Latest cybersecurity news.
Hacks, breaches, vulnerabilities, regulatory moves — tracked and contextualised for Indian security teams.
AI Tool Integrations Expose New Attack Surface: Inside MCP Security Risks
Model Context Protocol (MCP), the emerging standard that lets AI assistants connect to external tools and data sources, is rapidly becoming a fixture in enterprise environments — and security researchers are raising alarms about its attack surface. As organisations rush to wire AI copilots into internal APIs, databases, and SaaS platforms, the authentication and authorisation […]
Read moreDPDP Significant Data Fiduciary Rules: What Indian Businesses Must Prepare For
India’s Ministry of Electronics and Information Technology (MeitY) has been expected to finalise the rules under the Digital Personal Data Protection (DPDP) Act 2023 — and the draft provisions around Significant Data Fiduciaries (SDFs) are the most consequential for mid-to-large businesses. If your organisation processes personal data at scale, the SDF designation carries obligations that […]
Read moreEdge Device Exploitation: VPN and Firewall Appliances Remain Top Initial Access Vector in 2026
Network edge appliances — VPN gateways, firewalls, load balancers, and SSL inspection proxies — have become the most reliable initial access vector for sophisticated threat actors in 2025 and 2026. Mandiant, CrowdStrike, and Recorded Future all placed edge device exploitation at the top of their initial access reports this year. The pattern is consistent: a […]
Read morePost-Quantum Migration Window Narrows: What NIST FIPS 203 Means for Indian Enterprises
NIST published its first post-quantum cryptography standards — FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) — in August 2024. Nearly two years on, adoption in enterprise environments is still early, despite mounting evidence that adversaries are harvesting encrypted traffic today for decryption once quantum computers become capable. The window to migrate is […]
Read moreGitHub Actions Supply Chain Attacks: How CI/CD Pipelines Became the New Target
Software supply chain attacks via CI/CD pipelines have moved from headline-grabbing incidents to a reliable, repeatable attack category. The pattern has evolved considerably since the SolarWinds and XZ Utils compromises: attackers now target the build infrastructure itself — GitHub Actions workflows, self-hosted runners, secrets stored in environment variables, and the dependency trees that CI systems […]
Read moreFortiClient EMS Zero-Day CVE-2026-35616: Patch to 7.4.7 and Hunt for Compromise
Fortinet fixed CVE-2026-35616, an actively exploited FortiClient EMS zero-day, in 7.4.7. Here is what Indian teams must do: patch, restrict access, and hunt.
Read moreChrome Patches a 5th 2026 Zero-Day (CVE-2026-11645) in V8 – Update Today
Google patched CVE-2026-11645, an actively-exploited Chrome V8 zero-day and the 5th of 2026. Update to 149.0.7827.102 today - here is exactly how.
Read moreCheck Point VPN Zero-Day CVE-2026-50751: Patch Now as Qilin Ransomware Exploits It
A CVSS 9.3 auth-bypass zero-day in Check Point Remote Access VPN, exploited in the wild since May 7 and linked to Qilin ransomware. Patch and hunt now.
Read moreMicrosoft June 2026 Patch Tuesday: Wormable Kernel RCE CVE-2026-45657 Tops 200+ Fixes
Microsoft June 2026 Patch Tuesday fixes 200-plus CVEs led by CVE-2026-45657, a wormable, unauthenticated CVSS 9.8 Windows kernel RCE. Prioritised patch actions inside.
Read moreSEBI CSCRF Compliance 2026: BFSI Audit-Readiness Guide
What SEBI's CSCRF demands in 2026, how RBI, CERT-In and DPDP stack on top, and a practical path to audit-readiness.
Read moreHealthcare Cybersecurity India 2026: Stop the Ransomware
Why Indian hospitals are prime ransomware targets in 2026, the regulatory stack they must meet, and a defence checklist that holds.
Read moreZero Trust India 2026: A Practical Roadmap for Enterprises
A phased, vendor-neutral zero trust roadmap for Indian enterprises in 2026, mapped to DPDP, RBI and SEBI expectations.
Read more