India’s breach brief: 5 structural security failures CISOs can no longer ignore https://etimg.etb2bimg.com/thumb/msid-126920644,imgsize-333856,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/indias-data-breach-crisis-5-critical-security-missteps-every-ciso-must-address.jpg India’s wave of high-profile data breaches isn’t the work of a new breed of hackers, it’s a failure of technology management. The same mistakes were made over and over: misconfigurations, poor oversight, and misplaced trust. These breaches didn’t stem from sophisticated attacks but from fundamental flaws in ...

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution https://firewalls.firm.in/wp-content/uploads/2026/01/git-ai-flaw.jpg Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These ...

Acronis finds WhatsApp-driven Astaroth banking malware https://etimg.etb2bimg.com/thumb/msid-126526176,imgsize-45466,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/astaroth-malware-exploits-whatsapp-to-target-banking-information.jpg A new campaign involving the Astaroth banking malware highlights a shift in how financial cybercrime is being distributed. Tracked by security researchers as “Boto Cor-de-Rosa,” the campaign uses WhatsApp Web as a propagation channel, enabling the malware to automatically send infected files to a victim’s personal contacts. By exploiting trusted relationships and everyday ...

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects https://firewalls.firm.in/wp-content/uploads/2026/01/vscode.png The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December ...

Expert take: The DPDP act arrives: Are companies ready for what comes next? https://etimg.etb2bimg.com/thumb/msid-126749794,imgsize-6460770,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/understanding-indias-digital-personal-data-protection-act-are-companies-prepared.jpg Rupinder Malik, Partner at JSA India stands at a pivotal crossroad today as it navigates its fastest-growing digital economy and the operationalisation of the Digital Personal Data Protection (DPDP) Act. With over one billion internet subscribers, the nation has emerged as one of the world’s three ...

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool https://firewalls.firm.in/wp-content/uploads/2026/01/mexc.jpg Jan 13, 2026Ravie LakshmananWeb Security / Online Fraud Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on ...

Sebi alleges Bank of America breached rules in 2024 stock deal, document shows https://etimg.etb2bimg.com/thumb/msid-126406161,imgsize-46564,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/sebi-alleges-bank-of-america-breached-rules-in-2024-stock-deal-document-shows.jpg India’s markets regulator has accused a ⁠Bank of America (BofA) unit of violating its insider trading rules and breaking internal “Chinese walls” in connection with a 2024 share sale, a notice showed. The notice followed a Securities and Exchange Board of India (SEBI) investigation into the ...

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia https://firewalls.firm.in/wp-content/uploads/2026/01/india.jpg The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. “The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut ...

Microsoft, Meta, Google and Apple warned over AI outputs by US attorneys general https://etimg.etb2bimg.com/thumb/msid-125902911,imgsize-24128,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/us-attorneys-general-warn-tech-giants-like-microsoft-and-apple-over-ai-risks.jpg Microsoft, Meta, Google and Apple were among the 13 companies that received a warning from a bipartisan group of state attorneys general, according to a letter from the state leaders, who said their chatbots’ “delusional outputs” could be violating state laws. The letter was made public ...

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign https://firewalls.firm.in/wp-content/uploads/2026/01/phishing-email.jpg Jan 02, 2026Ravie LakshmananCloud Security / Email Security Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud ...