Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://firewall.firm.in/wp-content/uploads/2025/05/google.jpg May 10, 2025Ravie LakshmananBiometric Data / Privacy Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs ...

China’s data protection rules prompt pause from major European research funders – ET CISO https://etimg.etb2bimg.com/thumb/msid-120604858,imgsize-13150,width-1200,height=765,overlay-etciso/data-breaches/chinas-data-protection-rules-prompt-pause-from-major-european-research-funders.jpg Several of Europe’s biggest funders of scientific collaboration with China, in fields such as viruses and air quality, have put bilateral research programmes on hold due to concerns over Chinese data protection laws, funding agencies said. The suspension, which Reuters is reporting for the first ...

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://firewall.firm.in/wp-content/uploads/2025/05/comm.jpg May 05, 2025Ravie LakshmananVulnerability / Zero-Day The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: ...

Over 290,000 citizens at risk: CloudSEK uncovers major data breach at BWSSB – ET CISO https://etimg.etb2bimg.com/thumb/msid-120841679,imgsize-7084,width-1200,height=765,overlay-etciso/data-breaches/over-290000-citizens-at-risk-cloudsek-uncovers-major-data-breach-at-bwssb.jpg CloudSEK, a leading AI-driven cybersecurity firm, has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was ...

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi https://firewall.firm.in/wp-content/uploads/2025/05/apple.jpg May 05, 2025Ravie LakshmananNetwork Security / Vulnerability Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by ...

Verizon’s 2025 DBIR: 97% of APAC breaches driven by system intrusion, social engineering, Web App attacks – ET CISO https://etimg.etb2bimg.com/thumb/msid-120637562,imgsize-11786,width-1200,height=765,overlay-etciso/data-breaches/verizons-2025-dbir-97-of-apac-breaches-driven-by-system-intrusion-social-engineering-web-app-attacks.jpg Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), sounding the alarm on a surge of system intrusions across the Asia-Pacific region. The report reveals that four out of five data breaches in the region stemmed from such ...

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers https://firewall.firm.in/wp-content/uploads/2025/05/wordpress.jpg May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the ...

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages https://firewall.firm.in/wp-content/uploads/2025/04/google.gif Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow. “This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their ...

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors https://firewall.firm.in/wp-content/uploads/2025/04/malware-attack.jpg The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a ...

Government weighing local storage of AI models to mitigate risk associated with them – ET CISO https://etimg.etb2bimg.com/thumb/msid-120082128,imgsize-35306,width-1200,height=765,overlay-etciso/data-breaches/government-weighing-local-storage-of-ai-models-to-mitigate-risk-associated-with-them.jpg The government is weighing local storage of AI models to mitigate any risk associated with them and prevent flow of data outside the country, a senior government official said on Monday. While speaking on the sidelines of Digital Threat Report 2024 for the ...