News
Latest cybersecurity news — hacks, breaches, vulnerabilities, regulatory moves
DPDP Phase 2 Effective Date Locked: What Indian SaaS Must Ship by August 2026
What just shifted MeitY’s notification of Phase 2 of the DPDP Rules has locked the effective date for several previously-flagged sections. The…
NewsNIST FIPS 203 (ML-KEM) One Year On: Cryptographic Module Validation Reality Check
One year of FIPS 203 NIST finalised FIPS 203 — Module-Lattice-Based Key Encapsulation Mechanism, better known as ML-KEM — in August 2024.…
ComplianceOpenSSH 10.x Makes Post-Quantum Key Exchange Default: What Indian Sysadmins Should Do
OpenSSH 10.x now prefers hybrid post-quantum key exchange by default. Indian sysadmins must upgrade servers, tune sshd_config, and plan for TLS and…
ComplianceIndian Healthcare Hit by Sharp Ransomware Surge in 2026, CERT-In Flags Hospitals
CERT-In's 2026 reporting indicates a steep rise in ransomware at Indian hospitals, diagnostic chains and EHR vendors, with ABDM-linked exposure.
ComplianceRBI Tightens IT Outsourcing Norms: Cloud Audit, Exit Plans Mandatory from October 2026
RBI's anticipated update to the IT Governance Master Direction adds cloud DR tests, concentration risk registers and board-attested exit plans for NBFCs.
ComplianceDPDP Rules Phase 2 Notified: Consent Manager, SDF Criteria, Cross-Border Negative List
India notifies the second tranche of DPDP Rules: Consent Manager registration, SDF thresholds, children's age-gating and cross-border negative list.
ComplianceCERT-In Flags Microsoft May 2026 Patch Tuesday: 73 Flaws, Zero-Days Active
CERT-In advisory flags Microsoft May 2026 Patch Tuesday: 73 CVEs including exploited zero-days in Windows TCP/IP and Win32k. Patch within 72 hours.
NewsAiTM Phishing in 2026 — How EvilProxy, Mamba, Tycoon, and Astaroth Defeat Microsoft 365 MFA
Adversary-in-the-Middle phishing kits proxy your real login page and capture both credentials and post-MFA session cookies in real time. Why Microsoft Authenticator…
NewsCl0p MFT Mass-Exploit Pattern — From Accellion to Cleo, Why Indian Enterprises Keep Ending Up Downstream
Cl0p ransomware perfected the managed-file-transfer (MFT) mass-exploit playbook across Accellion, GoAnywhere, MOVEit, and Cleo — 2,700+ victims in MOVEit alone. Why MFT…
NewsIndian Android Banking Trojans 2026 — SoumniBot, Brokewell, Gigabud and the Accessibility-Service Endgame
Indian Android banking trojans (SoumniBot, Brokewell, Gigabud, GoldDigger) converge on a single playbook: side-loaded APK → Accessibility Service grant → SMS interception…