China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://firewall.firm.in/wp-content/uploads/2025/05/SAP-chinese-hackers.jpg May 13, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said ...

TCS launches sovereign cloud infra designed to keep sensitive data within India’s borders – ET CISO https://etimg.etb2bimg.com/thumb/msid-120604750,imgsize-124054,width-1200,height=765,overlay-etciso/data-breaches/tcs-launches-sovereign-cloud-infra-designed-to-keep-sensitive-data-within-indias-borders.jpg Speaking on the occasion, IT secretary S. Krishnan said India generates millions and millions of terabytes and megabytes of data which is stored in multiple places not just within the country but across the world. NEW DELHI: Tata Consultancy Services (TCS) on Thursday ...

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files https://firewall.firm.in/wp-content/uploads/2025/05/asus.jpg May 12, 2025Ravie LakshmananVulnerability / Endpoint Security ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect ...

Pakistani hackers claim to have breached many Indian defence sites – ET CISO https://etimg.etb2bimg.com/thumb/msid-120918637,imgsize-1464862,width-1200,height=765,overlay-etciso/data-breaches/pakistani-hackers-claim-to-have-breached-many-indian-defence-sites.jpg Cyber-attacks emanating from Pakistan have further increased, with the website of an Indian defence PSU being defaced while Pakistani hackers also claiming to have gained access to “sensitive” data from the Indian Military Engineering Services (MES) and think-tank Manohar Parrikar Institute for Defence Studies and Analyses ...

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://firewall.firm.in/wp-content/uploads/2025/05/google.jpg May 10, 2025Ravie LakshmananBiometric Data / Privacy Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs ...

China’s data protection rules prompt pause from major European research funders – ET CISO https://etimg.etb2bimg.com/thumb/msid-120604858,imgsize-13150,width-1200,height=765,overlay-etciso/data-breaches/chinas-data-protection-rules-prompt-pause-from-major-european-research-funders.jpg Several of Europe’s biggest funders of scientific collaboration with China, in fields such as viruses and air quality, have put bilateral research programmes on hold due to concerns over Chinese data protection laws, funding agencies said. The suspension, which Reuters is reporting for the first ...

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed https://firewall.firm.in/wp-content/uploads/2025/05/comm.jpg May 05, 2025Ravie LakshmananVulnerability / Zero-Day The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: ...

Over 290,000 citizens at risk: CloudSEK uncovers major data breach at BWSSB – ET CISO https://etimg.etb2bimg.com/thumb/msid-120841679,imgsize-7084,width-1200,height=765,overlay-etciso/data-breaches/over-290000-citizens-at-risk-cloudsek-uncovers-major-data-breach-at-bwssb.jpg CloudSEK, a leading AI-driven cybersecurity firm, has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was ...

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi https://firewall.firm.in/wp-content/uploads/2025/05/apple.jpg May 05, 2025Ravie LakshmananNetwork Security / Vulnerability Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by ...

Verizon’s 2025 DBIR: 97% of APAC breaches driven by system intrusion, social engineering, Web App attacks – ET CISO https://etimg.etb2bimg.com/thumb/msid-120637562,imgsize-11786,width-1200,height=765,overlay-etciso/data-breaches/verizons-2025-dbir-97-of-apac-breaches-driven-by-system-intrusion-social-engineering-web-app-attacks.jpg Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), sounding the alarm on a surge of system intrusions across the Asia-Pacific region. The report reveals that four out of five data breaches in the region stemmed from such ...