MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide https://firewall.firm.in/wp-content/uploads/2025/12/mongodb-exploit.jpg Dec 29, 2026Ravie LakshmananDatabase Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from ...

The year the cloud went dark: Inside 2025’s biggest tech outages https://etimg.etb2bimg.com/thumb/msid-126199542,imgsize-2412700,width-1200,height=627,overlay-etciso,resizemode-75/cybercrime-fraud/the-year-the-cloud-went-dark-inside-2025s-biggest-tech-outages.jpg The year 2025 highlighted the internet’s vulnerability. Major cloud providers like AWS, Microsoft Azure, and Google Cloud experienced significant outages. For a world that lives online, 2025 was a reminder of just how fragile the internet’s backbone can be. From payment systems and airlines to messaging apps and ...

The New Iframe Phishing Kit Behind Over One Million Attacks, ETCISO A newly identified phishing-as-a-service (PhaaS) kit, tracked since September 2025, has been linked to more than one million phishing attacks. The kit, referred to by researchers as GhostFrame, represents a notable shift in phishing infrastructure by building an entire attack framework around the use of web page iframes to ...

‘Data is the soil of the enterprise’: Insurance leaders unpack readiness, ownership and the rising enterprise risk of privacy at ETCISO DP&P Summit 2025 https://etimg.etb2bimg.com/thumb/msid-125931517,imgsize-65770,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/data-is-the-soil-of-the-enterprise-insights-from-leading-insurance-executives-on-privacy-and-risk-management.jpg At the ET CISO Data Protection & Privacy Summit 2025, top technology, risk and privacy leaders from India’s largest life insurers examined how enterprises must redesign their operating models to meet the Digital Personal Data ...

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper https://firewall.firm.in/wp-content/uploads/2025/12/apple-macos.jpg Dec 24, 2025Ravie LakshmananMalware / Endpoint Security Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks. “Unlike earlier MacSync Stealer variants ...

Noida International Airport partners with Tech Mahindra for network, cybersecurity operations https://etimg.etb2bimg.com/thumb/msid-126152388,imgsize-513557,width-1200,height=627,overlay-etciso,resizemode-75/next-gen-tech/noida-international-airport-partners-with-tech-mahindra-for-network-cybersecurity-operations.jpg Noida International Airport (NIA) and IT services firm Tech Mahindra on Tuesday announced their partnership to establish and operate an integrated Network and Security Operations Centre (NOC-SOC) for the airport. Tech Mahindra will collaborate with NIA to establish a robust, process-driven ecosystem that places cybersecurity at the heart ...

Embracing Resilience and Evolving Strategies, ETCISO Organizations are shifting from abstract frameworks to more grounded, practical decision-making in cybersecurity as they look to 2026. April Lenhard, Principal Product Manager at Qualys, believes that the upcoming year will be a significant turning point in both the national development of cybersecurity policy and the understanding of technical risk within businesses. Resilience is ...

DPDP rules are here: What technology leaders must do now to build data-safe, AI-ready enterprises https://etimg.etb2bimg.com/thumb/msid-126055911,imgsize-23452,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/navigating-indias-digital-personal-data-protection-act-strategies-for-technology-leaders.jpg India’s Digital Personal Data Protection (DPDP) Act and newly released Rules signal one of the most consequential shifts in the country’s digital landscape. For technology leaders—CIOs, CDOs, CISOs, CTOs, and GCC heads—the act is far more than a compliance milestone. It demands a fundamental ...

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites https://firewall.firm.in/wp-content/uploads/2025/12/chrome-passwords.jpg Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both ...

Why businesses can no longer treat cybersecurity as an IT problem https://etimg.etb2bimg.com/thumb/msid-126132900,imgsize-77028,width-1200,height=627,overlay-etciso,resizemode-75/cybercrime-fraud/why-businesses-can-no-longer-treat-cybersecurity-as-an-it-problem.jpg For many years, cybersecurity teams prioritised developing impregnable defenses like firewalls, intrusion prevention systems, and antivirus software to prevent intruders. However, the most perilous cyberattacks now do not involve unauthorised entry. They are receiving an invitation. “The Downloads folder has quietly become one of the hottest pieces of ...