Banking
High
29 Apr
The Indian government has directed CERT-In, other agencies, and financial sector firms to rapidly enhance their cybersecurity protection. This directive includes exploring access to new platforms like Mythos and is part of a broader policy discussion. Organizations should prepare for potential new mandates and increased scrutiny on their cyber defenses. Source: M Economictimes
Why it matters: Indian financial organizations must proactively strengthen their cybersecurity posture and anticipate new government policies or directives impacting their operational security.
General
High
29 Apr
The article details the evolution of ransomware into a multi-billion dollar industry. India's Cert-In has issued a warning about emerging AI-led cyber threats. It also provides essential protection steps for organizations to mitigate these evolving risks. Source: Business Standard
Why it matters: Indian organizations must heed Cert-In's warnings, implement recommended protection steps, and prepare for sophisticated AI-driven and ransomware attacks to safeguard critical assets.
Banking
High
29 Apr
Indian banks are now required to immediately report any suspicious cyber incidents. These reports must be submitted to national agencies such as CERT-In. This directive aims to bolster the nation's critical infrastructure cybersecurity posture. Source: Inc42
Why it matters: Indian financial organizations must prioritize establishing robust incident detection and reporting frameworks to ensure compliance and enhance national cybersecurity resilience.
General
High
29 Apr
CERT-In has issued a critical alert regarding high-risk AI threats that are fundamentally altering the cybersecurity landscape. The national agency emphasizes the need for organizations to understand and prepare for these evolving challenges. This advisory underscores the urgency for Indian entities to adapt their security strategies against AI-powered cyber attacks. Source: Freepressjournal
Why it matters: Indian organizations must heed CERT-In's warning to proactively assess their current security posture and bolster defenses against the sophisticated and rapidly evolving threats posed by artificial intelligence.
General
Critical
29 Apr
cPanel has released an emergency security update to address a critical authentication vulnerability in its core software. This flaw impacts multiple authentication paths within the cPanel and Web Host Manager (WHM) ecosystem. System administrators and web hosting providers must apply this patch immediately to secure their systems. Source: Cybersecurity News
Why it matters: Indian organizations using cPanel for web hosting or managing web services must promptly apply this critical patch to prevent potential unauthorized access and maintain operational security.
General
Critical
29 Apr
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package has been disclosed. The flaw, with a CVSS score of 9.3, allows threat actors to modify underlying databases. Exploitation in the wild began within 36 hours of the vulnerability becoming public knowledge. Source: The Hacker News
Why it matters: Indian organizations using LiteLLM must immediately patch or apply mitigations to prevent active exploitation of this critical SQL injection vulnerability.
General
High
29 Apr
Microsoft has confirmed a bug in its April 2026 Windows 11 update where Remote Desktop Protocol (RDP) security warnings may display incorrectly. This issue is a significant usability concern as these warnings are crucial for protecting users from active phishing threats. The flaw could potentially leave users vulnerable to social engineering attacks if they misinterpret […]
Why it matters: Indian critical infrastructure organisations relying on RDP must be aware of this bug, as it could reduce user vigilance against phishing attempts and necessitate enhanced user training or alternative security measures.
General
Critical
29 Apr
A sophisticated, memory-resident phishing campaign named BlobPhish is actively exploiting browser Blob URL APIs to silently steal user credentials. This attack, active since October 2024, targets Microsoft 365 users and major financial platforms. BlobPhish is particularly dangerous as it remains almost completely invisible to traditional security tools, fundamentally changing phishing page delivery. Source: Cybersecurity News
Why it matters: Indian organizations, especially those utilizing Microsoft 365 and online financial services, must be aware of this advanced phishing technique that bypasses conventional security measures.
General
Medium
29 Apr
New data from cyber insurance providers is empowering CISOs to better justify cybersecurity budgets. This data directly links security gaps to potential financial losses, a language boards understand. By presenting clear financial impact, CISOs can secure necessary resources to mitigate risks effectively. Source: Security Week
Why it matters: Indian organizations can leverage cyber insurance data to strengthen their cybersecurity investment proposals and improve overall resilience.
Government
High
29 Apr
US Cyber Command and NSA chief General Joshua Rudd warned that foreign adversaries are likely to target upcoming midterm elections. Gen. Rudd assured lawmakers of their readiness to support and safeguard these electoral processes. This emphasizes the persistent threat of state-sponsored cyber interference in democratic systems. Source: The Record
Why it matters: Indian organizations, especially government and election-related entities, should note this global trend of election interference and strengthen their own cyber defenses against similar threats.
General
High
28 Apr
A member of the alleged Chinese state-sponsored hacking group Silk Typhoon, Xu Zewei, has been extradited to the United States. He faces charges for orchestrating cyberattacks targeting US universities. This development underscores the persistent threat posed by state-backed actors to critical institutions globally. Source: Security Week
Why it matters: Indian organizations, particularly those in critical infrastructure and research, should remain vigilant against sophisticated state-sponsored cyber threats and enhance their defensive postures.
General
High
28 Apr
A vulnerability within Robinhood's systems was exploited, enabling attackers to send legitimate-looking emails that directed recipients to malicious phishing websites. Source: Security Week
Why it matters: Indian organizations must enhance their email security and user awareness training to defend against similar sophisticated phishing campaigns leveraging system vulnerabilities.
General
High
28 Apr
Threat actors are now documenting and sharing structured operational security (OPSEC) playbooks. These guides detail sophisticated techniques for maintaining anonymity and avoiding detection over long periods. Key strategies include layered infrastructure, strict identity separation, and advanced evasion tactics. Source: BleepingComputer
Why it matters: Indian critical infrastructure operators must understand these evolving threat actor OPSEC strategies to enhance their detection capabilities and strengthen defensive postures.
General
High
28 Apr
A 19-year-old dual US and Estonian citizen has been federally charged in the U.S. He was arrested in Finland earlier this month. The charges allege he was a prolific member of the notorious Scattered Spider hacking collective. Source: BleepingComputer
Why it matters: Indian organizations must remain vigilant against sophisticated threat actors like Scattered Spider, whose global activities can impact critical infrastructure and various sectors.
General
Medium
28 Apr
New research highlights secure data movement as a critical, often overlooked, bottleneck in Zero Trust program implementation. Many security programs incorrectly assume system connection solves the problem, leading to stalled initiatives. A recent report, 'Cyber360: Defending the Digital Battlespace,' details these challenges based on a survey of 500 security professionals. Source: The Hacker News
Why it matters: Indian organizations implementing or planning Zero Trust must address secure data movement challenges to avoid common pitfalls and ensure effective cybersecurity posture.
General
Critical
28 Apr
Threat hunters are warning about VECT 2.0 ransomware, which acts more like a wiper due to a critical flaw in its encryption implementation. This flaw renders recovery impossible across Windows, Linux, and ESXi variants, even for the threat actors themselves. The ransomware permanently destroys files larger than 131KB, making data unrecoverable for victims. Source: The […]
Why it matters: Indian critical infrastructure operators must update their defenses and backup strategies to counter VECT 2.0's irreversible file destruction capability across common platforms.
General
Critical
28 Apr
The state-sponsored Sandworm APT group has upgraded its intrusion tactics, now employing SSH-over-Tor tunnels for long-term, hidden access within victim networks. This new tradecraft represents a shift from simpler malware callbacks to a more anonymous and encrypted persistence mechanism. Security teams must enhance their detection capabilities to identify this sophisticated tunneling technique. Source: Cybersecurity News
Why it matters: Indian critical infrastructure operators must update their threat intelligence and enhance network monitoring to detect sophisticated SSH-over-Tor tunneling used by advanced persistent threat groups for stealthy, long-term access.
General
High
28 Apr
Chinese-backed services are orchestrating large-scale smishing campaigns globally. These operations leverage everyday messaging apps and SMS to steal personal and financial credentials. Recognized as highly organized and active, these phishing-as-a-service threats pose a significant risk in the current cyber landscape. Source: Cybersecurity News
Why it matters: Indian organizations must enhance employee awareness and implement robust technical controls against sophisticated smishing attacks targeting credentials via messaging platforms.
General
High
28 Apr
The China-based Silver Fox threat group is conducting a new campaign targeting Asian businesses and individuals. They employ fake tax audit notifications and counterfeit software update alerts to distribute dangerous malware. This campaign highlights a significant increase in social engineering attacks exploiting trust in official-looking communications. Source: Cybersecurity News
Why it matters: Indian organizations must educate employees on social engineering tactics, verify official communications, and maintain updated security software to defend against similar malware delivery campaigns.
General
High
28 Apr
A newly discovered PhantomRPC technique allows privilege escalation to System on Windows. This method involves a fake RPC server impersonating target services to elevate access. Currently, there is no official patch available to address this critical vulnerability. Source: Security Week
Why it matters: Indian organizations using Windows systems must be aware of this unpatched privilege escalation risk and monitor for potential exploitation or mitigation strategies.