CATEGORIES

CloudSEK Success Stories

Articles in Blog Posts

May 5, 2025

Before the Packages Arrive: How SVigil Protected 375K+ Shoppers From a Data Leak Disaster

Right before Mother’s Day sales, a hidden flaw in a vendor’s dashboard exposed the personal and payment data of 375,000+ online shoppers—live, in real time. From Shopify tokens to refund metadata, everything was up for grabs. Here’s how CloudSEK’s SVigil stepped in just in time to prevent a massive e-commerce data disaster.

Written by

Hansika Saxena

May 5, 2025

Exposed APIs, Leaked Tokens: How a Semiconductor Giant Almost Got Breached

A recent CloudSEK BeVigil scan of a global semiconductor technology company uncovered major API security lapses. Publicly exposed Swagger documentation and Postman workspaces revealed sensitive API endpoints and even authentication tokens—offering attackers a clear path into internal systems. The audit also flagged outdated SAP components with known vulnerabilities. These oversights could enable impersonation, unauthorized access, or denial-of-service attacks. The case underscores how exposed developer tools can become serious threats. This blog breaks down the findings, the risks involved, and simple actions every organization can take to avoid similar mistakes. Don’t miss this critical wake-up call for high-tech manufacturers.

Written by

Niharika Ray

May 2, 2025

Inside the Security Gaps of a Digital Lending Firm—And What You Can Learn

CloudSEK’s BeVigil platform recently scanned a leading digital lending firm and uncovered major security gaps that could jeopardize internal operations and sensitive data. The audit revealed unauthenticated API endpoints exposing employee records, misconfigured email settings vulnerable to spoofing, and open access points that could disrupt key services. These overlooked flaws open the door to phishing, social engineering, and operational sabotage—without the need for complex hacking. This blog unpacks the full findings and offers clear steps for fintech firms to secure their internal systems. Don’t let small misconfigurations turn into big breaches—read the full report to learn how to stay protected.

Written by

Niharika Ray

May 2, 2025

How a Leading Fintech Firm Was Exposed by Simple Security Oversights

Even the smallest misstep in your digital setup can become a hacker’s gateway. CloudSEK’s BeVigil platform recently uncovered multiple high-risk vulnerabilities in a leading fintech firm’s public-facing systems—ranging from exposed error logs and open APIs to insecure email settings. These flaws could have enabled phishing, brute-force attacks, and full-scale data breaches. This blog unpacks the findings and shows how minor oversights can snowball into major threats. Whether you're in fintech or any digital-first industry, the insights here are a wake-up call: visibility and proactive security aren’t optional—they’re critical.

Written by

Niharika Ray

April 24, 2025

How a Single SQL Injection Exposed 45 Databases, 240 S3 Buckets and Entire Cloud Infrastructure

What starts as one vulnerable API can end in disaster. CloudSEK’s BeVigil uncovered a shocking SQL Injection flaw that exposed 45 databases, over 240 S3 buckets, and an entire AWS cloud setup to potential attackers. From unauthorized data access to full infrastructure takeover, this case reveals the high stakes of API misconfigurations. Dive in to see how a small security gap almost led to a catastrophic breach—and what must be done to prevent the next one.

Written by

Niharika Ray

April 15, 2025

Unprotected API Leaks Confidential Data of 33,000 Employee Records—BeVigil Raises the Alarm

An exposed API belonging to a major tech service provider left sensitive data of over 33,000 employees publicly accessible—without any authentication. CloudSEK’s BeVigil uncovered unrestricted endpoints leaking personal details, asset configurations, and internal project information, posing serious risks of data theft, social engineering, and further cyberattacks. This report breaks down the vulnerability, potential impact, and the urgent steps organizations must take to secure their APIs before attackers exploit them.

Written by

Niharika Ray

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.