Clearview AI faces criminal complaint in Austria for suspected privacy violations https://etimg.etb2bimg.com/thumb/msid-124886388,imgsize-24704,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/clearview-ai-faces-criminal-complaint-in-austria-for-suspected-privacy-violations.jpg An Austrian privacy group has filed a criminal complaint against Clearview AI. Austrian privacy group noyb said on Tuesday it has filed a criminal complaint in Austria, accusing US-based Clearview AI of illegally collecting photos and videos of European Union residents to build its facial-recognition database. Noyb said ...

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions https://firewalls.firm.in/wp-content/uploads/2025/11/bit-main.jpg Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code ...

Festive deals or digital traps? How cybercriminals are mimicking brands to dupe shoppers https://etimg.etb2bimg.com/thumb/msid-124976178,imgsize-29752,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/festive-deals-or-digital-traps-how-cybercriminals-are-mimicking-brands-to-dupe-shoppers.jpg Cybercrime (Representative Image) As India’s festive shopping peaks during this quarter of the year across digital and omnichannel retail, cybercriminals are finding new ways to exploit shoppers’ excitement and urgency. Fake QR codes, malicious payment links, and AI-generated brand impersonations are becoming increasingly common. Karthik Krishnan, ...

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation https://firewalls.firm.in/wp-content/uploads/2025/11/grafana.jpg Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain ...

Indian firms exposed to critical risks but few quantify them https://etimg.etb2bimg.com/thumb/msid-125452461,imgsize-16602,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/indian-firms-exposed-to-critical-risks-but-few-quantify-them.jpg Indian companies are confronting a rapidly evolving risk environment dominated by cyber threats, regulatory pressure, economic volatility and workforce challenges, yet only a small fraction are using data and analytics to measure their exposures or evaluate whether their insurance programmes are delivering value, a survey by professional consultancy firm ...

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet https://firewalls.firm.in/wp-content/uploads/2025/11/clusture-hacking.jpg Nov 20, 2025Ravie LakshmananVulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an ...

Operant AI discovers https://etimg.etb2bimg.com/thumb/msid-124846261,imgsize-8462,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/operant-ai-discovers-shadow-escape-the-first-zero-click-agentic-attack-via-mcp.jpg Operant AI, the world’s only Runtime AI Defense Platform, today disclosed the discovery of Shadow Escape, a powerful zero-click attack that exploits Model Context Protocol (MCP) and connected AI agents. The exploit enables data exfiltration via popular AI agents and assistants, including ChatGPT, Claude, Gemini, and other LLM-powered agents. As enterprises rapidly adopt agentic AI through ...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) https://firewalls.firm.in/wp-content/uploads/2025/11/7-zip-exploit.jpg Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute ...

Hack of the day: How to file a complaint against e-commerce/financial scams https://etimg.etb2bimg.com/thumb/msid-125324416,imgsize-93436,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/hack-of-the-day-how-to-file-a-complaint-against-e-commerce/financial-scams.jpg ‘The Times of India’ brings you ‘Hack of the Day’ — a new weekday-series of quick, practical solutions to everyday hassles. Each hack is designed to save you time, money or stress, using tools and features within your reach — from government websites to everyday apps. In ...

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar https://firewalls.firm.in/wp-content/uploads/2025/11/browser.gif The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in ...