ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket https://firewalls.firm.in/wp-content/uploads/2026/03/opem.jpg OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions ...

RBI summons executives over forex card breach https://etimg.etb2bimg.com/thumb/msid-128873075,imgsize-98498,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/rbi-summons-executives-over-forex-card-breach.jpg The Reserve Bank of India (RBI) has summoned senior officials of Yes Bank following a significant data breach involving the Yes Bank-BookMyForex multi-currency forex card, two people aware of the development told ET. Card details and CVV numbers of several users were allegedly compromised. The central bank has sought a detailed explanation ...

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks https://firewalls.firm.in/wp-content/uploads/2026/02/keys.jpg Ravie LakshmananFeb 27, 2026Malware / Surveillance The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands ...

Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem https://firewalls.firm.in/wp-content/uploads/2026/02/main.gif Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, ...

The misplaced trust in hashing as a privacy safeguard https://etimg.etb2bimg.com/thumb/msid-127922907,imgsize-2078872,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/hashing-the-illusion-of-privacy-in-data-sharing.jpg Across industries, hashing has become the default mechanism for “privacy-safe” data collaboration. From advertising to financial services, organisations routinely share and compare hashed identifiers, such as phone numbers or email addresses, under the assumption that hashing renders personal data effectively anonymous. That assumption is increasingly being challenged. Recent demonstrations by ...

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors https://firewalls.firm.in/wp-content/uploads/2026/02/TELECOM.jpg The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies ...

India in talks with 30+ nations to curb AI misuse https://etimg.etb2bimg.com/thumb/msid-128447441,imgsize-63784,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/india-in-talks-with-30-nations-to-curb-ai-misuse.jpg Electronics and IT minister Ashwini Vaishnaw on Monday said India is in discussions with ministers from over 30 countries to develop common technical and legal solutions to tackle the misuse of AI in media, as deepfakes and synthetic content pose growing risks to trust, democracy and creative industries. At ...

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More https://firewalls.firm.in/wp-content/uploads/2026/02/cyber-recap.jpg Ravie LakshmananFeb 23, 2026Cybersecurity / Hacking Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are ...

Explainability embedded in data resilience is essential for compliance https://etimg.etb2bimg.com/thumb/msid-128592186,imgsize-4478,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/navigating-data-resilience-and-compliance-the-critical-need-for-explainability-in-indias-digital-landscape.jpg Across Asia Pacific, the regulatory momentum is unmistakable, and India is no exception. In India, the Digital Personal Data Protection Act (DPDP Act), 2023 has fundamentally reshaped how enterprises must think about data accountability, breach readiness, and auditability. Once fully enforced through rules, penalties for non-compliance can reach INR 250 ...

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries https://firewalls.firm.in/wp-content/uploads/2026/02/FortiGate.jpg A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, ...