General
High
30 Apr
India's cybersecurity agency, CERT-In, has issued a high-severity warning regarding multiple security flaws in Microsoft Windows and Office products. These vulnerabilities pose significant risks to users of widely deployed software across various organizations. The advisory includes recommendations for users to implement necessary security measures and updates to mitigate potential threats. Source: Digit
Why it matters: Indian organizations must prioritize patching Windows and Office systems immediately to protect against potential exploitation of these critical vulnerabilities.
General
High
30 Apr
Europol's IOCTA 2026 report highlights the evolving cybercrime landscape, driven by AI, encryption, and cryptocurrencies. Criminals are rapidly adapting, making their activities harder to detect and disrupt for law enforcement agencies. The report emphasizes the increasing complexity and interconnectedness of cyber threats, urging stronger international coordination. Source: The Cyber Express
Why it matters: Indian organizations must prepare for increasingly sophisticated, AI-driven cyber threats and dark web activities by enhancing their threat intelligence and defensive capabilities.
General
High
29 Apr
Threat actors are now leveraging custom AI setups to automate attacks, significantly accelerating the kill chain. These autonomous agents can map Active Directory and seize Domain Admin credentials in minutes, far beyond simple phishing. This rapid evolution in attack methods poses a critical challenge to traditional defensive workflows. Source: The Hacker News
Why it matters: Indian organizations must urgently re-evaluate their defensive strategies and automation capabilities to counter the speed and sophistication of AI-driven cyber attacks.
General
High
29 Apr
Traditional vulnerability management, focused on patch counts and CVSS scores, often fails to provide a true picture of an organization's security posture. Security teams struggle to answer if they are genuinely safer despite closing numerous vulnerabilities. A more comprehensive exposure management approach is needed to provide the necessary context and assess actual risk effectively. Source: […]
Why it matters: Indian critical infrastructure organizations must move beyond basic vulnerability metrics to adopt holistic exposure management platforms for a realistic assessment of their cyber risk.
General
High
29 Apr
The Vercel breach demonstrates how a single compromised third-party OAuth integration can create a direct path into an organization's environment. This incident underscores the widespread impact a vulnerable OAuth application can have on downstream customers. Organizations must learn from this to mitigate risks associated with 'Shadow AI' and OAuth sprawl. Source: BleepingComputer
Why it matters: Indian organizations must audit their third-party OAuth integrations and implement robust security practices to prevent similar breaches and protect critical infrastructure.
General
High
29 Apr
Forescout has identified tens of thousands of internet-facing RDP and VNC servers globally. These exposed servers pose a significant risk to Industrial Control Systems and Operational Technology environments. This widespread exposure creates a critical attack surface for potential cyber threats targeting critical infrastructure. Source: Security Week
Why it matters: Indian critical infrastructure operators must immediately audit and secure all internet-facing RDP and VNC servers to prevent potential breaches of their ICS/OT systems.
General
High
29 Apr
India's cybersecurity agency, CERT-In, has issued a warning to Micro, Small, and Medium Enterprises regarding new cybersecurity risks stemming from advancements in artificial intelligence. The advisory emphasizes the potential for AI to introduce novel attack vectors and sophisticated threats that could impact business operations. CERT-In urges MSMEs to bolster their cyber defenses and prepare for […]
Why it matters: Indian organizations, particularly MSMEs, must proactively assess and mitigate AI-driven cybersecurity threats to protect their operations and sensitive data from emerging risks.
General
High
29 Apr
India's cybersecurity agency, CERT-In, has issued a high-severity warning regarding multiple security flaws in Apple products. These vulnerabilities affect iPhones, Macs, and iPads across Apple's ecosystem. The advisory urges users and organizations to take necessary actions to mitigate potential risks. Source: Msn
Why it matters: Indian organizations must prioritize patching their Apple devices to protect against potential exploitation of these critical vulnerabilities.
General
Medium
29 Apr
Technophiles India recently hosted the Dine with AlphaSec III event in Mumbai. The gathering brought together prominent cybersecurity leaders from across India. Participants convened to discuss and address the evolving landscape of digital risks. Source: Msn
Why it matters: This event highlights ongoing efforts within India's cybersecurity community to collaboratively tackle emerging threats and strengthen national digital defenses.
General
Critical
29 Apr
Google and Mozilla have released urgent security updates for Chrome 147 and Firefox 150. These updates address critical and high-severity vulnerabilities that could enable arbitrary code execution. Users and organizations are strongly advised to apply these patches immediately to mitigate significant risks. Source: Security Week
Why it matters: Indian organizations must prioritize patching Chrome and Firefox browsers to prevent attackers from exploiting these critical vulnerabilities for system compromise.
General
High
29 Apr
LofyStealer, a dangerous infostealer malware, is actively targeting Minecraft players by posing as a game cheat tool. It uses a two-stage attack involving a Node.js loader and in-memory browser injection to steal sensitive data. This sophisticated method allows it to evade detection by standard security software while compromising popular web browsers. Source: Cybersecurity News
Why it matters: Indian organizations should be aware of such sophisticated infostealers, as compromised personal devices of employees could lead to credential theft impacting corporate accounts.
General
High
29 Apr
CERT-In has issued a critical alert regarding high-risk AI threats that are fundamentally altering the cybersecurity landscape. The national agency emphasizes the need for organizations to understand and prepare for these evolving challenges. This advisory underscores the urgency for Indian entities to adapt their security strategies against AI-powered cyber attacks. Source: Freepressjournal
Why it matters: Indian organizations must heed CERT-In's warning to proactively assess their current security posture and bolster defenses against the sophisticated and rapidly evolving threats posed by artificial intelligence.
General
High
29 Apr
The article details the evolution of ransomware into a multi-billion dollar industry. India's Cert-In has issued a warning about emerging AI-led cyber threats. It also provides essential protection steps for organizations to mitigate these evolving risks. Source: Business Standard
Why it matters: Indian organizations must heed Cert-In's warnings, implement recommended protection steps, and prepare for sophisticated AI-driven and ransomware attacks to safeguard critical assets.
General
Critical
29 Apr
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package has been disclosed. The flaw, with a CVSS score of 9.3, allows threat actors to modify underlying databases. Exploitation in the wild began within 36 hours of the vulnerability becoming public knowledge. Source: The Hacker News
Why it matters: Indian organizations using LiteLLM must immediately patch or apply mitigations to prevent active exploitation of this critical SQL injection vulnerability.
General
Critical
29 Apr
cPanel has released an emergency security update to address a critical authentication vulnerability in its core software. This flaw impacts multiple authentication paths within the cPanel and Web Host Manager (WHM) ecosystem. System administrators and web hosting providers must apply this patch immediately to secure their systems. Source: Cybersecurity News
Why it matters: Indian organizations using cPanel for web hosting or managing web services must promptly apply this critical patch to prevent potential unauthorized access and maintain operational security.
General
High
29 Apr
Microsoft has confirmed a bug in its April 2026 Windows 11 update where Remote Desktop Protocol (RDP) security warnings may display incorrectly. This issue is a significant usability concern as these warnings are crucial for protecting users from active phishing threats. The flaw could potentially leave users vulnerable to social engineering attacks if they misinterpret […]
Why it matters: Indian critical infrastructure organisations relying on RDP must be aware of this bug, as it could reduce user vigilance against phishing attempts and necessitate enhanced user training or alternative security measures.
General
Medium
29 Apr
New data from cyber insurance providers is empowering CISOs to better justify cybersecurity budgets. This data directly links security gaps to potential financial losses, a language boards understand. By presenting clear financial impact, CISOs can secure necessary resources to mitigate risks effectively. Source: Security Week
Why it matters: Indian organizations can leverage cyber insurance data to strengthen their cybersecurity investment proposals and improve overall resilience.
General
Critical
29 Apr
A sophisticated, memory-resident phishing campaign named BlobPhish is actively exploiting browser Blob URL APIs to silently steal user credentials. This attack, active since October 2024, targets Microsoft 365 users and major financial platforms. BlobPhish is particularly dangerous as it remains almost completely invisible to traditional security tools, fundamentally changing phishing page delivery. Source: Cybersecurity News
Why it matters: Indian organizations, especially those utilizing Microsoft 365 and online financial services, must be aware of this advanced phishing technique that bypasses conventional security measures.
General
High
28 Apr
A member of the alleged Chinese state-sponsored hacking group Silk Typhoon, Xu Zewei, has been extradited to the United States. He faces charges for orchestrating cyberattacks targeting US universities. This development underscores the persistent threat posed by state-backed actors to critical institutions globally. Source: Security Week
Why it matters: Indian organizations, particularly those in critical infrastructure and research, should remain vigilant against sophisticated state-sponsored cyber threats and enhance their defensive postures.
General
High
28 Apr
A vulnerability within Robinhood's systems was exploited, enabling attackers to send legitimate-looking emails that directed recipients to malicious phishing websites. Source: Security Week
Why it matters: Indian organizations must enhance their email security and user awareness training to defend against similar sophisticated phishing campaigns leveraging system vulnerabilities.