Hexaware Acquires CyberSolve to Strengthen Global Identity Security and AI-Driven Cyber Resilience

Hexaware Technologies [NSE: HEXT], a global provider of IT solutions and services, today announced it has acquired CyberSolve, a global specialist in identity and access management (IAM) solutions. Together, the companies will help enterprises modernize identity foundations, automate controls with artificial intelligence (AI), and run secure operations across complex, hybrid technology estates.

Across boardrooms, chief information officers cite cybersecurity as a top priority, as trusted digital identity—and the governance, risk, and compliance frameworks around it—now underpin every transformation, from cloud adoption and application modernization to data protection and workforce productivity.

CyberSolve brings nearly a decade of focused work in large identity programs, with 230+ specialists, 20+ IAM tech alliances, and 650+ implementations across sectors including retail, healthcare, pharma, automotive, financial services, logistics, government, and technology. Its teams are known for fast, reliable app onboarding, smooth platform migrations, and audit-ready operations. Hexaware adds consulting depth, engineering excellence, and 24x7 cybersecurity and resilience operations, spanning GRC, cloud security, and DevSecOps—helping clients move from isolated fixes to an integrated identity capability that reduces risk and accelerates growth at global scale.

“Cybersecurity has moved from an IT concern to a business imperative, and chief information officers tell us that getting identity right is at the top of the agenda,” said Siddharth Dhar, President & Global Head – Digital IT Operations & AI, Hexaware. “By bringing CyberSolve into Hexaware, we combine their craftsmanship in identity programs with our platform-led delivery and global operations. Clients will see faster value, stronger controls, and a clearer path to secure digital growth.”

“Our mission has always been to inspire trust in every digital interaction,” said Mohit Vaish, CEO, CyberSolve. “Joining Hexaware allows us to scale that mission—expanding our reach, applying AI more deeply, and creating measurable security outcomes for enterprises worldwide.”

Atul Agrawal, Managing Partner, CyberSolve, said, “We’re truly delighted to join Hexaware. The combined strengths of our IAM expertise and Hexaware’s AI-first operations create tremendous potential to redefine how global enterprises approach digital identity and security.”

Shubham Khandelia, Managing Partner, CyberSolve, added, “This is an exciting milestone for our people and clients alike. Together, we can deliver broader capabilities, faster innovation, and stronger assurance, building on our shared commitment to trust and excellence.”

Client organizations also welcomed the announcement. Chris Lugo, VP – CISO, Blue Cross Blue Shield Association, said, “CyberSolve has consistently helped bring clarity and momentum to complex initiatives. With Hexaware, they’ll have the scale and structure to deliver even greater impact. I’m excited to see what the two teams achieve together.”

The combined team will focus on what leaders need most today, delivering accurate and effective identity security, dependable operations, and easier adoption of change across large enterprises, resulting in faster onboarding, smoother migrations, continuous compliance, and secure work from anywhere.

Operant AI Uncovers Stealth Exploit Targeting MCP Connected AI Assistants

1. A critical security flaw in MCP (Model Context Protocol) enables invisible data theft across all major AI and Agentic platforms
2. New attack class exploits trusted AI agents to silently exfiltrate critical PII, including SSNs, medical records, and financial data. 
3. The discovery of Shadow Escape comes amid Cybersecurity Awareness Month, underscoring the urgent need for AI-native defense mechanisms as enterprises accelerate adoption of agentic AI frameworks.

Operant AI, the world’s only Runtime AI Defense Platform, today disclosed the discovery of Shadow Escape, a powerful zero-click attack that exploits Model Context Protocol (MCP) and connected AI agents. The exploit enables data exfiltration via popular AI agents and assistants, including ChatGPT, Claude, Gemini, and other LLM-powered agents.

As enterprises rapidly adopt agentic AI through MCP servers and MCP-based integrations to connect large language models (LLMs) to internal tools, APIs, and databases, Shadow Escape demonstrates a new class of threats that operate entirely inside the firewall and within authorized identity boundaries, making them invisible to conventional cybersecurity monitoring.

The Shadow Escape attack demonstrates the absolute criticality of securing MCP and agentic identities. Operant AI's ability to detect and block these types of attacks in real-time and redact critical data before it crosses unknown and unwanted boundaries is pivotal to operationalizing MCP in any environment, especially in industries that have to follow the highest security standards, said Donna Dodson, the former Chief of Cybersecurity at NIST.

According to McKinsey’s 2025 Technology Trends Outlook, nearly 80% of enterprises are now using generative or agentic AI assistants for critical business functions—many of which depend on MCP for secure access management and workflow automation. Operant AI’s research estimates that trillions of private records may be at risk of exposure through such zero-click MCP-based data exfiltration chains.

Operant AI has formally reported this security issue to OpenAI and initiated the Common Vulnerabilities and Exposures (CVE) designation process. Critically, this is not a vulnerability specific to any individual LLM or Agent provider; it represents a fundamentally new attack path that affects any AI agent or AI application that utilizes MCP.

The Attack Chain

Unlike traditional prompt injection or data leaks, this attack doesn’t need user error, phishing, or malicious browser extensions. Instead, it leverages the trust already granted to AI agents and AI assistants through legitimate MCP connections.

The attack unfolds in three stages:

1. Infiltration: Malicious instructions are embedded invisibly in documents uploaded to AI agents—documents that appear completely legitimate and pass standard security scans. 
2. Discovery: AI agents proactively discover and surface sensitive data across connected databases without explicit user requests, leveraging MCP's powerful cross-system access capabilities. 
3. Exfiltration: Hidden directives instruct the AI agent to transmit entire datasets to external endpoints, disguised as routine performance tracking or analytics uploads

The attack first enables the AI agent to access and display critical PII data to any human interacting with it, violating basic data governance standards, including HIPAA and PCI compliance. It then uses an invisible zero-click instruction to extract that PII, including Social Security numbers, medical record numbers, and other personally identifiable information (PII) to the dark web, all without IT or standard security measures blocking or detecting the breach. Using the Shadow Escape attack path, malicious entities are able to gain everything needed to perpetrate identity theft, Medicare fraud, financial fraud, and more, all without users or IT organizations realizing the exfiltration is happening.

Shadow Escape Is Not Limited to One AI Provider or Platform

Shadow Escape affects any organization using MCP-enabled AI agents or MCP-connected AI assistants, including ChatGPT (OpenAI), Claude (Anthropic), Gemini (Google), Custom AI agents built on various LLM backends, Open-source alternatives like Llama-based assistants, and Industry-specific AI copilots across healthcare, finance, and customer service. The common thread isn't the specific AI Agent—it's the Model Context Protocol that grants these agents unprecedented access to organizational systems.

Beyond Traditional Security

"While MCP has become a foundational protocol enabling powerful AI integrations, our research reveals that standard MCP configurations create unprecedented attack surfaces that operate beyond the reach of traditional security controls," said Vrajesh Bhavsar, CEO and co-founder of Operant AI. "Shadow Escape demonstrates how AI agents can be weaponized through 0-click attacks that are invisible to both users and conventional security methods. The attack happens entirely within authenticated sessions, using legitimate credentials, making the blast radius potentially catastrophic given the scale and speed at which agents can operate."

Shadow Escape can impact many highly sensitive, privacy-regulated, and commonly used AI/Human interactions, including medical assistants using AI to access patient records, insurance databases, or treatment protocols or banking representatives using AI copilots connected to transaction systems, credit databases, or fraud detection monitoring systems.

Operant AI's Security Research team recommends organizations take immediate action to assess and secure their MCP deployments by conducting comprehensive audits of all AI agents and AI assistants with MCP access to organizational systems, databases, and APIs; implementing runtime AI defense guardrails capable of detecting and blocking zero-click data exfiltration attempts; establishing MCP trust zones with explicit allow-listing of authorized servers and real-time blocking of untrusted connections; deploying sensitive data flow monitoring with in-line auto-redaction capabilities for PII, PHI, and financial information; and reviewing and governing MCP tools access following least-privilege principles.

For more information about Shadow Escape and Operant AI's MCP and AI security solutions, visit: www.operant.ai/art-kubed/shadow-escape

About Operant AI

Operant AI, the world’s only Runtime AI Defense Platform, delivers comprehensive, real-time protection for AI applications, AI agents, and MCP. Operant AI’s AI Gatekeeper and MCP Gateway are specifically designed for the unique challenges of the modern AI-native world.

With its advanced cloud-native discovery, detection, and defense capabilities, Operant AI is able to actively detect and block the most critical modern attacks including prompt injection, data exfiltration, and MCP tool poisoning, while keeping AI applications running in private mode with in-line auto-redaction of sensitive data and contextual IAM for AI Agents. Operant AI empowers security teams to confidently deploy AI applications and agents at scale without sacrificing safety or compliance.

Operant AI is the only representative vendor listed by Gartner for all four core AI-security categories: AI TRiSM (Trust, Risk, and Security Management), API Protection, MCP Gateways, and AI Agents. Founded in 2021 by Vrajesh Bhavsar, Dr. Priyanka Tembey, and Ashley Roof—industry experts from Apple, VMware, and Google respectively, Operant AI is a San Francisco-based Series A company funded by Silicon Valley venture capital firm Felicis and Washington DC venture capital firm SineWave.

Wipro and CrowdStrike Expand Alliance to Launch AI-Powered CyberShield MDR

Organizations today face an overwhelming volume of alerts from siloed security tools that fail to stop adversaries. Fragmented security operations across endpoints, cloud workloads, identity, and data drive complexity, increase costs, and create operational blind spots. Wipro CyberShield MDR, powered by CrowdStrike Falcon® Next-Gen SIEM, addresses these challenges by enhancing threat visibility, simplifying operations, and strengthening resilience against evolving threats.

Falcon Next-Gen SIEM combines native Falcon platform and third-party data with real-time threat intelligence and AI-powered automation to supercharge threat detection and response across the enterprise. Leveraging Falcon Next-Gen SIEM and Wipro's global ecosystem – along with Wipro Ventures’ portfolio companies Simbian and Tuskira – CyberShield MDR delivers intelligent defense, proactive breach protection, continuous detection, and rapid response to keep organizations resilient and future-ready against AI-driven threats. Wipro’s cybersecurity experts will manage and host the services from eight Cyber Defense Centers (CDCs) strategically located around the globe.

“Wipro’s CyberShield platform, powered by CrowdStrike’s AI-native product suites and strengthened by our security ecosystem will help enterprises contain threats swiftly and ensure continuity of digital operations,” said Tony Buffomante, Senior Vice President & Global Head – Cybersecurity & Risk Services, Wipro Limited. “This integrated platform approach enables AI automated workflows, prevents lateral threat movement, and eliminates potential security gaps that fragmented solutions often miss.”

“The Falcon platform supercharges Wipro’s CyberShield Managed Security Services to deliver real-time attack detection, faster response and outcomes that stop breaches,” said Daniel Bernard, Chief Business Officer, CrowdStrike. “Together, we’re simplifying operations across Wipro’s ecosystem of partners — reducing costs, accelerating time-to-value and giving customers the confidence to stay ahead of today’s adversaries.”

Wipro CyberShieldSM MDR unified MSS will be launched at CrowdStrike Fal.Con 2025.

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading AI-powered technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. Wipro Innovation Network, which brings together our clients, partners, academia, and tech communities, reflects our commitment to client-centric co-innovation. As a part of this, the Innovation Labs and Partner Labs, located across the globe, allow us to collaborate with clients to solve real-world challenges and showcase cutting-edge industry solutions that explore the future of technology. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com.

Accenture Announces Its Largest Ever Cybersecurity Acquisition of CyberCX

Global consulting giant Accenture has announced its largest-ever cybersecurity acquisition, acquiring Australian firm CyberCX in a landmark deal reportedly valued at $650 million. The move significantly expands Accenture’s cyber defense capabilities across the Asia-Pacific region and beyond.

CyberCX is one of the largest and most prominent cybersecurity firms in the Asia Pacific region. The company’s end-to-end services extend across consulting, transformation and managed security services and include advanced capabilities in offensive security and cyber physical security, crisis management, threat intelligence, managed detection and response, as well as strategic advisory, identity, cloud and network security.

Accenture’s acquisition of Australian cybersecurity firm CyberCX for a reported $650 million marks its largest-ever cybersecurity deal to date.

Why CyberCX?

• CyberCX employs approximately 1,400 cybersecurity professionals.
• Operates across Australia, New Zealand, London, and New York.
• Specializes in sovereign cloud security, threat intelligence, and crisis response.
• Offers advanced AI-powered cybersecurity platforms.

CyberCX was founded in October 2019 by John Paitaridis, who serves as CEO, and Alastair MacGibbon, the company’s Chief Strategy Officer. Paitaridis brought extensive experience from his leadership roles at Optus and Telstra, while MacGibbon contributed deep expertise from his tenure as Australia’s national cybersecurity advisor. Their vision was to create a sovereign cybersecurity powerhouse rooted in Australian and New Zealand capabilities.

CyberCX was financially backed by BGH Capital, a private equity firm that facilitated the rapid consolidation of 17 cybersecurity businesses to form CyberCX. This strategic roll-up enabled CyberCX to quickly establish itself as a dominant force in the region’s cybersecurity landscape.

Strategic APAC Expansion

Australia has faced a wave of high-profile cyberattacks in recent years, including breaches at Optus, Medibank, and Qantas. CyberCX’s strong local presence and government partnerships make it a strategic asset for Accenture’s push into the region. The acquisition positions Accenture as a dominant force in securing digital ecosystems across APAC.

Accenture’s Cybersecurity Growth Trajectory

Since 2015, Accenture has completed 20 security acquisitions, including most recently acquiring Morphus, MNEMO Mexico and Innotec Security.

Year	Company	Country
2023	Morphus	Brazil
2022	MNEMO	Mexico
2021	Innotec Security	Spain
2025	CyberCX	Australia

What This Means for the Industry

The acquisition signals a broader trend of consolidation in the cybersecurity sector, as global firms race to bolster defenses against increasingly sophisticated threats. For Accenture, it’s a bold step toward becoming the go-to provider for end-to-end cyber resilience, especially in geopolitically sensitive regions.

TAC InfoSec’s CyberScope Files U.S. Patent for World’s First AI-Powered Blockchain Trust Scoring Platform

• A Patent-Backed Innovation Designed to Drive Revenue, Market Share, and Client Confidence
• Strengthening TAC Security’s Global IP Portfolio and Competitive Edge in Cybersecurity
• Unlocking New Commercial Opportunities in Web3 Risk Intelligence with Web3 Arm “Cyberscope”
• The First AI-Optimised Security Engine to Fuse On-Chain, Off-Chain, and Market Data at Scale
• Reinforcing TAC Security’s Position as a Global Leader in Next-Gen Cyber Intelligence

TAC InfoSec Limited (NSE: TAC), a global leader in cybersecurity and vulnerability management, today announced that its Web3 Security arm, CyberScope, has filled patent for CyberScope Cybersca in the United States — the world’s first AI-optimised, multi-domain blockchain trust scoring and fraud detection platform.

This breakthrough is designed to give investors, exchanges, and regulators a real-time, verifiable trust score for every blockchain project — turning fragmented, manual due diligence into instant, actionable intelligence.

Defining the Next Era of Web3 Security Trust

CyberScope Cyberscan fuses on-chain, off-chain, and Web2 data at scale; delivering actionable security intelligence in under five seconds. The patented technology is set to unlock new commercial opportunities across the $20B+ blockchain security market, reinforcing TAC Security’s global IP portfolio and leadership in next-gen cyber intelligence.

Key Industry-First Capabilities:

• Dual-Mode Polling Engine — Combines Slow Mode batch re-indexing for deep coverage with Fast Mode real-time scans for instant insights. 
• Multi-Domain Intelligence Fusion — Integrates smart contract analysis, liquidity metrics, GitHub activity, DNS audits, and KYC/Audit verification into a unified trust score.
• Adaptive Prioritization — Dynamically targets high-risk projects based on listing status, market cap, and activity spikes.
• Live Malicious Behavior Detection — Flags honeypots, rug pulls, liquidity manipulation, and privileged functions before damage occurs.
• Cross-Domain Correlation Engine — Links suspicious blockchain activity with anomalies in domain registration, code changes, and market behavior.

Business Impact

• Reducing Investor Risk — Instant red flags for scam patterns and security vulnerabilities.
• Empowering Exchanges & Launchpads — Automated, embedded trust scoring via developer-ready API.
• Regulatory Alignment — Standardized, auditable trust metrics for compliance reporting.
• Driving Market Confidence — A scalable framework for capital markets to safely embrace Web3.

Trishneet Arora, Founder & CEO, TAC Security: “For the decentralized economy to thrive, trust can’t be optional — it must be engineered into the system. CyberScope doesn’t just measure credibility, it defines it — instantly, for every project in the market. This is the intelligence layer that empowers investors to act decisively, enables exchanges to list with confidence, and allows capital to move into Web3 without hesitation. With this patent, we’re not just talking about blockchain trust; we’re building it, today.”

Saransh Rawat, CTO, TAC Security & Co-Founder, CyberScope, said, “Every once in a while, a technology comes along that changes the rules entirely — Cyberscan is that moment for Web3 security. We’ve created a platform that doesn’t just scan; it understands. It reads the signals across blockchains, marketplaces, and code repositories, turning them into instant, trustworthy intelligence. This is the foundation for a safer, smarter, and truly scalable decentralized future.”

About TAC Security (TAC InfoSec Limited) – Symbol - NSE: TAC

TAC Security, a leading global cybersecurity company specialising in vulnerability management, is a publicly listed cybersecurity company that made headlines with its oversubscribed IPO worth $1 billion. TAC Security’s flagship product, ESOF (Enterprise Security in One Framework), excels in cyber scoring, cyber risk quantification, and leveraging advanced AI for vulnerability assessment and penetration testing.

TAC Security holds prestigious certifications like CREST PT, SOC2 and ISO 27001, IoXT Security Assessor and partners with tech giants such as Google, Microsoft, and Meta for ADA’s CASA (Cloud Application Security Assessment). Serving a diverse global clientele, TAC Security is committed to innovation and excellence in cyber security for Fortune 500 companies, start-ups, and Governments Globally.

For more information, visit https://tacsecurity.com

About CyberScope, a TAC Security Company

Cyberscope, a TAC Security Company, is a leading provider of Web3 Security, smart contract auditing, and compliance solutions, serving a global client base across the decentralized finance, blockchain, and digital asset sectors. Founded in 2023, the company has completed over 2,700 smart contract audits and 500+ KYC verifications, securing more than $2 billion in digital assets for over 3,000 clients. Cyberscope’s proprietary tools combine automated and manual analysis to deliver rapid, high-quality security assessments recognized by major industry platforms such as CoinMarketCap, PinkSale, and DxSale. With a reputation for quality, speed, and trust, and backed by the resources and global reach of TAC Security, Cyberscope is positioned to set new standards for security, transparency, and compliance in the rapidly evolving Web3 ecosystem.

For more information, visit https://cyberscope.io

Voice Phishing Breach at Cisco: ShinyHunters Suspected in CRM Data Heist

Cisco has confirmed a targeted voice phishing (vishing) attack that compromised user profile data stored in a third-party cloud-based Customer Relationship Management (CRM) system. The breach, discovered on July 24, 2025, involved an attacker impersonating a trusted entity over the phone to manipulate a Cisco representative into granting unauthorized access.

Cisco Vishing Attack: What Happened

On July 24, 2025 (GMT+9), Cisco was alerted to a voice phishing (vishing) attack targeting one of its representatives. The attacker impersonated a trusted entity over the phone and successfully manipulated the employee into granting access to a third-party, cloud-based Customer Relationship Management (CRM) system.

What Data Was Compromised

The attacker exported a subset of basic profile information from users who had registered on Cisco.com:

Compromised Data
Full names
Organization names
Physical addresses
Cisco-assigned user IDs
Email addresses
Phone numbers
Account-related metadata (e.g., account creation date)

No passwords, confidential customer data, or proprietary information were accessed.

Cisco’s Response

Cisco took immediate action:

• Terminated the attacker’s access to the CRM system
• Launched a full investigation
• Notified affected users and data protection authorities
• Confirmed no impact to other CRM instances or Cisco products/services

They also committed to:

• Re-educating personnel on identifying and preventing vishing attacks
• Implementing enhanced security measures to prevent recurrence

Broader Context

This breach appears to be part of a larger campaign targeting companies using Salesforce and other CRM platforms. Other victims include Allianz Life, Tiffany & Co., and Qantas. The ShinyHunters extortion group is suspected to be behind these coordinated attacks.

Deeptech QNu Labs Launches QNu Academy to Power India’s Quantum-Ready Workforce

• This launch marks a strategic milestone in India's journey toward achieving quantum self-reliance & digital sovereignty
• The academy is designed to serve a wide range of learners, including universities, faculties & students to build a skilled workforce capable of securing India’s digital future

QNu Labs, India’s first and world’s no.1 integrated end-to-end quantum secured cybersecurity platform today announced the launch of QNu Academy, a global educational initiative aimed at building a future-ready talent pipeline in quantum technologies and cyber-security. As India advances its digital infrastructure and aligns with the National Quantum Mission, QNu Academy, backed by National Quantum Mission aims to bridge the existing talent gap. This launch marks a strategic milestone in India's journey toward achieving quantum self-reliance and digital sovereignty.

QNu Academy offers in-depth education and practical training in advanced technologies such as Quantum Key Distribution (QKD), Quantum Random Number Generation (QRNG), and Post-Quantum Cryptography (PQC). The curriculum blends self-paced learning and instructor-led modules, curated in collaboration with experts from premier Indian institutions like the IITs and DRDO, as well as global quantum research bodies. Learners benefit from real-world use cases, hands-on lab assignments, continuous assessments, and mentorship from industry practitioners.

• The academy is designed to serve a wide range of learners, including universities, faculties, and students, to build a skilled workforce capable of securing India’s digital future. In addition, QNu Academy actively supports educational institutions through Faculty Development Programs and the creation of Centres of Excellence (CoE) Labs to promote quantum innovation and applied research. Placement support, certifications and career readiness initiatives are also integrated into the learning journey.

Speaking on the launch, Sunil Gupta, Co-Founder & CEO of QNu Labs, said, “QNu Academy is more than an educational platform. It is a national mission to democratize access to quantum education and build widespread awareness around quantum communications. Our goal is to create a sustainable ecosystem for quantum learning in India through faculty development programs, industry-relevant programs, CoE labs, certified programs, real-time projects, and assignments with placement opportunities to develop quantum experts, empowering you to become a future leader. The future of cybersecurity in India depends on how well we prepare today’s learners to tackle tomorrow’s threats.”

“Through QNu Academy, we hope to foster a culture of innovation, encourage indigenous R&D in quantum tech and empower India’s workforce to lead on the global stage,” he added.

QNu Academy represents a timely and important investment in human capital. The program aligns well with India’s broader goals of technological development, digital resilience, and global leadership in quantum innovation. It is envisioned as a long-term commitment to enabling India’s readiness for quantum disruption and equipping the country with the skilled manpower needed to thrive in the post-quantum era.

Quick Heal's Seqrite Labs Identifies 650+ Cyber Incidents Linked to Geopolitical Tensions Surrounding ‘Operation Sindoor’

Quick Heal Technologies Limited, a global cybersecurity solutions provider, through its Seqrite Labs, India’s largest malware analysis facility, has revealed some critical details about coordinated cyberattacks exploiting geopolitical tensions during ‘Operation Sindoor’, India’s military counterterrorism response to the April 22, 2025 Pahalgam terror attack. While the Indian Armed Forces conducted precision strikes on terrorist infrastructure in Pakistan-administered Kashmir from May 7-10, 2025, the threat intelligence team at Seqrite Labs, identified parallel cyber campaigns by Pakistan-aligned threat actors targeting defense, healthcare, telecom, and government sectors across India.

The cyber offensive began on April 17, 2025, with spear-phishing emails distributing weaponized files such as Final_List_of_OGWs.xlam and Preventive_Measures_Sindoor.ppam. These attachments exploited public concern about national security by masquerading as official Indian government advisories. Forensic analysis confirmed the use of Ares RAT, an evolved variant of APT36’s Crimson RAT malware, which established covert communication channels with command-and-control (C2) servers at IP 167.86.97[.]58:17854. Attackers spoofed legitimate Indian domains like nationaldefensecollege[.]com and zohidsindia[.]com to bypass security protocols.

Between May 7-10, Seqrite’s telemetry recorded 650+ cyber incidents, including DDoS attacks on telecom providers (Jio, BSNL), defacements of state education portals, and credential harvesting campaigns against healthcare institutions like AIIMS and Apollo Hospitals. Hacktivist collectives such as #OpIndia and #OperationrSindoor coordinated via Telegram, claiming responsibility for leaking sensitive data from defense contractors and municipal databases.

The attackers’ infrastructure leveraged virtual private servers (VPS) in Russia, Germany, and Indonesia to mask origins. Malicious .ppam and .Ink files triggered PowerShell scripts that disabled security tools, exfiltrated military communication logs, and deployed ransomware on healthcare systems. Seqrite’s countermeasures included 26 custom detection signatures deployed across Seqrite XDR, integration of YARA rules into national threat intelligence platforms, real-time alerts for spoofed domains, and threat advisory dissemination to Indian entities.

The targeted cyberattacks on Indian institutions in wake of rising geopolitical tensions between India and Pakistan paint a clear picture of how nation-state actors now collaborate with non-state hacktivists, merging technical intrusion with psychological operations. The evolution of APT36 and the simultaneous hacktivist attacks signal a deliberate convergence of cyber espionage and ideological warfare. Instead of isolated malware campaigns, we now face digitally coordinated war games run with a common objective: that of destabilizing, disinforming, and disrupting.

In light of these alarming findings, Seqrite urges organizations to exercise utmost caution with respect to their digital security. It is advised to adopt a zero-trust approach, deploy advanced, multi-layer security systems, create regular backups, and conduct awareness drives to impart essential cybersecurity training which can help reduce human error. Seqrite’s cutting-edge suite of cybersecurity solutions, including EPS, ZTNA, EDR, and XDR, along with Seqrite Malware Analysis Platform and Seqrite Threat Intel Platform, can help organizations of all sizes strengthen their cybersecurity stanc

Hackers vs. AI: 86% of Firms Hit by Cyber Threats—Who’s Winning?

Cisco's 2025 Cybersecurity Readiness Index reveals that only 4% of organizations worldwide have reached a "Mature" level of cybersecurity readiness. This is a slight improvement from last year's 3%, but it still highlights significant gaps in global preparedness.

The Index evaluates companies' readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification— and encompassing 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

Key Findings:

The lack of cybersecurity readiness globally is alarming as 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.

• AI-related security incidents affected 86% of organizations in the past year.
• 49% of respondents believe their employees fully understand AI-related threats, while 48% think their teams grasp how malicious actors use AI for attacks.
• Nearly half of organizations suffered cyberattacks, struggling with complex security frameworks.
• 71% of respondents anticipate business disruptions due to cyber incidents within the next 12 to 24 months.
• Only 45% of organizations allocate more than 10% of their IT budget to cybersecurity, down from 53% last year.

The report evaluates cybersecurity readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. AI is both a security tool and a threat, with 89% of organizations using AI for threat detection, response, and recovery

The report said that — to tackle today’s cybersecurity challenges, organizations must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and managing risks from unmanaged devices and shadow AI.

Mphasis and Cybersecurity Firm SecPod Announce Strategic Security Partnership

Mphasis, (BSE: 526299; NSE: MPHASIS), an Information Technology (IT) solutions provider specializing in cloud and cognitive services, today announced a strategic partnership with SecPod a SaaS-based cybersecurity products and technology company. As a part of this partnership, Mphasis will offer disruptive vulnerability management services for its clients through SecPod’s SanerNow CVEM platform.

Through this partnership, Mphasis aims to help enterprises overcome challenges such as delayed risk identification, an increasing backlog of remediation, and inefficiencies caused by siloed products in vulnerability management. Leveraging SanerNow’s CVEM approach, Mphasis will enable its clients to consolidate multiple-point solutions into a unified, integrated solution. This solution continuously scans, detects, prioritizes, normalizes, and patches vulnerabilities, ensures compliance with regulatory requirements, prevents cyber-attacks, and keeps organizations audit-ready at all times.

“We look forward to leveraging SanerNow's advanced capabilities to empower our clients as they transform their cybersecurity approach. This shift includes moving from reactive to proactive, periodic to continuous, and manual to automated. This enables them to stay ahead of evolving cyber threats, reduce complexity, and focus confidently on achieving their core business objectives,” said Srikumar Ramanathan, Chief Solutions Officer, Mphasis.

“We are thrilled to partner with Mphasis to integrate SecPod’s SanerNow platform into their advanced cybersecurity offerings. With Mphasis’ innovative focus on AI-driven solutions and cloud-native strategies, they are the ideal partner to amplify the benefits of SanerNow’s Continuous Vulnerability and Exposure Management (CVEM) capabilities,” said Pramod Sridharamurthy, SVP of GSIs & Strategic Alliances at SecPod. He added, “This collaboration allows us to leverage Mphasis’ extensive industry expertise and global reach, combining it with our automated vulnerability and exposure management solutions. Together, we aim to help organizations not only strengthen their cybersecurity posture but also proactively address vulnerabilities and mitigate risks in an ever-evolving threat landscape.”

This partnership driven through our Sparkle innovation ecosystem, will accelerate the adoption of SanerNow’s Continuous Vulnerability & Exposure Management (CVEM) capabilities and integrate its services to enhance delivery capabilities, improve SLAs, reduce time-to-market, and offer integrated vulnerability management solutions.

About SecPod:

SecPod is a SaaS-based cybersecurity product and technology company created with a singular, unwavering goal of preventing cyberattacks. Founded in the year 2008, the company provides top-of-the-line continuous vulnerability and exposure management solutions that strengthen the cybersecurity posture of enterprises, SMBs, MSSPs and the like.

For more information, visit https://www.secpod.com/.

About Mphasis

Mphasis’ purpose is to be the “Driver in Driverless Car” for Global Enterprises by applying next-generation design, architecture, and engineering services, to deliver scalable and sustainable software and technology solutions. Customer centricity is foundational to Mphasis, and is reflected in the Mphasis’Front2Back™ Transformation approach. Front2Back™ uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis’ Service Transformation approach helps ‘shrink the core’ through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis’ core reference architectures and tools, speed and innovation with domain expertise and specialization, combined with an integrated sustainability and purpose-led approach across its operations and solutions are key to building strong relationships with marquee clients. 

Tata Technologies Faces Ransomware Attack Resulting Temporary Suspension of Some of Its IT Services

Tata Technologies recently experienced a ransomware attack that affected some of its IT assets. The attack led to the temporary suspension of certain IT services. However, Tata Technologies confirmed that their client delivery services remained fully functional and unaffected throughout the incident.

The ransomware incident was discovered on January 31, 2025. Tata Technologies did not disclose whether a ransom was demanded or paid.

A detailed investigation is underway in consultation with experts to assess the root cause and take necessary remedial actions.

The company has restored the affected services and launched a detailed investigation to determine the root cause and take necessary remedial actions.

CEO Warren Harris highlighted the importance of increased funding for upskilling initiatives aligned with Industry 4.0 to support India's economic growth.

Tata Technologies emphasized its commitment to maintaining high standards of security and data protection. They are working closely with experts to mitigate any potential risks associated with the attack.

This incident highlights the growing cybersecurity challenges faced by companies, especially in sectors like engineering and technology.

Last December, Deloitte UK was reportedly cyberattacked for whopping 1 TB of sensitive data by ransomware group called Brain Cipher Ransomware.

Last year, Infosys' U.S.-based subsidiary, McCamish Systems, experienced a significant data breach due to a ransomware attack attributed to the LockBit ransomware operation, and data from over 6.078 million individuals was compromised.

India-US Researchers Creates Quantum-Safe Video Encryption Framework to Tackle Deepfake-like Threats

Researchers from India and the USA have created a quantum-safe video encryption framework to tackle modern cyber threats like deepfakes and data manipulation. This innovative framework combines quantum computing's inherent randomness with advanced SSL-encrypted HTTP transmission, providing unmatched security and efficiency.

The research, led by experts from Florida International University and the National Forensic Sciences University, has been featured in IEEE Transactions on Consumer Electronics.

This framework integrates quantum encryption with classical video transmission methods to enhance security against evolving cyber threats.

This breakthrough is expected to significantly enhance video communication security, especially for sensitive communications in defense, government, and military operations.

Dr. Naveen Kumar Chaudhary from the National Forensic Sciences University in India collaborated with Dr. S.S. Iyengar and Dr. Yashas Hariprasad from Florida International University has led to the development of this quantum-safe encryption framework.

A promising step towards a more secure digital future, the framework is based on hybrid quantum video encryption, which uniquely combines the power of quantum encryption with classical video transmission techniques, ensuring robust protection against potential quantum computing threats.

The Quantum Encryption utilizes the principles of quantum mechanics to create encryption keys that are virtually impossible to crack using classical computing methods.

The framework incorporates advanced SSL-encrypted HTTP transmission to maintain high-quality video communication. It Merges the strengths of both quantum and classical encryption, offering a dual layer of security.

It has varied cybersecurity applications with an aims to protect sensitive video communications, particularly in sectors like defense, government, and military.

Designed to withstand the advancements in quantum computing, making it a long-term solution for secure video transmission, the framework is a significant leap forward in cybersecurity, addressing the growing concerns over deepfakes and data manipulation.

It's a promising development that could reshape the landscape of secure digital communication. The research has been funded by U.S. Army DEVCOM Army Research Laboratory and U.S. National Science Foundation (NSF), an independent agency of the United States federal government. 

Tackling Deepfakes

The quantum-safe encryption framework tackles deepfake threats by leveraging the inherent randomness of quantum computing and advanced SSL-encrypted HTTP transmission. Here's how it works:

1. Pseudorandom Keys: The framework uses quantum-generated pseudorandom keys to encrypt video streams. These keys are extremely difficult to predict or replicate, making it challenging for deepfake creators to manipulate the video content.

2. Quantum-Safe Protocols: Individual frames of the video are secured using quantum-safe protocols, ensuring that each frame is protected against tampering.

3. Enhanced Security: By combining quantum encryption with classical methods, the framework provides a dual layer of security, significantly outperforming current methods.

4. Authenticity and Integrity: The encryption ensures the authenticity and integrity of video communications, making it difficult for malicious actors to create convincing deepfakes.

This approach is particularly effective in sensitive sectors like defense, government, and military operations, where the authenticity of video communications is crucial.

Japan Airlines Faces Cyberattack Disrupting More Than 20 Domestic Flights

Japan Airlines faced a cyberattack that disrupted more than 20 domestic flights. The attack, which occurred on December 26, 2024, was identified as a denial-of-service (DDoS) attack designed to overwhelm the airline's network with massive data transmissions. Ticket sales for same-day flights were temporarily suspended.

Fortunately, the airline managed to halt the attack and restore its systems within hours, ensuring that flight safety was not compromised.

The cyberattack disrupted both internal and external systems, leading to delays of over 30 minutes for 24 domestic flights. Despite the disruption, Japan Airlines confirmed that no customer data was compromised. The incident highlights the ongoing challenges and vulnerabilities in cybersecurity, especially as Japan strengthens its defense strategies and collaborations with international partners.

Japan Airlines took immediate action by shutting down the affected router to prevent further damage. Systems were restored later in the day, and flights resumed normally by December 27.

This incident is a stark reminder of the importance of robust cybersecurity measures in today's digital age.

In the past year, Japan has experienced several high-profile cyberattacks.To recall, in June 2024 Japanese space agency, JAXA, reported a series of cyberattacks since 2023. Although no critical data related to rockets, satellites, or defense systems was compromised, the agency took steps to bolster its cybersecurity measures.

Last year, a cyberattack paralyzed operations at a container terminal in Nagoya city of Japan, for three days. This incident highlighted the vulnerabilities in Japan's digital infrastructure.

In 2018, Cathay Pacific Airways of America suffered a data breach that compromised the personal data of 9.4 million customers, including credit card information and passport details. The breach continued until May 2020.

These incidents underscore the urgent need for enhanced cybersecurity measures in the aviation industry to protect operations, passenger safety, and organizational reputation.

Indian Govt Issues Advisory Warning on AI Generated Deepfake Threats

India's national nodal agency for responding to computer security incidents in the country, the Indian Computer Emergency Response Team (CERT-In), has recently issued an advisory warning about the rising threats posed by Al-generated deepfakes.

Deepfake technology, which involves the use of artificial intelligence (AI) to create highly realistic and convincing fake videos, images, and audio, is becoming increasingly sophisticated. This technology poses significant risks, including the potential for disinformation, fraud, and social engineering attacks.

The advisory highlights risks such as misinformation, financial fraud, and privacy violations, and provides guidance for individuals and organizations to detect and counter these threats.

Here are some key points from the advisory:

1. Verify Sources: Ensure digital content is from reliable sources before sharing or acting on it.

2. Look for Anomalies: Identify signs such as unnatural blinking, mismatched lip-sync, inconsistent lighting, or distorted visuals.

3. Cross-Reference Information: Confirm the accuracy of content through multiple trusted sources

4. Limit Personal Data: Avoid sharing high-resolution images or videos online.

5. Use Multi-Factor Authentication (MFA): Secure accounts with MFA to reduce risks of hacking.

6. Monitor Public Channels: Keep track of potential deepfake content targeting your Organization.

7. Adopt Secure Communication: Use encrypted channels for sensitive discussions to prevent interception.

The advisory also urges organizations to strengthen detection tools, monitor public channels, and enhance digital forensics capabilities.

The advisory, with original issued date of 27 November 2024, serves as a critical resource for identifying, assessing, and mitigating the threats posed by synthetic media.

It's crucial to stay informed and vigilant about these threats.

US Govt's CISA Issues Guidance for Cisco Devices Frequently Targeted by China-affiliated Threat Actors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued specific guidance for network engineers and defenders to patch and secure Cisco network devices in response to the Salt Typhoon cyber-espionage campaign linked to the People's Republic of China (PRC). 

Cisco gear has been frequently targeted by PRC-affiliated threat actors, says the CISA guidance, which is developed in collaboration with other cybersecurity agencies from Australia, Canada, and New Zealand.

The guidance titled "Enhanced Visibility and Hardening Guidance for Communications Infrastructure" is a joint publication by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate's Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand's National Cyber Security Centre (NCSC-NZ).

The guide aims to provide best practices for network engineers and defenders to strengthen visibility and harden network devices against cyber threats, particularly those affiliated with the People's Republic of China (PRC).

CISA has provided Cisco-specific advice, including patching vulnerable devices and following best practices outlined in Cisco's IOS XE Hardening Guide and Guide to Securing NX-OS Software Devices.

Enhancing visibility means having detailed insight into network traffic, user activity, and data flow, which helps in quickly identifying threats and vulnerabilities. Hardening involves implementing measures to secure network devices and reduce potential entry points for cyber threats.

Scope of Attacks: The attacks compromised networks of eight telecommunications providers, exfiltrating customer call records and compromising private communications.

The guide includes recommendations such as patching vulnerable devices, monitoring configuration changes, and implementing strong network flow monitoring solutions.

Enhanced Visibility and Hardening Guidance

Patch Vulnerabilities: Ensure all network devices, including routers, switches, and firewalls, are up-to-date with the latest security patches.

Monitor Configuration Changes: Implement comprehensive alerting mechanisms to detect unauthorized changes to network devices. Store configurations centrally and push them to devices.

Network Flow Monitoring: Implement a strong network flow monitoring solution to gain visibility into network traffic and detect anomalies.

Strong Authentication: Use strong passwords and implement two-factor authentication (2FA) to enhance security

End-to-End Encryption: Adopt end-to-end encryption for communications to protect data from interception.

Regular Audits: Conduct regular security audits and penetration tests to identify and address vulnerabilities.

Implementation Steps

Update Systems: Regularly update all network devices and software to the latest versions.

Implement Monitoring Tools: Deploy network monitoring tools to track traffic and detect unusual activities.

Centralize Configurations: Store device configurations centrally and push updates to devices to prevent unauthorized changes.

Enable Alerts: Set up alerts for any configuration changes or unusual activities on network devices.

Use Strong Passwords: Enforce the use of strong, unique passwords for all network devices and accounts.

Implement 2FA: Enable two-factor authentication for accessing critical network devices and systems.

Encrypt Communications: Ensure that all sensitive communications are encrypted end-to-end.

Conduct Audits: Perform regular security audits and penetration tests to identify and fix vulnerabilities.

By following these recommendations, telecommunications providers can significantly enhance their network security and protect against sophisticated cyber-espionage campaigns like Salt Typhoon.

Began in 2022, Salt Typhoon has targeted at least eight U.S. telecommunications providers, including major companies like AT&T, Verizon, and Lumen Technologies. The malicious campaign has also affected telecommunications infrastructure in other countries, highlighting the global nature of cybersecurity threats.

Deloitte UK Reportedly Cyberattacked for 1 TB of Sensitive Data by Ransomware Group

The Brain Cipher Ransomware group has reportedly claimed responsibility for a significant cyberattack on Deloitte UK, alleging that they have exfiltrated over 1 terabyte of data. This breach, if confirmed, could have serious implications for Deloitte's clients and its professional reputation.

However, Deloitte has not confirmed the breach, leaving the claim unverified.

The group claims to have accessed and stolen over 1 terabyte of compressed data, including sensitive client information and internal documents.

According to statements posted by Brain Cipher, the attack has exposed critical vulnerabilities in Deloitte UK’s cybersecurity infrastructure. “Soon we will tell you about this incident. We will provide an example of data that has leaked. The volume of compressed data more than 1tb".

The group has criticized Deloitte for not observing basic information security protocols. "Unfortunately, giant companies do not always do their job well,” the hackers claim.

Brain Cipher emerged in June 2024 and has quickly gained notoriety for targeting high-profile organizations.

Brain Cipher has set a deadline of December 15, 2024, for Deloitte to respond, after which they threaten to release the stolen data.

The impact of this breach could be severe when it comes to client data exposure. Potential exposure of sensitive client information, including financial records, could be affected. Reputational Damage of the "big four" firm is also at stake. As one of the world's leading professional services firms, Deloitte's stature is at stake as it is raising serious concerns about data protection practices.

The breach, if confirmed, could disrupt operations for Deloitte and its clients, eroding trust and confidence.

Deloitte has yet to confirm the incident publicly. This situation underscores the critical need for robust cybersecurity measures in today's digital landscape.

IBM Introduces New Generative AI-Powered Cybersecurity Assistant

IBM has introduced a new generative AI-powered Cybersecurity Assistant designed to enhance its Threat Detection and Response Services. This assistant, built on IBM's watsonx data and AI platform, aims to accelerate and improve the identification, investigation, and response to critical security threats.

The AI-powered cybersecurity assistant from IBM operates through a combination of advanced AI techniques and integration with existing security infrastructure.

The assistant integrates with various data sources, including Security Information and Event Management (SIEM) systems, network telemetry, Endpoint Detection and Response (EDR) tools, and vulnerability management systems. This allows it to gather comprehensive data on potential threats.

When a potential threat is detected, the assistant can automatically initiate an investigation. It performs tasks such as historical correlation analysis, cross-referencing with known threat intelligence, and assessing the severity and impact of the threat.

Key features

Accelerated Threat Investigations: By leveraging historical correlation analysis, the assistant can speed up complex threat investigations.

The assistant will also auto-recommend actions based on the historical patterns of analyzed activity and pre-set confidence levels, speeding response times for clients and helping to reduce attackers' dwell time.

Enhanced Insights: It cross-correlates alerts and enhances insights from various sources like SIEM, network, EDR, and vulnerability telemetry.

The conversational feature can automatically trigger relevant actions, including running queries, pulling logs, command explanations or enriching threat intelligence.

Operational Efficiency: The assistant helps reduce manual investigations and operational tasks, allowing security analysts to respond more proactively and precisely.

The assistant automates many routine tasks, such as data collection and initial analysis, freeing up security analysts to focus on more complex and strategic activities. This impoves overall operational efficiency and response times.

This development is part of IBM's broader strategy to integrate AI and automation into its cybersecurity services, aiming to improve overall security posture for clients.

TCS Inks 3-Year Contract to Strengthen It Infrastructure and Cybersecurity of Follett Higher Education

Tata Consultancy Services (TCS) (BSE: 532540, NSE: TCS), a global leader in IT services, consulting, and business solutions, has signed a three-year contract to strengthen information technology infrastructure and cybersecurity services for Follett Higher Education, North America’s leading college store operator. By deploying trademark platforms and solutions, such as TCS CognixTM and Cloud Exponence, TCS will create an enhanced IT infrastructure that better supports Follett’s innovative academic and retail experiences for colleges and universities across the US and Canada.

Follett operates more than 1,000 college stores across North America and is committed to supporting the academic journey by offering students the course materials, technology, supplies, and school-branded merchandise they need to succeed. To support this mission, Follett tapped TCS to enhance its existing IT infrastructure. This contract marks a significant expansion of the decade-long partnership between the two companies.

TCS will strengthen Follett’s technology operations by adopting its signature Machine First™ delivery approach, coupled with its proprietary accelerators like TCS Cognix™, an AI-driven human-machine collaboration suite that provides pre-built, cloud-based modules leveraging AI, machine learning, and intelligent automation. Together, they will automate manual processes and provide an efficient enterprise infrastructure (EIT) management platform with built-in security and regulatory compliances that will predict, prescribe, and remediate performance issues that can impact business operations.

TCS will also use Cloud Exponence, its comprehensive platform that delivers smart managed services in hybrid cloud environments. This will provide a holistic view of Follett’s operations across multiple cloud platforms and make it easier to deliver consistent IT services, optimize usage, and manage costs. With TCS as an extension of Follett, the joint team will leverage the industry-leading ITIL 4 standards and implement best practices for IT service management.

Prasad Keshava, Vice President of Enterprise Infrastructure for Follett Higher Education, said “At Follett, we believe every interaction a student has with us contributes to their potential for success. That’s why our partnership with TCS is crucial, along with a well-structured governance and accountability matrix. Working as a united team, we are eager to build a best-in-class technology backbone so we can make every touchpoint with our customer seamless, scalable, and fit for purpose, well into the future.”

To navigate the increasingly complex threat landscape, Follett will also partner with TCS to enhance cybersecurity and embed added security by design into its operations. TCS will safeguard Follett’s digital estate by managing their Security Operations Center and provide email, network, identity, and access management security services, along with tools to enhance their Governance, Risk and Compliance processes. To improve proactive defense against current and emerging threats, TCS will help Follett gain end-to-end visibility across its entire cybersecurity landscape through the former’s security-as-a-service platform.

Ashish Khurana, Vice President and Head, Retail Americas Business, TCS, said, "Whether it’s at a campus bookstore or online, we are committed to partnering with Follett to delight and support students on their academic journeys. We are excited to deepen our longstanding relationship with Follett. TCS will combine its contextual knowledge with technology to create frictionless experiences in students’ interactions with Follett.”

TCS partners with the top 10 global retailers and many others around the world to build profitable and sustainable businesses and offer immersive, unified, and hyper-personalized omnichannel experiences for their customers. TCS’ deep industry expertise, backed by decades of experience and relevant partnerships in retail, spans across store operations, merchandising, supply chain, marketing, pricing strategies, and business model reinvention. TCS’ extensive portfolio of retail platforms and offerings includes TCS OmniStore™, an AI-powered, unified composable commerce platform, and TCS Optumera™, an AI-powered strategic intelligence platform that enables retailers to make optimized merchandising decisions across the value chain.

Cisco's Firewall is Now AI-driven, Designed to Write Its Own Codes, Test Them in Real-Time

Cisco has recently launched an AI-driven firewall. The network security firm networking said that its firewall is now AI-driven, which autonomously manages and updates itself, aimed at simplifying cyber-defence for its enterprise clients.

The new firewall is designed to write its own codes and test them in real-time within the user's environment. This means it can autonomously manage and update itself, reducing manual oversight. It can deploy the rules across different platforms, including data centers and the cloud.

The AI-powered firewall can also automatically remove rules once it deems them unnecessary.

This was announced by Raj Chopra, Chief Product Officer-Security Business Group, Cisco, at Accel Cybersecurity Summit 2024.

This development comes at a time when enterprises face increasing cyber-attacks globally. Cisco's approach aims to simplify cyber-defense for its enterprise clients, similar to how modern web browsers update automatically in the background. You can think of it as a "never have to upgrade ever again" solution.

Additionally, Cisco has also introduced the Cisco AI Assistant for Security, which leverages AI to speed up firewall management, making it simpler for administrators to identify, troubleshoot, and optimize complex policy environments.

Infosys' US-based Subsidiary Reportedly Faced Data Breach Affecting Over 6 Mn Individuals

IT consulting giant Infosys' U.S.-based subsidiary, McCamish Systems, experienced a significant data breach. Following a November ransomware attack attributed to the LockBit ransomware operation, data from over 6.078 million individuals was compromised reported Security Affairs.

Initially, it was believed that sensitive information on approximately 57,000 people had been stolen. However, further investigation revealed that the threat actors had accessed valuable intel on more than six million individuals.

The stolen data includes a wide range of personal information, such as Social Security Numbers (SSN), birth dates, medical details, biometric data, email addresses, passwords, Driver’s License numbers, state ID numbers, financial account information, payment card details, passport numbers, Tribal ID numbers, and US military ID numbers. This wealth of information could potentially be used for phishing or identity theft attacks.

Infosys McCamish, the center of excellence for Infosys' Life Insurance software solutions and services offerings in the U.S., has been providing software and services to the life insurance industry for over 22 years.

To mitigate the impact, McCamish Systems provided affected individuals with free identity protection and credit monitoring services through Kroll for a period of two years. The incident was initially reported by Bank of America, which identified Infosys McCamish Systems as an outside counsel for the bank.

The specific details of how the breach occurred have not been publicly disclosed. However, ransomware attacks often exploit vulnerabilities in software, weak passwords, or social engineering tactics. In the case of Infosys McCamish Systems, the LockBit ransomware group likely gained unauthorized access to their systems, encrypted data, and demanded a ransom for its release. Organizations typically respond by enhancing security measures, patching vulnerabilities, and improving incident response protocols to prevent future breaches.