News

The Central Board of Secondary Education (CBSE) has denied allegations of a breach affecting its Open Source Management (OSM) system. A hacker claiming responsibility sparked controversy by registering similar URLs, creating confusion about which website was legitimate. CBSE clarified that no sensitive data was compromised and that the incident involved only a URL registration dispute rather than an actual security breach. The board advised users to verify official websites before accessing educational portals. This incident highlights the risks of domain spoofing and the importance of verifying authentic government websites. Source: India Today.

The Central Board of Secondary Education (CBSE) has refuted claims of a security breach in its evaluation portal. According to the board's statement, the targeted website contains only test data and no actual student records or sensitive information were compromised. CBSE emphasized that their main evaluation systems remain secure and unaffected. The clarification comes after reports suggested unauthorized access to the portal. Officials stated that routine security protocols are in place to protect educational data. Students and parents are advised not to panic, as no personal or examination-related information has been exposed from the official systems. Source: India Today.

AppOmni has launched Marlin AI, a tool designed to automatically detect and investigate misconfigurations in Software-as-a-Service (SaaS) applications used by enterprises. The AI system analyzes security vulnerabilities across cloud environments and traces related suspicious activities within organizational networks. It provides detailed remediation recommendations to address identified issues. However, the system stops short of implementing fixes automatically, requiring human approval before taking corrective actions. This approach balances efficiency with safety, allowing security teams to review recommendations before deployment. The development highlights growing reliance on AI for managing complex cloud security challenges in modern enterprises. Source: SecurityWeek.

A significant data breach at 7-Eleven has compromised personal information of over 185,000 individuals. The leaked data includes sensitive details such as names, dates of birth, postal addresses, and Social Security numbers, as confirmed by state government records. This incident highlights the vulnerability of retail chains to cyber attacks and the risks customers face when their information is stored by large corporations. Affected individuals should monitor their accounts for suspicious activity and consider identity theft protection measures. Source: State Government Security Notice.

Reform UK leader Nigel Farage claims Russian hackers infiltrated his phone and disclosed information about a £5 million financial gift. However, cybersecurity specialists have expressed skepticism, requesting concrete evidence to support the allegations. The incident highlights growing concerns about political figures being targeted by state-sponsored cyber operations. Experts emphasize that without substantiated technical proof, such claims remain unverified. This case underscores the importance of proper incident investigation and transparent communication when reporting potential breaches. Source: The Guardian.

ABB has identified a critical vulnerability (CVE-2025-9970) in its LVS MConfig software affecting versions 1.4.9.21 and earlier. The flaw allows local network attackers to extract memory dump files containing plaintext passwords stored in the application's memory. If these dumps are mishandled, attackers could obtain sensitive credentials. The vulnerability impacts critical infrastructure sectors including energy, manufacturing, and water systems worldwide. ABB rates the issue as HIGH severity (CVSS 7.4) and has released MConfig version 1.4.9.22 as a fix. Users are strongly advised to update immediately and implement the defensive measures outlined in product documentation. Source: CISA.

A data breach at 7-Eleven has compromised personal information of approximately 185,000 individuals. The hacking group ShinyHunters claims responsibility for the incident and has leaked stolen data including email addresses, full names, residential addresses, and dates of birth. This type of breach exposes victims to identity theft and targeted fraud schemes. Customers affected should monitor their accounts for suspicious activity and consider placing fraud alerts with credit bureaus. Data breaches involving such personal information remain a significant cybersecurity concern for retail chains globally. Source: SecurityWeek.

A critical SQL injection vulnerability, tracked as CVE-2026-9082, has been identified in Drupal installations running PostgreSQL databases. This flaw allows attackers to execute arbitrary SQL commands, potentially compromising sensitive data stored in affected systems. Organizations using Drupal with PostgreSQL backends are urged to apply security patches immediately. The vulnerability poses significant risks to websites and applications relying on this content management system. Security experts recommend administrators prioritize updates and implement additional access controls to prevent exploitation. Source: Security Boulevard.

Cybercriminal group ShinyHunters compromised 7-Eleven's systems in April, stealing personal information of over 183,000 individuals, according to Have I Been Pwned, a data breach notification service. The convenience store chain fell victim to the extortion-focused gang, which gained unauthorized access to customer records. Affected individuals may face identity theft and fraud risks. 7-Eleven customers should monitor their accounts for suspicious activity and consider placing fraud alerts with credit bureaus. The breach highlights ongoing security vulnerabilities in retail sector databases, emphasizing the need for stronger cybersecurity measures among major corporations handling sensitive customer data. Source: Have I Been Pwned.

Zero-knowledge encryption, a security method designed to protect user privacy, may fail to prevent password theft during server breaches. Even with this advanced encryption technique, if attackers gain unauthorized access to servers, they could potentially extract stored passwords. Security experts warn that zero-knowledge encryption alone is insufficient protection. Organizations must implement multi-layered security measures including strong authentication protocols, regular security audits, and immediate breach response procedures. Users are advised to enable two-factor authentication and use unique passwords across platforms. This highlights the importance of comprehensive cybersecurity strategies beyond encryption alone. Source: Original publication.

The US Cybersecurity and Infrastructure Security Agency (CISA) faces congressional pressure following a significant data breach. A CISA contractor deliberately exposed AWS cloud credentials and sensitive agency information on a public GitHub repository. Lawmakers from both chambers are demanding explanations as CISA works to contain the incident and revoke compromised access credentials. The breach highlights security vulnerabilities within government cybersecurity infrastructure and has raised questions about contractor oversight and data protection protocols. Source: KrebsOnSecurity.

A contractor working with the US Cybersecurity & Infrastructure Security Agency (CISA) inadvertently exposed privileged AWS GovCloud account credentials through a publicly accessible GitHub repository until recently. The leaked data included internal documentation revealing CISA's software development, testing, and deployment processes across multiple systems. Security researchers have characterized this as one of the most significant government data breaches in recent memory. The exposure compromised highly sensitive infrastructure security information that could potentially be exploited by malicious actors to compromise critical systems. Source: Cybersecurity News.