Bharat Threat FeedGlobal threats, decoded for Indian defenders
Nirad Bharat Threat Feed

India-first threat intelligence

Global threats, decoded for Indian defenders — weekly briefs, sector editions, and AI Threat Watch. Every claim source-attributed.

Weekly Latest Weekly Brief 26 June 2026 Open issue →

Weekly Brief — 26 June 2026

India's manufacturing sector suffered two confirmed incidents in a single week — one ransomware, one extortion — while government-deployed Fortinet gateways appear at the top of the FortiBleed exposure list and three more perimeter products face active exploitation. This issue covers verified developments from 8–26 June 2026.
1

FortiBleed: Up to 86,644 FortiGate Credentials Compromised — India Government Sector Leads All Nations

India exposureSOCRadar research published 16 June identified up to 86,644 compromised FortiGate administrator and VPN credentials across 194 countries. India and the US together account for roughly one-third of all entries; India specifically represents over 60% of government-sector entries in the dataset. The campaign — active since February 2026 and attributed to Russian-speaking threat actors — is not a new vulnerability. It exploits SHA-256 password hashes that persist on FortiOS devices upgraded from versions earlier than 7.2.11, 7.4.8, or 7.6.1, combined with credential reuse from earlier FortiOS exploitation. CISA issued a hardening advisory on 18 June. There is no firmware patch that cancels credentials already in attacker possession.
ActionRotate all FortiGate administrator and SSL-VPN credentials immediately. Enable MFA on every remote-access account. Restrict management interfaces to internal networks. Upgrade firmware to FortiOS 7.2.11, 7.4.8, or 7.6.1 or later — the upgrade alone does not convert existing password hashes; every administrator must log in post-upgrade to force PBKDF2 migration.
SourceSOCRadar (16 Jun 2026); Arctic Wolf (16 Jun 2026); CISA Alert (18 Jun 2026) Treat this as an active credential-compromise incident rather than a patching advisory.
2

Tata Electronics Confirms Cyberattack; World Leaks Claims 630 GB of Apple and Tesla Supply-Chain Files

No CVE | Data extortion — no encryption

India exposureTata Electronics — a Tata Group subsidiary assembling approximately one-third of Apple's iPhone production in India — confirmed a cyberattack on 22 June. World Leaks, considered a rebrand of the Hunters International ransomware group, claims 204,300 files totalling over 630 GB, including Apple supplier quality-inspection specifications, Tesla manufacturing schematics, employee passport copies, and multi-year SAP event logs. Unlike encryption-based ransomware, World Leaks operates as a pure extortion operation: it exfiltrates data and threatens publication without disrupting systems.
ActionIndian electronics manufacturers and their tier-2 suppliers should segment engineering repositories from corporate IT environments, review third-party data-sharing arrangements, and confirm incident-notification obligations with OEM customers. Any organisation that has shared engineering specifications with Tata Electronics should assess its own supply-chain confidentiality exposure and alert relevant OEM security contacts.
SourceTechCrunch (22 Jun 2026); BleepingComputer (23 Jun 2026) The breach's blast radius extends to every organisation whose proprietary specifications are stored in Tata Electronics systems.
3

Bajaj Auto Hit by Ransomware; CERT-In and SEBI Notified on 23 June

No CVE | Ransomware — no public attribution

India exposureBajaj Auto, India's largest two-wheeler manufacturer, detected a ransomware attack at 8:00 AM IST on 23 June affecting systems at the parent company and its wholly owned technology subsidiary, Bajaj Auto Technology Ltd. The company notified CERT-In under the Information Technology Act 2000 and SEBI under Regulation 30 of LODR. Bajaj Auto stated that containment protocols were initiated and that operations are continuing. No threat-actor group has been publicly attributed, and data impact details have not been disclosed.
ActionIndian automotive and industrial organisations should confirm ransomware playbooks are current, verify that offline backup copies are intact and tested, and review EDR coverage on engineering endpoints and OT-adjacent systems. The mandatory six-hour CERT-In notification requirement under the IT Act applies to any sector facing a comparable intrusion.
SourceMedianama (23 Jun 2026); Economic Times (23 Jun 2026); BusinessToday (24 Jun 2026) The Bajaj Auto incident and the Tata Electronics extortion case in the same week reflect sustained ransomware pressure on India's manufacturing and technology sectors.
4CriticalCVSS 9.3

Check Point VPN Authentication Bypass Linked to Qilin Ransomware Affiliate — CISA KEV June 8

CVE-2026-50751 | CVSS 9.3

India exposureCVE-2026-50751 is an authentication bypass in the IKEv1 key-exchange implementation on Check Point Security Gateways. A remote, unauthenticated attacker can establish a full VPN session by exploiting a logic flaw in certificate validation — no valid password is required. Exploitation was first observed on 7 May; Check Point published its advisory on 8 June; CISA added the CVE to KEV the same day with a federal remediation deadline of 11 June. Post-exploitation activity linked to a Qilin ransomware affiliate has been confirmed in at least one case globally. Check Point gateways are deployed across Indian banking, insurance, and government-sector networks.
ActionApply the Check Point hotfix for affected releases (R80.40 through R82.10, Spark R80.20.X–R82.00.X). If the patch is not yet deployed, disable IKEv1 remote-access and mobile-access VPN, or enforce mandatory machine-certificate requirements to close the bypass. Review VPN session logs from 7 May onward for anomalous initiations.
SourceCheck Point Security Advisory (8 Jun 2026); Rapid7 ETR (8 Jun 2026); Help Net Security (8 Jun 2026) Qilin ransomware has disrupted healthcare and critical-infrastructure targets internationally; any Check Point gateway still accepting IKEv1 connections warrants immediate remediation.
5

Ubiquiti UniFi OS Three-Vulnerability Chain Enables Unauthenticated Root Access — CISA Deadline Passes Today

CVE-2026-34908, CVE-2026-34909, CVE-2026-34910 | CISA KEV 23 Jun 2026

India exposureThree vulnerabilities in Ubiquiti UniFi OS — improper access control (CVE-2026-34908), path traversal (CVE-2026-34909), and command injection (CVE-2026-34910) — form a chain that delivers unauthenticated root-level code execution against the management interface of UniFi OS Server 5.0.6 and earlier. CISA added all three to its KEV catalogue on 23 June with a federal remediation deadline of today, 26 June. Bishop Fox validated the full exploit chain; PwnDefend observed live attacks within days of Ubiquiti's advisory, with Mirai-family botnet malware deployed on compromised devices. Ubiquiti UniFi OS devices are widely used in Indian SME, campus, and hospitality network environments.
ActionUpdate UniFi OS Server to version 5.0.7 or later immediately. Disable remote management access if it is not operationally required. Review connected devices and network traffic for Mirai botnet indicators: unexpected outbound connections, scanning behaviour, or abnormal CPU utilisation on network appliances.
SourceCISA KEV (23 Jun 2026); BleepingComputer; SecurityWeek; Bishop Fox; PwnDefend This is a publicly confirmed, actively weaponised exploit chain; the CISA federal deadline passes today.

Takeaway

Two direct India incidents — Tata Electronics and Bajaj Auto — alongside India's outsized exposure in the FortiBleed government dataset make this week's brief unusual in its concentration of India-specific risk. The connecting thread across all five items is the same: network perimeters with legacy protocol configurations, delayed firmware updates, or unchanged default credentials are the consistent attacker entry point. Patch management note: Microsoft's June 2026 Patch Tuesday (10 Jun) addressed 200 CVEs including six zero-days; prioritise CVE-2026-45586 (Windows privilege escalation to System) on internet-facing servers and privileged workstations where the June update cycle has not yet been completed.

Nirad Threat Research

Sector Latest Sector Edition June 2026 Open issue →

BFSI Sector Edition — June 2026

Black Kite's 2026 State of Financial Services Report (3 June) frames a two-front year: Q1 2026 direct ransomware attacks on financial institutions rose 76% year-on-year (65 incidents), while roughly half of financial-sector vendor ecosystems carry critical vulnerabilities — and 48 distinct threat groups now target finance, led by Qilin, Akira and Kill Security after the LockBit/ALPHV takedowns. For Indian BFSI, the soft entry point is increasingly the edge appliance and the third party, not the core.

1. Sector snapshot

2. Threats targeting BFSI

1CriticalCVSS 9.3

Check Point VPN authentication-bypass zero-day, exploited and ransomware-linked — CVE-2026-50751 (CVSS 9.3)

A certificate-validation flaw in IKEv1 lets unauthenticated attackers open VPN sessions on Check Point Remote Access VPN, Mobile Access and Spark; CISA added it to KEV on 9 June, and at least one intrusion is tied to a Qilin ransomware affiliate.

ExposureIndian banks, NBFCs and insurers running Check Point gateways with legacy IKEv1 for branch/remote access.
Actionapply the hotfix, force IKEv2-only with machine-certificate auth, and hunt for unauthenticated VPN sessions since 7 May.
SourceRapid7 (8 Jun 2026); CISA KEV (9 Jun 2026).
2

FortiBleed — mass Fortinet credential exposure, India among the worst-affected

A dataset of working credentials for tens of thousands of internet-facing FortiGate / SSL-VPN devices across 194 countries circulated, with India ranked among the most-affected countries and financial services named among exposed sectors.

Exposurebanks, NBFCs and insurers running internet-facing FortiGate / SSL VPN.
Actiontreat Fortinet VPN and admin credentials as compromised — rotate, enforce phishing-resistant MFA, restrict management access, and review for rogue accounts.
SourceCISA (18 Jun 2026); Dark Reading, BleepingComputer (June 2026).
3

Rokarolla Android banking trojan — built for UPI/OTP fraud (217 apps)

Zimperium zLabs detailed (16 June) a device-takeover Android trojan with 137 commands: overlay credential theft, SMS/OTP interception, alert muting and clipboard crypto-address swapping, spread via fake TikTok/Chrome sites and a Play Protect-killing dropper. The capability set maps directly onto India's UPI/OTP-driven payments.

Exposureretail mobile-banking and UPI customers; accessibility-permission abuse defeats SMS-OTP.
Actiondeploy in-app overlay/accessibility-abuse and sideload detection; brief fraud teams on OTP-interception and micro-drain patterns; reinforce "never grant accessibility access to unknown apps."
SourceZimperium zLabs; Infosecurity Magazine, BleepingComputer (16–17 Jun 2026).
4CriticalCVSS 9.8

MOVEit Automation critical authentication bypass — CVE-2026-4670 (CVSS 9.8)

Progress patched an unauthenticated auth-bypass (with a companion privilege-escalation flaw) that grants full admin control of MOVEit Automation and access to stored transfer credentials. No in-the-wild exploitation reported yet, but 1,400+ instances are internet-exposed and MFT is a repeat BFSI breach vector.

Exposureinternet-facing MOVEit / MFT nodes moving statements, KYC, reconciliation and settlement files across banks and their vendors.
Actionupgrade immediately, restrict MFT admin interfaces to allow-listed IPs, and review file-access logs for anomalous bulk retrieval.
SourceProgress; Help Net Security, BleepingComputer (4 May 2026).

3. Sector tech & exposures

- Edge/VPN is the live battleground — beyond Check Point, Palo Alto GlobalProtect (CVE-2026-0257) is under active exploitation (CISA KEV, 29 May); inventory and patch all internet-facing gateways. - Managed file transfer (MOVEit) remains a recurring breach vector — treat any exposed MFT as priority-patch. - Core banking / ERP: CERT-In flagged June Oracle (incl. PeopleSoft, E-Business Suite, MySQL) and SAP (NetWeaver, S/4HANA) critical updates — prioritise where reconciliation/settlement middleware depends on these stacks. - Supply chain: CERT-In's "Mini Shai-Hulud" advisory warns of npm/PyPI compromise and CI/CD secret theft — a fourth-party risk for fintech-dependent BFSI.

4. Regulatory & compliance watch

- RBI — data-protection advisory (April) directing regulated entities to align customer-data protection with the DPDP Act; reporting also indicates RBI is weighing added "frictions" against authorised push-payment fraud. - SEBI — AI vulnerability-detection advisory (5 May) under the CSCRF; the next half-yearly cyber-audit / action-taken cycle is due 30 June 2026. - IRDAI — Information & Cybersecurity Guidelines 2026 remain the live insurance-sector baseline. - CERT-In — AI-assisted-exploitation blueprint (25 May) plus critical Oracle/SAP and supply-chain advisories. - NPCI — BHIM-UPI guidelines updated 4 June (UPI-ID display, safety warnings, transaction-screen controls).

5. Actor in focus

Qilin (alias Agenda) — financially-motivated ransomware-as-a-service. Confidence: HIGH that Qilin is a leading finance-sector ransomware actor (Black Kite); MEDIUM on the specific affiliate link to CVE-2026-50751 (Rapid7). Qilin runs double extortion and is shifting toward edge-appliance initial access over phishing alone. Public victimology this period skews North America / Europe with no confirmed Indian BFSI victim — but the affiliate model and shared technology stacks make any exposed Check Point or MFT estate a credible target. Akira and Kill Security round out the top finance-focused crews.

6. IOC & detection pack

Only public, attributed indicators; no leaked data reproduced.

- Check Point CVE-2026-50751: Rapid7's advisory publishes attacker IPs and post-exploitation file hashes — pull the exact values from the primary source and defang on import (do not rely on second-hand copies). - Rokarolla (Android): distribution domain infocontablidades.it[.]com (Zimperium); detect behaviourally — accessibility-service abuse, overlay creation, SMS-read + alert-mute, clipboard crypto-address rewriting. - MOVEit CVE-2026-4670: alert on unauthenticated admin-API calls and bulk file enumeration on MFT hosts.

7. Recommended actions

Board: treat edge-appliance and vendor-CVE exposure as enterprise risk; confirm DPDP-aligned data protection and that the 30 June SEBI/CSCRF audit cycle is met where applicable.

CISO: emergency-patch CVE-2026-50751, CVE-2026-0257 and CVE-2026-4670; enforce IKEv2-only with machine-certificate auth; rotate all Fortinet and Check Point VPN credentials; run a fourth-party exposure review against the ~50% vendor-CVE baseline.

SOC: hunt unauthenticated VPN sessions and anomalous MFT access since 7 May; deploy behavioural detection for accessibility-abusing mobile trojans with fraud-team coordination on OTP-interception; tabletop a Qilin-style edge-to-ransomware intrusion end to end.

8. Source index

Black Kite, 2026 State of Financial Services (3 Jun) · Rapid7, Check Point CVE-2026-50751 (8 Jun) + CISA KEV (9 Jun) · CISA / Dark Reading, FortiBleed (18 Jun) · Zimperium zLabs / Infosecurity, Rokarolla (16 Jun) · Help Net Security, MOVEit CVE-2026-4670 (4 May) · Unit 42 / CISA, PAN-OS CVE-2026-0257 (KEV 29 May) · CERT-In AI blueprint (25 May) + Oracle/SAP/Mini-Shai-Hulud advisories · SEBI (5 May) · IRDAI Guidelines 2026 · NPCI BHIM-UPI (4 Jun).

Nirad Bharat Threat Feed — BFSI Edition | Bharat-first threat intelligence
AI Watch Latest AI Threat Watch 24 June 2026 Open issue →

AI Threat Watch — 24 June 2026

AI workflow platforms and agent frameworks are now production attack surface. This issue covers a critical cross-tenant data exposure in the most widely deployed open-source AI workflow tool, a host-level remote code execution chain through AI browsing agents, and the first confirmed real-world exploit developed using AI — as CERT-In's new blueprint puts AI-assisted attack response on a 12-hour clock for Indian organisations. The Five Eyes intelligence alliance issued a joint warning on June 22 that AI will outpace prevailing cyber defences within months, not years.
1CriticalCVSS 9.1

DifyTap: four vulnerabilities in Dify expose cross-tenant AI conversations, internal APIs, and documents across 1 million-plus applications (CVE-2026-41947 CVSS 9.1, CVE-2026-41948 CVSS 9.4, CVE-2026-41949, CVE-2026-41950)

Zafran Security disclosed four vulnerabilities in Dify, the open-source AI workflow platform that powers over one million production applications. Two are critical. CVE-2026-41947 allows any authenticated user to configure tracing on a different tenant's application and silently collect all future conversation data from that tenant. CVE-2026-41948 exploits insufficient path sanitisation in the Plugin Daemon to reach its internal REST API without authorisation. CVE-2026-41949 and CVE-2026-41950 allow any authenticated user to read documents and files belonging to other users or tenants by supplying a direct UUID reference. Dify version 1.14.2 addresses CVE-2026-41947, CVE-2026-41949, and CVE-2026-41950; a fix for CVE-2026-41948 has been merged on GitHub but is not yet in a stable release.

Why it matters for IndiaIndian GCCs, SaaS teams, and enterprises building AI workflows and customer-facing chatbots on Dify face cross-tenant exposure of customer conversations, uploaded documents, and internal prompts — any tenant on a shared or self-hosted instance is potentially within reach.
ActionUpgrade to Dify v1.14.2 immediately for the three patched CVEs; deploy WAF rules blocking path traversal to Plugin Daemon endpoints until the CVE-2026-41948 fix ships; audit tracing configurations and document access logs for anomalous cross-tenant references.
SourceZafran Security; The Hacker News; Security Affairs; NVD (22 June 2026).
2

AutoJack: a malicious webpage can chain three weaknesses in AutoGen Studio to achieve host-level remote code execution through an AI browsing agent

Microsoft's Defender Security Research Team published AutoJack on 18 June 2026, demonstrating how attacker-controlled web content loaded by a local AI browsing agent can reach an AutoGen Studio MCP WebSocket listener and spawn arbitrary processes on the host. Three weaknesses are chained: the browsing agent runs as localhost and passes origin allowlist checks; the MCP WebSocket endpoint requires no authentication; and attacker-controlled parameters are passed directly to shell execution. No credentials are required after the agent loads the attacker's page. The vulnerability exists in development builds of AutoGen Studio; the stable v0.4.2.2 release on PyPI does not include the MCP route and is not exposed. A fix is available in GitHub main (commit b047730, PR #7362) but has not yet shipped as a stable release.

Why it matters for IndiaDeveloper teams and GCCs using AI agents for automated web research, internal portal interaction, or data extraction pipelines face a class of risk where loading an untrusted page hands the host OS to an attacker. The underlying pattern — unauthenticated local MCP service reachable from browser context — is not unique to AutoGen Studio.
ActionDo not run development builds of AutoGen Studio in production; require authentication on all MCP and local agent control channels; run AI browsing agents in isolated containers or virtual machines with no access to host credentials or internal services; verify all local agentic framework listeners before deployment.
SourceMicrosoft Security Blog; BleepingComputer; CSO Online (18 June 2026).
3

First confirmed real-world AI-developed zero-day exploit: criminal group used AI to write a 2FA bypass against a web administration tool, disrupted before mass exploitation (Google GTIG, May 2026)

Google Threat Intelligence Group (GTIG) confirmed the first known instance of a threat actor using AI to develop a working zero-day exploit and deploy it against real infrastructure. The target was a popular open-source web administration tool; the exploit was a Python script that bypassed two-factor authentication by abusing a hardcoded trust exception in the login flow. GTIG identified AI authorship from artefacts in the code: a hallucinated CVSS score, over-explanatory comments, and formatting inconsistent with human developer practice. The criminal group planned a mass exploitation event; Google worked with the vendor and disrupted the campaign before broad impact. Google's BigSleep AI agent was used to isolate the specific logic flaw. GTIG assessed this as the first case of an AI agent being used offensively to develop an exploit deployed in a real campaign.

Why it matters for IndiaAI-assisted exploit development compresses the timeline between vulnerability disclosure and mass exploitation. Indian organisations running internet-facing admin panels with custom authentication logic — common in legacy government, BFSI, and healthcare systems — face this accelerated threat window.
ActionPrioritise security review of internet-facing administration interfaces, particularly those with custom 2FA or trusted-device logic; move authentication to audited, well-maintained libraries rather than custom implementations; treat any internet-exposed admin panel as a high-value target requiring network-layer access controls and enhanced monitoring.
SourceGoogle Cloud / GTIG blog; CNBC; The Hacker News (11 May 2026).
4

CERT-In releases AI-assisted exploitation defence blueprint; mandates 12-hour patching for internet-facing known-exploited vulnerabilities (25 May 2026)

India's CERT-In published its 38-page "Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure" on 25 May 2026. The document codifies the patching cadence that Indian organisations should now plan against: known-exploited internet-facing vulnerabilities — patch, mitigate, or isolate within 12 hours where feasible; critical internet-facing vulnerabilities — one day; high-severity internal vulnerabilities — five days. The blueprint explicitly recognises that AI tools are now deployed in attacker workflows for surface discovery, exploit analysis, phishing content generation, and malware creation. Section 12 covers agentic AI governance: define operational boundaries and tool permissions for each agent, maintain an AI asset inventory, implement continuous audit logging, and establish documented emergency shutdown procedures.

Why it matters for IndiaThis is the compliance baseline Indian organisations should measure their patch and response velocity against. The CERT-In blueprint effectively maps the AI threat ecosystem onto operational timelines — 12 hours is no longer a suggestion in an emergency, it is the documented standard.
ActionMap current patch SLAs against the CERT-In timelines and identify gaps; prioritise internet-facing systems with known-exploited CVEs for immediate remediation windows; implement the agentic AI governance controls in Section 12 before deploying production AI agents.
SourceCERT-In (cert-in.org.in), Version 1.0, 25 May 2026; The Hacker News; The Register; Medianama.
AI defender tip: The common failure pattern across this issue is AI infrastructure — workflow platforms, agent frameworks, local MCP listeners — deployed with the access privileges of production systems but without the security controls applied to production software. Apply the same baseline to any component an AI agent touches: authenticated access only, network segmentation, audit logging of all tool calls and external connections, and a tested shutdown procedure. An AI workflow platform that handles customer data is a production system; treat it accordingly.

Nirad Threat Research

Nirad AI Threat Watch | Bharat-first threat intelligence