Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://firewall.firm.in/wp-content/uploads/2026/04/nextjs.jpg Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to ...

Block the Prompt, Not the Work: The End of https://firewall.firm.in/wp-content/uploads/2026/04/red.jpg There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, ...

Data privacy is becoming an infrastructure imperative https://etimg.etb2bimg.com/thumb/msid-127902085,imgsize-337112,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/data-privacy-a-key-infrastructure-challenge-for-indian-enterprises.jpg For Indian enterprises, managing data privacy is rapidly becoming fundamental to infrastructure engineering and risk management. It is no longer advisable to relegate privacy to legal tick-boxes or compliance checklists. As organizations modernize digital estates across cloud, hybrid, and edge environments, privacy must be treated as part of the data lifecycle engineering ...

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass https://firewall.firm.in/wp-content/uploads/2026/04/whatsapp-exploit.jpg Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and ...

84% of female entrepreneurs use UPI; cohort shows the highest levels of digital adoption: Report https://etimg.etb2bimg.com/thumb/msid-129193057,imgsize-1994229,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/majority-of-female-entrepreneurs-embrace-digital-banking-despite-concerns-over-data-privacy.jpg In a report by DBS Bank India, HNW (High-Net-Worth) women, female entrepreneurs, and rural women were surveyed. Among these participants, 31% of female entrepreneurs reported a monthly personal income ranging between Rs 1 lakh and Rs 3 lakh. 27% of HNW women had an ...

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 https://firewall.firm.in/wp-content/uploads/2026/04/axios-northkorea.jpg Ravie LakshmananApr 01, 2026Threat Intelligence / Software Security Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. “We have attributed the attack to a suspected North Korean threat actor we ...

TRU identifies mobile spyware campaign using fake Red Alert app in Israel https://etimg.etb2bimg.com/thumb/msid-129603786,imgsize-5482,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/tru-identifies-mobile-spyware-campaign-using-fake-red-alert-app-in-israel.jpg A targeted smishing campaign has been identified in which Israeli users received SMS messages impersonating official Home Front Command alerts and distributing a trojanized version of Israel’s Red Alert rocket warning Android app. The malicious app preserves the legitimate rocket alert functionality, making it harder for users ...

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account https://firewall.firm.in/wp-content/uploads/2026/03/Axios-attack.jpg The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to ...

Anthropic’s most powerful AI model ‘Claude Mythos’ data leaked https://etimg.etb2bimg.com/thumb/msid-129858229,imgsize-101462,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/anthropics-most-powerful-ai-model-claude-mythos-data-leaked.jpg A data leak has revealed that Anthropic is developing a new artificial intelligence model it claims is its most powerful yet, with the system already being tested by a small group of users. A report in Fortune quoted an Anthropic spokesperson as saying the system is “the most capable we’ve ...

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks https://firewall.firm.in/wp-content/uploads/2026/03/open-code.jpg Ravie LakshmananMar 27, 2026Software Security / DevSecOps Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the ...