Bharat Threat FeedGlobal threats, decoded for Indian defenders
Nirad Bharat Threat Feed

India-first threat intelligence

Global threats, decoded for Indian defenders — weekly briefs, sector editions, and AI Threat Watch. Every claim source-attributed.

Weekly Latest Weekly Brief 12 June 2026 Open issue →

Weekly Brief — Week of 8–12 June 2026

A patch-heavy week for Indian defenders: an exploited ERP zero-day, several edge and VPN flaws under active attack, and a Pakistan-aligned group still grinding at Indian government desktops. Six things to have acted on.
1

Oracle PeopleSoft zero-day exploited before patch (CVE-2026-35273)

Oracle issued an out-of-band alert on 10 June for a critical PeopleSoft PeopleTools flaw. Google's Mandiant reported exploitation ahead of the patch and tracked the activity to UNC6240 (ShinyHunters); CISA added the CVE to its Known Exploited Vulnerabilities catalogue on 12 June.

India exposurePeopleSoft-class HR, payroll, finance and campus systems across PSU banks, insurers, universities and public-sector-aligned organisations.
ActionPatch immediately, inventory internet-exposed PeopleSoft components, and hunt for suspicious access between late May and patch deployment.
SourceOracle; Google/Mandiant; CISA KEV.
2

Check Point VPN authentication bypass under active exploitation (CVE-2026-50751)

Check Point disclosed an actively exploited authentication bypass affecting Remote Access VPN, Mobile Access and Spark deployments using deprecated IKEv1. CISA added it to KEV on 8 June.

India exposureBFSI, IT services, MSPs and enterprises still running legacy VPN configurations.
ActionApply Check Point's fix, disable deprecated IKEv1 remote-access paths where possible, and audit VPN sessions from May onward for post-authentication activity.
SourceCheck Point; Rapid7; CISA KEV.
3HighCVSS 7.8

Cisco Catalyst SD-WAN Manager zero-day — exploited and unpatched (CVE-2026-20245)

Cisco confirmed in-the-wild exploitation of a privilege-escalation flaw (CVSS 7.8) in Catalyst SD-WAN Manager; an attacker with netadmin rights can inject commands and run as root, and Cisco observed config changes pushed to edge devices. CISA added it to KEV on 9 June; no patch was available during the week.

India exposureTelecom operators, large BFSI networks and government WANs that run Cisco SD-WAN as their backbone.
ActionRemove SD-WAN Manager instances from internet exposure and tightly restrict and audit netadmin accounts until Cisco ships a fix.
SourceCisco Security Advisory; CISA KEV; The Hacker News.
4CriticalCVSS 10.0

Ivanti Sentry critical RCE and admin-account takeover (CVE-2026-10520 / CVE-2026-10523)

Ivanti published fixes on 9 June. CVE-2026-10520 is an unauthenticated remote code execution flaw (CVSS 10.0); CVE-2026-10523 allows unauthenticated admin-account creation.

India exposureOrganisations using Ivanti/MobileIron-style mobile gateways for managed-device access into internal applications.
ActionUpgrade Sentry immediately, restrict management-interface exposure, and review appliance logs for unexpected admin creation or command execution.
SourceIvanti; Rapid7.
5

Microsoft's largest-ever Patch Tuesday and an exploited Chrome V8 zero-day (CVE-2026-11645)

Microsoft's June update addressed around 208 vulnerabilities (38 Critical) — the biggest single release since Patch Tuesday began in 2003 — formally patching an already-exploited Defender elevation-of-privilege flaw (CVE-2026-41091, KEV-listed in May). Separately, Google's 8 June Chrome update fixed an exploited V8 out-of-bounds memory flaw (CVE-2026-11645).

India exposureEffectively every Windows estate and Chrome/Chromium desktop fleet — government, BFSI, healthcare, manufacturing.
ActionConfirm Defender platform updates applied; force-update Chrome/Edge and verify the fixed version through endpoint management, prioritising high-risk users.
SourceMicrosoft Security Update Guide; Google Chrome Releases; Zero Day Initiative; CISA KEV.
6

APT36 / Transparent Tribe keeps targeting Indian government Linux desktops

The Pakistan-aligned group continues its DeskRAT campaign against BOSS Linux, the Indian government's homegrown distribution, using defence-themed phishing that drops a Go-based remote-access trojan. Documented by Sekoia and CYFIRMA; this remains the live India-targeted thread of the week.

India exposureDefence establishments, central and state government bodies, and academic institutions running BOSS Linux.
ActionTreat Linux endpoints as in-scope for EDR and phishing controls; block execution from user-writable paths and inspect outbound traffic from desktop Linux hosts.
SourceSekoia; CYFIRMA; The Hacker News.
AI-watch: A LiteLLM command-injection flaw (CVE-2026-42271) was added to CISA KEV on 8 June — relevant to teams running internal LLM gateways for model routing. Upgrade to fixed versions and restrict exposed endpoints.
The takeaway: This was a perimeter-and-platform week. The route into Indian enterprises ran through VPNs, ERP, mobile gateways and browsers, while APT36 supplied the regional intent to use that access against Indian targets. Patch the edge; watch the desktops.
Nirad Bharat Threat Feed | Bharat-first threat intelligence
Sector Latest Sector Edition June 2026 Open issue →

BFSI Sector Edition — June 2026

Black Kite's 2026 State of Financial Services Report (3 June) frames a two-front year: Q1 2026 direct ransomware attacks on financial institutions rose 76% year-on-year (65 incidents), while roughly half of financial-sector vendor ecosystems carry critical vulnerabilities — and 48 distinct threat groups now target finance, led by Qilin, Akira and Kill Security after the LockBit/ALPHV takedowns. For Indian BFSI, the soft entry point is increasingly the edge appliance and the third party, not the core.

1. Sector snapshot

2. Threats targeting BFSI

1CriticalCVSS 9.3

Check Point VPN authentication-bypass zero-day, exploited and ransomware-linked — CVE-2026-50751 (CVSS 9.3)

A certificate-validation flaw in IKEv1 lets unauthenticated attackers open VPN sessions on Check Point Remote Access VPN, Mobile Access and Spark; CISA added it to KEV on 9 June, and at least one intrusion is tied to a Qilin ransomware affiliate.

ExposureIndian banks, NBFCs and insurers running Check Point gateways with legacy IKEv1 for branch/remote access.
Actionapply the hotfix, force IKEv2-only with machine-certificate auth, and hunt for unauthenticated VPN sessions since 7 May.
SourceRapid7 (8 Jun 2026); CISA KEV (9 Jun 2026).
2

FortiBleed — mass Fortinet credential exposure, India among the worst-affected

A dataset of working credentials for tens of thousands of internet-facing FortiGate / SSL-VPN devices across 194 countries circulated, with India ranked among the most-affected countries and financial services named among exposed sectors.

Exposurebanks, NBFCs and insurers running internet-facing FortiGate / SSL VPN.
Actiontreat Fortinet VPN and admin credentials as compromised — rotate, enforce phishing-resistant MFA, restrict management access, and review for rogue accounts.
SourceCISA (18 Jun 2026); Dark Reading, BleepingComputer (June 2026).
3

Rokarolla Android banking trojan — built for UPI/OTP fraud (217 apps)

Zimperium zLabs detailed (16 June) a device-takeover Android trojan with 137 commands: overlay credential theft, SMS/OTP interception, alert muting and clipboard crypto-address swapping, spread via fake TikTok/Chrome sites and a Play Protect-killing dropper. The capability set maps directly onto India's UPI/OTP-driven payments.

Exposureretail mobile-banking and UPI customers; accessibility-permission abuse defeats SMS-OTP.
Actiondeploy in-app overlay/accessibility-abuse and sideload detection; brief fraud teams on OTP-interception and micro-drain patterns; reinforce "never grant accessibility access to unknown apps."
SourceZimperium zLabs; Infosecurity Magazine, BleepingComputer (16–17 Jun 2026).
4CriticalCVSS 9.8

MOVEit Automation critical authentication bypass — CVE-2026-4670 (CVSS 9.8)

Progress patched an unauthenticated auth-bypass (with a companion privilege-escalation flaw) that grants full admin control of MOVEit Automation and access to stored transfer credentials. No in-the-wild exploitation reported yet, but 1,400+ instances are internet-exposed and MFT is a repeat BFSI breach vector.

Exposureinternet-facing MOVEit / MFT nodes moving statements, KYC, reconciliation and settlement files across banks and their vendors.
Actionupgrade immediately, restrict MFT admin interfaces to allow-listed IPs, and review file-access logs for anomalous bulk retrieval.
SourceProgress; Help Net Security, BleepingComputer (4 May 2026).

3. Sector tech & exposures

- Edge/VPN is the live battleground — beyond Check Point, Palo Alto GlobalProtect (CVE-2026-0257) is under active exploitation (CISA KEV, 29 May); inventory and patch all internet-facing gateways. - Managed file transfer (MOVEit) remains a recurring breach vector — treat any exposed MFT as priority-patch. - Core banking / ERP: CERT-In flagged June Oracle (incl. PeopleSoft, E-Business Suite, MySQL) and SAP (NetWeaver, S/4HANA) critical updates — prioritise where reconciliation/settlement middleware depends on these stacks. - Supply chain: CERT-In's "Mini Shai-Hulud" advisory warns of npm/PyPI compromise and CI/CD secret theft — a fourth-party risk for fintech-dependent BFSI.

4. Regulatory & compliance watch

- RBI — data-protection advisory (April) directing regulated entities to align customer-data protection with the DPDP Act; reporting also indicates RBI is weighing added "frictions" against authorised push-payment fraud. - SEBI — AI vulnerability-detection advisory (5 May) under the CSCRF; the next half-yearly cyber-audit / action-taken cycle is due 30 June 2026. - IRDAI — Information & Cybersecurity Guidelines 2026 remain the live insurance-sector baseline. - CERT-In — AI-assisted-exploitation blueprint (25 May) plus critical Oracle/SAP and supply-chain advisories. - NPCI — BHIM-UPI guidelines updated 4 June (UPI-ID display, safety warnings, transaction-screen controls).

5. Actor in focus

Qilin (alias Agenda) — financially-motivated ransomware-as-a-service. Confidence: HIGH that Qilin is a leading finance-sector ransomware actor (Black Kite); MEDIUM on the specific affiliate link to CVE-2026-50751 (Rapid7). Qilin runs double extortion and is shifting toward edge-appliance initial access over phishing alone. Public victimology this period skews North America / Europe with no confirmed Indian BFSI victim — but the affiliate model and shared technology stacks make any exposed Check Point or MFT estate a credible target. Akira and Kill Security round out the top finance-focused crews.

6. IOC & detection pack

Only public, attributed indicators; no leaked data reproduced.

- Check Point CVE-2026-50751: Rapid7's advisory publishes attacker IPs and post-exploitation file hashes — pull the exact values from the primary source and defang on import (do not rely on second-hand copies). - Rokarolla (Android): distribution domain infocontablidades.it[.]com (Zimperium); detect behaviourally — accessibility-service abuse, overlay creation, SMS-read + alert-mute, clipboard crypto-address rewriting. - MOVEit CVE-2026-4670: alert on unauthenticated admin-API calls and bulk file enumeration on MFT hosts.

7. Recommended actions

Board: treat edge-appliance and vendor-CVE exposure as enterprise risk; confirm DPDP-aligned data protection and that the 30 June SEBI/CSCRF audit cycle is met where applicable.

CISO: emergency-patch CVE-2026-50751, CVE-2026-0257 and CVE-2026-4670; enforce IKEv2-only with machine-certificate auth; rotate all Fortinet and Check Point VPN credentials; run a fourth-party exposure review against the ~50% vendor-CVE baseline.

SOC: hunt unauthenticated VPN sessions and anomalous MFT access since 7 May; deploy behavioural detection for accessibility-abusing mobile trojans with fraud-team coordination on OTP-interception; tabletop a Qilin-style edge-to-ransomware intrusion end to end.

8. Source index

Black Kite, 2026 State of Financial Services (3 Jun) · Rapid7, Check Point CVE-2026-50751 (8 Jun) + CISA KEV (9 Jun) · CISA / Dark Reading, FortiBleed (18 Jun) · Zimperium zLabs / Infosecurity, Rokarolla (16 Jun) · Help Net Security, MOVEit CVE-2026-4670 (4 May) · Unit 42 / CISA, PAN-OS CVE-2026-0257 (KEV 29 May) · CERT-In AI blueprint (25 May) + Oracle/SAP/Mini-Shai-Hulud advisories · SEBI (5 May) · IRDAI Guidelines 2026 · NPCI BHIM-UPI (4 Jun).

Nirad Bharat Threat Feed — BFSI Edition | Bharat-first threat intelligence
AI Watch Latest AI Threat Watch 23 June 2026 Open issue →

AI Threat Watch — 23 June 2026

The AI-security vertical of the Nirad Bharat Threat Feed. Twice weekly, Bharat-first, for CISOs, SOCs and AI builders — as allied cyber agencies warn that AI-powered offensive capability is months, not years, away.
1

Five Eyes agencies warn frontier AI will transform offensive cyber capability within months

On 22 June, cyber agencies from the US (NSA, CISA), UK, Australia, Canada, and New Zealand issued a joint statement warning that advanced AI models are expected to fundamentally transform offensive and defensive cyber capabilities faster than most organisations currently plan for. The agencies named legacy system sprawl, slow patching, unnecessary internet exposure, and weak identity controls as the gaps AI will exploit at scale, and described getting those fundamentals right as the immediate priority.

Why it matters for IndiaIndia sits outside the Five Eyes alliance but faces the same AI-accelerated threat environment. If AI compresses time-to-exploit from days to hours — as the agencies warn — enterprise patch cycles that run over several weeks become operationally indefensible. The advisory is not a long-range forecast; it is a prompt to act on near-term exposure.
ActionAccelerate patch SLAs for internet-facing and high-value systems in line with CERT-In's CISG-2026-02 timelines (see below); map internet-exposed assets this quarter; brief senior leadership on the months-not-years horizon rather than treating AI risk as a future planning item.
SourceNSA, CISA, UK NCSC, ASD ACSC, Canadian Centre for Cyber Security, NCSC-NZ joint statement (22 Jun 2026).
2

Microsoft discloses AutoJack: a single malicious webpage can drive an AI browsing agent to execute arbitrary code on the host

Microsoft's Defender Security Research Team published research on 18 June documenting an exploit chain, named AutoJack, in pre-release AutoGen Studio builds (v0.4.3.dev1 and v0.4.3.dev2). Three chained weaknesses — localhost trust inherited by an agent's browsing session, missing authentication on MCP WebSocket routes, and unsanitised command execution — allow attacker-controlled JavaScript on any webpage the agent visits to run arbitrary commands on the developer's machine. The vulnerable surface is not in the PyPI release; Microsoft hardened the upstream main branch in commit b047730.

Why it matters for IndiaIndia's GCC and product engineering community is actively building with multi-agent frameworks. AutoJack demonstrates that an agent's web-browsing capability is an attack surface when the local tooling server does not enforce independent authentication — a pattern common in early prototypes.
ActionRemove AutoGen Studio v0.4.3.dev1 and dev2 and pull the patched GitHub main branch. For all local agent deployments: enforce authentication independently on every MCP endpoint, validate commands against an explicit allowlist, and run agents in isolated containers rather than on developer workstations directly.
SourceMicrosoft Security Blog (18 Jun 2026); The Hacker News (19 Jun 2026).
3

15 malicious JetBrains Marketplace plugins silently exfiltrated AI API keys from approximately 70,000 developer installs

Aikido Security identified 15 third-party plugins on JetBrains Marketplace — posing as AI coding assistants and tools — with approximately 70,000 combined downloads. The plugins functioned as advertised while transmitting AI provider API keys (OpenAI, DeepSeek, SiliconFlow) to attacker-controlled servers the moment a key was saved by the user, with no visible indication. JetBrains removed the plugins and blocked the associated publisher accounts on 16–17 June 2026. The campaign had been running since October 2025.

Why it matters for IndiaJetBrains IDEs are standard tooling in India's large Java and Kotlin developer community across GCCs and product engineering firms. Stolen LLM API keys give attackers access to production AI systems — enabling model abuse, unauthorised usage charges, and credential pivoting — without any compromise of application code.
ActionAudit JetBrains plugin installations and remove the 15 flagged plugins; rotate any API keys entered into JetBrains plugin settings since October 2025. Do not store production AI provider keys in IDE plugin fields; treat those credential inputs the same as environment variables — scoped, rotated, and access-logged.
SourceBleepingComputer (16 Jun 2026); Infosecurity Magazine (17 Jun 2026); Aikido Security; JetBrains Blog.
4

CERT-In issues AI-assisted threat blueprint with 12-hour remediation mandate for critical internet-facing systems

CERT-In published guidance document CISG-2026-02 in May 2026 covering AI-enabled reconnaissance, adaptive malware, AI-generated phishing, deepfake fraud, and AI-accelerated exploitation. The blueprint is advisory and sets risk-based patch timelines: known exploited vulnerabilities on internet-facing or critical systems — 12 hours; critical externally exposed vulnerabilities — 24 hours; high-severity vulnerabilities — 5 days. It also calls for formal AI system governance and Zero Trust architecture adoption across Indian digital infrastructure.

Why it matters for IndiaThe 12-hour target for known-exploited internet-facing flaws requires near-real-time vulnerability triage and pre-authorised emergency change procedures — a standard most Indian enterprises have not yet built toward. CERT-In's inclusion of AI-generated threats aligns this blueprint with the Five Eyes warning above.
ActionBenchmark current patch SLAs against CISG-2026-02's timelines; establish pre-authorised emergency change procedures for critical internet-facing vulnerabilities; begin an AI system inventory covering what is deployed, what data it accesses, and who governs it.
SourceCERT-In, CISG-2026-02 (25–26 May 2026); The Hacker News; Medianama.
AI defender tip: This week's disclosures share a structural pattern: AI systems that consume untrusted content — web pages, plugin settings, user-supplied tool inputs — are being turned into execution and credential-exfiltration vectors. The control is the same in each case: never allow an AI agent or AI-powered tool to handle untrusted input while simultaneously holding privileged credentials or direct access to command execution. Isolate the agent's browsing environment from its action environment; keep development and production keys separate; audit every local tooling endpoint for independent authentication.

Nirad Threat Research

Nirad AI Threat Watch | Bharat-first threat intelligence