News

Bedding manufacturer MyPillow has reportedly been targeted by ransomware criminals demanding payment following an alleged network intrusion. The attackers claim to have accessed the company's systems and are pressuring the organization to pay a ransom to prevent data theft or system damage. MyPillow has not yet publicly confirmed details of the breach or responded to the extortion demands. This incident highlights the ongoing threat ransomware poses to businesses across various sectors in the United States. Companies affected by such attacks typically face difficult decisions regarding ransom payments, data recovery, and notification obligations.

MyPillow, the bedding company owned by Mike Lindell, has become the latest target of a ransomware attack. Ransomware attacks involve criminals encrypting a company's data and demanding payment for its release. Such incidents have become increasingly common against businesses of all sizes. Companies typically face operational disruptions and potential data theft during these attacks. MyPillow joins numerous organizations that have suffered similar cyber incidents in recent times. The attack highlights the ongoing threat ransomware poses to commercial enterprises. Source: Straight Arrow News.

MuddyWater, an Iranian-linked hacking group, has conducted a coordinated espionage campaign affecting at least nine organizations across multiple continents during early 2026. The campaign targeted diverse sectors including manufacturing, electronics, education, government agencies, finance, and professional services firms. Security researchers from Symantec and Carbon Black identified the group's use of DLL side-loading techniques—a method that exploits legitimate system processes to execute malicious code. This approach allows attackers to evade detection while maintaining access to sensitive systems. Organizations across multiple countries remain at risk from this sophisticated threat. Source: Symantec Threat Hunter Team.

The Central Board of Secondary Education (CBSE) has dismissed claims of a security breach in its Online System for Monitoring (OSM) portal following recent issues with answer sheet distribution. The board stated there were no security vulnerabilities or unauthorized access to the system. The denial comes amid ongoing concerns about answer sheet mix-ups affecting students. CBSE officials emphasized that the portal's security measures remain intact and functional. The incident highlights the importance of reliable digital systems in educational administration during examination processes. Source: The Times of India.

Community organizations across India are increasingly partnering with volunteer cybersecurity experts to strengthen their digital defenses. These collaborations connect non-profits, local groups, and social organizations with professionals who provide free guidance on security practices, awareness training, and incident response. Such initiatives help smaller organizations access expert knowledge they might otherwise struggle to afford, building a stronger collective defense against cyber threats. Volunteers contribute their skills to educate communities about phishing, malware, and data protection measures. This grassroots approach complements institutional cybersecurity efforts by ensuring that organizations of all sizes can better protect their members' information and maintain digital safety standards.

A mysterious hacking group remains unidentified despite stealing and publicly releasing classified NSA hacking tools. This incident continues to influence how organisations worldwide assess cybersecurity risks today. The theft of these powerful tools has had lasting consequences for digital security strategies across industries. Experts highlight that the identity of the group responsible for this breach remains one of the most significant unsolved cybersecurity mysteries, with implications that extend to modern threat assessment and defensive measures adopted by companies globally. Source: Original Publication.

Cybersecurity researchers have attributed a significant data breach affecting Los Angeles's transit infrastructure to Iranian state-sponsored hackers. The attack was linked to 'Ababil of Minab,' a persona claiming responsibility for multiple data breaches since the outbreak of conflict in Iran. According to an Israeli cybersecurity firm's investigation, the breach caused weeks of operational disruption to the transit system. The incident highlights growing concerns about state-sponsored cyber attacks targeting critical infrastructure. Indian organizations should strengthen their defenses against similar threats targeting transportation and essential services. Source: Reuters.

The US National Security Agency has released security design considerations for AI-driven automation systems. The document outlines best practices for organizations implementing artificial intelligence in automated processes, focusing on potential vulnerabilities and mitigation strategies. Key recommendations include threat modeling, access controls, and security testing protocols. This guidance is relevant for Indian enterprises adopting AI automation, as it addresses risks like unauthorized access, data manipulation, and system compromise. Organizations should review these principles when deploying AI-powered automation to ensure robust security frameworks and protect sensitive operations from cyber threats. Source: NSA.

Minicor, a YC-backed startup, has developed a solution for automating Windows desktop systems at scale without requiring APIs. Founded by Faiz and Saheed, the platform addresses critical challenges in robotic process automation (RPA) including scripting complexity, orchestration issues, and debugging difficulties. The tool uses an MCP (Model Context Protocol) enabling AI models to navigate virtual machines and create RPA workflows as Python scripts. Features include API triggering, video replay logging, version control, VM cloning for parallel processing, and two-factor authentication handling. The platform aims to reduce failure rates that commonly exceed 30% in traditional RPA implementations, which can generate thousands of support tickets monthly when deployments fail at scale.

Security researchers discovered a critical vulnerability in Claude Teams that allows attackers to execute remote code through deceptive team onboarding processes. The attack chain begins with phishing tactics targeting users during team setup, leading to unauthorized access and potential remote code execution (RCE) capabilities. This vulnerability highlights risks in collaborative AI platforms where social engineering can be combined with technical exploits. Users are advised to exercise caution during team invitations and verify authenticity of onboarding requests. Organizations using Claude Teams should review access controls and implement additional security measures to prevent unauthorized access attempts. Source: Security Research Publication.

The Central Board of Secondary Education (CBSE) has refuted claims of a security breach in its evaluation portal. According to the board's statement, the targeted website contains only test data and no actual student records or sensitive information were compromised. CBSE emphasized that their main evaluation systems remain secure and unaffected. The clarification comes after reports suggested unauthorized access to the portal. Officials stated that routine security protocols are in place to protect educational data. Students and parents are advised not to panic, as no personal or examination-related information has been exposed from the official systems. Source: India Today.

The Central Board of Secondary Education (CBSE) has denied allegations of a breach affecting its Open Source Management (OSM) system. A hacker claiming responsibility sparked controversy by registering similar URLs, creating confusion about which website was legitimate. CBSE clarified that no sensitive data was compromised and that the incident involved only a URL registration dispute rather than an actual security breach. The board advised users to verify official websites before accessing educational portals. This incident highlights the risks of domain spoofing and the importance of verifying authentic government websites. Source: India Today.