Category: Privacy/Governance Feed

Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems – Read More  –  

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods – Read More  –  

A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group – Read More  –  

macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead – Read More  –  

GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root – Read More  –  

Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises – Read More  –  

Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately – Read More  –  

Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks – Read More  –  

Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software – Read More  –  

Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic – Read More  –  

The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network – Read More  –  

CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms – Read More  –  

Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers – Read More  –  

GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data – Read More  –  

Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI – Read More  –  

Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware – Read More  –  

Artificial Intelligence (AI) is as reliable as the data that it ingests. With enterprises broadening their use of AI… The post Building secure AI data pipelines with CryptoBind appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced – Read More  –  

A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom – Read More  –  

This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls – Read More  –  

LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration – Read More  –  

Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour – Read More  –  

iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit – Read More  –  

The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks – Read More  –  

E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks – Read More  –  

As India takes strong steps toward the implementation of the Digital Personal Data Protection Act (DPDP) in 2026, organizations… The post A Practical Guide to Data Discovery and Mapping for DPDP Compliance appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Android requires dev identity verification for sideloaded apps; phased global rollout from September – Read More  –  

Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration – Read More  –  

Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint – Read More  –  

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn – Read More  –  

Most UK manufacturers compromised last year suffered financial loss, says ESET – Read More  –  

Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service – Read More  –  

Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds – Read More  –  

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs – Read More  –  

OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole – Read More  –  

Analysis from law firm Nockolds suggests non-cyber incidents are driving up employee data breaches – Read More  –  

The Digital Personal Data Protection (DPDP) Act, India is gradually changing from a mere policy to a practical guide…. The post Top 10 questions CISOs and DPOs are asking about DPDP in 2026 appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 – Read More  –  

Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update – Read More  –  

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams – Read More  –  

Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials – Read More  –  

The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC – Read More  –  

Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability – Read More  –  

The European Commission has revealed details of a data breach impacting its AWS infrastructure – Read More  –  

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages – Read More  –  

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware – Read More  –  

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever” – Read More  –  

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration – Read More  –  

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study – Read More  –