NPAV Logo

Shopping Cart My Cart 0
₹0.00
Currency
INR
Currency
INR

vulnerability

  1. FortiManager Vulnerability CVE-2024-47575 Under Active Exploitation by UNC5820 Threat Group

    FortiManager Vulnerability CVE-2024-47575 Under Active Exploitation by UNC5820 Threat Group

    Posted: October 25, 2024
    Categories: Security, vulnerability
    Tags: fortinet security, critical vulnerability
    Author: Npav Lab
    Views: 158
    Fortinet has disclosed an actively exploited critical vulnerability, CVE-2024-47575, impacting FortiManager and FortiAnalyzer devices, which has been attributed to threat cluster UNC5820. This flaw, labeled FortiJump, enables remote unauthenticated attackers to execute arbitrary code on compromised systems, allowing for data exfiltration and potential lateral movement across enterprise networks. The U.S. CISA has flagged this vulnerability for immediate federal agency action, urging rapid patching to prevent unauthorized access and data theft.
    Read more
  2. Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Government Login Credentials

    Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Government Login Credentials

    Posted: October 21, 2024
    Categories: Phishing, vulnerability
    Tags: webmail security, phishing attack
    Author: Npav Lab
    Views: 111
    A recently discovered phishing campaign is exploiting a stored cross-site scripting (XSS) vulnerability in the open-source Roundcube webmail software to steal login credentials. Threat actors are leveraging a now-patched flaw (CVE-2024-37383) via malicious emails, targeting government organizations in Commonwealth of Independent States (CIS) countries. The vulnerability, patched in May 2024, allowed attackers to execute JavaScript within victims' browsers, tricking them into revealing sensitive login information.
    Read more
  3. Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

    Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

    Posted: October 15, 2024
    Categories: Ransomware, vulnerability
    Tags: vpn exploits, phishing attack
    Author: Npav Lab
    Views: 142
    Threat actors are exploiting a now-patched vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware. Using compromised VPN credentials, attackers create local accounts and spread ransomware, targeting enterprise backup systems. The flaw, rated 9.8 on the CVSS scale, enables remote code execution and was patched in September 2024.
    Read more
  4. Firefox Zero-Day Vulnerability Under Active Exploitation: Update Your Browser Now

    Firefox Zero-Day Vulnerability Under Active Exploitation: Update Your Browser Now

    Posted: October 11, 2024
    Categories: vulnerability, FireFox
    Tags: update firefox, browser security
    Author: Npav Lab
    Views: 132
    A critical security vulnerability in Firefox and Firefox Extended Support Release (ESR) is actively being exploited in the wild. The flaw, tracked as CVE-2024-9680, has a high severity rating (CVSS 9.8) and allows attackers to execute remote code. Mozilla has issued an urgent advisory urging users to update their browsers immediately to safeguard against potential attacks.
    Read more
  5. New CosmicSting Exploit Targets Adobe Commerce and Magento Stores

    New CosmicSting Exploit Targets Adobe Commerce and Magento Stores

    Posted: October 03, 2024
    Categories: Alert, vulnerability
    Tags: vulnerability, data breach
    Author: Npav Lab
    Views: 169
    A new cybersecurity threat, dubbed CosmicSting, is wreaking havoc on Adobe Commerce and Magento stores. Exploiting a critical vulnerability (CVE-2024-34102), attackers are using remote code execution to infiltrate e-commerce platforms, steal sensitive data, and compromise entire systems.
    Read more
  6. Hackers disclose 44 Indian APIs, utilize OTP APIs for SMS bombing

    Hackers disclose 44 Indian APIs, utilize OTP APIs for SMS bombing

    Posted: September 01, 2023
    Categories: Events and News, Cyber Attack, Phishing, vulnerability
    Tags: sms bombing, ipc, cyber security, 44 indian apis
    Author: Npav Lab
    Views: 2318
    The recent news of hackers using OTP APIs for SMS bombing and 44 Indian APIs being exposed is a matter
    Read more
  7. New outage preventing emails on Microsoft Exchange Online

    New outage preventing emails on Microsoft Exchange Online

    Posted: July 18, 2023
    Categories: Cyber Attack, Email And Password, Hacking, vulnerability, Website hacks
    Tags: microsoft team, microsoft exchange online, microsoft exchange, microsoft 365, microsoft
    Author: Npav Lab
    Views: 55
    Microsoft is looking into a persistent Exchange Online outage that prevents users from sending emails and results in 503 errors
    Read more
  8. Google Play apps with 1.5 million downloads expose your information to China

    Google Play apps with 1.5 million downloads expose your information to China

    Posted: July 07, 2023
    Categories: Ransomware, Security, Malware Alerts, Cyber Attack, Data Backup, Data Breach, vulnerability, Hacker
    Tags: play store, malicious apps, data stealing, data breach, data backup
    Author: Npav Lab
    Views: 47
    With over 1.5 million installations combined, two malicious file management apps were identified by security experts on Google Play. These
    Read more
  9. A flaw in Microsoft Teams makes it possible for external accounts to distribute malware

    A flaw in Microsoft Teams makes it possible for external accounts to distribute malware

    Posted: June 23, 2023
    Categories: Security, Cyber Attack, Data Breach, Hacking, vulnerability
    Tags: ransomware, microsoft team, microsoft, data breach, cyber attack
    Author: Npav Lab
    Views: 42
    Security researchers have discovered a straightforward method to introduce malware to a Microsoft Teams-using organization, despite the application’s
    Read more
  10. Increasing numbers of assaults use new Mystic Stealer malware

    Increasing numbers of assaults use new Mystic Stealer malware

    Posted: June 20, 2023
    Categories: Ransomware, Data Breach, Phishing, Browser Hijack, vulnerability, Spyware
    Tags: ransomeware, mystic stealer, mystic group stealing, malware, data stealing, cyber attack
    Author: Npav Lab
    Views: 45
    Since April 2023, a brand-new information-stealing malware known as “Mystic Stealer” has been advertised on hacking forums and darknet markets,
    Read more
Page
Categories
Recent Posts
Cybersecurity alert: India's digital growth fuels cybercrime; boost awareness to prevent fraud and losses.
India's Cybercrime Explosion: 22.68 Lakh Cases in 2024, ₹22,845 Crore Lost
December 04, 2025
Map of seven Indian airports impacted by cyberattacks: Delhi, Mumbai, Kolkata, Hyderabad, and Bengaluru, showing GPS spoofing locations.
Cyberattack Hits Seven Indian Airports: GPS Spoofing Confirmed, No Flights Disrupted
December 02, 2025
Comparison of fake phishing domain rnicrosoft.com mimicking real Microsoft.com to steal logins via typosquatting.
Phishing Scam Alert: Hackers Swap 'm' for 'rn' to Fake Microsoft and Steal Your Logins
November 25, 2025
Scam alert infographic: Hotel booking with fake staff icon, arrows to QR code payments; protective shields for verification, with "Verify Directly" warning banner over a travel scene.
KTMS warns of hotel scams in Kerala—learn the tactics and tips to avoid losing money to impersonators.
November 17, 2025
Phishing alert infographic: Invoice email with VBS attachment, arrows to XWorm stealing data; protective shields for filtering and training, with "Verify Emails" warning banner over an inbox.
Fake Invoices Spread XWorm: Hackers Steal Login Data
November 17, 2025
Back to Top