NPAV Logo

Shopping Cart My Cart 0
₹0.00
Currency
INR
Currency
INR

fp-1b

  1. Maverick Menace: WhatsApp Worm Hijacks Sessions to Steal Brazilian Bank Credentials

    Maverick Menace: WhatsApp Worm Hijacks Sessions to Steal Brazilian Bank Credentials

    Posted: October 14, 2025
    Categories: WhatsApp, Financial fraud, Fraud Protector, Mobile Frauds
    Tags: fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 50
    Sophos exposes Maverick Menace, a self-spreading Android worm using WhatsApp ZIP lures to disable Defender/UAC, hijack sessions with Selenium, and deploy trojan for bank/crypto theft—hits 400+ environments; verify attachments and use behavioral antivirus to protect.
    Read more
  2. Hackers Exploit Microsoft Edge IE Mode for RCE and Sandbox Escape—Update Your Settings Now

    Hackers Exploit Microsoft Edge IE Mode for RCE and Sandbox Escape—Update Your Settings Now

    Posted: October 13, 2025
    Categories: Browser Hijack, Hacker, Microsoft
    Tags: fp-1b, fp-1a
    Author: Npav Lab
    Views: 27
    Attackers use zero-day in Edge's IE Mode Chakra engine to trick users into legacy reloads, enabling RCE and SYSTEM access for malware. Microsoft disabled easy triggers—configure manually via Settings, migrate from IE, and prioritize modern web standards to stay secure.
    Read more
  3. Scattered Lapsus$ Hunters Claim 1 Billion Salesforce Records Stolen in EaaS Extortion Blitz

    Scattered Lapsus$ Hunters Claim 1 Billion Salesforce Records Stolen in EaaS Extortion Blitz

    Posted: October 13, 2025
    Categories: Data Breach, Hacker
    Tags: fp-5b, fp-5a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 42
    "Trinity of Chaos" group (Muddled Libra, Bling Libra, LAPSUS$) steals 1B Salesforce records targeting retail/hospitality; launches DLS October 3, 2025, with FBI seizure October 9. EaaS model enables fraud—implement zero trust and ISAC intel to defend against data theft.
    Read more
  4. Oracle E-Business Suite CVE-2025-61884: Unauthenticated Hackers Gain Critical Data Access—Patch Immediately

    Oracle E-Business Suite CVE-2025-61884: Unauthenticated Hackers Gain Critical Data Access—Patch Immediately

    Posted: October 13, 2025
    Categories: Data Breach, Hacker
    Tags: fp-5c, fp-5b, fp-5a, fp-1b
    Author: Npav Lab
    Views: 48
    High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.
    Read more
  5. SnakeKeylogger Phishing: Fake Remittance Emails Steal Credentials via PowerShell and ISO Attachments

    SnakeKeylogger Phishing: Fake Remittance Emails Steal Credentials via PowerShell and ISO Attachments

    Posted: October 10, 2025
    Categories: Data Breach, Phishing, Email And Password
    Tags: fp-3b, fp-3a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 36
    New SnakeKeylogger campaign spoofs CPA Global/Clarivate emails with ISO/ZIP lures containing BAT/PowerShell payloads to log keystrokes, hijack clipboard, and exfiltrate data. Persists via "SysUpdate" tasks—train users, sandbox attachments, and monitor PowerShell for defense.
    Read more
  6. Fake HR Emails via Zoom: Phishing Scam Steals Gmail Credentials from Job Seekers

    Fake HR Emails via Zoom: Phishing Scam Steals Gmail Credentials from Job Seekers

    Posted: October 10, 2025
    Categories: Phishing, Email And Password
    Tags: fp-2d, fp-1b, fp-1a
    Author: Npav Lab
    Views: 27
    Sophisticated phishing uses legit-looking Zoom Docs invites from "HR" to lure job hunters into fake Gmail login pages, exfiltrating credentials in real-time via WebSocket on overflow.qyrix.com.de. Discovered by Himanshu Anand—verify emails directly and use password managers to avoid account takeovers.
    Read more
  7. Public Wi-Fi Dangers: How to Browse Safely Without Getting Hacked

    Public Wi-Fi Dangers: How to Browse Safely Without Getting Hacked

    Posted: October 10, 2025
    Categories: Browser Hijack, Hacking, Hacker, Website hacks
    Tags: fp-1b, fp-1a
    Author: Npav Lab
    Views: 50
    Public Wi-Fi exposes you to MitM attacks and data theft—learn to spot evil twin hotspots, use VPNs for encryption, enable 2FA, and stick to cellular for sensitive tasks to protect against rising breaches in cafes and airports.
    Read more
  8. ClayRat Android Spyware Targets Russia with Fake WhatsApp and TikTok Apps for Data Theft and Auto-Spread

    ClayRat Android Spyware Targets Russia with Fake WhatsApp and TikTok Apps for Data Theft and Auto-Spread

    Posted: October 10, 2025
    Categories: Data Breach, Android Security, Spyware, WhatsApp, Mobile Frauds
    Tags: fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b
    Author: Npav Lab
    Views: 78
    Zimperium exposes ClayRat spyware infecting Russian Android users via phishing sites and Telegram lures mimicking WhatsApp/TikTok—exfiltrates SMS, calls, photos; auto-sends to contacts. 600 samples detected; related African phone study reveals pre-installed app risks—update and scan devices now.
    Read more
  9. Figma MCP Vulnerability CVE-2025-53967 Enables Remote Code Execution—Update to v0.6.3 Now

    Figma MCP Vulnerability CVE-2025-53967 Enables Remote Code Execution—Update to v0.6.3 Now

    Posted: October 09, 2025
    Categories: Hacking, vulnerability, Website hacks, AI
    Tags: fp-1b, fp-1a
    Author: Npav Lab
    Views: 52
    Critical command injection flaw in Figma's MCP server (CVSS 7.5) allows RCE via unsanitized inputs in curl fallback; patched in v0.6.3. Imperva warns of risks in AI dev tools like Cursor—avoid exec with untrusted data amid rising LLM threats like Gemini's ASCII smuggling.
    Read more
  10. Job Hunters Alert: Vampire Bot Malware Hides in Fake Job Offer Emails

    Job Hunters Alert: Vampire Bot Malware Hides in Fake Job Offer Emails

    Posted: October 09, 2025
    Categories: Malware Alerts, Email And Password
    Tags: fp-3b, fp-3a, fp-2e, fp-2d, fp-2c, fp-2b, fp-2a, fp-1b, fp-1a
    Author: Npav Lab
    Views: 36
    Vampire Bot spyware targets job seekers via deceptive ZIP attachments in recruiter emails, stealing screenshots and data. Linked to BatShadow hackers, it evades detection—stay safe by verifying offers and using EDR tools to avoid digital traps.
    Read more
Page
Categories
Recent Posts
Cybersecurity alert: India's digital growth fuels cybercrime; boost awareness to prevent fraud and losses.
India's Cybercrime Explosion: 22.68 Lakh Cases in 2024, ₹22,845 Crore Lost
December 04, 2025
Map of seven Indian airports impacted by cyberattacks: Delhi, Mumbai, Kolkata, Hyderabad, and Bengaluru, showing GPS spoofing locations.
Cyberattack Hits Seven Indian Airports: GPS Spoofing Confirmed, No Flights Disrupted
December 02, 2025
Comparison of fake phishing domain rnicrosoft.com mimicking real Microsoft.com to steal logins via typosquatting.
Phishing Scam Alert: Hackers Swap 'm' for 'rn' to Fake Microsoft and Steal Your Logins
November 25, 2025
Scam alert infographic: Hotel booking with fake staff icon, arrows to QR code payments; protective shields for verification, with "Verify Directly" warning banner over a travel scene.
KTMS warns of hotel scams in Kerala—learn the tactics and tips to avoid losing money to impersonators.
November 17, 2025
Phishing alert infographic: Invoice email with VBS attachment, arrows to XWorm stealing data; protective shields for filtering and training, with "Verify Emails" warning banner over an inbox.
Fake Invoices Spread XWorm: Hackers Steal Login Data
November 17, 2025
Back to Top