FBI shuts down ready-made kit that imitated login pages and stole millions from users worldwide https://etimg.etb2bimg.com/thumb/msid-130226818,imgsize-8416,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/fbi-shuts-down-ready-made-kit-that-imitated-login-pages-and-stole-millions-from-users-worldwide.jpg The FBI Atlanta Field Office, working closely with Indonesian law enforcement, has dismantled a highly organized global phishing operation that gave cybercriminals easy access to a powerful tool for stealing account credentials and attempting large-scale fraud. At the centre of the operation was a ...

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data https://firewall.firm.in/wp-content/uploads/2026/04/ghost.jpg Mohit KumarApr 18, 2026Artificial Intelligence / Enterprise Security In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, ...

Anthropic leak exposes Claude Code source https://etimg.etb2bimg.com/thumb/msid-130070794,imgsize-17066,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/anthropic-leak-exposes-claude-code-source.jpg American AI company Anthropic has been one of the most-vocal supporters of banning export of American AI software and hardware to China. So much so that it’s CEO Dario Amodei has called China an adversarial nation” on numerous occasions. Like Microsoft-backed OpenAI and Alphabet’s Google, Anthropic has not made its services available in ...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants https://firewall.firm.in/wp-content/uploads/2026/04/database.jpg Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. “Every package contains three ...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://firewall.firm.in/wp-content/uploads/2026/04/nextjs.jpg Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to ...

Block the Prompt, Not the Work: The End of https://firewall.firm.in/wp-content/uploads/2026/04/red.jpg There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, ...

Data privacy is becoming an infrastructure imperative https://etimg.etb2bimg.com/thumb/msid-127902085,imgsize-337112,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/data-privacy-a-key-infrastructure-challenge-for-indian-enterprises.jpg For Indian enterprises, managing data privacy is rapidly becoming fundamental to infrastructure engineering and risk management. It is no longer advisable to relegate privacy to legal tick-boxes or compliance checklists. As organizations modernize digital estates across cloud, hybrid, and edge environments, privacy must be treated as part of the data lifecycle engineering ...

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass https://firewall.firm.in/wp-content/uploads/2026/04/whatsapp-exploit.jpg Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and ...

84% of female entrepreneurs use UPI; cohort shows the highest levels of digital adoption: Report https://etimg.etb2bimg.com/thumb/msid-129193057,imgsize-1994229,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/majority-of-female-entrepreneurs-embrace-digital-banking-despite-concerns-over-data-privacy.jpg In a report by DBS Bank India, HNW (High-Net-Worth) women, female entrepreneurs, and rural women were surveyed. Among these participants, 31% of female entrepreneurs reported a monthly personal income ranging between Rs 1 lakh and Rs 3 lakh. 27% of HNW women had an ...

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 https://firewall.firm.in/wp-content/uploads/2026/04/axios-northkorea.jpg Ravie LakshmananApr 01, 2026Threat Intelligence / Software Security Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we ...