India’s critical infrastructure is experiencing a significant surge in cyberattacks, particularly targeting financial and government sectors, with threats primarily emanating from Pakistan and China. Notable operations, including Cosmic Leopard, exploit existing vulnerabilities, prompting the Reserve Bank of India to advocate for improved cybersecurity measures. The rising threat landscape emphasizes concerns over cloud vulnerabilities and supply chain risks, leading to discussions on offensive cyber operations, which necessitate careful consideration of legal and ethical implications for national …

In 2025, social engineering attacks have become increasingly sophisticated, leveraging AI to enhance phishing and deepfake scams, particularly targeting defense sectors. The shortage of skilled cybersecurity professionals impacts 83% of Chief Information Security Officers (CISOs), weakening defenses against these threats. For India, such tactics from adversaries like Pakistan and China pose significant risks to military systems, underscoring the urgent need for enhanced training and AI-driven security measures. The evolving nature of these attacks highlights the …

Russia is expanding its cyber influence globally through operations facilitated by companies from the post-Soviet era, targeting critical infrastructure in nations supporting Ukraine. This strategy aligns with geopolitical alliances, notably with China and Iran, which could have implications for conflicts in South Asia, particularly involving India and its rivals. To counter these threats, defensive measures focusing on cloud-native solutions and AI are recommended, enhancing resilience through vulnerability assessments and predictive controls. The integration of these …

India’s CERT-In has issued a high-severity advisory regarding a Google Chrome vulnerability that could enable remote code execution, urging users to update to the latest versions across all major operating systems. This flaw poses significant risks, particularly for defense personnel and critical infrastructure, as it can be exploited through phishing and other malicious campaigns. The advisory emphasizes the importance of timely patching and general browser hygiene, such as limiting risky extensions and enhancing monitoring for …

India’s national cyber agency, CERT-In, has issued a high-risk advisory regarding critical Microsoft vulnerabilities that could lead to significant operational disruptions for Indian enterprises, particularly within government and strategic sectors. The advisory warns of potential remote code execution and privilege escalation risks, urging organizations to promptly apply patches and enhance security measures such as multi-factor authentication. This alert is timely, given the escalating regional tensions and the increasing targeting of unpatched systems by adversaries. Effective …

GMR Aero Academy, the training arm of GMR Group specializing in aviation and security, has officially launched the National Cyber Security Scholar Program on August 21 to bolster India’s cybersecurity defenses amid escalating threats to critical infrastructure and defense sectors. This 18-week, 160-hour instructor-led initiative, developed under the National Security Database platform in partnership with CERT-In and the Information Sharing and Analysis Centre, focuses on equipping emerging leaders with skills in threat detection, incident response, …

Users in Pakistan reported unexpected changes to mobile systems, sparking fears of a coordinated cyberattack, potentially linked to state actors amid regional tensions. Anomalies included unauthorized app installations and unusual data usage patterns, prompting the Pakistan Telecommunication Authority to advise users on cybersecurity measures. This incident underscores vulnerabilities in Pakistan’s digital infrastructure, raising alarms about potential threats to critical systems, including defense communications. The situation highlights the need for bolstered cybersecurity frameworks and international collaboration …

A US Navy sailor has been convicted of espionage for leaking classified information to Chinese intelligence, including details on naval exercises and missile systems. Stationed in Japan, the sailor received $15,000 for the information, compromising US operations in the Indo-Pacific. This incident highlights the escalating threat of Chinese espionage amid tensions in the South China Sea, prompting the Department of Defense to enhance counterintelligence measures. With multiple similar cases in recent years, experts warn that …

The Indian government has not unblocked TikTok, contrary to misleading reports suggesting otherwise. Official sources clarified that TikTok and other Chinese apps, initially banned in June 2020 following border clashes in Ladakh, remain blocked. The ban reflects India’s commitment to safeguarding national security and digital sovereignty amidst ongoing tensions with China. This decisive stance reinforces the government’s strategy to limit Chinese influence in the digital domain, ensuring that platforms posing potential risks to security are …

Recent reports highlight a critical vulnerability in GeoServer software, tracked as CVE-2024-36401, which cybercriminals are actively exploiting to deploy cryptomining malware and create IoT botnets. This vulnerability enables remote code execution, allowing attackers to install miners like XMRig on both cloud and on-premise systems, and facilitating multi-stage payloads that evade detection. The exploitation campaigns target high-value sectors such as energy and telecommunications, with tactics including disabling security features and establishing persistence through cron jobs. Researchers …

The Indian hacktivist group Trojan 1337 has claimed responsibility for breaching the website of Pakistan’s Provincial Assembly of Punjab, highlighting a rise in nationalist cyberattacks in the region. This incident, occurring on August 19, 2025, echoes previous actions where the group targeted over 100 Bangladeshi sites during India’s Independence Day, indicating a trend of politically motivated cyber activities that may exacerbate diplomatic tensions. Such hacktivist actions raise concerns about the security of digital assets within …

India’s Ministry of Home Affairs is responding to the rising threat of AI-driven cybercrime by training specialized “cyber commandos” at the Defence Institute of Advanced Technology (DIAT) in Pune. This six-month course, developed in collaboration with DRDO scientists and academic experts, addresses challenges such as deepfakes and automated phishing. The initial cohort of 30 commandos, primarily from Jammu & Kashmir Police, has already been involved in key operations, although low pass rates among Maharashtra Police …

At the C3iHub ‘Connect 1.0’ Startup Demo Day, IIT Kanpur unveiled five innovative cyber defence and surveillance tools developed by incubated startups, showcasing India’s commitment to self-reliance in defensive technologies. Notable innovations included the Eliminator kamikaze drone for GPS-denied environments, the solar-powered TEJASVAAN ISR drone with a 12-hour endurance, and the BlackFence cyber threat intelligence platform aimed at combating fraud and phishing. This event, which included participation from government and industry leaders, highlights India’s strategic …

Vice Admiral Raman Puri, former Chief of Integrated Service, highlighted during a seminar at VNIT, Nagpur, the inadequacy of India’s cybersecurity infrastructure, which can manage routine cybercrime but lacks the robustness for large-scale threats. He urged the need for stronger, indigenous cybersecurity systems and warned against dependence on foreign technology, especially during crises. Puri called for government support to bolster domestic industries in developing critical technologies, emphasizing that self-reliance is essential for national resilience against …

China’s state-sponsored hacking group Silk Typhoon has intensified cyberattacks on North American cloud networks, exploiting zero-day vulnerabilities in products like Commvault and Citrix Netscaler to access sensitive government and defense data. Since late spring 2025, the group has targeted software-as-a-service providers, technology firms, and legal services through supply chain compromises, using flaws such as CVE-2023-3519 in Citrix Gateway and CVE-2025-3928 in Commvault devices to infiltrate downstream customer environments. CrowdStrike reported over a dozen incidents by …

A China-linked hacking group, Murky Panda, has been conducting sophisticated cyber-espionage operations against North American entities, utilizing compromised cloud services to access sensitive information. This group employs advanced techniques, including weaponizing zero-day vulnerabilities and using custom malware, to target critical sectors, including defense technologies. The incident underscores vulnerabilities in cloud environments and highlights the risks posed by third-party dependencies. In light of growing U.S.-China tensions over technology, international cooperation and enhanced cybersecurity measures are crucial …

Veeam Software hosted its VeeamON 2025 event in New Delhi, focusing on enhancing India’s cyber resilience against ransomware threats. It unveiled a whitepaper detailing strategies to counter ransomware, emphasizing compliance with the Digital Personal Data Protection (DPDP) Act and the forthcoming Digital India Act. The Bharat CyberSuraksha Saksham Bharat initiative aims to train over 100,000 professionals, establish 100+ Centers of Excellence, and create 25,000 cybersecurity jobs. Veeam’s holistic approach, encapsulated in the 6 Ps—Partnerships, People, …

Registration is now open for c0c0n 2025, India’s largest cybersecurity conference, set for October 10-11, 2025, in Kochi. This event will address critical issues like AI-powered cyberattacks, state-sponsored hacking, and ransomware targeting essential sectors, including defense and infrastructure. With India’s rising significance in global cyber threat discussions, the conference aims to enhance national cybersecurity capabilities, particularly against threats from rivals such as China and Pakistan. Experts will provide insights on protecting military systems and mitigating …

Apple has released critical security updates for iOS and macOS to address a zero-day vulnerability, CVE-2025-43300, in its ImageIO framework, which could allow remote code execution through malicious images, particularly targeting cryptocurrency users. This zero-click exploit poses significant risks, especially for high-profile individuals in finance and defense, as it could lead to theft of sensitive data and military information. The incident underscores the intersection of cybersecurity and national security, particularly in the geopolitical context of …

As the festive season in India approaches, Quick Heal Technologies warns of an increase in cyber scams targeting online transactions, particularly through fake booking interfaces and phishing attempts linked to events and travel. Fraudsters exploit urgency, creating counterfeit sites and malicious apps that demand excessive permissions, leading to significant financial losses for unsuspecting users. The company emphasizes the importance of vigilance, urging consumers to treat online transactions with the same caution as physical ones, verify …

A recently identified cyber-espionage campaign by the Pakistan-linked group APT36 (Transparent Tribe) targets Indian government and defense sectors, utilizing spear-phishing tactics to distribute malware disguised as legitimate files. This operation exemplifies the ongoing cyber warfare between the two nations, emphasizing the need for India to enhance its cybersecurity measures. Experts recommend improving email security and adopting behavior-based detection to mitigate such threats effectively. The incident serves as a stark reminder of the vulnerabilities present in …

Research by Exabeam reveals that AI is significantly enhancing insider threats, now surpassing external attacks in frequency and impact. Insiders are using AI tools to facilitate data breaches, emphasizing the urgent need for advanced threat detection systems, particularly in sectors critical to national security. In India, where digital expansion is rapid, the risk from such threats could be intensified by external adversaries. The report urges organizations to adopt user and entity behavior analytics (UEBA) and …

Pakistan has launched Asia One, its first satellite-based English-language global news channel, aimed at broadcasting its perspectives on regional issues, which analysts warn could serve as a platform for state-backed disinformation, particularly against India. This initiative enhances Pakistan’s ability to shape narratives internationally, posing a significant challenge to India’s media presence. The channel’s potential to influence public opinion and policy discussions abroad highlights the need for India to develop a robust global media strategy, especially …

In a sophisticated cyber threat amid India’s push for digital governance, cybercriminals have unleashed an Android malware campaign targeting users with fake offers under the PM Surya Ghar: Muft Bijli Yojana, a February 2024 government scheme providing solar subsidies up to 60% for rooftop installations. Discovered by McAfee on August 19, 2025, the attack leverages YouTube videos with shortened URLs directing victims to GitHub-hosted phishing sites mimicking the official pmsuryaghar.gov.in portal, tricking users into downloading …

The FBI issued a warning on August 20, 2025, regarding Russian FSB cyber actors targeting end-of-life networking devices in US critical infrastructure, raising concerns about potential espionage and disruptive attacks. Vulnerable devices, such as outdated routers and switches, are prime targets for exploitation due to lack of security updates. The advisory indicates that these tactics may also pose risks to allies, including India, suggesting the need for enhanced cybersecurity strategies. The incident emphasizes the importance …