NPAV Logo

Shopping Cart My Cart 0
₹0.00
Currency
INR
Currency
INR

Npav Lab

  1. Payment Terminal Flaw: Hackers Gain Root Access via Hidden Debug Port

    Payment Terminal Flaw: Hackers Gain Root Access via Hidden Debug Port

    Posted: October 14, 2025
    Categories: Hacker, Financial fraud, Fraud Protector, Mobile Frauds
    Tags: fp-3b, fp-3a, fp-1b
    Author: Npav Lab
    Views: 38
    Researcher exposes vulnerability in Worldline Yomani XR's debug port, allowing instant root shell access for malware or network pivots—despite tamper protections. Merchants must patch firmware and audit devices to block this high-risk entry point.
    Read more
  2. This Diwali, Let’s Light Up Our Digital World with Safety and Positivity

    This Diwali, Let’s Light Up Our Digital World with Safety and Positivity

    Posted: October 14, 2025
    Categories: NPAV Announcement, Financial fraud, Fraud Protector, Mobile Frauds
    Tags: fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 6321
    NPAV wishes you a safe, secure, and joyous Diwali! As you celebrate the festival of lights, let’s also protect our digital world from the darkness of cyber threats.
    Read more
  3. Hackers Hijack Fake Homebrew Sites to Deliver Malware on macOS Devices

    Hackers Hijack Fake Homebrew Sites to Deliver Malware on macOS Devices

    Posted: October 14, 2025
    Categories: Malware Alerts, Browser Hijack, Hacker, Website hacks
    Tags: fp-4c, fp-3b, fp-3a, fp-1b, fp-1a, fp-
    Author: Npav Lab
    Views: 40
    Kandji uncovers a September 2025 campaign where attackers clone Homebrew sites to inject malware like Odyssey Stealer via clipboard tricks—exploit C2 servers and bypass trust; mitigate by verifying sources and using endpoint monitoring.
    Read more
  4. Maverick Menace: WhatsApp Worm Hijacks Sessions to Steal Brazilian Bank Credentials

    Maverick Menace: WhatsApp Worm Hijacks Sessions to Steal Brazilian Bank Credentials

    Posted: October 14, 2025
    Categories: WhatsApp, Financial fraud, Fraud Protector, Mobile Frauds
    Tags: fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 50
    Sophos exposes Maverick Menace, a self-spreading Android worm using WhatsApp ZIP lures to disable Defender/UAC, hijack sessions with Selenium, and deploy trojan for bank/crypto theft—hits 400+ environments; verify attachments and use behavioral antivirus to protect.
    Read more
  5. Hackers Exploit Microsoft Edge IE Mode for RCE and Sandbox Escape—Update Your Settings Now

    Hackers Exploit Microsoft Edge IE Mode for RCE and Sandbox Escape—Update Your Settings Now

    Posted: October 13, 2025
    Categories: Browser Hijack, Hacker, Microsoft
    Tags: fp-1b, fp-1a
    Author: Npav Lab
    Views: 27
    Attackers use zero-day in Edge's IE Mode Chakra engine to trick users into legacy reloads, enabling RCE and SYSTEM access for malware. Microsoft disabled easy triggers—configure manually via Settings, migrate from IE, and prioritize modern web standards to stay secure.
    Read more
  6. Pune IT Victim Loses ₹3.66 Crore to Fake Trading App: Spot the Scam Before It's Too Late

    Pune IT Victim Loses ₹3.66 Crore to Fake Trading App: Spot the Scam Before It's Too Late

    Posted: October 13, 2025
    Categories: Financial fraud, Fraud Protector, Mobile Frauds
    Tags: fp1a, fp-2e, fp-2d, fp-2c, fp-2b, fp-2a
    Author: Npav Lab
    Views: 39
    IT pro in Pune scammed ₹3.66 crore via WhatsApp group and bogus trading app granting remote access—fake profits lured investments. Expert tips: Use official apps, enable 2FA, verify before investing—report to cyber cell to stay safe.
    Read more
  7. Scattered Lapsus$ Hunters Claim 1 Billion Salesforce Records Stolen in EaaS Extortion Blitz

    Scattered Lapsus$ Hunters Claim 1 Billion Salesforce Records Stolen in EaaS Extortion Blitz

    Posted: October 13, 2025
    Categories: Data Breach, Hacker
    Tags: fp-5b, fp-5a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 42
    "Trinity of Chaos" group (Muddled Libra, Bling Libra, LAPSUS$) steals 1B Salesforce records targeting retail/hospitality; launches DLS October 3, 2025, with FBI seizure October 9. EaaS model enables fraud—implement zero trust and ISAC intel to defend against data theft.
    Read more
  8. Watch Out for Fake Traffic Fines: How RAT Malware in mParivahan Clones Steals Your Data

    Watch Out for Fake Traffic Fines: How RAT Malware in mParivahan Clones Steals Your Data

    Posted: October 13, 2025
    Categories: Malware Alerts, Data Breach, RAT
    Tags: fp1a, fp-3b, fp-3a, fp-2e, fp-2d, fp-2c, fp-2b, fp-2a
    Author: Npav Lab
    Views: 46
    Indian scammers use WhatsApp fake ticket alerts to push RAT-infected mParivahan apps, stealing OTPs, spying via camera, and draining banks. Download from official stores, update OS, use antivirus—report to 1930 if hit to stay safe.
    Read more
  9. Oracle E-Business Suite CVE-2025-61884: Unauthenticated Hackers Gain Critical Data Access—Patch Immediately

    Oracle E-Business Suite CVE-2025-61884: Unauthenticated Hackers Gain Critical Data Access—Patch Immediately

    Posted: October 13, 2025
    Categories: Data Breach, Hacker
    Tags: fp-5c, fp-5b, fp-5a, fp-1b
    Author: Npav Lab
    Views: 48
    High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.
    Read more
  10. SnakeKeylogger Phishing: Fake Remittance Emails Steal Credentials via PowerShell and ISO Attachments

    SnakeKeylogger Phishing: Fake Remittance Emails Steal Credentials via PowerShell and ISO Attachments

    Posted: October 10, 2025
    Categories: Data Breach, Phishing, Email And Password
    Tags: fp-3b, fp-3a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 36
    New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.
    Read more
Page
Categories
Recent Posts
Cybersecurity alert: India's digital growth fuels cybercrime; boost awareness to prevent fraud and losses.
India's Cybercrime Explosion: 22.68 Lakh Cases in 2024, ₹22,845 Crore Lost
December 04, 2025
Map of seven Indian airports impacted by cyberattacks: Delhi, Mumbai, Kolkata, Hyderabad, and Bengaluru, showing GPS spoofing locations.
Cyberattack Hits Seven Indian Airports: GPS Spoofing Confirmed, No Flights Disrupted
December 02, 2025
Comparison of fake phishing domain rnicrosoft.com mimicking real Microsoft.com to steal logins via typosquatting.
Phishing Scam Alert: Hackers Swap 'm' for 'rn' to Fake Microsoft and Steal Your Logins
November 25, 2025
Scam alert infographic: Hotel booking with fake staff icon, arrows to QR code payments; protective shields for verification, with "Verify Directly" warning banner over a travel scene.
KTMS warns of hotel scams in Kerala—learn the tactics and tips to avoid losing money to impersonators.
November 17, 2025
Phishing alert infographic: Invoice email with VBS attachment, arrows to XWorm stealing data; protective shields for filtering and training, with "Verify Emails" warning banner over an inbox.
Fake Invoices Spread XWorm: Hackers Steal Login Data
November 17, 2025
Back to Top