IT KART

empowering organizations to stay secure, resilient, and future-ready.

IT KART is a leading Managed Security Service Provider (MSSP) and Managed Service Provider (MSP) delivering comprehensive cybersecurity, IT infrastructure, and compliance solutions. IT KART, based in India, is a prominent provider of cybersecurity and cloud security consulting and solutions. The business, established with the primary goal of bringing affordable executive leadership and security en

gineering expertise to organizations of all sizes, specializes in cyber security, cyber security consulting, and cyber protection. The core offerings of IT KART include a diverse array of cybersecurity services and solutions tailored to meet the ever-evolving challenges of the digital landscape. The comprehensive cybersecurity services encompass Vulnerability Assessment and Penetration Testing (VAPT), the expertise of a Virtual Chief Information Security Officer (CISO), specialized Banking Cyber Security, and proactive Dark Web Monitoring. On the solutions front, IT KART provides a range of advanced offerings such as Advanced Security with Endpoint Detection and Response (EDR), Data Loss Prevenstion (DLP) comprehensive management tools, state-of-the-art email security, and advanced file synchronization and sharing capabilities. Recognizing the importance of digital forensics, IT KART offers a dedicated suite of services including Computer, Mobile, Network, Email, and Database Forensics, as well as essential Data Recovery. In response to the imperative nature of data protection, IT KART provides robust Cloud Backup Solutions to ensure the safety and integrity of data. Services include Advanced Backup, backups for Windows and Linux servers, Microsoft 365, Microsoft Azure VM, Google Workspace, and Hyper-V. In the digitally connected age, where the importance of cybersecurity cannot be overstated, IT KART stands out as a leading cybersecurity consultancy. As cybercriminals become more sophisticated, businesses of all sizes face increasing risks, making it essential for companies to defend themselves effectively against digital threats. IT KART emerges as an invaluable ally for companies looking to bolster their digital defenses and protect their systems from cyber breaches. With over 12 years of experience, IT KART prides itself on meeting client requests with enthusiasm, passion, and tailored solutions that consistently deliver outstanding results. The company values client opinions, and its reputation in cyber security, cyber security consulting, and cyber protection has grown from strength to strength.

29/05/2026

🚨 Security Flaw Discovered in CP Plus Network Video Recorder

A newly disclosed security issue has been identified in CP Plus 8-Channel Network Video Recorder (NVR) devices. The vulnerability could allow attackers to inject malicious scripts into the web interface, potentially enabling unauthorized actions, session hijacking, data exposure, and manipulation of system settings.

📌 Affected Product:
• CP Plus CP-UNR-108F1 NVR

📌 Vulnerability:
• CVE-2026-6824
• Cross-Site Scripting (XSS)
• CVSS Score: 8.4 (High)

Organizations using affected NVR systems should review their deployments, restrict internet exposure, strengthen network segmentation, and apply vendor-recommended security measures to reduce risk.

No active exploitation of this vulnerability has been reported publicly so far.

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

28/05/2026

🚨 Critical Google Chrome Vulnerabilities Found — Update Right Away

Several serious security flaws have been found in Google Chrome for desktop computers. These issues could let attackers run harmful code remotely, expose private information, cause systems to crash, and bypass security protections through harmful websites.

📌 Versions Affected:
• All versions of Google Chrome before 148.0.7778.178 on Linux
• All versions of Google Chrome before 148.0.7778.179 on Windows and macOS

These weaknesses affect various parts of Chrome, such as WebRTC, GPU, QUIC, DOM, Service Workers, and UI features. Users and companies must install the most recent security updates right away to keep their systems safe.

🔐 Keeping your browser up to date is a key part of protecting against today’s cyber risks.

Stay with us — because every update strengthens your security!

For Cybersecurity Services and Solutions, visit itkart.io

27/05/2026

🚨 Critical Cisco Secure Workload Vulnerability Disclosed 🚨

A newly identified critical security flaw in Cisco Secure Workload could allow unauthenticated attackers to gain elevated privileges, alter configurations, and access sensitive data across targeted environments.

🔹 Affected Versions:

• Cisco Secure Workload 3.9 and earlier

• Cisco Secure Workload 3.10.x before 3.10.8.3

• Cisco Secure Workload 4.0.x before 4.0.3.17

🔹 Main Concern:

The issue originates from improper validation and authentication in internal REST API endpoints, potentially enabling attackers to send crafted API requests and bypass security controls.

🔹 Potential Risks:

• Unauthorized privileged access

• Cross-tenant configuration manipulation

• Sensitive information exposure

• Security policy compromise

Organizations using Cisco Secure Workload are strongly advised to review Cisco’s official advisory and apply the latest security updates immediately.

Stay proactive — timely patching is the first line of defense against modern cyber threats.

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

26/05/2026

🚨 More than 700 Ghost CMS websites compromised in an active exploitation campaign targeting CVE-2026-26980.

Threat actors abused the SQL Injection vulnerability to obtain Admin API keys and inject malicious JavaScript loaders into website articles. Major platforms and university-related websites, including Harvard, Oxford, and DuckDuckGo, were reportedly impacted.

Researchers also observed multiple attacker groups competing to infect vulnerable Ghost CMS sites.

Organizations using Ghost CMS should immediately apply security patches and review admin/API activity for unauthorized changes.

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

22/05/2026

🚨 Major Supply Chain Security Incident Hits GitHub

GitHub has confirmed a large-scale cyberattack impacting nearly 3,800 internal repositories after a staff member unknowingly installed a malicious VS Code extension.

The attack, allegedly linked to the TeamPCP threat group, reportedly exposed sensitive internal source code and organizational data. The hackers even attempted to sell the stolen information on underground forums for $50,000.

Security researchers warn that modern developer tools and extensions are becoming prime attack vectors, giving attackers access to credentials, SSH keys, cloud secrets, and critical infrastructure through a single compromised machine.

This incident highlights the growing risk of software supply chain attacks and the urgent need for stronger monitoring of developer environments and third-party extensions.

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

07/05/2026

🚨 Critical Security Alert: New PAN-OS Firewall Flaw Added to KEV List

A newly disclosed vulnerability, CVE-2026-0300, has been identified in Palo Alto Networks PAN-OS affecting the User-ID Authentication Portal service.

The flaw allows remote attackers to potentially gain root-level code ex*****on on affected PA-Series and VM-Series firewalls using specially crafted network packets.

The issue is classified as an Out-of-Bounds Write vulnerability (CWE-787) and has already been added to the Known Exploited Vulnerabilities (KEV) catalog due to its high risk.
🔍 Temporary Mitigation Steps:
• Limit Captive Portal access to trusted network zones only
• Disable the User-ID Authentication Portal if it is not needed
• Apply vendor guidance and monitor for official security patches

Organizations using PAN-OS firewalls should review exposure immediately and strengthen perimeter defenses before exploitation attempts increase.

Stay with us — where every update means stronger security!
For Cybersecurity Services and Solutions, please visit itkart.io

06/05/2026

🚨 Critical Apache HTTP/2 Security Flaw Patched in Apache HTTP Server

A newly disclosed vulnerability, tracked as CVE-2026-23918, has exposed Apache HTTP Server deployments to serious security risks including Denial-of-Service (DoS) and possible Remote Code Ex*****on (RCE).

The flaw impacts Apache HTTP Server 2.4.66 within the mod_http2 component and has now been fixed in version 2.4.67.

🔍 Researchers revealed the issue originates from a double-free memory corruption bug triggered through specially crafted HTTP/2 stream reset sequences. Attackers can reportedly crash worker processes with minimal effort, while advanced exploitation may allow arbitrary command ex*****on under specific server configurations.

⚠️ Systems using multi-threaded MPM with HTTP/2 enabled are considered exposed, especially deployments running APR mmap allocator configurations commonly found in Debian-based environments and official Apache Docker images.

🛡️ Organizations are strongly advised to immediately upgrade to Apache HTTP Server 2.4.67 and review HTTP/2 exposure across internet-facing services.

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

05/05/2026

🚨 Critical Alert: MOVEit Automation Flaws Fixed

Progress Software has released security updates to address serious vulnerabilities in MOVEit Automation, including a critical authentication bypass flaw.

Key Vulnerabilities:
CVE-2026-4670 (CVSS 9.8)
→ Could allow attackers to bypass login and gain unauthorized access
CVE-2026-5174 (CVSS 7.7)
→ Improper input validation may enable elevated access

Exploitation could result in:
Unauthorized access
Administrative control
Data exposure

Affected Versions:
MOVEit Automation ≤ 2025.1.4 → fixed in 2025.1.5
MOVEit Automation ≤ 2025.0.8 → fixed in 2025.0.9
MOVEit Automation ≤ 2024.1.7 → fixed in 2024.1.8

Why it matters:
MOVEit platforms have previously been targeted by ransomware groups like Cl0p, making timely patching essential to reduce risk.

Stay with us — where every update means stronger security!
For Cybersecurity Services and Solutions, please visit itkart.io

04/05/2026

🚨 Critical Linux Flaw Now Actively Exploited — Immediate Action Required
A newly highlighted Linux vulnerability, CVE-2026-31431, has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) list after confirmed real-world attacks.

🔍 What’s happening?
A long-standing flaw in the Linux kernel allows attackers with basic system access to escalate privileges and gain full root control.

⚠️ Why it matters:
Affects multiple Linux distributions (since 2017)
Exploitation is simple and reliable
Works inside containers (Docker, Kubernetes, LXC)
Hard to detect — uses normal system behavior
Public exploit code already circulating

💡 Attack insight:
Threat actors can manipulate in-memory executable data (page cache), injecting malicious code into trusted binaries like /usr/bin/su — without modifying files on disk.
🛡️ What should you do?
Update to patched kernel versions immediately
Restrict local access and enforce least privilege
Isolate critical systems and containers
Monitor suspicious privilege escalation behavior

⏳ Deadline alert: U.S. agencies must patch by May 15, 2026 — a strong signal of urgency for everyone.

Stay with us — where every update means stronger security!
For Cybersecurity Services and Solutions, please visit itkart.io

30/04/2026

🚨 SAP npm Ecosystem Hit by Supply Chain Attack

Several SAP-related npm packages were compromised to deliver credential-stealing malware targeting developers and CI/CD pipelines.

🔍 Key Points:
• Malicious preinstall scripts executed during package installation
• Sensitive data like GitHub, npm, and cloud tokens targeted
• Malware spreads via CI/CD workflows and developer environments
• Persistence achieved through tools like Visual Studio Code

⚠️ The campaign shows a shift toward attacking developer tools and software supply chains.

Stay secure. 🔐

Stay with us — where every update means stronger security!

For Cybersecurity Services and Solutions, please visit itkart.io

29/04/2026

🚨 LiteLLM SQLi Attack (CVE-2026-42208)
Hackers are actively exploiting a pre-auth SQL injection flaw in LiteLLM, allowing them to send crafted Authorization: Bearer headers and access internal database data without login.
🔍 Impact:
Exposure of API keys, master keys, and provider credentials
Access to environment configs and secrets
Potential for full takeover of AI integrations

⚠️ Attack pattern:
Targeting /chat/completions endpoint
Highly targeted queries focusing only on sensitive tables
Rapid exploitation observed within ~36 hours of disclosure

🛠️ Fix:
Upgrade to v1.83.7+ (uses parameterized queries)
Rotate all stored credentials immediately
Temporary workaround: disable error logs

Stay with us — where every update means stronger security! 🔐
For Cybersecurity Services and Solutions, please visit itkart.io

Claim ownership or report listing

Want your business to be the top-listed Furniture Store in Gurugram?

Click here to claim your Sponsored Listing.

Location

Gurugram

Contact the business

Click here to send a message to the business

Telephone

+918484844985

Website

https://www.itkart.io/

Address

B38, Sunder Singh Marg, Block B, DLF Colony, Sector 14
Gurugram
122001