News

A clothing brand's website was hijacked by cybercriminals who attempted to distribute malware to visitors. Users on social media platforms reported the compromise, which led to the website being taken offline. The attackers had modified the site to trick unsuspecting users into downloading malicious software. Website hijacking incidents like these highlight the importance of maintaining strong security measures and regularly monitoring for unauthorized access. Users should avoid clicking suspicious links or downloading files from compromised websites and keep their systems updated with latest security patches. Source: Security Reports.

St. Luke's and ManpowerGroup have successfully implemented Microsoft Security solutions to protect their artificial intelligence initiatives at scale. These organizations demonstrate how embedding governance frameworks, identity management, and cloud security practices creates a foundation for safe AI deployment. By prioritizing security controls alongside AI growth, these firms show that protection mechanisms can enable rather than hinder technological advancement. Their approaches include implementing identity verification systems and cloud-based security protocols to manage AI risks effectively. These case studies highlight best practices for Indian organizations considering AI implementation while maintaining robust cybersecurity postures. Source: Microsoft Security Blog.

A contractor working with the US Cybersecurity & Infrastructure Security Agency (CISA) inadvertently exposed privileged AWS GovCloud account credentials through a publicly accessible GitHub repository until recently. The leaked data included internal documentation revealing CISA's software development, testing, and deployment processes across multiple systems. Security researchers have characterized this as one of the most significant government data breaches in recent memory. The exposure compromised highly sensitive infrastructure security information that could potentially be exploited by malicious actors to compromise critical systems. Source: Cybersecurity News.

According to Verizon's 2026 Data Breach Investigations Report, India's healthcare industry faces mounting social engineering attacks alongside persistent ransomware threats and vendor breaches. The report reveals that attackers are employing increasingly sophisticated tactics to exploit human vulnerabilities rather than just technical defences. Healthcare organizations must strengthen employee awareness training and implement robust verification protocols to counter these evolving threats. The sector remains a prime target due to sensitive patient data and critical infrastructure vulnerabilities. Source: Verizon.

India's cybersecurity teams should note that CISA, the US Cybersecurity and Infrastructure Security Agency, has added CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog. This designation indicates active exploitation by threat actors. While CISA's mandate applies to US federal agencies, the agency recommends all organizations globally prioritize patching this vulnerability as part of standard security practices. SQL injection flaws remain favored attack vectors for cybercriminals targeting enterprise systems. Organizations running Drupal should apply available patches immediately to prevent potential compromise. Source: CISA.

An advanced persistent threat group linked to China has conducted cyberattacks against European government agencies using legitimate platforms like Discord and Microsoft Graph APIs as command-and-control channels. The attackers employed SOCKS proxies including SoftEther VPN to mask their activities and establish secure tunneling between compromised systems and attacker infrastructure. This sophisticated approach allowed the group to evade detection by blending malicious traffic with normal communications. Security researchers identified this campaign as part of a broader espionage operation targeting sensitive government networks across the EU region. Source: Cybersecurity publication.

India's cybersecurity landscape is evolving beyond initial implementation phases toward mature operational management. Organizations across the country are moving past the deployment stage to focus on continuous monitoring, threat detection, and response capabilities. This shift reflects growing organizational maturity in handling security infrastructure. Industry experts highlight that Indian enterprises must now prioritize skilled personnel, efficient incident response procedures, and regular security audits. The transition underscores challenges in maintaining robust defenses against evolving threats while managing existing systems effectively. Companies need to invest in training and automation to bridge the gap between deployment and sustainable security operations.

Shira is a dedicated anti-phishing training platform designed to help organizations educate employees about phishing threats. The platform provides interactive training modules that teach users to recognize suspicious emails, fraudulent links, and social engineering tactics commonly used in phishing campaigns. By simulating real-world phishing scenarios, Shira enables employees to practice identifying threats in a safe environment before encountering actual attacks. Such training platforms are crucial for Indian businesses and institutions seeking to strengthen their cybersecurity defenses, as phishing remains a primary entry point for data breaches and financial fraud. Awareness and employee training significantly reduce an organization's vulnerability to phishing-based attacks. Source: Shira.

A 23-year-old from Ottawa has been arrested by Canadian authorities for allegedly developing and running Kimwolf, a rapidly spreading botnet targeting Internet-of-Things devices. The malicious software compromised millions of devices to launch large-scale DDoS attacks over six months. The suspect faces criminal hacking charges in both Canada and the United States after launching DDoS, doxing, and swatting attacks against security researchers and journalists. The arrest follows public identification of the accused in early 2026 following these coordinated cyber attacks. Source: KrebsOnSecurity.

Security researchers have identified a concerning vulnerability in Google's API key deletion process. When users delete API keys from Google Cloud, the keys reportedly remain functional for up to 23 minutes despite Google's claims of immediate deactivation. This delay creates a security window where attackers who have compromised the keys could potentially continue accessing services. The vulnerability poses risks for developers and organizations relying on Google Cloud services for sensitive operations. Users should be cautious about API key management and consider implementing additional security measures such as rotation policies and monitoring for unauthorized access attempts during this critical timeframe. Source: Security Research.

European law enforcement authorities have successfully dismantled a VPN service that was reportedly used by approximately 24 ransomware criminal groups for conducting cyberattacks. The VPN provider had marketed itself as offering complete anonymity to users. However, Europol managed to identify and notify the service's users about their exposure. This operation represents a significant blow to organized cybercriminals who relied on this infrastructure for concealing their malicious activities. The shutdown demonstrates growing international cooperation in combating ransomware threats that increasingly target businesses and critical infrastructure globally. Source: Europol

Two American citizens have pleaded guilty to assisting tech support scam operations based in India. These scam centers typically target unsuspecting victims through deceptive pop-ups and cold calls, convincing them that their computers are infected with malware. Once victims are manipulated into providing remote access, scammers steal personal information and financial data. The Americans' involvement in facilitating these operations highlights the transnational nature of cybercrime networks. Such tech support scams remain prevalent in India and globally, affecting thousands of people annually. Authorities continue cracking down on individuals who knowingly support these fraudulent operations across borders. Source: The Record from Recorded Future News.