Blogs

The Everest ransomware group alleges stealing 600,000 lines of BMW’s internal documents, including audit reports and engineering files, and threatens public release. BMW has yet to confirm the breach or respond.

A zero-click flaw in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive Gmail data via hidden email prompts. OpenAI patched the service-side vulnerability in 2025 to prevent stealthy data leaks from its cloud infrastructure.

Insight Partners suffered a data breach from a social engineering attack that exposed personal data from HR and finance systems. The breach went undetected for nearly three months before ransomware deployment. Affected users receive identity protection.

The Pixie Dust attack targets vulnerabilities in Wi-Fi Protected Setup (WPS) to recover router PINs offline, allowing attackers to access wireless networks. Disabling WPS or updating firmware is essential to prevent this exploit.

Conor Fitzpatrick, creator of BreachForums, was sentenced to three years in prison for operating a massive cybercriminal forum with over 330,000 users and 14 billion stolen records. DOJ and FBI continue crackdown on dark web crime.

Discover how AI is becoming the new weapon against financial crime, with Themis’ AI Investigator platform cutting investigation times from weeks to minutes by revealing hidden criminal networks.

RevengeHotels (TA558) escalates cyberattacks with AI-crafted loaders delivering VenomRAT malware, targeting Windows users via phishing. The malware features stealth, persistence, and encrypted communication.

Hyderabad Cyber Crime Police arrested 61 suspects involved in multi-state online frauds, recovering over ₹1.01 crore for victims. Authorities urge vigilance and prompt reporting to combat rising cybercrime.

A severe vulnerability in LG WebOS smart TVs enables attackers on the local network to bypass authentication, gain root access, and fully compromise the device. Update your firmware immediately to protect your TV.

A ₹48 lakh loan turned into an ₹1.5 crore fraud as four Nagpur family members allegedly duped Nanded businessman Shantilal Jain. FIR registered after EOW probe.

Two medium-severity vulnerabilities in Spring Framework and Spring Security enable authorization bypass via flawed annotation detection on generic superclasses. Upgrade to fixed versions immediately to secure your applications.

Apple’s latest iOS 26 and iPadOS 26 update patches 27 security vulnerabilities across key components like WebKit, Kernel, and Apple Neural Engine. Users are urged to update immediately to protect against crashes, data exposure, and privacy risks.

Mustang Panda, a China-linked threat actor, uses the SnakeDisk USB worm and updated TONESHELL backdoors to target Thailand-based IPs, deploying the Yokai backdoor for remote access. Learn about their evolving malware tactics and focus on Thailand.

Discover how cybercriminals in Mathura orchestrated a ₹21 crore online fraud through a fake charity, the Goseva Trust, exploiting donors' faith in cow protection. Learn about arrests, money trails, and expert insights on emotional manipulation in scams.

Ivanti’s September 2025 security bulletin addresses 13 vulnerabilities in Endpoint Manager, Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No known exploitation reported.

A deserialization of untrusted data vulnerability in Dassault Systèmes DELMIA Apriso could allow remote code execution. Learn recommended actions to protect your systems.

A retired railway engineer was defrauded of ₹18.45 lakh after cybercriminals hacked his phone through a fake pension correction call. Authorities are investigating the growing threat of cyber scams targeting senior citizens.

India’s MSMEs must comply with new CERT-In rules requiring yearly cybersecurity audits, incident reporting, and employee training to strengthen digital defenses and protect the economy.

Malicious browser extensions SocialMetrics Pro and Madgicx Plus steal Facebook session cookies and credentials to hijack Meta Business accounts. Learn how these fake tools target advertisers via malvertising and fake websites.

FastNetMon detected and helped stop a massive 1.5 billion packets-per-second UDP flood targeting a Western European DDoS mitigation provider. Learn about this record-breaking attack and defense strategies.