Seqrite, the enterprise security arm of Quick Heal Technologies, has warned that software supply chain attacks have become one of the most dangerous and least visible cyber risks facing Indian organisations in 2026. Instead of directly assaulting hardened enterprise perimeters, adversaries now increasingly infiltrate trusted partners, software vendors and service providers, inserting backdoors into seemingly legitimate updates, plugins and libraries that reach corporate networks...

The Security and Privacy Research Group (SyPy) at IIIT Hyderabad systematically uncovers architectural weaknesses in AI pipelines, blockchain networks, mobile ecosystems and distributed systems that underpin digital finance, identity and decision-making processes. Led by Prof. Ankit Gangwal, the group employs adversarial thinking to probe edge cases where code assumptions fail, preventing exploits that could cascade across interconnected platforms affecting millions. Operating within the Centre...

Cloudflare Threat Intelligence Report 2026, analysing 230 billion daily blocked threats, documents a paradigm shift where adversaries prioritise ‘logging in’ over ‘breaking in’, using AI to automate reconnaissance, exploit development and deepfake generation for persistent access. Large language models enable real-time network mapping and high-value data localisation, facilitating supply chain compromises across hundreds of SaaS tenants in record efficiency. CEO Matthew Prince emphasised sharing...

A cyberattack on Cegedim Santé, a key software provider to France’s health ministry, compromised 15.8 million administrative medical files in late 2025, with 165,000 to 169,000 containing doctors’ free-text notes that included sensitive details such as HIV/AIDS diagnoses and sexual orientation references in limited cases. The breach affected MonLogicielMedical (MLM), a platform used by approximately 3,800 doctors for patient records access, communication and administrative...

ISACA has released the 5th edition of its IT Audit Framework (ITAF), updating the profession’s core reference for planning, performing and reporting IT audit engagements for the first time since 2020. The latest edition refreshes terminology, definitions and examples to reflect cloud computing, AI and machine learning, and business automation, moving beyond a narrow focus on traditional IT controls to encompass modern digital ecosystems....

Kaspersky’s Global Research and Analysis Team has uncovered at least three distinct infection chains in the Notepad++ supply chain compromise, with two previously undocumented, targeting organisations and individuals across multiple countries including a Philippine government entity, an El Salvador financial institution and a Vietnamese IT service provider. The attackers exploited a hosting provider incident disclosed by Notepad++ developers on February 2, 2026, to hijack...

Google Threat Intelligence Group has disrupted a massive residential proxy operation that secretly transformed over 90 million Android and smart devices worldwide into unwitting components of a proxy relay system. The network operated through hidden software development kits embedded in more than 600 free applications, including utility tools, VPN services and other seemingly legitimate downloads, which routed third-party internet traffic through compromised user devices...

Seqrite, Quick Heal Technologies' enterprise security division, released its India Cyber Threat Report 2026 documenting 265.52 million detections across more than 8 million endpoints—an average of 505 threats intercepted every minute. Financial services emerged as a prime target with 1.16 million incidents representing 4.36% of total volume, driven by sophisticated brand impersonation campaigns and cloned customer portals harvesting policyholder data from insurers. Fake Domains and...

Tenable Research has detailed a malicious npm package that illustrates how quickly modern software supply chain risks can propagate once they enter public ecosystems. The package, named “ambar-src”, was downloaded around 50,000 times from the npm registry before removal, despite having no legitimate functionality and existing solely as a malware delivery vehicle. It was designed to mimic the widely used “ember-source” package, which has...

Zscaler and Bharti Airtel announced the establishment of the AI & Cyber Threat Research Center – India, a collaborative platform dedicated to enhancing national cyber resilience amid accelerating AI-driven threats. Targeting critical sectors including telecommunications, banking, energy, and essential digital infrastructure, the center positions itself as a national hub for threat intelligence sharing and innovation. Designed explicitly "In India, For India," the initiative builds...