This script ( mcp-server.js) acts as a local proxy. The agent communicates with it via stdio (standard), and the script makes HTTP requests to your Vercel backend, managing the question delivery and the polling (active waiting) for the response. Agent (Local) → calls ask_telegram_confirmation Local Proxy (mcp-server.js) → calls POST /api/confirm on Vercel Vercel → sends a message to the Telegram Bot
Trying to isolate over 100 million users from private and secure communication is a backwards step and can only lead to less safety for people in Russia. We continue to do everything we can to keep users connected. The move fits into the Kremlin's aim to achieve a sovereign internet an online space cut off from western technology and foreign influence, and more vulnerable to state control.
On January 2, Raha Bahloulipour watched Sentimental Value, the latest film by the Norwegian auteur Joachim Trier, in her dorm room at the University of Tehran. It was the first film she viewed in 2026, and she liked it very much. I know this because Raha was, like myself, an avid user of the film-cataloging app Letterboxd. With its tag system and diary, she jotted down when, where, and in what context she watched movies and what she thought of them.
When black markets for drugs, guns, and all manner of contraband first sprang up on the dark web more than a decade ago, it seemed that cryptocurrency and the technical sophistication of the anonymity software Tor were the keys to carrying out billions of dollars worth of untouchable, illicit transactions online. Now, all of that looks a bit passé. In 2025, all it takes to get away with tens of billions of dollars in black-market crypto deals is a messaging platform willing to host scammers and human traffickers, enough persistence to relaunch channels and accounts on that service when they're occasionally banned, and fluency in Chinese.
On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram's TOS by leaking personal information on people - and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA). DataBreaches did not report on it at the time precisely because the files were still exposed. Instead, DataBreaches contacted Telegram to inquire why the channel hadn't been banned again for leaking sensitive information about government employees.
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.
Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.. The cybercrime collective is encouraging followers to email senior executives at organizations it claims to have breached, urging them to pay up and avoid publicity about the group's new data leak site. Those who contact executives through personal email accounts will receive higher rewards,
