New React RSC Vulnerabilities Enable DoS and Source Code Exposure https://firewall.firm.in/wp-content/uploads/2025/12/react-flaws.jpg Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while ...

India building its first OT security testbed: DSCI CEO https://etimg.etb2bimg.com/thumb/msid-125799440,imgsize-24508,width-1200,height=627,overlay-etciso,resizemode-75/cybercrime-fraud/india-building-its-first-ot-security-testbed-dsci-ceo.jpg India is emerging as a neutral supplier in the global market for operational technology (OT) security, with the country building its first full-fledged OT security testbed and witnessing the rise of domestic product companies, Data Security Council of India (DSCI) chief executive Vinayak Godse said. Startups and user companies can ...

What enterprises must do today, ETCISO India’s Digital Personal Data Protection (DPDP) Act and the newly notified DPDP Rules 2025 mark a defining milestone in India’s digital governance journey. It signals India’s transition into a mature, trust-first digital economy. But what sets this framework apart is not just its regulatory strength but the balance that it strikes. It safeguards individual ...

Digital battlefield: Data dominance, codebreaking and the roots of information warfare https://etimg.etb2bimg.com/thumb/msid-125684785,imgsize-255746,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/digital-battlefield-data-dominance-codebreaking-and-the-roots-of-information-warfare.jpg Negligence in data handling leads to large scale data exposure, enabling malicious actors to exploit leaked data for committing fraud, blackmail or identity theft triggering penal statutes. Data is often described as the ‘new oil’ – a strategic asset central to the survival of individuals, corporations or even ...

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages https://firewall.firm.in/wp-content/uploads/2025/11/setuptools.jpg Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the ...

Cyber resilience has to begin long before a breach https://etimg.etb2bimg.com/thumb/msid-125579023,imgsize-958737,width-1200,height=627,overlay-etciso,resizemode-75/cybercrime-fraud/cyber-resilience-has-to-begin-long-before-a-breach.jpg The moment a cyberattack strikes a large organisation, normality fractures into confusion. Systems slow, dashboards flicker and messages pile up faster than anyone can process. In those first minutes, said Arunkumar Selvaraj, global head for security and compliance at TCS Enterprise Cloud, the experience is always brutally disorienting. Selvaraj, speaking ...

Essential Strategies for Incident Readiness and Recovery, ETCISO The highly connected and always-on global ecosystem in which we live is driven by digital transformation and is constantly evolving. In such an environment, safeguarding our critical infrastructure and manufacturing shop floors is key. Smart factories, automated assembly lines, and the industrial internet of things (IIoT) are closing the gap between physical ...

Navigating data breach challenges in DPDP era: Retrospective risks & regulatory strains https://etimg.etb2bimg.com/thumb/msid-125499084,imgsize-14220,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/navigating-data-breach-challenges-in-dpdp-era-retrospective-risks-regulatory-strains.jpg DPDP rules mark significant milestone in India’s ongoing data protection journey India’s digital ecosystem has undergone a seismic shift with the notification of the Digital Personal Data Protection (DPDP) Rules, 2025, on November 13, 2025. As the country’s first comprehensive data privacy framework, the DPDP Act, 2023, ...

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation https://firewall.firm.in/wp-content/uploads/2025/11/grafana.jpg Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain ...

Kyndryl wins deal to modernise Vodafone Idea’s IT operations, cybersecurity https://etimg.etb2bimg.com/thumb/msid-125476619,imgsize-47186,width-1200,height=627,overlay-etciso,resizemode-75/corporate/kyndryl-wins-deal-to-modernise-vodafone-ideas-it-operations-cybersecurity.jpg US enterprise technology services firm Kyndryl has expanded its partnership with India’s Vodafone Idea (Vi) with a new three-year deal to modernise the telecom carrier’s IT operations and delivery, streamline application operations management, and provide a unified integrated cyber resilience framework. Vi and Kyndryl did not disclose financial terms ...