News

Researchers utilized Anthropic's Mythos AI model to identify and exploit a kernel memory corruption vulnerability in Apple's M5 processor. The discovery highlights emerging risks where advanced AI systems can be leveraged to uncover critical security flaws in operating systems. Kernel-level vulnerabilities are particularly dangerous as they can grant attackers complete system control and bypass security protections. Apple users running M5-based devices should monitor for security patches addressing this issue. This incident underscores the dual-use nature of AI technologies and the importance of responsible disclosure practices in cybersecurity research. Source: News Article.

Microsoft has announced new security updates designed to enhance visibility, control, and protection across interconnected systems. The updates focus on addressing emerging threats as organizations increasingly adopt artificial intelligence. These enhancements aim to provide comprehensive security coverage for expanding digital ecosystems. The improvements are part of Microsoft's ongoing commitment to securing enterprise environments against evolving cyber threats. Organizations are encouraged to review the latest security features and implement them to strengthen their defensive posture. Source: Microsoft Security Blog.

Organizations deploying AI agents across operations face new identity security challenges requiring different budgeting approaches than traditional systems. According to Omdia research, AI agent identities demand specialized management, security protocols, and governance frameworks distinct from conventional identity and access management (IAM) projects. As enterprises expand AI agent deployment, security teams must adapt budget allocation strategies to address emerging identity risks specific to autonomous AI systems. This shift reflects growing recognition that AI agents operate under different threat models compared to human users or traditional applications.

Microsoft has issued a warning about previously unknown vulnerabilities in its Windows Defender security software that are being actively exploited by attackers. These zero-day flaws allow threat actors to bypass security protections and potentially compromise affected systems. The vulnerabilities represent a significant risk to users who rely on Defender as their primary antivirus solution. Microsoft is urging users to apply security updates and implement additional protective measures. The company is actively investigating the scope of attacks and working on patches to address these critical security gaps. Users should remain vigilant and monitor their systems for suspicious activity. Source: Microsoft Security Advisory.

The Federal Bureau of Investigation has successfully shut down a major technical support scam operation based in India that defrauded victims of millions of dollars. The scam typically involved fraudsters posing as legitimate tech support representatives, contacting unsuspecting people and convincing them their devices were infected with malware or experiencing serious problems. Victims were then persuaded to grant remote access to their computers and transfer money for fake repairs. This operation targeted individuals across multiple countries, causing substantial financial losses. The FBI's action highlights the growing threat of tech support scams, which remain prevalent in India and internationally. Authorities advise citizens to verify support requests independently and avoid granting remote access to unknown parties. Source: News Arena India.

Security researchers have identified an attack technique called Underminr that exploits domain-fronting vulnerabilities in content delivery networks. This method allows attackers to intercept and modify web requests while masking their malicious activity behind trusted websites. By leveraging legitimate domains, threat actors can hijack a website's brand and redirect users without detection. This attack poses significant risks to businesses and users who may unknowingly interact with compromised content. Organizations using content delivery services should review their security configurations and implement additional safeguards to prevent unauthorized request manipulation and brand misuse. Source: Cybersecurity Publication.

Cybersecurity firm Check Point has issued a warning about the increasing prevalence of artificial intelligence-driven ransomware attacks targeting Indian organizations. The threat assessment highlights how attackers are leveraging AI technologies to enhance ransomware capabilities, making attacks more sophisticated and harder to detect. This trend poses significant risks to businesses across various sectors in India. Organizations are advised to strengthen their defenses through updated security protocols, employee training, and robust backup systems. Check Point's warning underscores the need for Indian companies to remain vigilant against evolving cyber threats that combine ransomware with AI-powered tactics for maximum impact. Source: Express Computer.

Law enforcement shut down a fraudulent call center operation involving five Indian nationals and two American businessmen. The operation targeted victims through deceptive telemarketing schemes, impersonating legitimate organizations to extract money and personal information. Investigators uncovered sophisticated social engineering tactics used to manipulate victims into transferring funds or divulging sensitive details. The coordinated operation between Indian and US authorities highlights the cross-border nature of organized cybercrime. This case demonstrates how criminal networks exploit call center infrastructure to conduct large-scale fraud targeting unsuspecting individuals across jurisdictions. Source: The Times of India.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two vulnerabilities actively being exploited by attackers: CVE-2025-34291 in Langflow (origin validation flaw) and CVE-2026-34926 in Trend Micro Apex One (directory traversal issue). These flaws are now part of CISA's Known Exploited Vulnerabilities Catalog, a continuously updated list of security risks threatening critical systems. While U.S. federal agencies must patch these vulnerabilities immediately under directive BOD 22-01, CISA recommends all organizations—including Indian enterprises—prioritize fixing these issues to prevent cyberattacks. Organizations should integrate KEV Catalog monitoring into their vulnerability management strategies. Source: CISA.

India's ransomware landscape is shifting as criminal groups consolidate and leverage artificial intelligence to launch more sophisticated attacks. Instead of numerous scattered ransomware operations, fewer but better-organized cybercriminal syndicates are emerging with advanced capabilities. These groups are utilizing AI to automate attacks, improve targeting, and evade detection systems. The trend indicates a maturation of India's cybercriminal ecosystem, posing escalated risks to businesses and critical infrastructure. Organizations need enhanced security postures to counter these increasingly potent threats.

US Federal Bureau of Investigation has shut down an India-based call centre involved in a widespread tech support scam targeting elderly citizens. The operation deceived victims by posing as legitimate technical support providers, convincing them their devices were compromised and extracting money through fake repair services. This investigation highlights how cybercriminals exploit senior citizens through social engineering tactics and remotely access their systems. Indian authorities continue collaborating with international law enforcement to identify and prosecute scammers. Citizens, especially elderly individuals, should verify support requests independently and avoid sharing remote access to their devices with unverified callers. Source: The420.in.

The FBI has shut down a tech support scam operation linked to India that primarily targeted elderly Americans. The fraudsters posed as legitimate technical support representatives, convincing victims their computers had serious problems. They then gained remote access to systems and either installed malware or extracted personal financial information. This type of scam exploits trust and technical knowledge gaps among vulnerable populations. Authorities emphasized that legitimate tech companies rarely initiate unsolicited support calls. Indian cyber-crime investigators have been intensifying efforts against such international fraud rings operating from Indian soil. Source: Mathrubhumi English.