Npav Lab

Fortinet FortiGate firewall devices are under attack due to a zero-day vulnerability. Hackers are exploiting exposed management interfaces on public networks, gaining unauthorized access, and compromising firewall configurations. Organizations must act quickly to secure their systems and prevent further damage.

A dangerous ransomware called Codefinger is attacking Amazon Web Services (AWS) users by encrypting their data in S3 buckets. Victims cannot recover their files without paying for a decryption key, making this attack a significant threat to cloud-based systems.

OneBlood, a major blood-donation organization in the U.S., experienced a ransomware attack in July 2024. The breach exposed sensitive data, including names and Social Security numbers, affecting donors.

BayMark Health Services, a leading provider of addiction treatment in North America, faced a data breach where attackers stole personal and health information of patients. The breach, attributed to the RansomHub ransomware gang, affected systems between September 24 and October 14, 2024.

Cybercriminals injected malicious code into the Packers Pro Shop's online checkout page, stealing sensitive payment and personal data. The breach occurred between September 23-24 and October 3-23, 2024. Customers using certain payment methods are affected, and the Packers are offering identity theft protection services to those impacted.

PowerSchool, a leading education software provider, experienced a cyberattack that exposed sensitive data about students and teachers. This incident emphasizes the urgent need for robust cybersecurity measures in educational institutions.

A dangerous Android malware called FireScam is disguising itself as "Telegram Premium" to steal sensitive data and remotely control infected devices. Distributed via phishing sites mimicking legitimate platforms, FireScam demonstrates advanced techniques to evade detection and maintain control over devices.

In a startling revelation, India has been ranked as the second most targeted country for cyber attacks globally in 2024. This alarming statistic, reported by cyber intelligence firm CloudSEK, underscores the urgent need for enhanced cybersecurity measures across the nation.

As we welcome 2025, it's a time to reflect on the past and embrace new opportunities. This year, cybersecurity should be a top priority. With the rise in cyber threats like ransomware, phishing, and data breaches, ensuring your digital safety is more important than ever.

A large-scale phishing attack has compromised 16 popular Chrome browser extensions, exposing over 600,000 users to data theft and credential breaches. The campaign exploited legitimate extension publishers, injecting malicious code into their products to steal sensitive information such as cookies and access tokens.