’s true origins. The script delivers fail2ban, an open-source Linux intrusion prevention tool, and compiles and spawns an HAProxy instance that listens on port 80 and forwards all inbound HTTP traffic to a hard-coded target IP address. Furthermore, the infrastructure laundering script runs a log erasure routine as a cron job every five minutes to aggressively delete and purge the contents of *.log files and suppress shell history by unsetting the HISTFILE variable.
A memory-resident web shell for inspecting incoming requests for specially crafted parameters containing encrypted command payloads, which are then decrypted and executed.
A lightweight network beacon for phoning attacker-controlled infrastructure likely to validate successful code execution or confirm network port reachability following initial exploitation.
ConnectWise ScreenConnect for persistent remote access and for serving as an alternative pathway should other footholds be detected and removed.
The links to Interlock stem from “convergent” technical and operational indicators, including the embedded ransom note and TOR negotiation portal. Evidence shows that the threat actor is likely operational during the UTC+3 time zone.
In light of active exploitation of the flaw, users are advised to apply patches as soon as possible, conduct security assessments to identify potential compromise, review ScreenConnect deployments for unauthorized installations, and implement defense-in-depth strategies.
“The real story here isn’t just about one vulnerability or one ransomware group—it’s about the fundamental challenge zero-day exploits pose to every security model,” Moses said. “When attackers exploit vulnerabilities before patches exist, even the most diligent patching programs can’t protect you in that critical window.”
“This is precisely why defense-in-depth is essential—layered security controls provide protection when any single control fails or hasn’t yet been deployed. Rapid patching remains foundational in vulnerability management, but defense in depth helps organizations not to be defenseless during the window between exploit and patch.”
The disclosure comes as Google revealed that ransomware actors are changing their tactics in response to declining payment rates, targeting vulnerabilities in common VPNs and firewalls for initial access and leaning less on external tooling and more on built-in Windows capabilities.
Multiple threat clusters, both ransomware operators themselves and initial access brokers, have also been found to employ malvertising and/or search engine optimization (SEO) tactics to distribute malware payloads for initial access. Other commonly observed techniques include the use of compromised credentials, backdoors, or legitimate remote desktop software to establish a foothold, as well as relying on built-in and already installed tools for reconnaissance, privilege escalation, and lateral movement.
“While we anticipate ransomware to remain one of the most dominant threats globally, the reduction in profits may cause some threat actors to seek other monetization methods,” Google said. “This could manifest as increased data theft extortion operations, the use of more aggressive extortion tactics, or opportunistically using access to victim environments for secondary monetization mechanisms such as using compromised infrastructure to send phishing messages.”
Disputed toll and competing accounts of strike deepen crisis between Islamabad and Kabul.
Published On 18 Mar 202618 Mar 2026
The United Nations has recorded 143 deaths in an air strike on a drug rehabilitation centre in Kabul, significantly lower than the figure offered by Afghanistan’s Taliban government.
The attack on Kabul’s Omar Addiction Treatment Hospital on Monday night has sharpened a bitter dispute between Pakistan and Afghanistan with the Taliban putting the casualties at more than 400 people killed and about 265 wounded.
Recommended Stories
list of 2 itemsend of list
The UN Assistance Mission in Afghanistan provided its figure to the Reuters news agency on Wednesday.
The gap between the two counts underscores the difficulty of verifying casualty figures in the conflict as competing claims frequently come from Kabul and Islamabad. The latest wave of violence between the two countries began late last month.
Afghanistan’s Taliban administration has blamed Pakistan for the attack on the drug rehabilitation centre, and Pakistan has denied carrying it out.
Hamdullah Fitrat, a deputy spokesman for the Taliban administration, said the strike hit the hospital, a 2,000-bed facility, destroying large sections of the building and triggering fires that rescue teams worked through the night to contain.
Afghan government spokesperson Zabihullah Mujahid accused Pakistan of deliberately hitting civilian infrastructure and called the assault a “crime against humanity”. Mujahid said those killed and wounded were patients undergoing addiction treatment at the time of the strike.
Pakistan’s information minister, Attaullah Tarar, denied the allegation in an interview with Al Jazeera.
“We strongly refute and reject these allegations,” he said on Tuesday, insisting his country “only targeted terrorist infrastructure and military locations”.
The strike is the latest in a widening confrontation between the two neighbours, who have engaged in repeated cross-border clashes. Pakistan has also carried out air raids inside Afghanistan.
At the heart of the dispute is a long-running Pakistani accusation that the Taliban government shelters the Pakistan Taliban, known as Tehrik-i-Taliban Pakistan, as well as outlawed Baloch separatist groups responsible for attacks on Pakistani soil.
Kabul has consistently denied providing sanctuary to the groups.
The World Food Programme said on Sunday that it had begun mobilising emergency food supplies for more than 20,000 Afghan families uprooted by the fighting, a figure that is likely to grow as the conflict shows no sign of abating.
