AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE https://firewalls.firm.in/wp-content/uploads/2026/03/lang-ai.jpg Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that ...

Most India GCCs still in early stages of DPDP compliance despite ticking 14-month deadline https://etimg.etb2bimg.com/thumb/msid-129599929,imgsize-224444,width-1200,height=627,overlay-etciso,resizemode-75/ot-security/most-india-gccs-still-in-early-stages-of-dpdp-compliance-despite-ticking-14-month-deadline.jpg Four months after the rules under the Digital Personal Data Protection Act, 2023 were notified, most global capability centres (GCCs) in India remain in the early phases of compliance planning, with only a small fraction having moved into structured implementation even as the 14-month compliance ...

Why a partner-driven ecosystem is the new strategic imperative, ETCISO In today’s digital economy, cybersecurity has evolved far beyond a technical function. It has become a strategic pillar for business continuity, digital trust, and organizational resilience. As enterprises accelerate digital transformation—embracing cloud technologies, hybrid work environments, artificial intelligence, and interconnected platforms—the cyber threat landscape is becoming increasingly complex. In this ...

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations https://firewalls.firm.in/wp-content/uploads/2026/03/outlook.jpg Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the ...

Proofpoint integrates with AWS Security Hub extended plan https://etimg.etb2bimg.com/thumb/msid-128942815,imgsize-7836,width-1200,height=627,overlay-etciso,resizemode-75/ot-security/proofpoint-integrates-with-aws-security-hub-extended-plan.jpg Proofpoint said its Collaboration Protection product is now integrated with the Extended plan in AWS Security Hub. The integration is intended to let customers procure and manage Proofpoint’s protection for email, messaging, and collaboration tools through AWS Security Hub’s Extended plan, using a consolidated purchasing and support model. Proofpoint Collaboration Protection ...

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow https://firewalls.firm.in/wp-content/uploads/2026/03/tier1.jpg Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the ...

Upwind expands India presence to support cloud and AI security needs https://etimg.etb2bimg.com/thumb/msid-128958713,imgsize-2162,width-1200,height=627,overlay-etciso,resizemode-75/ot-security/upwind-expands-india-presence-to-support-cloud-and-ai-security-needs.jpg Upwind announced it is expanding its presence in India to support demand for real-time cloud risk management as cloud and AI adoption increases. The company said it plans to grow local engineering and go-to-market teams, strengthen local operations, and deploy an in-country SaaS instance to address data residency, ...

F5 Labs Launches AI Security Risk Leaderboards and Monthly Benchmarks to Grade AI Models, ETCISO F5 said it has introduced new threat-intelligence benchmarks to help security teams compare the security risk of widely used AI models. The resources include two leaderboards from F5 Labs that the company says are updated monthly: a Comprehensive AI Security Index (CASI) and an Agentic ...

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets https://firewalls.firm.in/wp-content/uploads/2026/03/ms-login.jpg Ravie LakshmananMar 03, 2026Phishing / Malware Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims ...

Incident readiness: Can you answer ‘What Happened?’ Before the first hour is gone? https://etimg.etb2bimg.com/thumb/msid-128968245,imgsize-26148,width-1200,height=627,overlay-etciso,resizemode-75/corporate/incident-readiness-can-you-answer-what-happened-before-the-first-hour-is-gone.jpg When an incident hits, the first question the business asks is rarely technical. It’s not “Which control failed?” It’s: What happened? The organisations that respond well aren’t the ones with the most tools. They’re the ones that can produce a credible, evidence-backed narrative fast, so leadership ...