Bharat Threat FeedGlobal threats, decoded for Indian defenders
Nirad Bharat Threat Feed

India-first threat intelligence

Global threats, decoded for Indian defenders — weekly briefs, sector editions, and AI Threat Watch. Every claim source-attributed.

Weekly Latest Weekly Brief 3 July 2026 Open issue →

Weekly Brief — 3 July 2026

Five items require action from Indian defenders this week: an on-premises SharePoint flaw under active exploitation with a 4 July patch deadline, APT36 escalating its Linux campaign against Indian government systems, Cisco ASA and Firepower backdoors that survive firmware updates and software reboots, a GlobalProtect authentication bypass enabling unauthorised VPN sessions, and a DPRK-linked macOS backdoor that injects false error data to degrade AI-assisted malware analysis.
1HighCVSS 8.8

Microsoft SharePoint Server Remote Code Execution — CVE-2026-45659

A deserialization flaw in Microsoft SharePoint Server allows an authenticated attacker with Site Member permissions — a low access threshold — to execute arbitrary code on the server without requiring administrative privileges. CISA added CVE-2026-45659 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog on 1 July 2026, with a federal remediation deadline of 4 July 2026. Active exploitation is confirmed; SharePoint Online is not affected. Only on-premises installations are at risk: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

India exposureOn-premises SharePoint deployments are common across Indian BFSI institutions, central and state government departments, public sector undertakings, and large enterprises. Organisations that delayed May 2026 patching should treat this as an emergency item.
ActionApply Microsoft's May 2026 out-of-band update immediately. Review active Site Member accounts for unexpected additions, scan for web shells and anomalous child processes from SharePoint and IIS worker processes, and validate clean backups before patching. Restrict internet-facing SharePoint farms to known IP ranges where feasible.
SourceCISA Known Exploited Vulnerabilities catalog, 1 July 2026; The Hacker News, 1–2 July 2026; The Register, 2 July 2026.
2

APT36 Expands to BOSS Linux — Indian Government Endpoints Directly Targeted

Pakistan-linked APT36 (Transparent Tribe), historically focused on Windows environments, has extended its operations to India's Bharat Operating System Solutions (BOSS) — the Debian-based national Linux distribution deployed across Indian government offices. The campaign delivers phishing emails with ZIP archives containing weaponised .desktop shortcut files. When opened, these files execute a hidden ELF payload while displaying a decoy security advisory document to the user. The malware deploys Geta RAT, which supports credential collection, screenshot capture, file operations, clipboard manipulation, and remote shell command execution. The campaign reflects convergence with SideCopy tradecraft documented by Seqrite Labs and has intensified in the geopolitical context following Operation Sindoor.

India exposureCentral and state government entities running BOSS Linux. Defence-adjacent organisations, academic institutions, and policy research bodies are consistent secondary targets for this threat cluster.
ActionBlock execution of .desktop files delivered via email and internet-sourced archives. Alert on ELF binaries spawned from within freshly extracted ZIP directories. Ensure EDR coverage extends to BOSS Linux endpoints — Linux coverage gaps in government networks are a documented risk. Brief government Linux administrators on this specific lure format.
SourceCYFIRMA research, 2026; Seqrite Labs, 2026; ORF Online, 2026; BleepingComputer, 2026.
3CriticalCVSS 9.9

FIRESTARTER Backdoor on Cisco ASA and Firepower — Patched Devices May Still Be Compromised

CISA and the UK NCSC jointly published Analysis Report AR26-113A (23 April 2026) confirming that a nation-state APT actor implanted FIRESTARTER, a persistent Linux ELF backdoor, on Cisco Firepower and ASA devices at a U.S. federal civilian agency. Initial access exploited CVE-2025-20333 (CVSS 9.9), an improper input validation vulnerability enabling authenticated remote code execution as root, and CVE-2025-20362. The critical risk for organisations that have already patched: FIRESTARTER hooks into LINA, Cisco's core network processing engine, reinstates itself when signalled to terminate, and survives both firmware updates and software reboots. Only a hard power cycle — physically disconnecting power — removes the implant. Issuing shutdown, reboot, or reload CLI commands does not clear it.

India exposureCisco ASA and Firepower appliances are widely used as perimeter firewalls in Indian BFSI, IT services, government, and critical infrastructure sectors. Organisations that applied patches without performing a hard power cycle may believe themselves remediated when persistence may remain.
ActionVerify whether affected Cisco ASA/FTD hardware was hard power-cycled after patching — not merely rebooted. Run Cisco's FIRESTARTER detection tooling. Where power cycle completion cannot be confirmed, plan device reimaging. Review management access logs, AAA authentication events, and outbound C2 patterns described in CISA AR26-113A.
SourceCISA/NCSC Advisory AR26-113A, 23 April 2026; Help Net Security, 24 April 2026; BleepingComputer, April 2026.
4CriticalCVSS 9.1

PAN-OS GlobalProtect Authentication Bypass — CVE-2026-0257

CVE-2026-0257 (CVSS 9.1) is an authentication bypass in the GlobalProtect portal and gateway of PAN-OS. When the same TLS certificate is used for both HTTPS service and authentication override cookies, an attacker can extract the certificate's public key and use it to forge valid session cookies, obtaining an unauthenticated VPN session without credentials. Rapid7 MDR observed exploitation beginning 17 May 2026. CISA added the vulnerability to the KEV catalog on 29 May 2026. Unit 42 notes that while exploitation is confirmed, post-access lateral movement in observed incidents has not yet been definitively attributed; however, the access pathway is open.

India exposurePalo Alto GlobalProtect is a common remote-access VPN platform across Indian IT services, BFSI, and large enterprise environments. Any deployment using a shared certificate for HTTPS service and authentication override cookies is at risk.
ActionApply available PAN-OS patches for GlobalProtect portal and gateway. Either disable the authentication override feature or generate a certificate used exclusively for authentication override, separate from the HTTPS service certificate. Rotate certificate keys. Review VPN session logs from mid-May onwards for sessions from unknown hosts or with atypical access patterns; require MFA revalidation for privileged remote access.
SourcePalo Alto Networks Unit 42, May 2026; Rapid7 MDR, 17 May 2026; CISA KEV, 29 May 2026.
5

macOS.Gaslight — DPRK Credential Stealer Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelLABS disclosed macOS.Gaslight on 23 June 2026, attributing the Rust-written backdoor with high confidence to North Korean threat actors. The malware harvests browser credentials from Chrome, Brave, Firefox, and Safari, extracts macOS Keychain data, and routes command-and-control through the Telegram Bot API. Its distinguishing technical characteristic: a 3.5 KB prompt injection payload containing 38 fabricated diagnostic error messages — disk exhaustion alerts, token expiry notices, out-of-memory warnings — designed to push AI-assisted malware analysis tools into aborting or truncating their output. SentinelLABS found the technique did not bypass current production analysis platforms in testing. Earlier North Korean macOS samples carried a single injected message block; Gaslight stacks 38, indicating the operators are actively iterating against real analysis tools.

India exposureDPRK threat actors routinely target cryptocurrency exchanges, fintech companies, IT outsourcing firms, and defence-adjacent technology organisations — all significant sectors in India. Indian security operations teams using AI-assisted triage tools should note that prompt injection techniques targeting analysts, not just sandboxes, are now in active development.
ActionEnforce macOS application signing and notarisation controls. Monitor for Telegram Bot API outbound connections from non-authorised processes. Cross-validate AI-assisted analysis output against traditional static and dynamic methods for any macOS samples containing anomalous text blocks resembling diagnostic output. Prioritise credential rotation following any suspected developer workstation compromise.
SourceSentinelLABS, 23 June 2026; Security Affairs, 23 June 2026; The Hacker News, 26 June 2026.

This week's edge and network security sweep covered Fortinet, Cisco, Palo Alto Networks, Check Point, Juniper, SonicWall, Sophos, Barracuda, WatchGuard, Zscaler, Citrix NetScaler/ADC, Ivanti Connect Secure, F5 BIG-IP, Versa, VMware VeloCloud, Aruba/HPE EdgeConnect, and Seqrite/Quick Heal UTM. Cisco and Palo Alto carry the active exploitation action items this week; the Citrix NetScaler memory overread (CVE-2026-3055, KEV March 2026) remains relevant for any organisation that has not yet applied that patch. The SharePoint KEV deadline and the Cisco FIRESTARTER persistence question are the two items that require immediate verification — not just patch confirmation, but confirmation that the correct remediation steps were completed.

6

Nirad Threat Research

Sector Latest Sector Edition July 2026 Open issue →

Critical Infrastructure Sector Edition — July 2026

Nation-state adversaries targeting operational technology have moved from reconnaissance to active pre-positioning. Waterfall Security's 2026 OT Threat Report documents cyber incidents with physical consequences doubling from seven in 2024 to fourteen in 2025, driven by state and hacktivist actors. Dragos corroborates: 119 ransomware groups targeted 3,300 industrial organisations in 2025 — a 64% year-on-year rise — and three newly tracked groups now explicitly target engineering workstations rather than IT perimeters. For India's power utilities, petroleum operators, and telecom carriers, the primary entry point this cycle is the IT-OT boundary device: SD-WAN controllers, VPN gateways, and firewall management planes where multiple actively-exploited vulnerabilities now sit.

1. Sector snapshot

2. Threats targeting Critical Infrastructure

1CriticalCVSS 10.0

Cisco Catalyst SD-WAN CVE-2026-20182 (CVSS 10.0) — WAN fabric takeover

An authentication bypass in the vdaemon DTLS service on UDP 12346 lets an unauthenticated attacker gain administrative access to Cisco Catalyst SD-WAN Controller and Manager, then open NETCONF to reconfigure the entire overlay. Cisco Talos tracks active exploitation under UAT-8616, a highly sophisticated actor with ORB-network infrastructure overlap. Confirmed post-exploitation: SSH key injection, fabric reconfiguration, root escalation via version-downgrade (CVE-2022-20775), and forensic log erasure.

India exposurestate electricity boards, petroleum pipeline operators, and NCIIPC-designated telecom carriers running Cisco Catalyst SD-WAN.
Actionpatch immediately; deploy anomaly detection on DTLS/UDP 12346 and NETCONF; hunt SSH key additions and version downgrades since March 2026.
SourceCisco Talos; Help Net Security (15 May 2026); CISA KEV (May 2026).
2

FortiBleed — 75,000–86,000 FortiGate credentials circulated, India among most-affected

Working admin credentials for internet-facing FortiGate and SSL-VPN devices across 194 countries were extracted and publicly circulated; India is documented among the most-affected nations, with critical infrastructure named among exposed sectors. Contributing flaw: CVE-2026-24858 (FortiOS FortiCloud SSO bypass).

India exposurepower utilities, petroleum operators, and government telecom providers running FortiGate for branch connectivity and remote management.
Actiontreat all Fortinet VPN and admin credentials as compromised — rotate immediately, enforce phishing-resistant MFA, restrict management access, and audit for rogue accounts.
SourceCISA; Arctic Wolf; CSA Labs (20 Jun 2026).
3

PAN-OS CVE-2026-0257 — GlobalProtect authentication bypass, actively exploited

An authentication bypass in PAN-OS GlobalProtect portal and gateway components allows unauthorised VPN sessions without credentials; active exploitation confirmed from 17 May 2026 across multiple customer environments.

India exposurepower-sector substations, government data centres, and telecom peering facilities using GlobalProtect as the remote-access perimeter.
Actionpatch immediately per CISA KEV order; hunt for unauthenticated VPN sessions since mid-May 2026.
SourceUnit 42/Palo Alto Networks; Rapid7; CISA KEV (29 May 2026).
4

Oil and gas ransomware: 935% year-on-year surge, OT physical-consequence risk

Zscaler's ThreatLabz 2025 Ransomware Report documents a 935% YoY increase in attacks against oil and gas, driven by automation of rigs, pipelines, and terminal systems expanding the OT attack surface. Events reaching a DCS or safety instrumented system carry physical and environmental consequences beyond data loss.

India exposureOT-dependent operations across refineries, pipelines, and offshore platforms; third-party IT-OT integration is a common ransomware escalation path.
Actionsegment IT from OT at all boundary points; tabletop a ransomware-to-OT escalation scenario with manual-operations fallback included.
SourceZscaler ThreatLabz; Cybersecurity Dive (Jul 2025); Dragos (17 Feb 2026).

3. Sector tech & exposures

- ICS vulnerability record: Forescout documented 508 ICS advisories in 2025 — first year above 500 — with 82% rated high or critical and average CVSS above 8.0. Level 1 (PLCs, RTUs, IEDs) and Level 2 (SCADA, DCS, BMS) are most-affected. Critical gap: only 22% of high/critical ICS CVEs carried a CISA advisory. New high-risk OT device classes flagged: PDUs, I/O modules, BACnet routers. - India-targeted APT: Seqrite's India Cyber Threat Report 2026 documents a Pakistan-nexus campaign (APT36/SideCopy) using MSI-packaged malware, DLL sideloading, and open-source RATs — Xeno RAT, Spark RAT, CurlBack RAT — targeting India's CI and defence sector; 265 million detections in Oct 2024–Sep 2025. - AI-accelerated exploitation: CERT-In advisory CIAD-2026-0020 (Apr 2026) warns that frontier AI now enables autonomous vulnerability discovery and exploit generation within hours of disclosure — a window most OT maintenance schedules cannot match.

4. Regulatory & compliance watch

- CERT-In CIAD-2026-0020 (high severity, 26 Apr 2026): Mandates 24-hour critical patch cycle for internet-facing CI systems; continuous monitoring, Zero Trust, MFA, and hard IT-OT segmentation required. An emergency-patch track separate from regular maintenance windows is now a regulatory expectation for designated CI operators. - NCIIPC: CII protection framework requires nominated CISOs and registered asset inventories across power, telecom, transport, and strategic enterprises; over 9,700 CERT-In audits were conducted in FY2024-25, signalling intensifying supervisory scrutiny. - CERT-In incident reporting: Mandatory 6-hour notification for CI operators should be reviewed against the hours-scale exploitation windows documented in CIAD-2026-0020; SOC runbooks must be validated at this interval.

5. Actor in focus

UAT-8616 — Cisco Talos designation; confidence HIGH on TTP set; MEDIUM on nation-state attribution. UAT-8616 has targeted Cisco Catalyst SD-WAN infrastructure since at least 2023, with exploitation tempo markedly increasing in May 2026. The attack chain is consistent: DTLS exploitation on UDP 12346, NETCONF fabric manipulation, SSH key persistence, root escalation via version-downgrade (CVE-2022-20775), firmware restoration to conceal the attack path, and systematic log erasure. Infrastructure overlap with ORB networks is consistent with state-level resources, though formal attribution has not been published. Compromise of an Indian state electricity board's or major telecom carrier's SD-WAN fabric would grant adversary-controlled routing and policy across geographically distributed CI sites.

Source (with date): Cisco Talos; Help Net Security (15 May 2026); Tenable; CISA KEV (May 2026).

6. IOC pack

Only public, attributed indicators; pull exact values from primary advisories and defang before operational use.

- CVE-2026-20182 (Cisco SD-WAN): Anomalous DTLS/UDP 12346 traffic; unexpected NETCONF sessions; SSH key additions outside provisioning records; unexplained version downgrades; cleared syslog, wtmp, lastlog, bash_history. (Cisco Talos advisory.) - CVE-2026-0257 (PAN-OS): Attacker IPs and file hashes in Unit 42 and Rapid7 advisories; alert on unauthenticated GlobalProtect session initiations. - FortiBleed / CVE-2026-24858: Indicators in CISA alert and Arctic Wolf advisory; detect cross-device FortiOS SSO login anomalies not matching provisioning records. - Seqrite APT RAT cluster: Defanged IOCs in Seqrite blog "Goodbye HTA, Hello MSI" (Jan 2026); detect behaviourally via MSI-spawned DLL-sideloading chains and PowerShell reflective-load patterns.

7. Recommended actions

Board: Treat edge-device and OT-network exposure as enterprise risk equal to physical security; confirm NCIIPC CISO designations and commission an emergency estate review of Cisco SD-WAN, Fortinet, and PAN-OS deployments against CVE-2026-20182, CVE-2026-24858, and CVE-2026-0257 this quarter.

CISO: Emergency-patch CVE-2026-20182 (CVSS 10.0) and CVE-2026-0257; rotate all Fortinet and Cisco SD-WAN admin and VPN credentials immediately; deploy DTLS/UDP 12346 and NETCONF anomaly detection; inventory ICS Level 1 and Level 2 devices with a vendor-co-ordinated emergency-patch track for critical OT CVEs; apply CERT-In CIAD-2026-0020 requirements: 24-hour patch cycle and hard IT-OT segmentation.

SOC: Hunt for SD-WAN version downgrades, NETCONF changes, SSH key additions, and cleared logs (wtmp, lastlog, bash_history, cli-history) since March 2026; alert on unauthenticated GlobalProtect sessions and cross-device FortiOS SSO anomalies; monitor MSI-to-DLL-sideloading chains consistent with Seqrite APT TTPs; run a ransomware-to-OT escalation tabletop for at least one oil, gas, or power facility.

8. Source index

Cisco Talos, CVE-2026-20182 / UAT-8616 (May 2026) · Help Net Security (15 May 2026) · CISA KEV (May 2026; 29 May 2026) · Tenable · CISA, FortiBleed alert (18 Jun 2026) · Arctic Wolf (Jun 2026) · CSA Labs (20 Jun 2026) · Unit 42/Palo Alto Networks, CVE-2026-0257 · Rapid7, CVE-2026-0257 · Zscaler ThreatLabz 2025 Ransomware Report (Jul 2025) · Dragos 2026 OT Year in Review (17 Feb 2026) · Waterfall Security 2026 OT Threat Report · Seqrite India Cyber Threat Report 2026 (Jan 2026) · Forescout (Feb 2026) · IT Security Guru (19 Feb 2026) · CERT-In CIAD-2026-0020 (26 Apr 2026) · Qualys blog (24 Jun 2026) · PIB, Government of India (2026).

9. Byline

Nirad Threat Research

Nirad Bharat Threat Feed — Critical Infrastructure Edition | Bharat-first threat intelligence
AI Watch Latest AI Threat Watch 2 July 2026 Open issue →

AI Threat Watch — 2 July 2026

Three critical-severity disclosures from 30 June 2026 — active exploitation of an LLM workflow platform, enterprise agent hijacking through tool metadata, and a frontier model distillation campaign — arrive against the backdrop of a 66,000-CVE year that is stretching every security team's triage capacity.
1CriticalCVSS 9.3

CVE-2026-33017 (CVSS 9.3): unauthenticated RCE in Langflow actively exploited for cryptomining and lateral movement

Attackers are exploiting an unauthenticated Python code-execution endpoint in Langflow — the open-source LLM workflow builder — to deploy Monero cryptocurrency miners and pivot to adjacent systems via reused SSH keys. The vulnerable API endpoint (POST /api/v1/build_public_tmp) evaluates attacker-supplied code server-side with no authentication; the path was designed for unauthenticated prototyping but is reachable on any internet-facing instance. Trend Micro confirmed active exploitation over a 19-day window in March–April 2026, and exposure persists on all versions below 1.9.0.

Why it matters for IndiaIndian GCCs, AI development teams, and enterprises prototyping or running production LLM workflows on Langflow are exposed to resource hijacking and a potential SSH-based foothold into co-located systems and networks.
ActionUpgrade to Langflow 1.9.0 or later immediately; remove internet exposure from all instances and require authenticated, network-segmented access; audit SSH keys on hosts where Langflow has run; rotate credentials on any instance that has been internet-accessible.
SourceThe Hacker News; Trend Micro (30 June 2026).
2

Microsoft warns: poisoned MCP tool descriptions can redirect enterprise AI agents to exfiltrate business data through approved channels

Microsoft's Incident Response and Defender teams have documented a class of attack in which hidden instructions embedded in Model Context Protocol tool descriptions steer AI agents — including Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry agents — to collect invoices, read SharePoint content, or forward email to attacker infrastructure, with every step appearing as normal agent behaviour. MCP picks up tool description changes dynamically; without a re-approval trigger, a poisoned version goes live without any additional review. The attack has a confirmed real-world precedent: the postmark-mcp npm package shipped 15 clean versions before one line silently BCC'd every agent-sent email to an attacker.

Why it matters for IndiaIndian GCCs, BFSI institutions, and IT/ITeS firms are rolling out Copilot and Azure AI agents at scale, frequently connected to third-party MCP servers for email, CRM, ERP, and cloud-storage integrations — an expanding agent surface with no standard description-change audit process.
ActionTreat MCP tool descriptions as code: require a review process before any change reaches production; maintain an approved-publisher list for third-party MCP servers; enforce human approval before any agent action touching payments, external email, or file exports; log agent identity and all tool calls with destination per action.
SourceThe Hacker News / Microsoft Incident Response (30 June 2026).
3

Anthropic alleges Alibaba-linked operators conducted 28.8 million Claude exchanges through approximately 25,000 fraudulent accounts to distill AI capabilities

In a letter to the US Senate Banking Committee dated 10 June 2026, Anthropic alleged that operators affiliated with Alibaba queried Claude across roughly 25,000 fraudulent accounts between 22 April and 5 June 2026, targeting software-engineering, agentic-reasoning, and long-horizon task capabilities for model distillation — training a competing model on Claude's outputs at scale. Alibaba has denied wrongdoing. The 28.8 million exchange figure is Anthropic's allegation and has not been independently verified. The attack exploited the API through systematic high-volume interaction rather than a technical vulnerability, making detection dependent on behavioural analytics.

Why it matters for IndiaIndian AI startups differentiating products on top of frontier models, and GCCs hosting LLM-backed services for global clients, face two corresponding risks: distillation of their own fine-tuned model outputs by third parties, and compliance exposure if their API credentials or contractors become channels for comparable campaigns.
ActionMonitor API usage for volume anomalies, account clustering, and task patterns inconsistent with normal product traffic; enforce per-key rate limits and contractor-level quotas; audit which subprocessors and third-party integrators hold API credentials and at what access level.
SourceCNBC (24 June 2026); Business Insider (25 June 2026).
4

FIRST mid-year update projects approximately 66,000 CVEs for 2026, driven by AI-assisted bug-hunting — volume-based patching is no longer viable

FIRST's June 2026 mid-year revision raised the 2026 CVE projection to approximately 66,000, a 46% increase above the February baseline, as AI tools hunt software flaws autonomously. One illustrative data point: AI-assisted tooling analysing the Firefox engine drove a 164% spike in Mozilla's Q1 CVE disclosures alone. The critical context for defenders is that actionable exploitability has not risen proportionally. The share of CVEs reaching active exploitation or high EPSS scores remains flat; the surge is in the volume of findings requiring human triage.

Why it matters for IndiaIndian government, BFSI, and critical infrastructure teams must manage roughly double the CVE intake against CERT-In's May 2026 mandate of 12-hour containment for known-exploited internet-facing systems. Patching by CVSS severity headline across 66,000 annual findings creates unsustainable backlog and obscures the subset that actually warrants immediate action.
ActionMake EPSS scores and CISA KEV membership the primary triage signals — not raw CVSS; apply CERT-In's phased remediation timeline (12 hours for known-exploited internet-facing systems, three days for critical internal systems, five days for high-severity findings); adopt AI-assisted prioritisation tooling to separate machine-discovered low-exploitability findings from actively weaponised vulnerabilities.
SourceFIRST.org; Help Net Security (15 June 2026).
AI defender tip: Langflow, MCP tool registries, and LLM API gateways share a structural problem: they are AI-adjacent infrastructure with production-grade access to credentials, workflows, and business data, but are routinely deployed without the change-review and network-access controls applied to production systems. Inventory every AI service with external network exposure and confirm authentication, egress controls, and a change-review process are in place before the next deployment.

Nirad Threat Research

Nirad AI Threat Watch | Bharat-first threat intelligence