Clearview AI faces criminal complaint in Austria for suspected privacy violations https://etimg.etb2bimg.com/thumb/msid-124886388,imgsize-24704,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/clearview-ai-faces-criminal-complaint-in-austria-for-suspected-privacy-violations.jpg An Austrian privacy group has filed a criminal complaint against Clearview AI. Austrian privacy group noyb said on Tuesday it has filed a criminal complaint in Austria, accusing US-based Clearview AI of illegally collecting photos and videos of European Union residents to build its facial-recognition database. Noyb said ...

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions https://firewalls.firm.in/wp-content/uploads/2025/11/bit-main.jpg Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code ...

Navigating data breach challenges in DPDP era: Retrospective risks & regulatory strains https://etimg.etb2bimg.com/thumb/msid-125499084,imgsize-14220,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/navigating-data-breach-challenges-in-dpdp-era-retrospective-risks-regulatory-strains.jpg DPDP rules mark significant milestone in India’s ongoing data protection journey India’s digital ecosystem has undergone a seismic shift with the notification of the Digital Personal Data Protection (DPDP) Rules, 2025, on November 13, 2025. As the country’s first comprehensive data privacy framework, the DPDP Act, 2023, ...

The one threat CISOs can’t patch, ETCISO In today’s world, companies are investing heavily in advanced cybersecurity tools, AI-driven monitoring, automated SOCs, zero-trust frameworks and more. Yet, in many major cyber incidents, one detail keeps repeating: a human being made a mistake. Sometimes it’s a rushed click on a link, a quick approval given under pressure, or a moment where ...

Festive deals or digital traps? How cybercriminals are mimicking brands to dupe shoppers https://etimg.etb2bimg.com/thumb/msid-124976178,imgsize-29752,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/festive-deals-or-digital-traps-how-cybercriminals-are-mimicking-brands-to-dupe-shoppers.jpg Cybercrime (Representative Image) As India’s festive shopping peaks during this quarter of the year across digital and omnichannel retail, cybercriminals are finding new ways to exploit shoppers’ excitement and urgency. Fake QR codes, malicious payment links, and AI-generated brand impersonations are becoming increasingly common. Karthik Krishnan, ...

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation https://firewalls.firm.in/wp-content/uploads/2025/11/grafana.jpg Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain ...

Kyndryl wins deal to modernise Vodafone Idea’s IT operations, cybersecurity https://etimg.etb2bimg.com/thumb/msid-125476619,imgsize-47186,width-1200,height=627,overlay-etciso,resizemode-75/corporate/kyndryl-wins-deal-to-modernise-vodafone-ideas-it-operations-cybersecurity.jpg US enterprise technology services firm Kyndryl has expanded its partnership with India’s Vodafone Idea (Vi) with a new three-year deal to modernise the telecom carrier’s IT operations and delivery, streamline application operations management, and provide a unified integrated cyber resilience framework. Vi and Kyndryl did not disclose financial terms ...

A Game-Changer for Corporate Governance, ETCISO On a fine Friday morning, when cybersecurity leaders across India were wrapping up their final calls and easing into the promise of a relaxed weekend, normalcy shattered. WhatsApp groups buzzed. Email threads lit up. Phones rang nonstop. The Digital Personal Data Protection (DPDP) Rules had finally been notified. What had been a long wait—almost ...

Indian firms exposed to critical risks but few quantify them https://etimg.etb2bimg.com/thumb/msid-125452461,imgsize-16602,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/indian-firms-exposed-to-critical-risks-but-few-quantify-them.jpg Indian companies are confronting a rapidly evolving risk environment dominated by cyber threats, regulatory pressure, economic volatility and workforce challenges, yet only a small fraction are using data and analytics to measure their exposures or evaluate whether their insurance programmes are delivering value, a survey by professional consultancy firm ...

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet https://firewalls.firm.in/wp-content/uploads/2025/11/clusture-hacking.jpg Nov 20, 2025Ravie LakshmananVulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an ...