Indian firms exposed to critical risks but few quantify them https://etimg.etb2bimg.com/thumb/msid-125452461,imgsize-16602,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/indian-firms-exposed-to-critical-risks-but-few-quantify-them.jpg Indian companies are confronting a rapidly evolving risk environment dominated by cyber threats, regulatory pressure, economic volatility and workforce challenges, yet only a small fraction are using data and analytics to measure their exposures or evaluate whether their insurance programmes are delivering value, a survey by professional consultancy firm ...

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet https://firewalls.firm.in/wp-content/uploads/2025/11/clusture-hacking.jpg Nov 20, 2025Ravie LakshmananVulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an ...

Operant AI discovers https://etimg.etb2bimg.com/thumb/msid-124846261,imgsize-8462,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/operant-ai-discovers-shadow-escape-the-first-zero-click-agentic-attack-via-mcp.jpg Operant AI, the world’s only Runtime AI Defense Platform, today disclosed the discovery of Shadow Escape, a powerful zero-click attack that exploits Model Context Protocol (MCP) and connected AI agents. The exploit enables data exfiltration via popular AI agents and assistants, including ChatGPT, Claude, Gemini, and other LLM-powered agents. As enterprises rapidly adopt agentic AI through ...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) https://firewalls.firm.in/wp-content/uploads/2025/11/7-zip-exploit.jpg Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute ...

Hack of the day: How to file a complaint against e-commerce/financial scams https://etimg.etb2bimg.com/thumb/msid-125324416,imgsize-93436,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/hack-of-the-day-how-to-file-a-complaint-against-e-commerce/financial-scams.jpg ‘The Times of India’ brings you ‘Hack of the Day’ — a new weekday-series of quick, practical solutions to everyday hassles. Each hack is designed to save you time, money or stress, using tools and features within your reach — from government websites to everyday apps. In ...

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar https://firewalls.firm.in/wp-content/uploads/2025/11/browser.gif The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in ...

Breach reporting, big penalties: Will DPDP act transform data safety? https://etimg.etb2bimg.com/thumb/msid-125375609,imgsize-7784,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/dpdp-act-a-game-changer-for-data-safety-in-india.jpg When the government notified the final rules of the Data Privacy and Protection Act (DPDP Act) yesterday, it did more than activate a long-anticipated law. It marked India’s most assertive step yet toward tackling the nation’s fastest-rising digital threat: data-driven cybercrime. India now registers one of the sharpest increases ...

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet https://firewalls.firm.in/wp-content/uploads/2025/11/botnet.jpg Nov 15, 2025Ravie LakshmananMalware / Vulnerability The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that ...

ATT data breach settlement: Who is eligible and how to receive up to $7500 https://etimg.etb2bimg.com/thumb/msid-125316067,imgsize-34544,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/att-data-breach-settlement-who-is-eligible-and-how-to-receive-up-to-7500.jpg AT&T data breach settlement claims are closing soon, and millions of customers could receive payments of up to $7,500 from the massive $177 million settlement, making this one of the most urgent consumer deadlines of the year. AT&T customers in both data leaks are rushing ...

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks https://firewalls.firm.in/wp-content/uploads/2025/11/1000033960.jpg Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. “These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ ...