Britain’s JLR says ‘some data’ affected by cybersecurity incident https://etimg.etb2bimg.com/thumb/msid-123821271,imgsize-5312,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/britains-jlr-says-some-data-affected-by-cybersecurity-incident.jpg Jaguar Land Rover on Wednesday said that “some data” was affected in a cybersecurity incident disclosed last week, which has disrupted production and sales at the British luxury carmaker. JLR did not provide details on what kind of data was affected but said it was informing relevant authorities. “Our forensic ...

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens https://firewalls.firm.in/wp-content/uploads/2025/10/recap-hacker.jpg Oct 27, 2025Ravie LakshmananCybersecurity / Hacking News Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and ...

Seqrite reveals critical insights into Google salesforce breach by UNC6040 threat group https://etimg.etb2bimg.com/thumb/msid-123842589,imgsize-4194,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/exploring-the-disruptive-unc6040-cyberattack-insights-from-seqrite-on-the-google-salesforce-breach.jpg Seqrite, the enterprise arm of Quick Heal Technologies Limited, a global provider of cybersecurity solutions, has unveiled comprehensive insights into the sophisticated vishing-extortion campaign that compromised Google’s corporate Salesforce instance in June 2025, exposing small and medium-sized business client data to cybercriminals. The attack was orchestrated by ...

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign https://firewalls.firm.in/wp-content/uploads/2025/10/indian-cyberattack.jpg Oct 24, 2025Ravie LakshmananCyber Espionage / Malware A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), ...

Facebook $725M privacy settlement: Eligibility, payouts & key details https://etimg.etb2bimg.com/thumb/msid-123862981,imgsize-82084,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/facebook-725m-privacy-settlement-eligibility-payouts-key-details.jpg Payments from Facebook’s $725 million privacy settlement are finally being distributed, with approved claimants set to receive money over the coming weeks. The settlement stems from lawsuits that accused the social media giant of improperly sharing users’ personal data with advertisers and third-party firms, most notably highlighted by the 2018 ...

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation https://firewalls.firm.in/wp-content/uploads/2025/10/phishing.jpg Oct 24, 2025Ravie LakshmananData Breach / Cybercrime The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. ...

These OnePlus smartphones may be leaking your SMS messages to hackers https://etimg.etb2bimg.com/thumb/msid-124176116,imgsize-24140,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/these-oneplus-smartphones-may-be-leaking-your-sms-messages-to-hackers.jpg OnePlus smartphones running OxygenOS versions 12 through 15 contain a critical security vulnerability that allows malicious apps to read and send SMS messages without user permission, cybersecurity firm Rapid7 revealed this week. The flaw, tracked as CVE-2025-10184 with a severity score of 8.2 out of 10, potentially affects ...

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation https://firewalls.firm.in/wp-content/uploads/2025/10/windows-update.jpg Oct 24, 2025Ravie LakshmananVulnerability / Network Security Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), ...

Canada’s WestJet says some passenger data exposed in cybersecurity breach https://etimg.etb2bimg.com/thumb/msid-124247093,imgsize-964241,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/canadas-westjet-says-some-passenger-data-exposed-in-cybersecurity-breach.jpg Canadian carrier WestJet said on Monday the personal information of some passengers was exposed in a cybersecurity breach earlier this year, though no payment data was compromised. The airline said it detected suspicious activity on June 13 and later determined that a “sophisticated, criminal third party” had gained unauthorized ...

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack https://firewalls.firm.in/wp-content/uploads/2025/10/code-vscode.jpg Oct 24, 2025Ravie LakshmananDevOps / Malware Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by ...