Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs 150 crore over the loss of data stored with the cloud-service platform. The FIR was filed by the CCB’s Cyber Crime Police Station on February 11 following a complaint by …
Read More »
Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the group’s new implant, “Marstech1,” to access the software supply chain and steal sensitive data. The campaign signifies a major change in the group’s tactics, targeting hidden malware in open-source repositories …
Read More »
Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States (US) military and intelligence personnel overseas. However, at the time, the origin of that data remained unknown. Now, a letter sent to US senator Ron Wyden’s office …
Read More »
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI’s ChatGPT, DeepSeek, and Alibaba’s Qwen. After its launch, the open-source R1 model by Chinese company DeepSeek caught the attention of the cybersecurity industry. Experts found that jailbreak methods, previously patched in other AI models, still function against …
Read More »
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on the internet. In a blog post, Wiz reported that scans of DeepSeek’s infrastructure revealed over a million unsecured data lines. This data contained digital software keys and chat logs that …
Read More »
# “While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been hit by infostealers.” # A Cyble report reveals that account credentials from multiple cybersecurity vendors are being sold on dark web marketplaces. While most of the exposed credentials belong to …
Read More »
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems. The OWASP Smart Contract Top 10 lists the most common vulnerabilities in …
Read More »
Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of Full Volume Encryption Keys (FVEKs) from memory. This vulnerability underscores the risks associated with physical access attacks and highlights potential weaknesses in memory protection mechanisms. The attack revolves around capturing the contents of a computer’s …
Read More »
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code execution (RCE) with default settings. The vulnerability CVE-2024-56145 was reported by security researchers and quickly patched by the Craft CMS team within 24 hours. PHP has improved over the years …
Read More »
The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they may be linked to cyberattacks and pose a national security risk. TP-Link, which holds a 65% market share in the U.S. for high-speed cable modems, routers, and smart home devices, …
Read More »
InfoSecBulletin Cybersecurity for mankind
