Npav Lab
-
Read moreBusiness Email Compromise (BEC) attacks are stealthy, effective, and devastating. With no malware involved, these attacks bypass traditional security filters, trick employees, and siphon sensitive data or funds. But with real-time visibility through interactive sandboxing and endpoint protection like Net Protector, businesses can stay one step ahead. -
Read moreQuick commerce startup KiranaPro suffers a devastating cyberattack, resulting in deletion of app code and exposure of sensitive user data via AWS and GitHub breach. KiranaPro, the voice-enabled AI-powered grocery delivery platform, has fallen victim to a severe cyberattack that wiped out its application code and compromised personal user data. The breach has halted order processing on the platform, exposing glaring vulnerabilities in cloud security and account access control. -
Read moreLuxury under threat: Cartier, the prestigious fashion house, has revealed a data breach following a cyberattack that compromised personal customer data. The breach is part of a broader wave of cyber threats hitting global fashion brands, raising concerns about how high-end retail is being exploited for customer data. -
Read moreGoogle’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain. -
Read moreA major cyber intrusion has taken down the Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL) website, halting critical services like new electricity connections and online bill payments for thousands of consumers across the state. A targeted cyberattack on May 7, 2025, has paralyzed UHBVNL’s digital operations, leaving over 50,000 consumers unable to access vital power utility services. The breach marks yet another alarming example of the vulnerability of India's critical infrastructure to cyber threats. -
Read moreFraudsters are using fake Aadhaar update messages to steal your personal and banking data. Don’t fall for it. A new scam is spreading rapidly through WhatsApp groups, where users receive a fake notice claiming their Bank of Maharashtra account will be blocked if Aadhaar isn’t updated within 24 hours. The message urges users to download a malicious “Bank of Maharashtra.APK” — a clear trap designed to compromise your data and finances. -
Read moreA new phishing campaign weaponizes malformed URLs to bypass email filters and steal Microsoft 365 credentials—even bypassing two-factor authentication. Researchers have linked the attack to Tycoon2FA, a notorious Phishing-as-a-Service (PhaaS) operation that enables adversary-in-the-middle (AitM) interception of login sessions. The threat actors behind this campaign are using subtle but dangerous techniques to trick both users and security systems. -
Read moreThe latest variant of DarkCloud Stealer uses AutoIt scripting and advanced evasion techniques to target financial, healthcare, and e-commerce sectors. With over 120,000 accounts compromised since March 2025, this malware showcases a dangerous blend of legacy scripting abuse and stealthy credential theft. -
Read moreCybercriminals have devised an alarming new tactic by hiding malware in Google Calendar invites using invisible Unicode characters. This stealthy technique enables the delivery of malicious payloads through trusted platforms—bypassing traditional security mechanisms with a single deceptive character. -
Read moreMarks & Spencer (M&S), one of the UK’s most trusted retail brands, has confirmed a significant cybersecurity breach following a ransomware attack that has disrupted its operations since Easter weekend. The attack, attributed to the DragonForce ransomware group, resulted in the theft of personal information belonging to millions of customers and has caused widespread outages across its digital infrastructure.
Recent Posts
