Npav Lab

Urgent patch required for Sitecore XP vulnerability CVE-2025-53690 enabling remote code execution. Update before September 25, 2025 to prevent attacks.

Cybercriminals use X’s AI assistant Grok to bypass ad restrictions and distribute malware through hidden links, reaching millions. Learn about the “Grokking” technique and its impact.

Qantas penalizes CEO Vanessa Hudson and top executives nearly A$800,000 (₹44.8 crore) in pay cuts following a cyberattack affecting 5.7 million customers. Learn about the breach, response, and governance reforms.

Chess.com confirms a data breach affecting 4,541 users, with hackers accessing personal information. Learn about the incident, user notifications, and security measures underway.

Bridgestone Americas confirms a cyberattack impacting multiple North American plants. Investigation ongoing, but customer and employee data remain secure. Learn more about the incident and response.

A use-after-free flaw in Android Runtime may allow Chrome sandbox escape and local privilege escalation. Learn about mitigation steps and security recommendations to protect your device.

Cybercriminals register deceptive domains mimicking FIFA World Cup sites to steal data and distribute malware ahead of the 2026 tournament. Learn about the attack methods and protection strategies.

Farmers Insurance discloses a data breach impacting 1.1 million customers due to unauthorized access to a third-party vendor’s Salesforce-linked database. Learn about the exposed data, response actions, and identity protection tips.

Learn about the incorrect authorization vulnerability in Meta Platforms WhatsApp that allows unauthorized processing of content from arbitrary URLs. Discover mitigation steps and security recommendations.

CISA warns of a critical Bluetooth vulnerability in SunPower PVS6 solar inverters allowing attackers to take full device control. Learn about the impact, affected devices, and recommended mitigations.