Achive.php March 28, 2025 - The Cyber Shark
Contributor

Archives for March 28, 2025

Mozilla Fixes a Serious Firefox Issue Like the New Zero-Day Vulnerability in Chrome

Mozilla Fixes

Mozilla has patched a critical sandbox escape vulnerability (CVE-2025-2857) in Firefox for Windows, with no evidence of active exploitation. Only a few days after Google patched a similar vulnerability in Chrome that was actively exploited as a zero-day, Mozilla has published fixes to fix a serious security weakness affecting its Firefox browser for Windows. According to descriptions, the security flaw CVE-2025-2857 is an instance of an improper handle that could result in a sandbox escape. “Following the recent Chrome , Mozilla sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC [inter-process communication] code,” an alert from Mozilla stated. “A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.” In Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1, the flaw that impacts both Firefox and Firefox ESR has been fixed. CVE-2025-2857 has not been exploited in the wild, according to any evidence. To address CVE-2025-2783, which has been used in the wild as part of attacks on Russian government agencies, media outlets, and educational institutions, Google published Chrome version 134.0.6998.177/.178 for Windows. The infection happened when unidentified victims clicked on a specifically constructed link in phishing emails and used Chrome to access the attacker-controlled website, according to Kaspersky, which discovered the activity in mid-March 2025. According to reports, CVE-2025-2783 was linked to another unidentified browser exploit to bypass the sandbox’s restrictions and accomplish remote code execution. Nevertheless, fixing the flaw successfully stops the whole assault chain. Since then, the vulnerability has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) database, and federal agencies are required to implement the required mitigations by April 17, 2025. To protect themselves from potential threats, users are advised to update their browser instances to the most recent versions.

Over 13 Million Indian Banking Customers’ Data Allegedly Leaked and Sold on Dark Web

Indian Banking Customers

A threat actor claims to have stolen and is selling sensitive financial data of over 13 million Indian banking customers on the dark web. A threat actor has surfaced on a well-known dark web forum, claiming to have gained access to and exfiltrated sensitive financial data belonging to over 13 million Indian banking customers. This shocking revelation has raised serious concerns about the state of data security in India’s banking ecosystem. The purported data dump, which is allegedly the product of a significant breach, is currently being offered for $10,000 to one buyer alone. Scope of the Leak According to the dark web article, the compromised data include financial and personal details like: Full names of account holders Indian Banking Customers account numbers Indian Banking Customers IFSC codes Indian Banking Customers Registered mobile numbers Indian Banking Customers Email addresses The threat actor has allegedly supplied a sample of 6,000 data from the purported breach to bolster the veracity of the claim. The entire dataset, which is 11.2 GB in size, is reportedly formatted in CSV. By declaring that only one buyer would be considered and that escrow services would be accepted to complete the transaction, the threat actor further highlighted the gravity of the sale. This unusual approach demonstrates the actor’s faith in the veracity of the breach. Top Banks Allegedly Affected The forum post claims that the customer datasets of numerous well-known Indian financial institutions are impacted by the incident, including: State Bank of India (SBI) HDFC Bank ICICI Bank Kotak Mahindra Bank Several other private and public sector banks Cyber intelligence specialists are conjecturing about a potential vulnerability exploited through third-party banking APIs or KYC data aggregators, even though the exact manner of infiltration is still unknown. Potential Risks and Implications Experts in cybersecurity caution that if confirmed, such a vulnerability might have serious repercussions: Financial fraud: Access to account numbers and phone numbers could allow cybercriminals to launch targeted phishing or vishing attacks. Identity theft: The combination of email, phone numbers, and bank data could allow for large-scale impersonation and KYC fraud. Reputational damage: If major banks are indeed involved, the fallout could impact consumer trust and regulatory compliance in the fintech space. A senior analyst at a top cybersecurity company declared, “This is not just a leak; if verified, it’s a bombshell.” The scale and extent point to either extreme neglect or a profound penetration. By using escrow, the seller demonstrates their expertise in high-value cybercrime activities. Authorities and Institutions on Alert The Reserve Bank of India (RBI) and the Indian Computer Emergency Response Team (CERT-In) have not yet released a formal statement. Additionally, no confirmations or rejections have been made by representatives of the banks listed in the leak. Dark Web Marketplace Trends This hack is just one more illustration of how the dark web is developing into a marketplace for strategic and private information. Threat actors are increasingly acting like businesses by offering escrow, negotiating exclusive deals with buyers, and supplying samples. Because of the growth of fintech apps and digital banking, there is still a high demand for banking data in particular. Previous instances have demonstrated how these leaks support account takeovers, loan fraud, and social engineering.