Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://firewalls.firm.in/wp-content/uploads/2026/04/nextjs.jpg Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to ...

Android Developer Verification Rollout Begins Ahead of September Enforcement https://firewalls.firm.in/wp-content/uploads/2026/03/android-dev.jpg Ravie LakshmananMar 31, 2026Mobile Security / Compliance Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development comes ahead of a planned verification mandate that goes into effect in Brazil, ...

Anthropic’s most powerful AI model ‘Claude Mythos’ data leaked https://etimg.etb2bimg.com/thumb/msid-129858229,imgsize-101462,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/anthropics-most-powerful-ai-model-claude-mythos-data-leaked.jpg A data leak has revealed that Anthropic is developing a new artificial intelligence model it claims is its most powerful yet, with the system already being tested by a small group of users. A report in Fortune quoted an Anthropic spokesperson as saying the system is “the most capable we’ve ...

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack https://firewalls.firm.in/wp-content/uploads/2026/03/iran-hacking.jpg Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said ...

NHRC issues notices over alleged DPDP Act violations by AI, social media, edtech platforms https://etimg.etb2bimg.com/thumb/msid-129797566,imgsize-21578,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/nhrc-issues-urgent-notices-to-protect-childrens-data-rights-under-dpdp-act.jpg The National Human Rights Commission (NHRC) has taken cognisance of alleged violations of the Digital Personal Data Protection Act (DPDP Act), particularly concerning the absence of systems for tracking children’s data transfers and grievance redressal mechanisms across major digital platforms. A bench led by NHRC ...

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks https://firewalls.firm.in/wp-content/uploads/2026/03/validate.jpg The Hacker NewsMar 26, 2026Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? ...

84% of female entrepreneurs use UPI; cohort shows the highest levels of digital adoption: Report https://etimg.etb2bimg.com/thumb/msid-129193057,imgsize-1994229,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/majority-of-female-entrepreneurs-embrace-digital-banking-despite-concerns-over-data-privacy.jpg In a report by DBS Bank India, HNW (High-Net-Worth) women, female entrepreneurs, and rural women were surveyed. Among these participants, 31% of female entrepreneurs reported a monthly personal income ranging between Rs 1 lakh and Rs 3 lakh. 27% of HNW women had an ...

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise https://firewalls.firm.in/wp-content/uploads/2026/03/lite.jpg TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm ...

Cognizant unit TriZetto breach exposes data of 3.4m people https://etimg.etb2bimg.com/thumb/msid-129309061,imgsize-7510,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/cognizant-unit-trizetto-breach-exposes-data-of-3-4m-people.jpg Bengaluru: Cognizant subsidiary TriZetto Provider Solutions (TPS) has suffered a data breach that exposed the sensitive information of about 3.4 million individuals, according to a filing with the Office of the Maine Attorney General. TPS said it has begun notifying affected individuals about the cybersecurity incident, which may have exposed ...

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More https://firewalls.firm.in/wp-content/uploads/2026/03/recap-bl.jpg Ravie LakshmananMar 23, 2026Cybersecurity / Hacking Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting ...