News

An advanced persistent threat group linked to China has conducted cyberattacks against European government agencies using legitimate platforms like Discord and Microsoft Graph APIs as command-and-control channels. The attackers employed SOCKS proxies including SoftEther VPN to mask their activities and establish secure tunneling between compromised systems and attacker infrastructure. This sophisticated approach allowed the group to evade detection by blending malicious traffic with normal communications. Security researchers identified this campaign as part of a broader espionage operation targeting sensitive government networks across the EU region. Source: Cybersecurity publication.

A 23-year-old from Ottawa has been arrested by Canadian authorities for allegedly developing and running Kimwolf, a rapidly spreading botnet targeting Internet-of-Things devices. The malicious software compromised millions of devices to launch large-scale DDoS attacks over six months. The suspect faces criminal hacking charges in both Canada and the United States after launching DDoS, doxing, and swatting attacks against security researchers and journalists. The arrest follows public identification of the accused in early 2026 following these coordinated cyber attacks. Source: KrebsOnSecurity.

Researchers utilized Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 processor. The discovery highlights emerging risks where advanced AI systems can be leveraged to uncover critical security flaws in operating systems. Kernel-level vulnerabilities are particularly dangerous as they can grant attackers complete system control and bypass security protections. Apple users running M5-based devices should monitor for security patches addressing this issue. This incident underscores the dual-use nature of AI technologies and the importance of responsible disclosure practices in cybersecurity research. Source: News Article.

Microsoft has announced new security updates designed to enhance visibility, control, and protection across interconnected systems. The updates focus on addressing emerging threats as organizations increasingly adopt artificial intelligence. These enhancements aim to provide comprehensive security coverage for expanding digital ecosystems. The improvements are part of Microsoft's ongoing commitment to securing enterprise environments against evolving cyber threats. Organizations are encouraged to review the latest security features and implement them to strengthen their defensive posture. Source: Microsoft Security Blog.

Microsoft has issued a warning about previously unknown vulnerabilities in its Windows Defender security software that are being actively exploited by attackers. These zero-day flaws allow threat actors to bypass security protections and potentially compromise affected systems. The vulnerabilities represent a significant risk to users who rely on Defender as their primary antivirus solution. Microsoft is urging users to apply security updates and implement additional protective measures. The company is actively investigating the scope of attacks and working on patches to address these critical security gaps. Users should remain vigilant and monitor their systems for suspicious activity. Source: Microsoft Security Advisory.

Security researchers have identified an attack technique called Underminr that exploits domain-fronting vulnerabilities in content delivery networks. This method allows attackers to intercept and modify web requests while masking their malicious activity behind trusted websites. By leveraging legitimate domains, threat actors can hijack a website's brand and redirect users without detection. This attack poses significant risks to businesses and users who may unknowingly interact with compromised content. Organizations using content delivery services should review their security configurations and implement additional safeguards to prevent unauthorized request manipulation and brand misuse. Source: Cybersecurity Publication.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two vulnerabilities actively being exploited by attackers: CVE-2025-34291 in Langflow (origin validation flaw) and CVE-2026-34926 in Trend Micro Apex One (directory traversal issue). These flaws are now part of CISA's Known Exploited Vulnerabilities Catalog, a continuously updated list of security risks threatening critical systems. While U.S. federal agencies must patch these vulnerabilities immediately under directive BOD 22-01, CISA recommends all organizations—including Indian enterprises—prioritize fixing these issues to prevent cyberattacks. Organizations should integrate KEV Catalog monitoring into their vulnerability management strategies. Source: CISA.

As cyber threats intensify across India, artificial intelligence has become crucial for effective defense mechanisms. Organizations and individuals must adopt AI-powered security solutions to combat evolving attack vectors. Traditional security measures alone are insufficient against sophisticated cyber threats that target Indian businesses and citizens. AI enables real-time threat detection, automated response systems, and predictive analytics to identify vulnerabilities before exploitation. Experts emphasize that without AI integration in cybersecurity infrastructure, Indian organizations face significant risks of data breaches, financial loss, and operational disruption. Implementing AI-driven security frameworks is now considered essential rather than optional for protecting critical digital assets. Source: Whalesbook.

Hackers compromised @antv npm packages to distribute malware called Mini Shai-Hulud, targeting developers' automation systems. The malicious code activates during package installation and extracts sensitive credentials from popular platforms including GitHub, AWS, Kubernetes, Vault, npm registry, and 1Password. This attack specifically impacts Linux-based development environments and poses significant risk to organizations relying on automated software deployment pipelines. Developers should immediately review their npm dependencies and update to verified versions. Source: Microsoft Security Blog.

International law enforcement agency Interpol has successfully shut down 53 servers hosting malware and phishing operations as part of 'Operation Ramz'. The coordinated action targeted infrastructure used by cybercriminals to distribute malicious software and conduct phishing attacks that compromise user credentials and financial information. This operation demonstrates global cooperation in combating cybercrime threats that affect users worldwide, including India. The seizure of these servers disrupts criminal networks' ability to launch large-scale attacks and steal sensitive data from unsuspecting victims. Source: Interpol.

A critical vulnerability named MiniPlasma has been discovered in Windows systems, allowing attackers to gain SYSTEM-level access—the highest privilege level. A proof-of-concept exploit has been publicly released, increasing risk for unpatched systems. SYSTEM access enables attackers to install malware, steal data, modify system files, and control devices completely. Users should immediately apply Windows security updates from Microsoft. This zero-day affects multiple Windows versions and poses significant risk to Indian organizations and individual users. Keep systems updated and monitor security advisories from Microsoft for patches. Source: Security researcher disclosure.

A critical vulnerability in NGINX web server (CVE-2026-42945) is being actively exploited by attackers in the wild. Organizations running NGINX installations are at risk and should prioritize applying security patches immediately. System administrators are advised to update their NGINX instances to patched versions and monitor systems for signs of compromise. This vulnerability could potentially allow unauthorized access or remote code execution on affected servers. Indian enterprises and web hosting providers should review their NGINX deployments and implement necessary security measures without delay to prevent exploitation. Source: Help Net Security.