Global threats, decoded for Indian defenders — weekly briefs, sector editions, and AI Threat Watch. Every claim source-attributed.
Not covered in prior NBTF editions. Included under catch-up policy.
Each item this week reflects the same operational pressure: the gap between patch and exploit continues to narrow. ColdFusion was weaponised within two hours; Ivanti Sentry was backdoored within a day; Oracle EBS was exploited six weeks after patching and before any public PoC. Indian organisations with Oracle EBS and Ivanti Sentry in the public sector, and Langflow or ColdFusion in the technology sector, should treat unpatched internet-facing deployments as compromised pending forensic review.
Nirad Threat Research
Not covered in prior NBTF editions. Included under catch-up policy.
Each item this week reflects the same operational pressure: the gap between patch and exploit continues to narrow. ColdFusion was weaponised within two hours; Ivanti Sentry was backdoored within a day; Oracle EBS was exploited six weeks after patching and before any public PoC. Indian organisations with Oracle EBS and Ivanti Sentry in the public sector, and Langflow or ColdFusion in the technology sector, should treat unpatched internet-facing deployments as compromised pending forensic review.
Nirad Threat Research
An authentication bypass in the vdaemon DTLS service on UDP 12346 lets an unauthenticated attacker gain administrative access to Cisco Catalyst SD-WAN Controller and Manager, then open NETCONF to reconfigure the entire overlay. Cisco Talos tracks active exploitation under UAT-8616, a highly sophisticated actor with ORB-network infrastructure overlap. Confirmed post-exploitation: SSH key injection, fabric reconfiguration, root escalation via version-downgrade (CVE-2022-20775), and forensic log erasure.
Working admin credentials for internet-facing FortiGate and SSL-VPN devices across 194 countries were extracted and publicly circulated; India is documented among the most-affected nations, with critical infrastructure named among exposed sectors. Contributing flaw: CVE-2026-24858 (FortiOS FortiCloud SSO bypass).
An authentication bypass in PAN-OS GlobalProtect portal and gateway components allows unauthorised VPN sessions without credentials; active exploitation confirmed from 17 May 2026 across multiple customer environments.
Zscaler's ThreatLabz 2025 Ransomware Report documents a 935% YoY increase in attacks against oil and gas, driven by automation of rigs, pipelines, and terminal systems expanding the OT attack surface. Events reaching a DCS or safety instrumented system carry physical and environmental consequences beyond data loss.
- ICS vulnerability record: Forescout documented 508 ICS advisories in 2025 — first year above 500 — with 82% rated high or critical and average CVSS above 8.0. Level 1 (PLCs, RTUs, IEDs) and Level 2 (SCADA, DCS, BMS) are most-affected. Critical gap: only 22% of high/critical ICS CVEs carried a CISA advisory. New high-risk OT device classes flagged: PDUs, I/O modules, BACnet routers. - India-targeted APT: Seqrite's India Cyber Threat Report 2026 documents a Pakistan-nexus campaign (APT36/SideCopy) using MSI-packaged malware, DLL sideloading, and open-source RATs — Xeno RAT, Spark RAT, CurlBack RAT — targeting India's CI and defence sector; 265 million detections in Oct 2024–Sep 2025. - AI-accelerated exploitation: CERT-In advisory CIAD-2026-0020 (Apr 2026) warns that frontier AI now enables autonomous vulnerability discovery and exploit generation within hours of disclosure — a window most OT maintenance schedules cannot match.
- CERT-In CIAD-2026-0020 (high severity, 26 Apr 2026): Mandates 24-hour critical patch cycle for internet-facing CI systems; continuous monitoring, Zero Trust, MFA, and hard IT-OT segmentation required. An emergency-patch track separate from regular maintenance windows is now a regulatory expectation for designated CI operators. - NCIIPC: CII protection framework requires nominated CISOs and registered asset inventories across power, telecom, transport, and strategic enterprises; over 9,700 CERT-In audits were conducted in FY2024-25, signalling intensifying supervisory scrutiny. - CERT-In incident reporting: Mandatory 6-hour notification for CI operators should be reviewed against the hours-scale exploitation windows documented in CIAD-2026-0020; SOC runbooks must be validated at this interval.
UAT-8616 — Cisco Talos designation; confidence HIGH on TTP set; MEDIUM on nation-state attribution. UAT-8616 has targeted Cisco Catalyst SD-WAN infrastructure since at least 2023, with exploitation tempo markedly increasing in May 2026. The attack chain is consistent: DTLS exploitation on UDP 12346, NETCONF fabric manipulation, SSH key persistence, root escalation via version-downgrade (CVE-2022-20775), firmware restoration to conceal the attack path, and systematic log erasure. Infrastructure overlap with ORB networks is consistent with state-level resources, though formal attribution has not been published. Compromise of an Indian state electricity board's or major telecom carrier's SD-WAN fabric would grant adversary-controlled routing and policy across geographically distributed CI sites.
Source (with date): Cisco Talos; Help Net Security (15 May 2026); Tenable; CISA KEV (May 2026).
Only public, attributed indicators; pull exact values from primary advisories and defang before operational use.
- CVE-2026-20182 (Cisco SD-WAN): Anomalous DTLS/UDP 12346 traffic; unexpected NETCONF sessions; SSH key additions outside provisioning records; unexplained version downgrades; cleared syslog, wtmp, lastlog, bash_history. (Cisco Talos advisory.) - CVE-2026-0257 (PAN-OS): Attacker IPs and file hashes in Unit 42 and Rapid7 advisories; alert on unauthenticated GlobalProtect session initiations. - FortiBleed / CVE-2026-24858: Indicators in CISA alert and Arctic Wolf advisory; detect cross-device FortiOS SSO login anomalies not matching provisioning records. - Seqrite APT RAT cluster: Defanged IOCs in Seqrite blog "Goodbye HTA, Hello MSI" (Jan 2026); detect behaviourally via MSI-spawned DLL-sideloading chains and PowerShell reflective-load patterns.
Board: Treat edge-device and OT-network exposure as enterprise risk equal to physical security; confirm NCIIPC CISO designations and commission an emergency estate review of Cisco SD-WAN, Fortinet, and PAN-OS deployments against CVE-2026-20182, CVE-2026-24858, and CVE-2026-0257 this quarter.
CISO: Emergency-patch CVE-2026-20182 (CVSS 10.0) and CVE-2026-0257; rotate all Fortinet and Cisco SD-WAN admin and VPN credentials immediately; deploy DTLS/UDP 12346 and NETCONF anomaly detection; inventory ICS Level 1 and Level 2 devices with a vendor-co-ordinated emergency-patch track for critical OT CVEs; apply CERT-In CIAD-2026-0020 requirements: 24-hour patch cycle and hard IT-OT segmentation.
SOC: Hunt for SD-WAN version downgrades, NETCONF changes, SSH key additions, and cleared logs (wtmp, lastlog, bash_history, cli-history) since March 2026; alert on unauthenticated GlobalProtect sessions and cross-device FortiOS SSO anomalies; monitor MSI-to-DLL-sideloading chains consistent with Seqrite APT TTPs; run a ransomware-to-OT escalation tabletop for at least one oil, gas, or power facility.
Cisco Talos, CVE-2026-20182 / UAT-8616 (May 2026) · Help Net Security (15 May 2026) · CISA KEV (May 2026; 29 May 2026) · Tenable · CISA, FortiBleed alert (18 Jun 2026) · Arctic Wolf (Jun 2026) · CSA Labs (20 Jun 2026) · Unit 42/Palo Alto Networks, CVE-2026-0257 · Rapid7, CVE-2026-0257 · Zscaler ThreatLabz 2025 Ransomware Report (Jul 2025) · Dragos 2026 OT Year in Review (17 Feb 2026) · Waterfall Security 2026 OT Threat Report · Seqrite India Cyber Threat Report 2026 (Jan 2026) · Forescout (Feb 2026) · IT Security Guru (19 Feb 2026) · CERT-In CIAD-2026-0020 (26 Apr 2026) · Qualys blog (24 Jun 2026) · PIB, Government of India (2026).
Nirad Threat Research
An insecure direct object reference in Langflow's /api/v1/responses endpoint allows any authenticated user to execute another user's AI workflow by supplying its UUID — the flow-resolution function queries the database without checking ownership. Sysdig Threat Research observed active exploitation from 25 June 2026; CISA added CVE-2026-55255 to its Known Exploited Vulnerabilities catalog on 7 July with a federal agency remediation deadline of 10 July. The documented attack pattern: enumerate flow UUIDs via the /api/v1/flows/ listing endpoint, replay them at the responses endpoint, then inject prompts into the hijacked workflow to surface API keys and secrets stored in the victim's flows. Fixed in Langflow 1.9.1.
/api/v1/flows/ and /api/v1/responses access logs for UUID enumeration patterns across user boundaries. Restrict all Langflow instances to authenticated, network-segmented deployments with no direct internet exposure.CrowdStrike published an expansion to its prompt injection taxonomy on 7 July 2026, adding 18 new techniques to a catalogue that now documents more than 200 distinct methods. Five are of particular operational relevance to enterprise AI environments: a delayed-trigger technique that embeds a dormant instruction that activates only when a specified keyword or condition appears later in context; vocabulary suppression that blocks safety-related tokens to steer the model away from standard refusal responses; payload fragmentation that splits a malicious instruction across components appearing innocuous individually but reassembling on processing; insertion of counterfeit system-delimiter tokens to promote untrusted content to directive-level priority; and injection through trusted data sources — documents, CRM records, issue tracker entries, or knowledge-base articles — introduced to the AI context by the user rather than by the attacker directly.
Sentry's data source name (DSN) is intentionally public and embedded in client-side JavaScript for legitimate error ingestion. Tenet Security published research on 17 June 2026 demonstrating that an attacker can craft fake Sentry error events containing hidden prompt injection instructions; when the Sentry MCP server delivers these to an AI coding agent, the agent processes the attacker's instructions as authoritative diagnostic guidance and executes them. Testing across 100-plus agent deployments confirmed an 85% success rate; Tenet identified 2,388 organisations with injectable DSNs, including a confirmed Fortune 100 enterprise. Affected agents include Claude Code, Cursor, and Codex. Tenet has open-sourced a hardening tool, agent-jackstop, with drop-in configurations for Cursor and Claude Code.
Wiz Research reported on 26 June 2026 that the Amazon Q Developer Extension for VS Code automatically loaded and started MCP server configurations found in project workspace directories when a repository was opened, without presenting a trust confirmation step. An attacker who places a malicious configuration file in a repository can start an attacker-controlled server the moment a developer opens the project; that server runs with access to the developer's active AWS credentials and environment variables. AWS patched the flaw in Language Server version 1.69.0, released before public disclosure; the language server updates automatically in most network environments.
Nirad Threat Research