General
High
1 May
Two former cybersecurity incident response employees received four-year prison sentences for their involvement in BlackCat (ALPHV) ransomware attacks targeting US companies. These individuals, previously with Sygnia and DigitalMint, were found to have facilitated the attacks. Their sentencing highlights the legal risks for those complicit in ransomware operations, even in negotiation roles. Source: BleepingComputer
Why it matters: This case underscores the severe legal repercussions for individuals involved in ransomware activities, serving as a critical reminder for Indian organizations to maintain robust defenses and scrutinize third-party incident response services.
General
Critical
1 May
A critical vulnerability was discovered in the Gemini Command Line Interface. This flaw could enable attackers to execute arbitrary code on host systems by planting malicious configurations. The vulnerability also posed a significant risk for supply chain attacks, allowing commands to run outside the intended sandbox environment. Source: Security Week
Why it matters: Indian organizations using Gemini CLI must immediately assess their systems for this critical vulnerability and apply any available patches to prevent host code execution and supply chain attacks.
General
Critical
1 May
Qilin ransomware, a prominent cyber threat, has evolved its tactics since its 2022 emergence. The group now enumerates Remote Desktop Protocol (RDP) authentication history on compromised servers. This new technique allows Qilin to quickly and stealthily map target networks. Source: Cybersecurity News
Why it matters: Indian organizations must enhance RDP security, implement multi-factor authentication, and monitor for suspicious RDP activity to mitigate this advanced ransomware threat.
General
Critical
1 May
Artificial intelligence is significantly enhancing the scale, speed, and success of cybercrime, leading to industrialized attacks. The time available for organizations to patch or respond to vulnerabilities before exploitation has drastically reduced to mere hours. Cybersecurity defenders must urgently leverage AI and automation to effectively counter these rapidly evolving and sophisticated threats. Source: Security Week
Why it matters: Indian critical infrastructure operators must urgently enhance their defensive capabilities with AI and automation to counter rapidly evolving, industrialized cyber threats and shrinking exploit windows.
General
High
1 May
A new phishing kit named Bluekit has been identified, offering over 40 templates designed to target various popular online services. This service incorporates basic AI features to assist threat actors in generating campaign drafts, streamlining the creation of malicious phishing emails. The combination of AI and a broad template library significantly enhances the efficiency and […]
Why it matters: Indian organisations must enhance their phishing detection capabilities and employee training to counter the increased sophistication enabled by AI-powered phishing kits like Bluekit.
General
High
30 Apr
Governments globally are sounding alerts over data privacy and surveillance risks posed by foreign AI tools. India has enacted the Digital Personal Data Protection Act, 2023, to address these specific challenges. This law provides a framework for managing personal data and mitigating potential risks from AI tool usage. Source: Msn
Why it matters: Indian organizations must understand and comply with the DPDP Act when deploying foreign AI tools to safeguard sensitive data and avoid regulatory penalties.
General
High
30 Apr
Cybersecurity researchers have detailed DEEP#DOOR, a stealthy Python-based backdoor framework. This backdoor establishes persistent access and harvests sensitive browser and cloud credentials from compromised Windows hosts. The intrusion chain begins by disabling Windows security controls via a batch script. Source: The Hacker News
Why it matters: Indian organizations must update security controls, monitor for DEEP#DOOR indicators, and educate users to prevent credential theft and unauthorized access.
General
High
30 Apr
The April 2026 KB5083769 security update for Windows 11 is causing significant issues. It is reported to break third-party backup applications on systems running Windows 11 24H2 and 25H2. This defect compromises data recovery capabilities and operational resilience for affected organizations. Source: BleepingComputer
Why it matters: Indian critical infrastructure operators must exercise caution with this Windows 11 update, as backup failures could severely impact incident recovery and business continuity.
General
High
30 Apr
New research reveals that attackers begin scanning newly deployed assets within minutes of them going live. Automated attacks can progress from initial discovery to full compromise in under 24 hours. This highlights the critical need for immediate security hardening and monitoring of all new infrastructure. Source: BleepingComputer
Why it matters: Indian organizations must implement robust security-by-design principles and immediate post-deployment security checks to mitigate the rapid exploitation window for new assets.
General
High
30 Apr
A new supply chain attack, dubbed Mini Shai-Hulud, is actively targeting SAP NPM packages. This sophisticated attack utilizes a preinstall hook to fetch and execute a Bun binary, effectively bypassing existing security monitoring solutions. The method allows for unauthorized code execution, posing a significant risk to affected systems. Source: Security Week
Why it matters: Indian organizations leveraging SAP products and NPM packages must enhance their supply chain security measures to detect and prevent such stealthy intrusions.
General
High
30 Apr
India's data protection framework has transitioned from high-level legislation to detailed, actionable rules. This shift is generating sustained demand for expertise in privacy governance. Organisations must now focus on implementing robust incident management strategies to ensure compliance. Source: Legalbusinessonline
Why it matters: Indian organisations must proactively update their privacy governance and incident response protocols to align with these detailed and evolving data protection regulations.
General
Critical
30 Apr
Researchers have identified two critical vulnerabilities in EnOcean SmartServer systems, enabling security bypass and remote code execution. These flaws could allow attackers to remotely compromise building management systems. The discovery highlights the importance of securing OT/IoT devices within critical infrastructure. Source: Security Week
Why it matters: Indian organizations utilizing EnOcean SmartServer or similar building management systems must promptly assess their exposure and implement necessary security measures to prevent remote exploitation.
General
Medium
30 Apr
CERT-In successfully organized 'CERT-In SAMVAAD 2026', a three-day National Annual Conference. The event brought together over 500 delegates to discuss and strengthen India's cybersecurity audit framework. This initiative aims to enhance the nation's overall cyber resilience and security posture. Source: PIB
Why it matters: Indian organizations, especially those in critical infrastructure, should monitor outcomes from CERT-In's conferences as they often shape future audit requirements and best practices.
General
High
30 Apr
CERT-In recently hosted 'SAMVAAD 2026' where India unveiled its next-generation cybersecurity audit framework. This new framework aims to enhance the cybersecurity posture across various sectors. It signifies a proactive step by India to strengthen its digital defenses and compliance standards. Source: Devdiscourse
Why it matters: Indian organizations, especially those in critical infrastructure, must prepare to align their cybersecurity practices with this new national audit framework to ensure compliance and bolster their defenses.
General
High
30 Apr
CERT-In has issued a warning regarding significant AI-driven threats. These emerging risks are fundamentally altering the cybersecurity landscape. The advisory highlights the need for organizations to adapt their defenses against these advanced challenges. Source: Freepressjournal
Why it matters: Indian organisations must heed CERT-In's warning to proactively strengthen their cybersecurity posture against evolving AI-powered threats.
General
Medium
30 Apr
IIIT-H has launched the Cyber MANTHAN Centre to address critical gaps in India's cybersecurity landscape. This initiative aims to strengthen the nation's digital defenses and foster a safer online environment. The centre's efforts are vital for enhancing the overall resilience of India's digital infrastructure. Source: Newindianexpress
Why it matters: Indian organisations will benefit from the advanced research and development by the Cyber MANTHAN Centre, contributing to a more secure and resilient national cyber ecosystem.
General
High
30 Apr
India's cybersecurity agency, CERT-In, has issued a high security alert for users. The warning highlights the discovery of several serious vulnerabilities. This alert advises users to take immediate protective measures. Source: M Dailyhunt
Why it matters: Indian organizations must promptly review CERT-In's advisory and implement necessary patches or mitigations to protect their systems from exploitation.
General
High
30 Apr
SonicWall has issued a security advisory for three critical vulnerabilities in its SonicOS software. These flaws, discovered by CrowdStrike, enable attackers to bypass access controls, access restricted services, or trigger a denial-of-service by crashing the firewall. Immediate firmware updates are crucial for administrators to mitigate these significant network security risks. Source: Cybersecurity News
Why it matters: Indian organisations using SonicWall firewalls must promptly apply patches to prevent potential network disruption and unauthorized access by threat actors.
General
High
30 Apr
A high-severity vulnerability (CVSS 8.2) in the Cursor AI coding environment allows installed extensions to access developer API keys and session tokens. This flaw, discovered by LayerX, enables total credential compromise without triggering alerts or requiring user interaction. Unlike secure applications, Cursor stored sensitive secrets in an accessible manner, facilitating unauthorized access. Source: Cybersecurity News
Why it matters: Indian organizations using Cursor AI for development must immediately assess their exposure and implement mitigation strategies to prevent developer credential compromise.
General
Critical
30 Apr
A critical zero-day vulnerability, dubbed "Copy Fail" (CVE-2026-31431), has been publicly disclosed in the Linux kernel. This flaw allows any unprivileged local user to obtain root access on virtually all major Linux distributions shipped since 2017. Researchers have successfully developed a full exploit chain for this widespread and severe vulnerability. Source: Cybersecurity News
Why it matters: Indian critical infrastructure operators must prioritize patching Linux systems immediately to prevent unauthorized root access and potential system compromise.