Midnight Web by Rahul Banerjee

Naukri, a leading Indian jobs website, has patched a vulnerability that revealed the email IDs of recruiters posting jobs on its site to hunt for and recruit candidates online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri’s platform. The issue did not appear to affect the company’s website. The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch. He stated that open email IDs could be included in public breach databases or spam lists, and bulk scraping of email addresses can result in automated bot abuse or scams. TechCrunch confirmed the exposure after Gowda made disclosures regarding the bug. The researcher confirmed to TechCrunch that the bug was remediated earlier this week, which Naukri seco...

  Procolored, a Chinese printer manufacturer, has been sending infecting its customers with backdoors, infostealers, and cryptocurrency stealers - for six months. This information comes from cybersecurity researchers at G Data, who were alerted to the supply chain attack by a technical author and content creator, Cameron Coward. Apparently, Coward wanted to review one of Procolored’s printers. After attempting to install the accompanying software from a USB stick, he was alerted to the presence of the Floxif worm. He reached out to the company who dismissed the warning as a false positive. Unsatisfied with this response, Coward turned to Reddit, where his thread was picked up by G Data‘s cyber security researchers. G Data, however, discovered that 39 software downloads, hosted on mega.nz and last updated in October 2024, had been infected with two malware families, namely an information stealer and a backdoor. 1.Win32.Backdoor.XRedRAT.A 2.MSIL.Trojan-Stealer.CoinStealer.H ...

Seven Advanced Persistent Threat (APT) groups associated with Pakistan attempted to infiltrate Indian infrastructure, resulting in a staggering 99.99% failure rate despite launching over 1.5 million cyberattacks. Identified by Maharashtra Cyber, these groups employed various tactics including malware, DDoS attacks, GPS spoofing, and misinformation campaigns, with only 150 attacks achieving success and causing negligible disruption. 1.         APT36 (Transparent Tribe): Known for cyber espionage since 2013, it targets Indian defense and government sectors using CrimsonRAT malware via spear-phishing. 2.        Pakistan Cyber Force: Claimed breaches of Military Engineering Services and Manohar Parrikar Institute, and defaced Armoured Vehicle Nigam Limited’s website with Pakistan’s flag. 3.        Team Insane PK: Targeted Indian Army websites, like the Army College of Nursing, with provocative messaging. ...