wayr today India

Category: Security & Privacy

  • RBI’s proposed 1-hour delay for digital payments: a “time-based” safeguard for UPI, cards, and net banking

    This article was generated by AI and cites original sources.

    India’s central bank is considering a technical change to how certain digital transfers are processed—adding a deliberate time lag as a fraud-mitigation control. According to Inc42 Media, the Reserve Bank of India (RBI) is discussing measures in a discussion paper titled “Exploring safeguards in digital payments to curb frauds”, with feedback open until May 8. The proposal includes a 1-hour delay for processing digital transactions of ₹10,000 or more and a 24-hour delay for citizens aged 70 years and above for transactions of ₹50,000 and above.

    A core proposal: slowing down certain APP transfers

    The RBI’s focus is on authorised push payments (APP)—a payment category where the payer authorizes the transfer to a payee. In its discussion paper, the RBI argues that a time lag could act as a preventive control by disrupting the fraudster’s psychological influence over the victim and by giving the payer an opportunity to reconsider the transaction, as described by Inc42 Media.

    Under the proposal, users would experience a 1-hour lag for transactions exceeding ₹10,000. Inc42 Media reports that the delay would be implemented on all merchant transactions made from UPI, cards, and net banking.

    Notably, the proposal is not described as a blanket delay for every kind of payment. Inc42 Media says the RBI has proposed exemptions for recurring payments like e-mandates and for payments made via cheques. That carve-out suggests the RBI is trying to balance fraud prevention with continuity for payment flows that may not be easily paused without breaking user expectations.

    How the mechanism could work: overrides and whitelisting

    Inc42 Media also reports that the RBI is considering an option to handle time-sensitive transactions. Specifically, the RBI may provide a way for the payer to override the lag for a specific transaction by explicitly authorizing it—for example, through a whitelisting mechanism. In such cases, the delay may be bypassed, according to the reporting.

    The proposed control could also be structured around payees rather than individual transactions. Inc42 Media states that instead of allowing whitelisting of transactions or in addition to it, payees can be whitelisted by the payer. Under that approach, all payments to whitelisted payees would not be subjected to time lag.

    From a technology standpoint, these details matter because they imply the fraud-mitigation logic would need to integrate with existing payment rails—UPI, cards, and net banking—while also supporting payer-controlled configuration (whitelists) and per-transaction override flows. Even without implementation specifics in the source, the described design points to a system that can classify payments (merchant vs. recurring vs. exempted), apply timing rules, and consult payer preferences before enforcing the delay.

    Targeted protection for older users and larger amounts

    The RBI’s discussion paper also includes a demographic and threshold-based safeguard. Inc42 Media reports that for APP transactions worth ₹50,000 and above, the central bank suggests a 24-hour delay for citizens aged 70 years and above.

    While the source excerpt cuts off before fully describing the complete details for this higher tier, the reported structure indicates a layered approach: a shorter delay for transactions above ₹10,000 in general, and a longer delay for older users above a higher threshold. This kind of tiering is a common pattern in risk controls—applying stronger friction where the expected downside (for example, harm from fraud) is higher, while keeping lower-friction controls for less risky scenarios. Here, the RBI’s stated rationale—disrupting psychological pressure and providing reconsideration time—aligns with that tiering logic.

    Why this matters for digital payments technology

    The RBI’s proposal is essentially a time-based safeguard layered onto existing digital payment channels. As Inc42 Media notes, the backdrop is an ongoing increase in digital financial theft. In that environment, the RBI appears to be exploring whether adding processing delay can reduce successful APP fraud outcomes without requiring changes that would stop payments entirely.

    There are several technology implications that observers may watch for if the RBI moves from discussion to implementation:

    1) Payment orchestration changes across rails. Because the delay is described as applying to merchant transactions across UPI, cards, and net banking, the safeguard would need consistent enforcement logic across systems that may differ in how they authorize, confirm, and settle payments.

    2) Risk controls that depend on payment type. The proposed exemption for recurring e-mandates and cheques implies the system would classify payment categories and selectively apply delays.

    3) A new user-controlled trust layer. The whitelisting and override mechanisms imply a configuration model where payers can pre-authorize certain transactions or payees. That adds a new dimension to payment UX and state management: the system would need to reliably maintain and apply whitelist status at time of authorization.

    4) Operational trade-offs around time-sensitive flows. Inc42 Media explicitly mentions that some transactions may be time-sensitive and therefore may need an override path. Implementing that without undermining the fraud-mitigation goal would likely require careful rules for what can be overridden and how that authorization is performed.

    Finally, the RBI’s discussion paper process—feedback open until May 8—signals that these design choices are still under review. The source frames the proposal as part of a broader set of measures, but the excerpt focuses on the time lag, exemptions, and whitelisting concepts. As the consultation progresses, the industry may look for additional technical details on enforcement, edge cases, and how the delay interacts with existing payment confirmation and user authorization steps.

    Source: Inc42 Media

  • BlackBerry forecasts strong first-quarter revenue, cites cybersecurity and QNX automotive software demand

    This article was generated by AI and cites original sources.

    BlackBerry is forecasting strong first-quarter revenue that it expects to exceed market expectations, and the company says its turnaround is complete. In a Tech-Economic Times report published on April 9, 2026, the Canadian software firm attributes the outlook to robust demand for its cybersecurity and embedded software, with particularly strong performance from its QNX division, which supports automotive systems. The report also points to plans for increased investment and potential acquisitions—a combination that could shape how BlackBerry positions its software stack across enterprise security and connected vehicles.

    BlackBerry’s revenue outlook and strategic shift

    According to the source, BlackBerry anticipates strong first-quarter revenue that will be above market expectations. The report frames this as evidence that the company’s strategic shift is producing results. Rather than centering on hardware or consumer devices, the emphasis is on software segments—specifically cybersecurity and embedded software.

    This matters for technology watchers because it highlights a product strategy focused on two software domains: security capabilities for protecting systems, and embedded software for running software reliably in constrained environments. The source indicates that demand is robust for both areas, which suggests that BlackBerry is targeting workloads where long-term integration, compliance, and platform stability are central purchasing factors.

    Cybersecurity and embedded software demand

    The Tech-Economic Times report states that BlackBerry’s demand profile is robust for its cybersecurity and embedded software. While the source does not provide additional technical specifics—such as named products, feature sets, or customer verticals beyond the automotive link for QNX—it does establish the categories that BlackBerry is prioritizing.

    From a technology perspective, the pairing of cybersecurity and embedded software addresses both sides of system risk: the need to secure software and the need to ensure that software runs correctly in production environments. If the turnaround is complete, as the report claims, then BlackBerry’s software portfolio may be gaining traction with customers who require vendors capable of supporting both secure operations and dependable runtime behavior.

    However, the source does not disclose how much of the first-quarter revenue outlook is attributable to cybersecurity versus embedded software. What can be stated directly is that the company points to both categories as areas with strong demand.

    QNX performance and automotive software

    A key detail in the report is that BlackBerry’s QNX division—described as crucial for automotive systems—is performing exceptionally well. QNX is positioned in the source as central to automotive systems, which ties the company’s embedded software strength to the broader trend of software-defined vehicles.

    The implication for the industry is that automotive software platforms are increasingly important, and performance in that division can influence how software vendors are evaluated by automakers and suppliers. The report’s language suggests that BlackBerry’s embedded software strategy is accelerating through QNX.

    However, because the source does not provide metrics such as revenue growth rates, unit volumes, or customer counts, it is not possible to quantify the scale of QNX’s contribution from the information provided. Observers may watch for further disclosures in subsequent filings or earnings materials to understand the extent of QNX’s contribution to overall performance.

    Investment plans and potential acquisitions

    The Tech-Economic Times report states that BlackBerry is poised for further growth and mentions plans for increased investment and potential acquisitions. For a software company, this combination typically involves scaling internal development—such as expanding engineering capacity or deepening existing product areas—and acquiring capabilities that can fill gaps or accelerate time-to-market.

    Because the source does not specify which technologies or company targets are under consideration, the acquisition language should be treated as directional rather than concrete. The mention of acquisitions aligns with the idea that cybersecurity and embedded software are areas where specialized capabilities—such as security tooling, secure runtime components, or systems integration expertise—could be valuable.

    The report’s claim that the turnaround is complete could affect how the market interprets future capital allocation. If investors and customers see that the company’s strategy is translating into revenue strength, then increased investment and potential acquisitions may be viewed as steps to sustain and extend that momentum.

    Implications for technology buyers and platform strategists

    BlackBerry’s forecast and segment emphasis provide a snapshot of how enterprise and automotive software ecosystems are evolving. The source ties its outlook to cybersecurity, embedded software, and QNX performance. In practical terms, this suggests BlackBerry’s technology roadmap is focused on software layers that can be integrated into existing systems—an approach that typically requires long-cycle engineering work, ongoing support, and continued platform reliability.

    For technology buyers, the news may signal that BlackBerry is positioning its products for continued adoption in environments where security and embedded reliability are key requirements. For platform strategists, the report underscores that automotive software platforms remain a competitive arena, with QNX highlighted as a key component.

    What remains unclear from the source is the depth of technical detail behind the growth—such as which cybersecurity capabilities are seeing demand or what specific embedded software performance metrics are improving. The report’s central message is that BlackBerry expects revenue strength in the first quarter, credits its strategic shift, and points to QNX and cybersecurity as the primary drivers.

    Source: Tech-Economic Times

  • Anthropic’s Claude Mythos Targets Software Vulnerability Detection

    This article was generated by AI and cites original sources.

    Anthropic announced on Tuesday that its yet-to-be-released AI model, Claude Mythos, has demonstrated an ability to expose software weaknesses. According to the company, the vulnerabilities identified by Mythos are often subtle and difficult to detect without AI, positioning the model as a tool for vulnerability discovery.

    What Anthropic Claims About Claude Mythos

    According to Tech-Economic Times, Anthropic said its yet-to-be-released artificial intelligence model Claude Mythos has proven “keenly adept at exposing software weaknesses.” The key claim is that Mythos can uncover software vulnerabilities that are often subtle—issues that may be difficult to identify using conventional approaches without AI assistance.

    The source material does not provide technical details such as testing methodology, the types of software targeted, or evaluation metrics used to assess performance. However, it establishes Anthropic’s positioning of Claude Mythos as a tool for security-oriented vulnerability detection. This represents a focus on AI for security analysis rather than general-purpose coding assistance.

    Why Subtle Vulnerabilities Matter in Software Security

    Software vulnerabilities described as “subtle and difficult to detect without AI” point to a persistent challenge in security work: not all weaknesses are obvious. Some issues can hide behind complex logic paths, unusual input handling, or edge cases that are easy for humans to miss when reviewing large codebases. If an AI system can identify patterns associated with vulnerabilities that are less visible to traditional scanning or manual review, this could affect how teams allocate time between automated tooling and human review.

    From an industry perspective, the key detail in the source is the claimed detectability gap: Anthropic indicates that certain classes of weaknesses may not be reliably found without AI. This matters because vulnerability discovery often determines how quickly teams can patch security issues. The framing suggests Mythos is aimed at improving the coverage of security testing, particularly for issues that do not trigger obvious alarms.

    Potential Workflow Integration

    The Tech-Economic Times report describes Mythos as finding “cracks in software defenses.” This phrase signals a potential workflow use case: the model could be used in a mode that resembles adversarial testing. An AI model that can expose weaknesses could potentially be integrated into stages such as pre-release testing, code review support, or continuous security assessment.

    The source does not specify whether Claude Mythos is intended to run autonomously, whether it requires human triage, or how it reports findings. However, it does establish that Anthropic’s positioning for Claude Mythos is tied to security discovery. This could indicate that the model’s outputs are meant to inform remediation efforts.

    Since the article states Anthropic’s model is “yet-to-be-released,” observers may watch for two categories of information when it becomes available: first, how Anthropic demonstrates its effectiveness through tests, datasets, or benchmarks, and second, how the model’s vulnerability findings are operationalized for developer use. The source material does not provide these details yet.

    Implications for AI in Security Tooling

    The reported claim points to a trend in which security teams may look to AI systems to supplement or extend traditional methods. Anthropic’s statement that Mythos finds vulnerabilities that are “often subtle and difficult to detect without AI” suggests a rationale for adopting AI in security workflows: improving detection where conventional methods may struggle.

    At the same time, the source does not include evidence about false positives, verification steps, or the distribution of vulnerability types found. These details would be significant for evaluating real-world usefulness. In vulnerability discovery, the cost of false alarms can be as important as the ability to find issues. The Tech-Economic Times report focuses on the detection capability rather than on operational constraints.

    For the industry, this could indicate that Anthropic is positioning Claude Mythos by anchoring its value proposition in software weakness identification. If Anthropic’s eventual release includes documentation of performance and safety boundaries, it may influence how other AI providers position their models for security use cases. Based on the source, the concrete takeaway is that an upcoming Claude model is being presented as a tool to surface vulnerabilities that are difficult to find without AI.

    Source: Tech-Economic Times

  • Delhi High Court Ruling Restores Blocked Tech Platform Accounts

    This article was generated by AI and cites original sources.

    In a recent ruling, the Delhi High Court ordered the restoration of blocked accounts on a tech platform, emphasizing the need for full account restoration. However, the court specified that certain tweets identified in the blocking orders would remain temporarily blocked until reviewed by a committee of the Ministry of Electronics and Information Technology (MeitY).

    This decision highlights the complex intersection between technology platforms and legal proceedings, as tech companies navigate the balance between user freedom of expression and regulatory requirements. The court’s directive on account restoration procedures sets a precedent for how tech platforms handle content moderation and compliance with government regulations.

    As the digital governance landscape continues to evolve, this ruling serves as a case study in understanding the nuanced challenges faced by technology companies operating in regions with stringent regulatory frameworks.

    Source: Tech-Economic Times

  • Meta Warns iPhone Users of Italian Spyware Masquerading as WhatsApp

    This article was generated by AI and cites original sources.

    WhatsApp has issued a warning to approximately 200 users in Italy who inadvertently downloaded a malicious version of the app containing spyware. The spyware was developed by Italian surveillance company SIO, known for creating surveillance tools for governments through its subsidiary ASIGINT. These users fell victim to a social engineering ploy that led them to install the compromised WhatsApp variant.

    Meta, the parent company of WhatsApp, disclosed that the affected users, primarily in Italy, were identified and logged out as a precaution. The attack was orchestrated to persuade users to install a fake WhatsApp version, likely to compromise their devices. Meta plans to take legal action against the spyware firm to prevent any further malicious activities.

    While Meta did not divulge specifics about the impacted users or the extent of data breach, WhatsApp spokesperson Margarita Franklin reiterated the company’s commitment to safeguarding users who were deceived into downloading the counterfeit iOS app.

    The deceptive WhatsApp application was not disseminated through official channels like Google Play Store or Apple’s App Store but through unofficial sources. Victims were coerced into downloading the altered WhatsApp app under the guise of authenticity. Once installed, the rogue software enabled unauthorized entities to access the users’ device data.

    Source: mint – technology

  • Government Extends Deadline for SIM-Binding Compliance: Implications for Messaging App Security

    This article was generated by AI and cites original sources.

    The government’s recent decision to extend the deadline for SIM-binding compliance has significant implications for messaging app security and user experience. Originally set for earlier implementation, the rule requires messaging apps like WhatsApp, Telegram, and Signal to be linked to a user’s SIM card continuously. Concerns were raised by industry stakeholders regarding potential disruptions to legitimate usage, especially for users traveling abroad.

    In response to industry feedback, the Centre has pushed the compliance deadline to December 31, allowing more time for implementation. The Department of Telecommunications (DoT) also made a notable change by eliminating the mandatory six-hour logout rule for web versions of these apps. Instead, an AI-powered risk analysis will determine logout instances, enhancing security measures.

    This shift in the regulatory landscape emphasizes the growing importance of cybersecurity in the messaging app sector. By requiring apps to maintain a direct link to users’ SIM cards, the government aims to bolster user verification and prevent unauthorized access. The revised compliance timeline aligns with industry concerns, highlighting a collaborative approach to enhancing security measures while balancing user convenience.

    Source: Inc42 Media

  • Neelam Dhawan Appointed Chairperson of Nasscom’s Data Security Council: Strengthening India’s Cybersecurity Focus

    This article was generated by AI and cites original sources.

    Neelam Dhawan has been appointed as the new Chairperson of the Data Security Council of India, succeeding Promod Bhasin. Dhawan’s primary objective is to collaborate with industry stakeholders and government entities to enhance India’s cybersecurity measures and strengthen data privacy standards. The goal is to position India as a prominent global leader in the realm of cybersecurity. Recognizing cybersecurity as a crucial enabler for businesses, the focus will be on fostering innovation and collaborative efforts within the dynamic technological landscape.

    Source: Tech-Economic Times

  • Perplexity AI Faces Lawsuit Over Alleged Data Sharing with Tech Giants

    This article was generated by AI and cites original sources.

    Perplexity AI, an AI search engine, is at the center of a proposed class-action lawsuit for allegedly sharing sensitive user data with Meta Platforms and Google, as reported by Bloomberg. The complaint accuses Perplexity of violating California privacy laws by embedding ‘undetectable’ trackers that transmit personal information to these tech giants.

    The lawsuit, initiated by a Utah resident known as John Doe, aims to represent a larger group of Perplexity users. It alleges that trackers are downloaded onto users’ devices upon visiting Perplexity’s website, granting Meta and Google full access to conversations with the AI system, even in ‘Incognito’ mode.

    Furthermore, the complaint claims that this backdoor access enables Meta and Google to utilize the data for targeted advertising and potentially resell it to third parties. Perplexity is accused of including hidden tracking software in its search engine code to facilitate the transmission of user conversations to these tech companies.

    In response to the lawsuit, a Meta spokesperson referenced Facebook’s policy against advertisers sending sensitive information, emphasizing their stance on data privacy. Meanwhile, a spokesperson for Perplexity has yet to provide a formal statement regarding the allegations.

    Source: mint – technology

  • North Korea-Linked Hack Exposes Vulnerabilities in Critical Software Infrastructure

    This article was generated by AI and cites original sources.

    A recent cyber incident linked to North Korea has targeted largely unseen software that underpins various online services, highlighting the potential vulnerabilities in critical infrastructure. Cyber researchers have labeled this breach as a supply chain attack, emphasizing the risk of downstream entities being compromised.

    The malicious software involved in the attack, which has since been removed, could have facilitated unauthorized access to sensitive data on affected computers, including access credentials. This breach has raised concerns about the exploitation of such vulnerabilities for data theft and other malicious activities.

    Source: Tech-Economic Times

  • Razorpay Introduces Biometric Authentication ‘Passkey’ for Secure Online Payments

    This article was generated by AI and cites original sources.

    Razorpay, a leading omnichannel payments platform, has unveiled a new biometric authentication solution called ‘Passkey’ to comply with RBI regulations. This technology, developed in collaboration with Mastercard and Visa, allows cardholders to verify online transactions using fingerprints or facial recognition, eliminating the need for OTPs and enhancing the speed and security of checkouts.

    In India, authentication challenges like delayed OTPs contribute to about 35% of payment failures, while digital payment fraud poses a significant threat, with over 13,500 internet fraud cases and losses exceeding Rs 520 crore in FY25 according to RBI data.

    Razorpay’s solution aims to address these issues by leveraging device-bound secure biometrics and passkey protocols endorsed by major payment networks. By enabling direct authentication on users’ devices through biometrics, the system streamlines the payment process by eliminating OTP delays, manual entries, and redirects, ensuring a smooth and trustworthy payment experience.

    This advancement enhances security and convenience for customers, while also boosting reliability and conversion rates for businesses, ensuring compliance with evolving industry standards. By employing payment passkeys that secure card details and prevent unauthorized access, Razorpay’s solution offers a seamless and secure payment experience, facilitating high-value transactions without interruptions.

    As biometric authentication and payment passkeys gain traction, Razorpay’s initiative is set to shape the future of digital commerce in India, fostering a landscape where transactions are secure, efficient, and aligned with user intent.

    Source: Entrackr : Latest Posts