Category: Privacy/Governance Feed

Open-source server monitoring tool, Nezha, is being exploited by attackers for remote system control – Read More  –  

DXS International, an official partner of NHS England, said the breach has not affected its operations – Read More  –  

Fortra has uncovered a prolific BEC group dubbed “Scripted Sparrow” spanning three continents and at least five countries – Read More  –  

A Ukrainian man has pleaded guilty to charges connecting him to Nefilim ransomware attacks – Read More  –  

The Digital Personal Data Protection Act (DPDP Act) of India has plunged the organisations into a new sphere of… The post How to Build a DPDP-Ready Data Inventory in 30 Days appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The Danish intelligence service believes some pro-Russian hacktivist groups have links with the Kremlin – Read More  –  

The US has charged 54 individuals in a massive ATM jackpotting conspiracy linked to Venezuelan crime syndicate Tren de Aragua, accused of stealing millions – Read More  –  

A 39-year-old Russian national is accused of working with cybercriminals to convert criminal proceeds from cryptocurrency into various cash currencies – Read More  –  

A surge in phishing attacks exploiting Microsoft’s OAuth device code flow has been identified by Proofpoint – Read More  –  

Chainalysis warns North Korea continues to steal billions in crypto for its weapons program – Read More  –  

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers – Read More  –  

The UK’s tax office has received 135,500 reports of suspected scams in the past 10 months including 4800 related to self assessment filings – Read More  –  

A critical flaw in the Motors WordPress theme affecting more than 20,000 installations allows low-privileged users to gain full control of websites – Read More  –  

A novel attack technique dubbed ”Lies-in-the-Loop” (LITL) has been observed manipulating human approval prompts in agentic AI systems – Read More  –  

ISACA has been appointed by the US DoD as the global credentialing authority for its CMMC program – Read More  –  

LKQ confirmed that over 9000 individuals saw their personal data compromised because of the breach – Read More  –  

Eurojust reveals new policing operation which helped to smash a Ukraine-based call center fraud gang – Read More  –  

China’s Ink Dragon is using European government networks to hide its espionage activity – Read More  –  

The process of cloud adoption in Saudi Arabia is on a fast track as the nation is following the… The post Continuous Monitoring for Cloud Protection: Best Practices for Saudi Compliance appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The browser extension Urban VPN Proxy has been reportedly collecting users’ AI chat conversations – Read More  –  

A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks – Read More  –  

Amazon researchers believe this campaign is part of a bigger operation spearheaded by Russia’s military intelligence service, the GRU – Read More  –  

US financial services firm Credit700 has revealed a major data breach impacting 5.8 million people – Read More  –  

Check Point has detected thousands of phishing emails in the past fortnight, offering fake promotions and special deals – Read More  –  

As India moves into the first full year of DPDP Act enforcement, many organisations are realising that compliance is… The post Top 7 DPDP Compliance Challenges for Indian Companies in 2026 appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment – Read More  –  

MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs – Read More  –  

Asahi Group’s CEO said he is considering creating a dedicated cyber unit following the ransomware attack that crippled the company – Read More  –  

The UK’s National Cyber Security Centre has called on businesses to apply Cyber Essentials to suppliers – Read More  –  

A fundamental change is in progress across the GCC: data privacy is to no longer be a box that… The post Data Privacy vs Compliance: Why Zero Trust Is the Future for GCC Companies appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The National Cyber Security Centre has released new learnings from a cyber deception pilot – Read More  –  

The UK’s data protection regulator has fined password manager provider LastPass £1.2m after 2022 data breach – Read More  –  

The Coupang South Korean unit’s response will be spearheaded by an executive based in the US – Read More  –  

OpenAI has reported a surge in performance as GPT-5.1-Codex-Max reaching 76% in capability assessments, and warned of upcoming cyber-risks – Read More  –  

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders – Read More  –  

New ITRC research finds 81% of US small businesses suffered a data or security breach in the past year – Read More  –  

Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit – Read More  –  

Experts say a new Firm Checker tool from the FCA won’t move the dial on fraud but is a step in the right direction – Read More  –  

Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware – Read More  –  

A new malware campaign has been identified using a Python-based delivery system to deploy CastleLoader malware – Read More  –  

Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems – Read More  –  

The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing – Read More  –  

Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug – Read More  –  

December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days – Read More  –  

Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement – Read More  –  

Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data – Read More  –  

The UK’s National Cyber Security Centre has warned of the dangers of comparing prompt injection to SQL injection – Read More  –  

Gartner has called for organizations to block today’s AI browsers on security concerns – Read More  –  

A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US – Read More  –