News

A threat group called UNC6671, operating under the 'BlackFile' brand, is conducting a large-scale extortion campaign targeting organizations across North America, Australia, and the UK. The group uses sophisticated voice phishing (vishing) and SSO compromise techniques combined with adversary-in-the-middle attacks to bypass multi-factor authentication and gain access to cloud environments, particularly Microsoft 365 and Okta systems. They use Python and PowerShell scripts to steal corporate data for extortion purposes. Since emerging in early 2026, the group has maintained high operational tempo. Security experts emphasize these attacks exploit social engineering rather than vendor vulnerabilities, highlighting the need for phishing-resistant authentication methods. Source: Google Threat Intelligence Group.

India experienced a significant rise in cyber attacks during April 2026, with ransomware activity emerging as a major threat. The acceleration in attack frequency reflects growing sophistication among cybercriminals targeting Indian organizations. Security experts warn of expanding ransomware campaigns affecting businesses across sectors. The trend underscores the need for enhanced cybersecurity measures and employee awareness in Indian enterprises. Organizations are advised to strengthen backup systems, implement multi-factor authentication, and develop incident response plans. Government and private sector collaboration remains critical to combat the evolving threat landscape. Source: SMEStreet.

Ransomware attacks present victims with devastating dilemmas similar to the trolley problem—a philosophical thought experiment about choosing between two harmful outcomes. Cybercriminals encrypt critical data and demand payment, forcing organizations to decide between losing valuable information or funding criminal operations. This tactic exploits the psychological pressure on decision-makers during crises. Indian businesses increasingly face such scenarios where attackers deliberately create impossible choices to maximize pressure for ransom payment. Security experts recommend maintaining offline backups, implementing robust incident response plans, and avoiding ransom payments to prevent encouraging further attacks.

This content discusses Nanci, a CI/CD platform development project, not a cybersecurity or cyber-crime awareness topic. It covers software development practices, debugging tools, and pipeline automation—areas outside CyberSathi.in's focus on cyber-crime awareness for Indian readers. The article does not address phishing, ransomware, fraud, malware, data breaches, or other security threats relevant to the portal's mission.

Electronics manufacturing giant Foxconn has confirmed it experienced a cyberattack attributed to the Nitrogen ransomware gang. The company, a major supplier for global tech firms, detected unauthorized access to its systems. Nitrogen gang, known for targeting large enterprises, claimed responsibility for the breach. Details regarding the extent of data compromise remain unclear. Foxconn stated it implemented containment measures and is investigating the incident. The attack highlights growing threats to critical manufacturing infrastructure. Companies are advised to strengthen cybersecurity defenses and monitor for ransom demands. Source: Technology news outlets.

India has emerged as the primary ransomware target across the Asia-Pacific region, according to cybersecurity firm Cyble. The first quarter of 2026 witnessed a dramatic 165% surge in cyberattacks targeting Indian organizations and individuals. This alarming increase reflects growing vulnerabilities in critical infrastructure, businesses, and digital systems across the country. Ransomware gangs are increasingly focusing on Indian entities due to relatively lower security maturity in certain sectors and the potential for significant ransom payments. The spike underscores the urgent need for enhanced cybersecurity measures, awareness campaigns, and stronger incident response protocols among Indian organizations to combat this escalating threat. Source: Fortune India.

A student from Haryana has submitted a proposal to the government outlining a fraud-resistant model for the Unified Payments Interface (UPI) system. The initiative aims to address growing concerns about UPI-related financial crimes and fraudulent transactions that have affected Indian users. The proposed framework reportedly incorporates additional security mechanisms to prevent unauthorized access and transaction tampering. This development comes amid increasing reports of UPI fraud cases across India, where criminals exploit vulnerabilities to steal funds from users' accounts. The student's contribution reflects growing efforts from tech-savvy individuals to strengthen India's digital payment infrastructure and protect consumers from cyber threats. Source: MSN.

Security researchers have developed a zero-click exploit chain for Google Pixel 10 that achieves root access through just two vulnerabilities. The exploit updates a previously discovered Dolby vulnerability (CVE-2025-54957) that affected all Android devices until patching in January 2026. Since the Pixel 10 removed the BigWave driver, researchers identified an alternative vulnerability in the new VPU driver used for video decoding on the Tensor G5 chip. The VPU driver, developed by the same team behind the BigWave driver, contained critical flaws discovered during security auditing. The exploit only functions on unpatched devices running security patches from December 2025 or earlier. Source: Security Research Publication.

Leading technology companies including Apple, Google, Microsoft, Mozilla, and Oracle have released an unprecedented volume of security patches this month. AI systems are increasingly effective at identifying code vulnerabilities that humans might miss, though they remain susceptible to social engineering attacks. The surge in patch releases reflects the growing sophistication of threats targeting widely-used software platforms. Organizations and individual users should prioritize installing these security updates promptly to protect against potential exploits. Source: Krebs on Security.

Apple's major supplier Foxconn has confirmed a ransomware attack targeting its North American manufacturing facilities. The incident affected operations at plants responsible for assembling Apple products. Ransomware attacks involve cybercriminals encrypting critical data and demanding payment for its release. Such incidents can disrupt supply chains and compromise sensitive manufacturing information. Foxconn has not disclosed the exact ransom demand or the attackers' identity. The company is working to restore systems and assess the full extent of data compromised. This highlights the ongoing cybersecurity risks faced by major electronics manufacturers and the importance of robust security measures across supply chains. Source: 9to5Mac.

West Pharmaceutical Services, a major global manufacturer of packaging and delivery systems for medications, has suffered a ransomware attack that disrupted its operations. The incident impacted the company's ability to deliver products and services to pharmaceutical clients worldwide. Ransomware attacks target organizations by encrypting critical data and demanding payment for decryption keys. Such incidents can severely disrupt healthcare supply chains and affect medication availability. This attack underscores the vulnerability of pharmaceutical infrastructure to cyber threats. Companies in this sector are high-value targets due to their essential role in healthcare and their potential ability to pay ransoms. The incident highlights the importance of robust cybersecurity measures and business continuity planning for organizations handling critical medical supplies. Source: SecurityWeek.

Cybersecurity encompasses measures protecting digital systems, networks, and data from unauthorized access and attacks. It includes network security, application security, information security, and disaster recovery planning. India recognizes cybersecurity's critical importance for national security, economic growth, and citizen protection. The government has launched several initiatives including the National Cyber Security Policy, creation of dedicated cyber agencies, and awareness programs to combat rising digital threats. Organizations and individuals must implement security protocols, regular updates, strong authentication, and employee training. Understanding different attack types—malware, phishing, ransomware, and social engineering—helps develop effective defense strategies. India's growing digital infrastructure requires continuous investment in cybersecurity capabilities to safeguard critical systems and citizen data. Source: Vajiram & Ravi.