Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites https://firewall.firm.in/wp-content/uploads/2025/12/chrome-passwords.jpg Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both ...

No breach in Aadhaar database till date, govt tells Parliament https://etimg.etb2bimg.com/thumb/msid-126049947,imgsize-37458,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/no-breach-in-aadhaar-database-till-date-govt-tells-parliament.jpg There has been no breach of Aadhaar cardholders’ data from the UIDAI database to date, the government said on Wednesday. A multi-layered security infrastructure and Aadhar’s status as a nationally protected system shield it from threats, minister of state for electronics and information technology Jitin Prasada told Parliament. Aadhaar ...

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign https://firewall.firm.in/wp-content/uploads/2025/12/aws.jpg Dec 16, 2025Ravie LakshmananMalware / Threat Detection An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on ...

Enterprises move from securing data to proving trust: Leaders unpack the new competitive advantage at ETCISO DP&P Summit 2025 https://etimg.etb2bimg.com/thumb/msid-125930618,imgsize-88480,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/enterprises-move-from-securing-data-to-proving-trust-leaders-unpack-the-new-competitive-advantage-at-etciso-dpp-summit-2025.jpg At the ET CISO Data Protection & Privacy Summit 2025, senior leaders from fintech, insurance, banking, market infrastructure and digital identity platforms examined how trust is shifting from a moral position to a measurable business strategy. Moderated by Sneha Jha, ...

New React RSC Vulnerabilities Enable DoS and Source Code Exposure https://firewall.firm.in/wp-content/uploads/2025/12/react-flaws.jpg Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while ...

Digital battlefield: Data dominance, codebreaking and the roots of information warfare https://etimg.etb2bimg.com/thumb/msid-125684785,imgsize-255746,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/digital-battlefield-data-dominance-codebreaking-and-the-roots-of-information-warfare.jpg Negligence in data handling leads to large scale data exposure, enabling malicious actors to exploit leaked data for committing fraud, blackmail or identity theft triggering penal statutes. Data is often described as the ‘new oil’ – a strategic asset central to the survival of individuals, corporations or even ...

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages https://firewall.firm.in/wp-content/uploads/2025/11/setuptools.jpg Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the ...

Navigating data breach challenges in DPDP era: Retrospective risks & regulatory strains https://etimg.etb2bimg.com/thumb/msid-125499084,imgsize-14220,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/navigating-data-breach-challenges-in-dpdp-era-retrospective-risks-regulatory-strains.jpg DPDP rules mark significant milestone in India’s ongoing data protection journey India’s digital ecosystem has undergone a seismic shift with the notification of the Digital Personal Data Protection (DPDP) Rules, 2025, on November 13, 2025. As the country’s first comprehensive data privacy framework, the DPDP Act, 2023, ...

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation https://firewall.firm.in/wp-content/uploads/2025/11/grafana.jpg Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain ...

Spain to investigate Meta for alleged Android privacy breaches https://etimg.etb2bimg.com/thumb/msid-125452475,imgsize-19560,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/spain-to-investigate-meta-for-alleged-android-privacy-breaches.jpg Spain’s parliament will investigate Meta for possible privacy violations of its Facebook and Instagram users, Spanish Prime Minister Pedro Sanchez said on Wednesday. “In Spain, the law is above any algorithm or any large technology platform. And anyone who violates our rights will pay the consequences,” Sanchez said in a ...