Zoomcar says hacker accessed personal data of 8.4 million users – ET CISO https://etimg.etb2bimg.com/thumb/msid-121899085,imgsize-22952,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/zoomcar-says-hacker-accessed-personal-data-of-8-4-million-users.jpg Zoomcar, a leading Indian car-sharing marketplace, has disclosed that hackers gained unauthorized access to the personal data of at least 8.4 million customers. The breach, detected on June 9, compromised names, phone numbers, and car registration numbers, according to a filing with the U.S. Securities and ...

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks https://firewall.firm.in/wp-content/uploads/2025/06/Langflow-AI.jpg Jun 17, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. “Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which ...

With retail cyberattacks on the rise, customers find orders blocked and shelves empty – ET CISO https://etimg.etb2bimg.com/thumb/msid-121842178,imgsize-215832,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/with-retail-cyberattacks-on-the-rise-customers-find-orders-blocked-and-shelves-empty.jpg Representative image A string of recent cyberattacks and data breaches involving the systems of major retailers have started affecting shoppers. United Natural Foods, a wholesale distributor that supplies Whole Foods and other grocers, said this week that a breach of its systems was ...

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets https://firewall.firm.in/wp-content/uploads/2025/06/Discord.jpg A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. “Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers,” Check Point ...

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally https://firewall.firm.in/wp-content/uploads/2025/06/code.jpg Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to “lib/commonjs/index.js,” allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The ...

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users https://firewall.firm.in/wp-content/uploads/2025/06/apple.jpg Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking ...

Urgent cyber warning for Americans: 184 million passwords leaked – ET CISO https://etimg.etb2bimg.com/thumb/msid-121561029,imgsize-82362,width-1200,height=765,overlay-etciso/data-breaches/urgent-cyber-warning-for-americans-184-million-passwords-leaked.jpg In one of the most alarming cybersecurity revelations of the decade, a massive data leak has exposed over 184 million records, including emails, passwords, and login links — all stored in plain text — according to a new report by Wired. The shocking discovery was made by ...

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More https://firewall.firm.in/wp-content/uploads/2025/06/recap.jpg Jun 02, 2025Ravie LakshmananCybersecurity / Hacking News If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how ...

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore https://firewall.firm.in/wp-content/uploads/2025/05/ransomware-crime.jpg May 28, 2025Ravie LakshmananRansomware / Data Breach An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks ...

Will Meta lawsuits shape Africa’s data privacy laws? – ET CISO https://etimg.etb2bimg.com/thumb/msid-121305742,imgsize-443777,width-1200,height=765,overlay-etciso/data-breaches/will-meta-lawsuits-shape-africas-data-privacy-laws.jpg Highlights Meta, the parent company of Facebook, Instagram, and WhatsApp, is contesting a $220 million fine imposed by Nigeria’s Federal Competition and Consumer Protection Commission for alleged regulatory breaches, including unauthorized data sharing and market dominance abuse. Content moderators working for Majorel in Ghana have reported severe mental ...