April 20, 2026
Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection Board and to affected data principals, penalties that can reach 250 crore rupees for failure to implement reasonable security safeguards, and an evolving interpretation that will be shaped by the Board’s early enforcement […]
Credential compromise rarely announces itself. Ransomware comes with a note; credential theft comes with a successful login from an unexpected IP, an invoice approved by someone who was asleep, or a customer calling to ask why you sent them a strange email. Session hijack is even quieter: the adversary does not need the password because […]
A ransomware incident does not give you time to plan. The first hour sets the trajectory of the next ninety days. Organizations that respond badly in hour one end up negotiating with threat actors from a position of desperation; organizations that respond well contain the blast radius, preserve forensic evidence, and restore operations without paying. […]
April 19, 2026
A 13-year-old ActiveMQ RCE (CVSS 8.8) is actively exploited. How the Jolokia attack chain works, who is affected, detection signals, and a 72-hour response runbook.