Npav Lab

Cybersecurity experts reveal a significant supply chain attack affecting npm and PyPI ecosystems, compromising numerous packages and exposing millions of users to malware. Learn about the affected packages and how to protect yourself.

Business Email Compromise (BEC) attacks are stealthy, effective, and devastating. With no malware involved, these attacks bypass traditional security filters, trick employees, and siphon sensitive data or funds. But with real-time visibility through interactive sandboxing and endpoint protection like Net Protector, businesses can stay one step ahead.

Quick commerce startup KiranaPro suffers a devastating cyberattack, resulting in deletion of app code and exposure of sensitive user data via AWS and GitHub breach. KiranaPro, the voice-enabled AI-powered grocery delivery platform, has fallen victim to a severe cyberattack that wiped out its application code and compromised personal user data. The breach has halted order processing on the platform, exposing glaring vulnerabilities in cloud security and account access control.

Luxury under threat: Cartier, the prestigious fashion house, has revealed a data breach following a cyberattack that compromised personal customer data. The breach is part of a broader wave of cyber threats hitting global fashion brands, raising concerns about how high-end retail is being exploited for customer data.

Google’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain.

A major cyber intrusion has taken down the Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL) website, halting critical services like new electricity connections and online bill payments for thousands of consumers across the state. A targeted cyberattack on May 7, 2025, has paralyzed UHBVNL’s digital operations, leaving over 50,000 consumers unable to access vital power utility services. The breach marks yet another alarming example of the vulnerability of India's critical infrastructure to cyber threats.

Fraudsters are using fake Aadhaar update messages to steal your personal and banking data. Don’t fall for it. A new scam is spreading rapidly through WhatsApp groups, where users receive a fake notice claiming their Bank of Maharashtra account will be blocked if Aadhaar isn’t updated within 24 hours. The message urges users to download a malicious “Bank of Maharashtra.APK” — a clear trap designed to compromise your data and finances.

A new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems.