Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers https://firewall.firm.in/wp-content/uploads/2025/01/dna.png Jan 07, 2025Ravie LakshmananFirmware Security / Malware Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated implementation of ...

From $22M in Ransom to +100M Stolen Records: 2025’s All-Star SaaS Threat Actors to Watch https://firewall.firm.in/wp-content/uploads/2025/01/wing.png In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with ...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] https://firewall.firm.in/wp-content/uploads/2025/01/recap.png Jan 06, 2025Ravie Lakshmanan Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line ...

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements https://firewall.firm.in/wp-content/uploads/2025/01/india-data.png Jan 06, 2025Ravie LakshmananRegulatory Compliance / Data Privacy The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. “Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent,” India’s Press Information Bureau ...

U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns https://firewall.firm.in/wp-content/uploads/2025/01/china-usa.png Jan 04, 2025Ravie LakshmananCyber Espionage / IoT Botnet The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese ...

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution https://firewall.firm.in/wp-content/uploads/2025/01/attack.gif Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out ...

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps https://firewall.firm.in/wp-content/uploads/2025/01/PLAYFULGHOST.gif Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with ...

Chinese hackers targeted US treasury office that handles economic sanctions: report – ET CISO https://etimg.etb2bimg.com/thumb/msid-116932200,imgsize-5842,width-1200,height=765,overlay-etciso/data-breaches/chinese-hackers-targeted-us-treasury-office-that-handles-economic-sanctions-report.jpg Chinese govt hackers breached the US treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack treasury disclosed earlier this week. Citing unnamed US officials, the Washington Post said hackers compromised the office of foreign assets control and ...

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers https://firewall.firm.in/wp-content/uploads/2025/01/exploit-poc.png Jan 03, 2025Ravie LakshmananWindows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by ...

New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60% https://firewall.firm.in/wp-content/uploads/2025/01/ai-jailbreak.png Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has ...