Blogs

A ₹48 lakh loan turned into an ₹1.5 crore fraud as four Nagpur family members allegedly duped Nanded businessman Shantilal Jain. FIR registered after EOW probe.

Two medium-severity vulnerabilities in Spring Framework and Spring Security enable authorization bypass via flawed annotation detection on generic superclasses. Upgrade to fixed versions immediately to secure your applications.

Apple’s latest iOS 26 and iPadOS 26 update patches 27 security vulnerabilities across key components like WebKit, Kernel, and Apple Neural Engine. Users are urged to update immediately to protect against crashes, data exposure, and privacy risks.

Mustang Panda, a China-linked threat actor, uses the SnakeDisk USB worm and updated TONESHELL backdoors to target Thailand-based IPs, deploying the Yokai backdoor for remote access. Learn about their evolving malware tactics and focus on Thailand.

Discover how cybercriminals in Mathura orchestrated a ₹21 crore online fraud through a fake charity, the Goseva Trust, exploiting donors' faith in cow protection. Learn about arrests, money trails, and expert insights on emotional manipulation in scams.

Ivanti’s September 2025 security bulletin addresses 13 vulnerabilities in Endpoint Manager, Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No known exploitation reported.

A deserialization of untrusted data vulnerability in Dassault Systèmes DELMIA Apriso could allow remote code execution. Learn recommended actions to protect your systems.

A retired railway engineer was defrauded of ₹18.45 lakh after cybercriminals hacked his phone through a fake pension correction call. Authorities are investigating the growing threat of cyber scams targeting senior citizens.

India’s MSMEs must comply with new CERT-In rules requiring yearly cybersecurity audits, incident reporting, and employee training to strengthen digital defenses and protect the economy.

Malicious browser extensions SocialMetrics Pro and Madgicx Plus steal Facebook session cookies and credentials to hijack Meta Business accounts. Learn how these fake tools target advertisers via malvertising and fake websites.

FastNetMon detected and helped stop a massive 1.5 billion packets-per-second UDP flood targeting a Western European DDoS mitigation provider. Learn about this record-breaking attack and defense strategies.

A remote code execution flaw in Cursor AI Code Editor allows malicious code to run automatically when opening a project. Learn how disabling Workspace Trust exposes developers and how to protect your environment.

Microsoft’s September 2025 Patch Tuesday addresses 81 security flaws, including two publicly disclosed zero-day vulnerabilities in SMB Server and Microsoft SQL Server. Learn about critical updates and other vendor patches.

SpamGPT is a dark web “spam-as-a-service” platform using AI to automate large-scale phishing campaigns. Learn how KaliGPT and SMTP cracking training empower cybercriminals.

Assistant Sub-Inspector Om Parkash lost Rs 3.9 lakh after calling fake customer care numbers found on Google. Learn how scammers exploit search results and how to protect yourself.

Cybercriminals abused compromised AWS credentials to hijack Amazon SES, sending 50,000+ phishing emails daily by bypassing sandbox limits. Learn how to detect and prevent SES abuse.

A severe remote code execution vulnerability in Progress OpenEdge AdminServer’s Java RMI interface (CVE-2025-7388) lets attackers execute commands with elevated privileges. Update to LTS versions 12.2.18 or 12.8.9 immediately.

A high-severity COOP vulnerability in pgAdmin4 (up to version 9.7) enables attackers to bypass authentication and hijack accounts. Update to version 9.8 immediately to protect your PostgreSQL environment.

Cybercriminals use a fake Microsoft Teams download site to distribute the Odyssey macOS stealer, stealing credentials, crypto wallets, and sensitive data. Learn how to protect your Mac.

Urgent patch required for Sitecore XP vulnerability CVE-2025-53690 enabling remote code execution. Update before September 25, 2025 to prevent attacks.