Anthropic leak exposes Claude Code source https://etimg.etb2bimg.com/thumb/msid-130070794,imgsize-17066,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/anthropic-leak-exposes-claude-code-source.jpg American AI company Anthropic has been one of the most-vocal supporters of banning export of American AI software and hardware to China. So much so that it’s CEO Dario Amodei has called China an adversarial nation” on numerous occasions. Like Microsoft-backed OpenAI and Alphabet’s Google, Anthropic has not made its services available in ...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants https://firewall.firm.in/wp-content/uploads/2026/04/database.jpg Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. “Every package contains three ...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://firewall.firm.in/wp-content/uploads/2026/04/nextjs.jpg Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to ...

Block the Prompt, Not the Work: The End of https://firewall.firm.in/wp-content/uploads/2026/04/red.jpg There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, ...

Data privacy is becoming an infrastructure imperative https://etimg.etb2bimg.com/thumb/msid-127902085,imgsize-337112,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/data-privacy-a-key-infrastructure-challenge-for-indian-enterprises.jpg For Indian enterprises, managing data privacy is rapidly becoming fundamental to infrastructure engineering and risk management. It is no longer advisable to relegate privacy to legal tick-boxes or compliance checklists. As organizations modernize digital estates across cloud, hybrid, and edge environments, privacy must be treated as part of the data lifecycle engineering ...

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass https://firewall.firm.in/wp-content/uploads/2026/04/whatsapp-exploit.jpg Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and ...

84% of female entrepreneurs use UPI; cohort shows the highest levels of digital adoption: Report https://etimg.etb2bimg.com/thumb/msid-129193057,imgsize-1994229,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/majority-of-female-entrepreneurs-embrace-digital-banking-despite-concerns-over-data-privacy.jpg In a report by DBS Bank India, HNW (High-Net-Worth) women, female entrepreneurs, and rural women were surveyed. Among these participants, 31% of female entrepreneurs reported a monthly personal income ranging between Rs 1 lakh and Rs 3 lakh. 27% of HNW women had an ...

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 https://firewall.firm.in/wp-content/uploads/2026/04/axios-northkorea.jpg Ravie LakshmananApr 01, 2026Threat Intelligence / Software Security Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we ...

TRU identifies mobile spyware campaign using fake Red Alert app in Israel https://etimg.etb2bimg.com/thumb/msid-129603786,imgsize-5482,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/tru-identifies-mobile-spyware-campaign-using-fake-red-alert-app-in-israel.jpg A targeted smishing campaign has been identified in which Israeli users received SMS messages impersonating official Home Front Command alerts and distributing a trojanized version of Israel’s Red Alert rocket warning Android app. The malicious app preserves the legitimate rocket alert functionality, making it harder for users ...

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account https://firewall.firm.in/wp-content/uploads/2026/03/Axios-attack.jpg The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to ...