Instagram data breach scare: Over 17 million users hit by sudden and unexpected password reset emails https://etimg.etb2bimg.com/thumb/msid-126474672,imgsize-26842,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/instagram-data-breach-scare-over-17-million-users-hit-by-sudden-and-unexpected-password-reset-emails.jpg Were 17 million Instagram accounts compromised in a recent security incident? Concerns surfaced last week after several users reported receiving unexpected password reset emails, triggering fears of a possible data breach. Cybersecurity firm Malwarebytes suggested the activity was connected to an incident that ...

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews https://firewalls.firm.in/wp-content/uploads/2026/01/hackers.jpg As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle ...

American billionaire Mark Cuban has a warning on AI chatbots for CEOs https://etimg.etb2bimg.com/thumb/msid-126496122,imgsize-209851,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/mark-cuban-warns-ceos-the-risks-and-opportunities-of-ai-chatbots.jpg American billionaire investor Mark Cuban has now issued a stark warning for business leaders about the risks and opportunities of artificial intelligence. Along with this, Cuban has also cautioned that while AI can transform companies, its careless use could expose valuable intellectual property. Speaking during a call ...

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords https://firewalls.firm.in/wp-content/uploads/2026/01/lastpass.jpg Ravie LakshmananJan 21, 2026Email Security / Malware LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming ...

India’s breach brief: 5 structural security failures CISOs can no longer ignore https://etimg.etb2bimg.com/thumb/msid-126920644,imgsize-333856,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/indias-data-breach-crisis-5-critical-security-missteps-every-ciso-must-address.jpg India’s wave of high-profile data breaches isn’t the work of a new breed of hackers, it’s a failure of technology management. The same mistakes were made over and over: misconfigurations, poor oversight, and misplaced trust. These breaches didn’t stem from sophisticated attacks but from fundamental flaws in ...

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution https://firewalls.firm.in/wp-content/uploads/2026/01/git-ai-flaw.jpg Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These ...

Acronis finds WhatsApp-driven Astaroth banking malware https://etimg.etb2bimg.com/thumb/msid-126526176,imgsize-45466,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/astaroth-malware-exploits-whatsapp-to-target-banking-information.jpg A new campaign involving the Astaroth banking malware highlights a shift in how financial cybercrime is being distributed. Tracked by security researchers as “Boto Cor-de-Rosa,” the campaign uses WhatsApp Web as a propagation channel, enabling the malware to automatically send infected files to a victim’s personal contacts. By exploiting trusted relationships and everyday ...

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects https://firewalls.firm.in/wp-content/uploads/2026/01/vscode.png The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December ...

Expert take: The DPDP act arrives: Are companies ready for what comes next? https://etimg.etb2bimg.com/thumb/msid-126749794,imgsize-6460770,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/understanding-indias-digital-personal-data-protection-act-are-companies-prepared.jpg Rupinder Malik, Partner at JSA India stands at a pivotal crossroad today as it navigates its fastest-growing digital economy and the operationalisation of the Digital Personal Data Protection (DPDP) Act. With over one billion internet subscribers, the nation has emerged as one of the world’s three ...

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool https://firewalls.firm.in/wp-content/uploads/2026/01/mexc.jpg Jan 13, 2026Ravie LakshmananWeb Security / Online Fraud Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on ...