Blogs

Hackers are using SSH tunnels to secretly access VMware ESXi servers, steal data, and deploy ransomware. These servers, which host multiple virtual machines, are critical to businesses but are often not well-monitored. Attackers take advantage of these gaps to lock down systems and demand ransom payments.

On this Republic Day, let’s not only celebrate our nation’s freedom but also safeguard our digital world! In today’s tech-driven era, our digital freedom is as important as our physical freedom. Whether it's your PC, laptop, mobile, or critical servers, keeping them safe is crucial.

The BASHE ransomware group claims to have hacked ICICI Bank, threatening to release sensitive customer data if their demands are not met. This incident raises serious concerns for the banking industry and its cybersecurity measures.

Cybercriminals are pretending to be IT support using Microsoft Teams to trick employees. They use spam emails, fake calls, and phishing tactics to gain access to company systems and install ransomware.

A 66-year-old retired serviceman’s wife from Bengaluru was tricked by cybercriminals who posed as police officers. The scammers accused her of money laundering, put her under "digital arrest," and forced her to transfer ₹35 lakh over five days.

Russian hacking group Star Blizzard is targeting high-value diplomats and officials with a phishing campaign that exploits WhatsApp. By deceiving victims into linking their WhatsApp accounts to the hackers' devices, the group gains unauthorized access to private messages.

Wolf Haldenstein Adler Freeman & Herz LLP has confirmed a data breach that affected nearly 3.5 million individuals. The breach occurred on December 13, 2023, but the investigation and notifications have been delayed. Sensitive personal data like Social Security numbers and medical information have been exposed, increasing the risk of scams and fraud.

Hackers are hiding malicious software in images to deliver dangerous malware like VIP Keylogger and 0bj3ctivity Stealer. These tools are used to steal sensitive data, such as passwords, keystrokes, and screenshots, in separate phishing campaigns.

Cybercriminals are using Google Search ads to trick advertisers into entering their credentials on fake Google Ads login pages. These phishing attacks are stealing account details to misuse them, affecting advertisers worldwide.

Fortinet FortiGate firewall devices are under attack due to a zero-day vulnerability. Hackers are exploiting exposed management interfaces on public networks, gaining unauthorized access, and compromising firewall configurations. Organizations must act quickly to secure their systems and prevent further damage.

A dangerous ransomware called Codefinger is attacking Amazon Web Services (AWS) users by encrypting their data in S3 buckets. Victims cannot recover their files without paying for a decryption key, making this attack a significant threat to cloud-based systems.

OneBlood, a major blood-donation organization in the U.S., experienced a ransomware attack in July 2024. The breach exposed sensitive data, including names and Social Security numbers, affecting donors.

BayMark Health Services, a leading provider of addiction treatment in North America, faced a data breach where attackers stole personal and health information of patients. The breach, attributed to the RansomHub ransomware gang, affected systems between September 24 and October 14, 2024.

Cybercriminals injected malicious code into the Packers Pro Shop's online checkout page, stealing sensitive payment and personal data. The breach occurred between September 23-24 and October 3-23, 2024. Customers using certain payment methods are affected, and the Packers are offering identity theft protection services to those impacted.

PowerSchool, a leading education software provider, experienced a cyberattack that exposed sensitive data about students and teachers. This incident emphasizes the urgent need for robust cybersecurity measures in educational institutions.

A dangerous Android malware called FireScam is disguising itself as "Telegram Premium" to steal sensitive data and remotely control infected devices. Distributed via phishing sites mimicking legitimate platforms, FireScam demonstrates advanced techniques to evade detection and maintain control over devices.

In a startling revelation, India has been ranked as the second most targeted country for cyber attacks globally in 2024. This alarming statistic, reported by cyber intelligence firm CloudSEK, underscores the urgent need for enhanced cybersecurity measures across the nation.

As we welcome 2025, it's a time to reflect on the past and embrace new opportunities. This year, cybersecurity should be a top priority. With the rise in cyber threats like ransomware, phishing, and data breaches, ensuring your digital safety is more important than ever.

A large-scale phishing attack has compromised 16 popular Chrome browser extensions, exposing over 600,000 users to data theft and credential breaches. The campaign exploited legitimate extension publishers, injecting malicious code into their products to steal sensitive information such as cookies and access tokens.

A Kolkata-based businessman fell victim to a sophisticated investment scam orchestrated through fake Chinese apps, losing Rs 46 lakh. The fraudsters used a deceptive app and social media to lure the victim into a trap, highlighting the growing risks of cyber fraud targeting even the tech-savvy.