Discord has reported a significant security incident where the personal data of approximately 70,000 users, including government-issued ID photos, may have been compromised due to a cyberattack targeting a third-party customer service provider. The breach was discovered in late September and is linked to unauthorized access to data used for age verification, although Discord emphasized that its own systems were not breached. The company has engaged with law enforcement and data protection authorities and has revoked access from the affected vendor. While hackers claim to have accessed data fro…
Read More

A critical security vulnerability, tracked as CVE-2025-5947, has been identified in the Service Finder WordPress theme, allowing hackers to bypass authentication and potentially gain control over any account, including those of administrators. Discovered by researcher Foxyyy, the flaw stems from inadequate validation of user cookie values, leading to privilege escalation. Since August 1, 2025, over 13,800 exploitation attempts have been recorded, highlighting the urgency for site administrators to update to version 6.1, released on July 17, 2025. This incident underscores the importance of mai…
Read More

Prime Minister Narendra Modi envisions a secure Digital India where cybersecurity is paramount, as evidenced by rising cyber incidents from 10.29 lakh in 2022 to 22.68 lakh in 2024. The government’s commitment is reflected in the allocation of ₹782 crore in the 2025-2026 Union Budget for cybersecurity initiatives, alongside the establishment of a dedicated helpline for immediate assistance. The Promotion and Regulation of Online Gaming Bill, 2025, and national exercises like STRATEX highlight India’s proactive stance against cyber fraud, which increasingly utilizes sophisticated techniques s…
Read More

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk cybersecurity advisory concerning vulnerabilities in the Google Chrome desktop browser that could allow remote attackers to execute arbitrary code, steal sensitive data, or disrupt services. This advisory specifically targets users of versions prior to 141.0.7390.65 on Windows, macOS, and Linux, highlighting risks of heap buffer overflow and other critical security flaws. CERT-In has strongly urged users and organizations to upgrade to the latest Chrome version immediately to mitigate risks. This advisory underscores…
Read More

The FBI is investigating a significant cyber espionage campaign attributed to Chinese hackers who infiltrated the networks of major U.S. law firms and technology companies, including the prominent Washington-based law firm Williams & Connolly. This breach, uncovered in early October 2025, involved the hackers accessing a small number of attorney email accounts through a zero-day attack exploiting previously unknown software vulnerabilities. Williams & Connolly, known for representing high-profile American political figures such as Bill and Hillary Clinton, reassured clients that there is no ev…
Read More

At the Global Fintech Fest 2025, Tuhin Kanta Pandey, chairman of Sebi, warned that the rapid adoption of technology in India’s securities market introduces new risks, especially from third-party service providers and cloud platforms. He emphasized that while these advancements offer transformative potential, they also pose significant cybersecurity threats that could disrupt interconnected systems. To mitigate these risks, Sebi has implemented the Comprehensive Cybersecurity and Cyber Resilience Framework, ensuring that regulated entities can effectively withstand and recover from cyber threat…
Read More

SonicWall announced a significant data breach affecting all users of its cloud backup service, revealing that hackers accessed firewall configuration files, including encrypted credentials and configuration data. Initially, the company reported less than 5% of customers were impacted, but later clarified that all configurations set to back up to the MySonicWall service were vulnerable. SonicWall is actively notifying affected users and has published a list of impacted devices on its portal, urging customers to reset passwords and follow mitigation steps. This incident raises concerns about the…
Read More

India’s digital economy is poised for a transformation in cybersecurity with the Reserve Bank of India’s new guidelines, set for 2026, which advocate for risk-based authentication models over traditional SMS-based OTPs. This shift to a zero-trust architecture aims to enhance user confidence by allowing personalized security thresholds and adaptive checks based on transaction context, thereby improving fraud prevention without compromising user experience. As banks and fintechs invest in these innovative security measures, the rising cybersecurity budgets reflect the urgency of building resilie…
Read More

Three prominent ransomware-as-a-service (RaaS) groups—LockBit, DragonForce, and Qilin—have formed a cartel aimed at coordinating their attacks and enhancing operational efficiency in response to intensified law enforcement actions against cybercrime. This alliance, reportedly motivated by the need to restore affiliate trust, has alarming implications, especially as LockBit has indicated a willingness to target critical infrastructure, including nuclear and hydroelectric facilities, previously deemed off-limits. Security researchers warn that this collaboration could widen the attack surfac…
Read More

Nokia’s 11th annual Threat Intelligence Report underscores a troubling rise in cybersecurity threats facing the telecom sector, with incidents like the breach at SK Telecom exemplifying the vulnerability of core infrastructures. The report reveals a significant increase in sophisticated cyberattacks, including terabit-scale DDoS attacks, which now pose a daily threat, often exploiting unpatched devices and human errors. Alarmingly, over 100 million residential endpoints are exposed to potential exploitation. Nokia emphasizes the necessity for telecom operators to enhance security through AI-dr…
Read More

A significant data breach has unfolded at Red Hat, involving the criminal group ‘Crimson Collective,’ which claims to have exfiltrated approximately 570 GB of data from a GitLab instance utilized by Red Hat’s consulting division. This breach reportedly includes tens of thousands of internal repositories and sensitive Customer Engagement Reports, prompting an extortion campaign in collaboration with a group linked to Scattered Lapsus$/ShinyHunters. Red Hat has confirmed the incident, initiating an investigation and isolating the affected environment while urging customers with self-managed inst…
Read More

A PhD student at the University of Portsmouth has developed a promising framework named FedLLMGuard to enhance security in 5G wireless communications, addressing vulnerabilities inherent in these networks due to their dynamic nature and high data volumes. This innovative approach combines large language models with federated learning to enable real-time detection of abnormalities while safeguarding user privacy. As 5G networks play a crucial role in various sectors, including healthcare and finance, this advancement is significant in mitigating cyber threats and ensuring robust data protection…
Read More

GovWare 2025, a premier cybersecurity event in Singapore, will convene over 13,000 professionals from more than 90 countries to discuss the evolving cyber threat landscape under the theme “Cyberspace: Of Starbursts, Black Holes, and Last Frontiers.” Prominent speakers, including leaders from Cisco and Google, will address resilience strategies and the intersection of cybersecurity with technology and policy. The event promises extensive networking opportunities and showcases from over 300 exhibitors, featuring innovations in various sectors. With a growing emphasis on global cyber cooperation…
Read More

The Securities and Exchange Board of India (SEBI) has announced a strategic initiative to safeguard India’s capital markets from potential threats posed by quantum computing, with a target operational date set for 2028. SEBI Chairman Tuhin Kanta Pandey emphasized the necessity of preparing for the disruptive nature of quantum technology, which could compromise traditional encryption systems. The action plan involves a phased approach—discovery, preparation, and implementation—tailored to ensure that all regulated entities become quantum-ready. This initiative is significant as it underscor…
Read More

OpenAI has suspended multiple ChatGPT accounts linked to Chinese-speaking hackers involved in the development of malware and phishing tools, coinciding with the documented threat cluster UTA0388, which has targeted Taiwan’s semiconductor sector and various U.S. institutions. The banned accounts engaged in sophisticated cyber activities, including crafting phishing emails in multiple languages and automating reconnaissance. OpenAI’s enforcement action emphasizes its commitment to robust policy measures and collaboration with security partners, as no novel offensive capabilities were identified…
Read More

Qilin, a ransomware group known for its cyberattacks, has claimed responsibility for a breach at Japan’s Asahi Group Holdings, disrupting production at its beer-making subsidiary. The group allegedly stole over 9,300 files, amounting to 27 gigabytes of internal documents, and posted these claims along with images on their website. Asahi confirmed the hack on September 29 and resumed production at its six Japanese plants on October 2. This incident highlights the growing threat of ransomware attacks on critical industries globally, emphasizing the need for robust cybersecurity measures to prote…
Read More

Chinese hackers have reportedly targeted multiple U.S. law firms, including the prominent Williams & Connolly, as part of a broader state-sponsored espionage campaign aimed at gathering intelligence related to U.S. national security and international trade. The FBI is currently investigating these breaches, which involved the exploitation of zero-day vulnerabilities. Williams & Connolly has confirmed that a small number of attorney email accounts were accessed, but asserts that no confidential client data was extracted. The incident underscores the ongoing cybersecurity threats posed by nation…
Read More

Google has initiated an AI Vulnerability Reward Program (AI VRP) aimed at incentivizing researchers to identify and responsibly report security vulnerabilities in its AI systems. This program offers base rewards of up to $20,000 for significant product flaws, with potential multipliers increasing payouts to as much as $30,000 for high-quality reports. However, Google clarified that certain content-related issues, including jailbreaks and prompt injections, are outside the scope of this program and should be reported through other channels due to their complexity. This initiative underscores th…
Read More

The Central Bureau of Investigation (CBI) has successfully dismantled a transnational cybercrime network involved in financial crimes and online sexual offenses targeting minors and foreign nationals. In a coordinated operation, aided by inputs from international agencies including the FBI and German authorities, the CBI arrested eight individuals and identified 45 more linked to illegal call centers in New Delhi, Amritsar, and Siliguri. The agency seized over USD 66,000 in cash and blocked 30 associated bank accounts. This operation underscores India’s commitment to combating cybercrime, prot…
Read More

The Central Electricity Authority (CEA) has released draft regulations for Cyber Security in the Power Sector, 2025, aimed at bolstering defenses against cyber threats within this critical infrastructure. Central to the regulations is the establishment of the Computer Security Incident Response Team – Power (CSIRT–Power), tasked with managing and analyzing cyber incidents. The regulations mandate each entity to appoint a Chief Information Security Officer (CISO) responsible for reporting incidents and implementing security measures, including annual cyber security audits. This initiative u…
Read More

GAIL (India) Limited inaugurated Cyber Security Awareness Month (CSAM) 2025 at its Corporate Office in New Delhi, emphasizing the critical role of cybersecurity in protecting national infrastructure. Director R. K. Jain highlighted the theme “Cyber Jagrit Bharat” set by the National Security Council Secretariat, urging collective responsibility among all employees for cybersecurity vigilance. GAIL is enhancing its security measures through Security Operations Centres, training programs, and IT/OT integration. The month-long initiative will feature various activities and knowledge-sharing sessi…
Read More

Red Hat has confirmed a significant data breach orchestrated by the hacking group Crimson Collective, which claims to have stolen approximately 570GB of sensitive data from its internal development repositories. This breach includes around 800 Customer Engagement Reports (CERs) that contain critical information about various clients, such as Walmart, HSBC, and the Department of Defence. Following the initial breach, Crimson Collective announced a collaboration with another group, ShinyHunters, to intensify their extortion efforts, threatening to publicly release the stolen data if a ransom is…
Read More

Oracle has confirmed a targeted email extortion campaign linked to the cl0p ransomware gang, as flagged by Google’s Mandiant team. The hackers are sending personalized emails threatening to leak sensitive data from Oracle’s cloud applications unless ransom is paid in cryptocurrency. This campaign coincides with quarterly financial announcements, aiming to exploit urgency and fear among high-level executives. Oracle has advised CEOs and CIOs to alert security teams, review cloud configurations, and educate staff on phishing tactics. This incident highlights the increasing focus of ransomware gr…
Read More

Sanjay Bahl, the chief of CERT-IN, has issued a warning regarding the rise of AI-powered phishing attacks, noting that malicious actors are leveraging advanced technologies to enhance the sophistication of their tactics, making phishing attempts increasingly difficult to detect. During a session at the Global Fintech Festival 2025, he highlighted the success of Operation Sindoor, where coordinated cyber threats were effectively thwarted without any material damage, thanks to rigorous preparedness and 24/7 monitoring. The ability to report suspicious activities within six hours was crucial in m…
Read More

Former GCHQ chief Robert Hannigan emphasized the significance of Ukraine’s cyber defense strategies amidst ongoing cyberattacks from Russia, highlighting their resilience since the 2014 Crimea annexation. He noted that Russia has increasingly utilized cybercriminal groups as proxies for hybrid warfare, exacerbating global cybersecurity threats. As nations convene to address such challenges, Hannigan’s insights underscore the necessity for robust defense mechanisms against state-sponsored cyber aggression. This situation not only sheds light on the evolving tactics of cyber warfare but also ser…
Read More