🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CATEGORIES

CloudSEK Success Stories

Articles in Blog Posts

August 14, 2025

From One File to Full Exposure: Vendor’s .git File Leaks Source Code, Secrets, and Over 1 Million PII Records of Automotive Giants

CloudSEK’s SVigil uncovered a misconfigured .git repository at a major roadside assistance and insurance vendor, exposing over 20GB of sensitive data tied to leading automotive brands. The leak included full source code, payment gateway tokens, cloud database credentials, and over 1 million PII records of customers and merchants. This flaw risked large-scale phishing, fraud, identity theft, and severe reputational damage across India’s automotive and insurance ecosystem.

Written by

Hansika Saxena

May 30, 2025

50,000+ Azure AD Users Exposed via Unsecured API: BeVigil Uncovers Critical Flaw

An unsecured API endpoint buried inside a JavaScript file gave attackers the keys to the kingdom—direct access to sensitive Microsoft Graph data of thousands of employees, including top executives. CloudSEK’s BeVigil platform uncovered how this silent slip could lead to identity theft, phishing attacks, and regulatory nightmares. Here’s how it unfolded—and what your organization must do to stay safe.

Written by

Niharika Ray

May 23, 2025

Exposed and Exploitable: How an LFI Flaw Left a Travel Giant’s Server Files Open to Hackers

A single misconfigured endpoint. That’s all it took to expose root-level server access, hardcoded credentials, and sensitive configs of a major travel platform. In this gripping exposé, CloudSEK’s BeVigil unpacks how a seemingly minor oversight escalated into a full-blown Local File Inclusion (LFI) vulnerability—no authentication required. From source code leaks to credential harvesting, discover how attackers could’ve breached the entire infrastructure—and what your organization must do to avoid the same fate.

Written by

Niharika Ray

May 20, 2025

CloudSEK Raises $19 Million in Series B1 Funding to Scale Predictive Cybersecurity Platform

CloudSEK has raised $19 million in its Series B1 funding rounds to accelerate global expansion and advance its AI-driven threat intelligence platform. With backing from top global investors like MassMutual Ventures, Commvault, and Tenacity Ventures, the company aims to redefine cybersecurity by predicting and neutralizing threats before they escalate. Trusted by over 250 enterprises across critical sectors, CloudSEK’s proactive approach—focusing on initial attack vectors like leaked credentials and exposed APIs—has earned it industry acclaim and rapid global growth, particularly in the U.S.

Written by

Rahul Sasi

May 13, 2025

Sensitive Credentials Exposed on GitHub: How CloudSEK Secured PII and Financial Data of 500+ Employees for a Global IT Training Company

CloudSEK’s XVigil platform averted a major data breach at a leading IT training company after detecting exposed credentials in a public GitHub repository. These credentials provided access to the firm’s internal Resource Management System (RMS), which controlled critical operations such as salary processing and policy approvals. Had they been misused, sensitive employee data and financial systems could’ve been compromised. Thanks to CloudSEK’s swift intervention—including credential revocation, repository lockdown, and multi-factor authentication—the breach was prevented, and no data was lost. This incident highlights how real-time threat detection and rapid response can protect businesses from costly cyber incidents.

Written by

Anjali Bhavesh Thacker

May 5, 2025

Before the Packages Arrive: How SVigil Protected 375K+ Shoppers From a Data Leak Disaster

Right before Mother’s Day sales, a hidden flaw in a vendor’s dashboard exposed the personal and payment data of 375,000+ online shoppers—live, in real time. From Shopify tokens to refund metadata, everything was up for grabs. Here’s how CloudSEK’s SVigil stepped in just in time to prevent a massive e-commerce data disaster.

Written by

Hansika Saxena

Articles in Threat Intelligence

November 15, 2023

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts

November 6, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.

November 6, 2023

CVE-2023-4197 Vulnerability in Dolibarr ERP CRM 18.0.1 Allows PHP Code Injection

CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code

September 8, 2023

Hoze shell script dropped along with XMRig miners on misconfigured SSH Servers by Brute Forcing

CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH. 

September 4, 2023

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site

August 28, 2023

Rogue Scripts Are Exploiting OTP Verification APIs To Send Heaps of OTP SMSes, Hold The Potential Of Triggering Service Disruptions.

Discover how CloudSEK's AI-powered XVigil platform identified concerning GitHub repositories mentioning Indian companies and their APIs.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.