VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi https://firewall.firm.in/wp-content/uploads/2026/04/vect.gif Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that ...

US security company ADT confirms hacking incident, says some customer data stolen https://etimg.etb2bimg.com/thumb/msid-130543679,imgsize-86843,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/us-security-company-adt-confirms-hacking-incident-says-some-customer-data-stolen.jpg ADT, one of the largest home security providers in the US, has confirmed that hackers successfully broke into its systems and stole customer information like their phone numbers and addresses. The announcement comes as a notorious extortion group, known as ShinyHunters, threatens to leak millions of records ...

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software https://firewall.firm.in/wp-content/uploads/2026/04/fast16-exploit.jpg Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to ...

FBI shuts down ready-made kit that imitated login pages and stole millions from users worldwide https://etimg.etb2bimg.com/thumb/msid-130226818,imgsize-8416,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/fbi-shuts-down-ready-made-kit-that-imitated-login-pages-and-stole-millions-from-users-worldwide.jpg The FBI Atlanta Field Office, working closely with Indonesian law enforcement, has dismantled a highly organized global phishing operation that gave cybercriminals easy access to a powerful tool for stealing account credentials and attempting large-scale fraud. At the centre of the operation was a ...

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data https://firewall.firm.in/wp-content/uploads/2026/04/ghost.jpg Mohit KumarApr 18, 2026Artificial Intelligence / Enterprise Security In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, ...

Anthropic leak exposes Claude Code source https://etimg.etb2bimg.com/thumb/msid-130070794,imgsize-17066,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/anthropic-leak-exposes-claude-code-source.jpg American AI company Anthropic has been one of the most-vocal supporters of banning export of American AI software and hardware to China. So much so that it’s CEO Dario Amodei has called China an adversarial nation” on numerous occasions. Like Microsoft-backed OpenAI and Alphabet’s Google, Anthropic has not made its services available in ...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants https://firewall.firm.in/wp-content/uploads/2026/04/database.jpg Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. “Every package contains three ...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://firewall.firm.in/wp-content/uploads/2026/04/nextjs.jpg Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to ...

Block the Prompt, Not the Work: The End of https://firewall.firm.in/wp-content/uploads/2026/04/red.jpg There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, ...

Data privacy is becoming an infrastructure imperative https://etimg.etb2bimg.com/thumb/msid-127902085,imgsize-337112,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/data-privacy-a-key-infrastructure-challenge-for-indian-enterprises.jpg For Indian enterprises, managing data privacy is rapidly becoming fundamental to infrastructure engineering and risk management. It is no longer advisable to relegate privacy to legal tick-boxes or compliance checklists. As organizations modernize digital estates across cloud, hybrid, and edge environments, privacy must be treated as part of the data lifecycle engineering ...