Category: Privacy/Governance Feed

This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls – Read More  –  

LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration – Read More  –  

Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour – Read More  –  

iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit – Read More  –  

The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks – Read More  –  

E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks – Read More  –  

As India takes strong steps toward the implementation of the Digital Personal Data Protection Act (DPDP) in 2026, organizations… The post A Practical Guide to Data Discovery and Mapping for DPDP Compliance appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Android requires dev identity verification for sideloaded apps; phased global rollout from September – Read More  –  

Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration – Read More  –  

Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint – Read More  –  

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn – Read More  –  

Most UK manufacturers compromised last year suffered financial loss, says ESET – Read More  –  

Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service – Read More  –  

Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds – Read More  –  

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs – Read More  –  

OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole – Read More  –  

Analysis from law firm Nockolds suggests non-cyber incidents are driving up employee data breaches – Read More  –  

The Digital Personal Data Protection (DPDP) Act, India is gradually changing from a mere policy to a practical guide…. The post Top 10 questions CISOs and DPOs are asking about DPDP in 2026 appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 – Read More  –  

Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update – Read More  –  

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams – Read More  –  

Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials – Read More  –  

The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC – Read More  –  

Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability – Read More  –  

The European Commission has revealed details of a data breach impacting its AWS infrastructure – Read More  –  

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages – Read More  –  

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware – Read More  –  

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever” – Read More  –  

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration – Read More  –  

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study – Read More  –  

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code – Read More  –  

EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials – Read More  –  

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients – Read More  –  

OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws – Read More  –  

The National Crime Agency has warned construction firms about surging invoice fraud – Read More  –  

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key – Read More  –  

In the modern digital economy, companies handle vast amounts of sensitive data – payment card details, national identifiers such… The post Tokenization vs Encryption vs Masking: When to Use What for Sensitive Data Protection appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials – Read More  –  

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts – Read More  –  

The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list” – Read More  –  

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group – Read More  –  

Expel has warned of malicious Chrome extensions stealing users’ AI conversations – Read More  –  

UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds – Read More  –  

The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure – Read More  –  

Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing – Read More  –  

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance’s memory – Read More  –  

Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience – Read More  –  

Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data – Read More  –  

Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index – Read More  –  

Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware – Read More  –