News

Indian government authorities have issued a warning to participants of the India AI Impact Summit 2026 regarding an active phishing scam targeting attendees. Cybercriminals are sending fraudulent emails and messages impersonating summit organizers to steal personal information and credentials from participants. The scam attempts to trick recipients into clicking malicious links or revealing sensitive data. Attendees are advised to verify communications directly with official summit channels, avoid clicking suspicious links, and report any phishing attempts to authorities. This warning highlights the growing threat of cyber attacks during major events and conferences in India. Source: News On AIR.

Police in Bengaluru have arrested six individuals involved in an elaborate 'digital arrest' scam that defrauded victims of approximately ₹24 crore. The scheme involved fraudsters impersonating law enforcement officers through video calls, convincing victims they were under investigation for financial crimes. Perpetrators then coerced targets into transferring substantial sums under the guise of 'verification' procedures. This social engineering tactic has increasingly targeted Indian citizens, exploiting fear and authority. The arrests follow complaints from multiple victims across the city. Authorities urge the public to verify claims directly with official police channels and avoid sharing sensitive information with callers. Source: MSN.

Google has raised significant cybersecurity concerns regarding a proposed lawful-access bill, warning that the legislation could introduce major security vulnerabilities. The tech giant argues that granting government backdoor access to encrypted systems would weaken overall data protection standards and create exploitable gaps that cybercriminals could leverage. Such backdoors, Google contends, could compromise user privacy and data integrity across platforms. The company emphasizes that mandatory weakening of encryption standards poses risks not just to individual users but to critical infrastructure and financial systems. Security experts generally align with these concerns, noting that backdoors designed for law enforcement could be misused or exploited by malicious actors. The debate highlights the ongoing tension between government surveillance demands and cybersecurity best practices in the digital age. Source: Google Official Statement.

Anthropic is preparing to expand access to its Claude Mythos model, which was unveiled in April as a restricted artificial intelligence system flagged for significant security vulnerabilities. The model poses potential risks to both private and public software systems. The planned rollout through Claude Code represents a major shift from its initially limited availability. Security experts remain concerned about the implications of broader access to a system with known restrictions and vulnerability issues. This development highlights ongoing challenges in balancing AI innovation with cybersecurity safeguards. Source: TechCrunch.

This week highlighted multiple critical security concerns across different platforms. Linux systems contained previously undiscovered vulnerabilities, while Microsoft Defender itself required patching against zero-day exploits. Attackers deployed router-based botnets targeting unpatched devices. Organizations discovered overlooked legacy servers lacking essential security updates. Supply chain disruptions occurred when compromised development tools distributed malware to users. Simultaneously, phishing campaigns evolved with increasingly sophisticated, targeted tactics replacing obvious spam approaches. These incidents underscore the importance of regular patching, legacy system management, and employee security awareness. Source: Security recap publication.

Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding in underground criminal markets, rivaling Russian-dominated operations. Google's Threat Intelligence Group analyzed twelve mature PhaaS services operating within Chinese criminal networks, revealing sophisticated tactics beyond simple password theft. These services now employ real-time interception to steal one-time passcodes (OTPs), bypassing multi-factor authentication instantly. Attackers use live administration panels to interact with victims in real-time and tokenize stolen payment data to gain unauthorized access to digital wallets and financial accounts. They exploit encrypted messaging channels like RCS and iMessage to evade traditional security filters. Unlike Russian operations, these Chinese services primarily target non-Chinese organizations globally. Google has taken legal action against PhaaS providers and supports legislation to combat these evolving threats. Source: Google Threat Intelligence Group.

A critical security flaw in KnowledgeDeliver, a Learning Management System used in Japan, was exploited by threat actors in late 2025. The vulnerability (CVE-2026-5426) stems from identical pre-shared ASP.NET machine keys hardcoded in the vendor's standard configuration file across multiple customer installations. Attackers who obtained these keys could craft malicious ViewState payloads to achieve unauthenticated remote code execution on any internet-facing instance. The vulnerability affected all KnowledgeDeliver deployments before February 24, 2026. This incident mirrors similar vulnerabilities found in Sitecore and highlights the dangers of standardized security credentials across independent environments. Source: Mandiant.

TeamPCP, a sophisticated cyber threat group, has expanded its supply chain attack operations across three package ecosystems simultaneously. The group has infiltrated GitHub's internal codebase and compromised an official Microsoft Python SDK, distributing malware through these trusted channels. Additionally, TeamPCP has released its own malicious framework on GitHub, increasing its reach and operational capability. This campaign demonstrates how attackers target developers and organizations through supply chain vulnerabilities, potentially affecting thousands of downstream users who trust official repositories. Source: CyberSathi.in.

Cybersecurity researchers have identified TeamPCP, a threat actor group conducting a widespread supply chain campaign that remained active through May 2024. The group simultaneously operates across three package management ecosystems and has successfully compromised GitHub's internal codebase. Notably, TeamPCP trojanized an official Microsoft-published Python SDK, potentially affecting numerous developers relying on the compromised tool. The attackers have also released their own malicious framework on GitHub, expanding their attack surface. This multi-pronged approach demonstrates sophisticated supply chain attack tactics targeting software developers and organizations worldwide. Indian developers using these ecosystems should remain vigilant and verify package authenticity. Source: Security Research Report.

Dutch authorities arrested two co-owners of internet hosting companies accused of providing infrastructure for Russian cyberattacks, disinformation campaigns, and influence operations targeting the European Union. The companies had taken control of technical systems previously operated by Stark Industries Solutions, an ISP sanctioned by the EU for facilitating cyber operations linked to Russian intelligence agencies. Police seized approximately 800 servers during the operation. This crackdown highlights how hosting providers can be exploited to support state-sponsored cyber activities across borders. Source: KrebsOnSecurity.

The FBI has issued a warning about Kali365, a phishing-as-a-service platform exploiting Microsoft 365 users. The service leverages OAuth device code authentication to compromise accounts and steal session tokens, effectively bypassing multi-factor authentication (MFA) protections. This phishing service poses a significant threat to organizations and individuals relying on Microsoft 365 for business operations. Users are advised to remain vigilant against suspicious authentication attempts and review account access logs regularly. Organizations should implement additional security measures beyond standard MFA to protect against such sophisticated attacks. Source: FBI.

Cybercriminals are actively exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to compromise over 700 websites. The flaw, rated 9.4 on the CVSS severity scale, exists in Ghost's Content API and allows attackers to inject malicious JavaScript code without authentication. This vulnerability is being weaponized to launch ClickFix attacks, a social engineering technique that deceives users into downloading malware. Security researchers at QiAnXin XLab discovered the widespread exploitation campaign. Website administrators using Ghost CMS are urged to apply security patches immediately to prevent unauthorized data access and malicious code injection on their platforms. Source: Security research report.