News

India's CERT-In has issued a warning about the increasing threat of artificial intelligence-driven cyberattacks, as hackers leverage advanced automated tools to breach systems. The advisory highlights how attackers are utilizing AI technologies to enhance their attack capabilities, enabling more sophisticated and targeted campaigns against organizations and individuals. CERT-In recommends strengthening security measures and maintaining vigilant monitoring of network activities. Users are advised to keep systems updated with latest patches and implement robust security protocols to defend against these evolving threats. Source: sarkaritel.com

A coordinated cyber attack called Megalodon compromised over 5,500 public GitHub repositories by injecting malicious commits into GitHub Actions workflows. Researchers at SafeDep detected the campaign on May 18, which pushed 5,718 harmful commits within six hours using stolen credentials. The attack modified workflow files to include base64-encoded scripts designed to steal sensitive data like cloud credentials, SSH keys, and OIDC tokens during code execution. Major targets included repositories from Wiznet, Tiledesk, and persian-tools projects. Security researchers recommend monitoring unexpected workflow runs and reviewing cloud audit logs for suspicious token requests. The operation bore similarities to previous TeamPCP attacks, using backdated commits to conceal malicious activity timing. Source: SafeDep and OX Security Research.

Nimbus Manticore, an Iranian advanced persistent threat (APT) group, continues targeting aviation and software companies with newly upgraded hacking tools. The group has maintained its cyber operations during and after recent US military activities against Iran. This represents an ongoing threat to critical infrastructure and technology sectors globally. Indian organizations in aviation and software development should enhance their security measures, including employee awareness training, network monitoring, and incident response protocols. Organizations are advised to patch vulnerabilities promptly and implement multi-factor authentication to mitigate risks from such state-sponsored cyber threats. Source: SecurityWeek.

Microsoft is rolling out a new feature in Defender for Endpoint that automatically isolates infected computers to prevent attackers from spreading across networks. This capability detects when a system is compromised and disconnects it from the network, blocking lateral movement attempts by cybercriminals. The feature is currently in testing phase and aims to reduce response time during security incidents. For Indian organizations relying on Microsoft security tools, this addition strengthens endpoint protection by minimizing damage from breaches before manual intervention occurs. Source: Original announcement.

Eppendorf BioFlo 320 bioreactors, used in healthcare and research facilities worldwide, face a critical vulnerability through hard-coded VNC (Virtual Network Computing) credentials. Attackers with network access can exploit this flaw to gain complete control of the device's user interface and functionality. The vulnerability affects all BioFlo 320 models, with a CVSS severity score of 9.8. Eppendorf has released software updates removing VNC access permanently. Users are advised to verify VNC is disabled, restrict VNC settings to Admin and Supervisor roles, and install Version 5.0 software immediately. The company notes VNC shipped disabled by default but recommends security hardening measures. Source: Eppendorf Security Advisory.

ABB has identified a critical vulnerability in its Ability Zenon Remote Transport software affecting versions 7.50 through 14. The flaw enables attackers to bypass authentication and trigger unauthorized system reboots without proper credentials. The vulnerability (CVE-2025-8754) stems from missing authentication controls in the default configuration. Exploitation requires prior network access to affected systems. The vulnerability impacts critical infrastructure sectors including energy, healthcare, water management, and communications worldwide. Currently, no active exploitation in the wild has been reported. ABB recommends restricting network access to systems running the affected software as a temporary measure. Source: ABB Security Advisory.

ABB has identified critical vulnerabilities in its Ability Camera Connect software versions 1.5.0.14 and below, stemming from an outdated VLC media player component (version 2.2.4). The vulnerabilities include heap-based buffer overflow and integer overflow issues that could allow attackers to crash the system or execute arbitrary code. The CVSS score is 9.8, indicating critical severity. ABB has released updates to address these flaws. The software is deployed globally across critical infrastructure sectors including energy, communications, and manufacturing. Users are advised to upgrade to patched versions immediately. Source: ABB Security Advisory.

ABB B&R has identified a critical vulnerability in the System Diagnostics Manager (SDM) component of its Automation Runtime software affecting versions before 6.3 and Q4.93. The flaw, classified as improper resource locking (CVE-2025-3450), allows unauthenticated network attackers to delete data and cause system outages. The vulnerability has a CVSS score of 10, indicating critical severity. Affected industries include energy, manufacturing, healthcare, and water treatment systems worldwide. B&R has released patched versions 6.3 and Q4.93. The company recommends immediate updates for users running SDM on their systems. SDM is disabled by default in Automation Runtime 6 and should not operate outside secured production networks. Source: ABB Security Advisory.

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a new actively exploited vulnerability in the LiteSpeed cPanel Plugin (CVE-2026-48172) that allows privilege escalation. The flaw has been added to CISA's Known Exploited Vulnerabilities Catalog, which tracks security weaknesses actively used by cyber criminals. While CISA's mandatory patching directive applies only to US federal agencies, the organization urges all businesses and organizations to prioritize fixing such vulnerabilities immediately. Privilege escalation flaws are commonly exploited by attackers to gain unauthorized system access. Organizations should review their systems and apply available patches promptly to prevent exploitation. Source: CISA.

ABB has identified a heap memory overflow vulnerability (CVE-2025-5517) affecting multiple versions of its Terra AC electric vehicle charging stations worldwide. Attackers could exploit unencrypted OCPP messages to compromise affected chargers, potentially gaining remote control and altering firmware behavior. Impacted models include UL40/80A, UL32A, MID/CE, and JP variants across various firmware versions. ABB recommends users immediately update to patched versions: 1.8.33 or 1.8.34 depending on model. The company also advises against using unencrypted HTTP connections between chargers and management systems, despite OCPP protocol allowing it, to prevent malicious interference.

ABB has disclosed a buffer over-read vulnerability (CVE-2025-7745) affecting its AC500 V2 industrial controller used in critical manufacturing, energy, and water sectors worldwide. Attackers exploiting this flaw could intercept fragments of previously sent Modbus telegrams from the programmable logic controller. The vulnerability affects versions 2.5.2 and earlier. The CVSS score of 5.8 indicates medium severity with network-based access possible without authentication. ABB released firmware version 2.5.3 (2016) and later versions to address the issue. Industrial organizations operating AC500 V2 systems should prioritize updating to patched firmware versions immediately. Source: CISA.

Cybercriminals are increasingly leveraging artificial intelligence to conduct more sophisticated and damaging distributed denial-of-service (DDoS) attacks. Unlike traditional methods, AI-enhanced attacks are faster, more powerful, and difficult to counter. Hackers use these intelligent tools to identify system vulnerabilities automatically, making defenses less effective. Security experts warn that organizations must adopt advanced detection mechanisms and stronger safeguards to protect against these evolving threats. Understanding these new attack patterns is crucial for Indian businesses and website operators to implement adequate preventive measures and stay ahead of cybercriminals. Source: The Hacker News.