News
Latest cybersecurity news — hacks, breaches, vulnerabilities, regulatory moves
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172…
NewsDrupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known…
Incident ResponseScenario Brief: Anatomy of a High-Risk Patch Tuesday for Windows Estate Defenders
Tabletop-ready scenario: a hypothetical Patch Tuesday with twin Print Spooler bugs echoing PrintNightmare. Domain-controller priority and SOC detection workflow.
Cloud SecurityScenario Brief: How Post-Quantum TLS Could Roll Out Across UPI Infrastructure
Tabletop-ready forecast: an illustrative roadmap for ML-KEM-based hybrid TLS across UPI switch-to-issuer links and the CIO action plan around cryptography inventory.
ComplianceScenario Brief: Tracking SBOM Readiness Among SEBI-Regulated Intermediaries
Tabletop-ready compliance scenario: where stockbrokers and depository participants stand against the SEBI CSCRF Phase 2 SBOM requirement and the 30-day sprint plan.
Incident ResponseScenario Brief: Ransomware Tradecraft Against Indian Hospitals via Unpatched Backups
Tabletop-ready scenario: ransomware affiliates targeting Veeam backup servers as initial access. ABDM propagation risk and the hospital defender checklist.
Cloud SecurityScenario Brief: Pod Escape via Cgroup Namespace TOCTOU — A Containerd Threat Model
Tabletop-ready scenario: a hypothetical containerd pod-escape via TOCTOU race. Why baseline Pod Security Admission is no longer enough and what to harden.
ComplianceScenario Brief: What Tighter RBI Cyber Master Direction Controls Would Mean for PSOs
Tabletop-ready regulatory scenario: continuous control monitoring, board-level cyber risk committees, and a 4-hour SLA on critical incident notification for PSOs.
AI SecurityScenario Brief: MCP SDK Authentication Bypass — Tradecraft and Mitigation
Tabletop-ready scenario: a hypothetical auth-bypass in the Model Context Protocol reference SDK. What an MCP server compromise looks like and how to…
ComplianceScenario Brief: How a DPDP Penalty for S3 Misconfiguration Could Unfold
Tabletop-ready compliance scenario: how a public S3 bucket leaking identity documents could lead to a major DPDP Board penalty, and what Data…