Surge in Cyber Security Spending; Focus on Cloud Security & AI
Surge in Cyber Security Spending; Focus on Cloud Security & AI in 2026
Continue ReadingBlogs
Open AI, Quick to Respond on Mixpanel Breach; Security Analytics Tool for Proactive Security
Open AI, Quick to Respond on Mixpanel Breach; Security Analytics Tool for Proactive Security
Continue Reading
AI Cyber-Attack is Lethal, Crafted to Empower Hackers; Calls for Cyber Readiness as Enterprise Security Strategy
Japanese Brewing Giant Asahi, Exposed to Cyber-Attack; CAI Cyber-Attack is Lethal, Crafted to Empower Hackers Calls for Cyber Readiness
Continue Reading
Shai-Hulud’s ‘Second Coming’ npm Malware Infects Popular Developer Packages
Shai-Hulud malware campaign, npm Packages
Continue Reading
Indian Org’s to Hire more Dedicated Cyber security professional says Report ; Role of BISO to Gain Traction
BISO Analytics from Intrucept ‘A Unified platform to map Business risk with Cyber Risk
Continue Reading
The Digital Personal Data Protection Rule of 2025, Aligns India closely with Global Privacy Norms
The Digital Personal Data Protection Rule of 2025, aligns India closely with Global privacy norms
Continue Reading
Critical Infrastructure in Focus as UK Aligns to NIS2; Major changes incorporated in Cyber Security & Resilience Bill
UK unveiled the Cyber Security and Resilience Bill that aligns with NIS2 but with changes to get better clarity on cyberattacks on the UK’s most critical sectors and send actionable advice to cyber defenders. In 2025 alone we have witnessed series of damaging cyber incidents that exposed vulnerabilities in UK’s critical infrastructure, made it worrisome and DSIT study estimated that cyberattacks cost the UK economy about $19.4 billion (£14.7 billion) each year or about 0.5% of the GDP.
The current bill has five major changes which reflects UK’s effort at modernizing the framework originally set out in the NIS Directive. Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring the UK into alignment with its European counterpart, the NIS2 directive.
As UK unveiled the Cyber Security and Resilience Bill, last week it made mandatory for organizations in healthcare, energy, water, transport and digital services to meet required security standards and report significant cyber incidents within 24 hours.
Further the bill has stated that govt. has right to imposing turnover-based penalties and granting ministers emergency powers to intervene during major cyber incidents. In its current form, the bill has fallen out of date and are insufficient to tackle the cyber threats reflected in recent months cyber attacked across verticals in UK and Europe.
Key 5 changes in UK cybersecurity regulation arising from the Bill
1. Data center operators will now fall within scope of the NIS Regulations
At present, the NIS Regulations cover two types of covered entities—”operators of essential services” (“OESs,” including the main types of critical infrastructure, such as energy, transport, and water providers) and “digital service providers” (“DSPs,” specifically cloud computing, online search engines, and online marketplaces).
The Bill will expand the scope of the OES designation to cover providers of data center services that offer a rated IT load of more than 10 megawatts, and are provided “on an enterprise basis.” The Bill’s definition of “data centre service” broadly follows the equivalent definition in NIS2 but is more detailed; in essence, it covers the provision of data center space and supporting infrastructure (e.g., utilities and security infrastructure).
The Bill will also expand the scope of the NIS Regulations to cover:
- “Large load operators” in the electricity sector as OESs; and
- Managed service providers as a new category of operator with similar obligations to DSPs under the existing NIS Regulations.
2. Govt. reserves right to impose more specific security requirements
In present the cybersecurity bill the NIS Regulations require OESs to report to competent authorities any incident that “has a significant impact on the continuity of the essential service which that OES provides” to its competent authorities, taking into account factors such as the number of affected users, the duration of the incident, and the geographical area affected.
The Bill will expand the types of incidents that are reportable, in some cases extending to incidents that have had or are likely to have a “significant impact” in the UK.
In addition, the Bill will impose an obligation on OESs, DSPs, and managed service providers to notify customers that are likely to be “adversely affected” by the incident, taking into account the level of any disruption, any impact on that customer’s data, and any impact on their other systems
3. Supply chain security for OESs will be issued by creating a new category of “critical suppliers”
The cybersecurity Bill would permit competent authorities responsible for overseeing OESs and DSPs to designate—subject to a consultation process—“critical suppliers,” i.e., individuals or organizations that rely on network and information systems to provide goods or services to an OES or DSP, for whom an incident would have the potential to cause disruption to the provision of an essential service that is likely to have a “significant impact on the economy or day-to-day functioning of society” in the UK.
As drafted, the Bill does not impose specific obligations on critical suppliers.
4. Increased fines and enhanced powers for competent authorities
The Bill empowers competent authorities to share information related to incidents among themselves, with law enforcement, with GCHQ, and with OESs, DSPs, managed service providers, and critical suppliers where necessary and may include foreign competent authorities.
The Bill would also amend the NIS Regulations to set out in more detail the powers of competent authorities to demand information from covered providers, carry out inspections and take enforcement action.
5. More empowering role for Govt in UK for cybersecurity regulation in the future
Parts 3 and 4 of the Bill establish a framework for the UK Government to set both the broad strategic direction for competent authorities’ oversight and enforcement of cybersecurity, and to impose more granular obligations on covered providers.
By empowering the bill states that any issue codes of practice, setting out more detail on the measures covered providers could take to comply with their obligations under the NIS Regulations. This also means the Government requires to maintain a statement of its strategic priorities in relation to cybersecurity. This includes a framework for imposing obligations on providers for national security purposes.
The cyber security bill in alignment to NIS2 if enacted, it will represent the most comprehensive update to the UK’s cybersecurity legal framework in years, with far-reaching implications for businesses operating in the UK market. The current cybersecurity landscape and cyber threat increases the bill’s significance to national security and the UK government’s stated priority, it is likely to receive expedited consideration.
Key provisions the cyber security bill has adapted keeping the scope of work for managed service providers, incident reporting and regulated entities
The Bill would expand the scope of the UK NIS to cover certain managed service providers and critical suppliers and the scope of covered operators of essential services (OESs) to include data center operators and load control providers. The Bill would create a new classification of “managed service providers,” with specific obligations (e.g., registration requirements) for “relevant managed service providers” (RMSPs).
The Bill would also create a category of “critical suppliers.” Regulatory authorities would designate critical suppliers under certain circumstances, specifically where an entity uses network or information systems to supply goods or services to an OES and an incident disrupting the entity could significantly impact the UK.
The Bill would both expand existing OES incident reporting requirements and create separate regulatory and customer notice obligations for data center operators, relevant digital service providers (RDSPs) and RMSPs.
The Bill would require that after an OES incident, the OES notify not only the relevant sectoral regulator but also the NCSC. The scope of reportable OES incidents would be broadened to include those that affect the operation or security of the IT systems relied on to provide the essential service.
Separately the Bill would add a subsector for “data infrastructure” that includes certain data center operators. These data center operators would be subject to unique reporting requirements. The Bill would also add “large load controllers” to the existing electricity subsector. This includes electrical load controllers with potential electrical control of at least 300 MW.
Conclusion:
Many of these concepts align, at least in part, with the EU NIS 2. NIS 2 also regulates managed service providers, critical entities and data centers, although it lacks a category specifically for large load control services.
Growing cyber attacks in recent months that incurred losses for organization’s like Marks & Spenser, Jaguar Land rover which cost millions to recover from losses, the corporates have welcomed the move to strengthen legislation and regulatory powers to help drive up the level of defense and resilience across critical national infrastructure.
The UK government’s planned National Cyber Strategy refresh will articulate a vision – and agreed collective action in partnership with businesses, devolved governments, regulators.
The new bill will secure UK more against cyber threats and lower disruption rates to local services and businesses including faster response against emerging threats.
(Sources: UK cybersecurity bill brings tougher rules for critical infrastructure | CSO Online)
Encryption: A Foundation for Organizational Security Against Threats
Encryption is often taken as last line of defense and organizations are using encryption to secure their data. Understanding and adopting the latest encryption technologies is crucial for keeping data secure. In current scenario when attackers are equally lazed with latest technologies, companies can strengthen their cybersecurity strategies and continue to adapt encryption as last line of their defense. When organizations enhance their encryption practices today, they can protect their digital assets for the future.
As cyber attacks are evolving so as encryption advances. Now numerous key developments will shape the future of cybersecurity. Once inside the network, cyber criminals can easily view and steal sensitive data. If that data is encrypted, they have no way of accessing it without a decryption key, saving the data from being compromised.
For example, the continuous evolution of quantum computing presents challenges and opportunities for encryption. Quantum-resistant algorithms must increase in speed to enhance security against quantum attacks.
The FinWise Data Breach a Stark Example
On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and leaked sensitive personal information belonging to 689,000 customers of American First Finance (AFF). Even more alarming, this unauthorized access went undetected for more than a year before being discovered by the bank on June 18, 2025.
The FinWise Data breach revealed lapses like time gap between the initial breach and its discovery. The Bank came to understand about the incident and notified affected customers in June 2025 which was over a year after the breach occurred. This was a huge time gap and lawsuits allege that the stolen data may not have been adequately encrypted and secured, causing public criticism and concern.
Security experts emphasize that a well-designed information protection framework must not only encrypt critical financial data but also proactively detect and prevent abnormal access attempts.
Quantum computing & Encryption
Organizations who relies on encryption to keep its critical business communications and data safe are secure now. But as per RAND, experts expect quantum computers capable of breaking today’s encryption standards to arrive by the 2030sOpens a new window .
In the latest updates The Federal Trade Commission (FTC) has sent letters to major tech companies in the United States, urging them to resist foreign governments’ demands to weaken encryption.
The letters were sent by FTC Chairman Andrew Ferguson to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X.
Traditional encryption relies on math problems that would take classical computers centuries to solve. RSA encryption, which protects much of today’s internet traffic, works because factoring massive numbers is impossibly hard for regular computers. But tomorrow’s computers will make quick work of it. According to the MIT Technology Review, researchers have shown that a quantum computer with 20 million noisy qubits could crack RSA-2048 in just 8 hoursOpens a new window .
The question is Encryption alone is sufficient to protect data
As per researchers Encryption alone is no longer sufficient to protect privacy in LLM interactions, as metadata patterns can be exploited to infer sensitive subjects and corporate intent. Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to the underlying text.
The discovery highlights a growing blind spot in AI security where encryption alone no longer guarantees privacy in model interactions.
What we must know about Whisper Leak the side channel attack
Whisper Leak exploits often exploits a side channel in network communication rather than a flaw in encryption itself. LLM services generate responses step by step, by producing one token at a time instead of the entire response at once. Also, the communications with AI-powered chatbots are often encrypted with HPPS over TLS (HTTPS), ensuring the authenticity of the server and security through encryption.
A side channel attack breaks cryptography by using information leaked by cryptography, such as monitoring the electromagnetic field (EMF) radiation emitted by a computer screen to view information before it’s encrypted in a van Eck phreaking attack, aka Transient Electromagnetic Pulse Emanation STandard (TEMPEST).
Encryption the last line in defense & Helps Orgs Embrace GDPR
If sensitive information is no longer required, the best way to protect it is to delete it. However, when files are deleted from a hard drive they leave traces that can be reconstructed by thieves and hackers. By encrypting the files before deletion, the remnants that remain on the drive will remain encrypted and remain inaccessible should they be reconstructed. In this way, encryption protects your privacy, even when the files are gone.
Companies should, therefore, ensure that all devices leaving the workplace are encrypted. Most phones have a native encryption option that can be easily activated, while laptops can have either their hard drives or sensitive data encrypted depending on the tools an organization wants to use.
Nowadays data protection is no longer an option. Companies can’t ignore the problem and hope they won’t be targeted by malicious threat actors.
GDPR itself recommends encryption as an effective tool for data protection as do data protection standards such as the CIS Controls which advocate a data security strategy based on a combination of encryption, integrity protection and data loss prevention techniques.
At the end Encryption ensures that, whether these devices are lost, stolen or forgotten, the data on them is useless to anyone who tries to access it without a decryption key.
(Source: https://www.bleepingcomputer.com/news/security/finwise-data-breach-shows-why-encryption-is-your-last-defense/)
Sources: https://www.csoonline.com/
AI Surge in CyberSecurity Redefining Threat & Defense; Reshaping Software Development & Security
Currently enterprise Cyber Security strategy with AI has become a game changer, reshaping is critical for both threat and defense. Embracing Gen AI for a robust defensive system empowers organizations to analyze vast amount of data is key requirement for enterprise security where software development is key to enterprise security , embracing ‘security by design’.
In 2024-2025, we have witnessed how mainstream enterprise deployment of AI has changed the strategic cyber security requirement. Thereby creating a strong defense mechanism around enterprise security, redefining the threat landscape and shaping software development.
AI is changing the way we look at products being a risk multiplier. How organization balancing innovation with protection?
AI can track and break commonly used passwords within minutes. So this is scary as more powers are in the hands of hackers, on the other side AI can improve password security again a boon. The Dark Web is already selling Fraud GPT and Worm GPT.
For Organizational cyber security strategy AI is being used now to tackle threats and cyber defense. Again AI has the capability to accelerate the speed of cyber attacks.
So what are leaders deciding when chasing AI based products. The way leaders are looking at products is products that give practical and actionable outlook and being embedded in delivery workflows.
Strategically, this means evolving away from rigid, checkbox-based compliance toward dynamic, adaptive security models that reflect how modern teams really build software—especially in AI-accelerated environments.
As per statistics 2025 witnessed the following AI based cyber attacks.16% of all breaches in 2025 involved attackers using AI. (IBM),and other AI attacks included 37% used phishing attacks and 35% used deepfake attacks. (IBM). 63% of breached organizations had no AI governance policy or were still developing one, highlighting the governance gap around AI adoption (IBM).
OpenText has released their survey and the report entails, AI is rapidly changing the threat landscape for organizations . Organizations are navigating a high-stake balancing act to enable innovation while managing risk.
Here are the key findings
Top AI-related concerns among respondents include data leakage (29%), AI-enabled attacks (27%), and deepfakes (16%).
95% of respondents are confident in their ability to recover from a ransomware attack, but only 15% of those attacked fully recovered their data.
88% allow employees to use GenAI tools, yet less than half (48%) have a formal AI use policy.
Enterprises lead AI governance (52%) compared to SMBs (43%) by having a formal AI policy in place.
52% report increased phishing or ransomware due to AI; 44% have seen deepfake-style impersonation attempts.
Surge in AI Threats via sophisticated attacks
One of the reasons cited by threat researchers is organizations are embracing GenAI, allowing employees to use generative AI tools and few less then 50% have a formal AI-use or data privacy policy in place, the report noted.
This is added with hackers innovative way in tricking using AI, bypassing any defense mechanism which is traditional.
AI tools are now being used to create such convincing phishing emails, fake websites and even deepfake videos to injecting malicious code giving leverage to cyber criminals
In the last few months we witnessed how Ransomware attacks round the world surged and quite complex in nature as third-party service providers or software supply chains were prime targets. The Qantas airline breach and M&S data beach that hit UK’s top retail brand.
While Qantas did not to Information Age whether AI voice deepfakes were used in the breach, the cybercrime group experts believe may be linked to the hack — dubbed ‘Scattered Spider’ — has a track record of using voice-based phishing (or ‘vishing’) in its attacks. This is clear AI being used and surge is quite high in AI based cyber attacks.
AI for Cyber Defense for Organizational Cyber Security Strategy
It is not hackers who are benefiting but for Organizations it is a game changer as AI being used to detect attack at faster pace meaning mean time.
Findings of this survey reinforces that protecting against ransomware now depends not just on internal defenses, but also on how effectively organizations’, partners, and technology providers collaborate to close security gaps before they are exploited.
Key pointer for building pragmatic and strategic choices and this approach starts with embracing security by design approach in developmental life cycle.
- Continuously Embedding security in developer workflows keeping automating, scanning, policy enforcement and anomaly detection in tools used by developers.
- Cybersecurity AI tools are better at identifying patterns and anomalies in large datasets including vulnerabilities. teams have to highly prioritize and contextualize them in term of developing products.
- Supposedly there is an attack and the security tools not able to detect. So continuous testing is mandatory.
- Developers can favor simple solutions that favors pragmatic security patterns and transparency in architecture. In this way trust is developed with clients.
Few important developers keep in focus is to sponsor bug bounties, publish advisories using standards like the Common Security Advisory Framework (CSAF) and provide context on severity and exploitability.
Threat researcher suggest organizations who are building in products accept all vulnerability reports, investigate them, and fix the issues. Any critically important advisory to be used for root cause analysis to improve tools, training and various threat models. Developers are suggested to give feedback for external tools if they help them evolve. Understanding no software can ever be perfect.
Offerings from IntruceptLabs are exactly what you need to develop organizational cyber defense capabilities
Intru360
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst. Unify latest threat intelligence and security technologies to prioritize the threats that pose the greatest risk to your company.
Here are some features we offer:
- Over 400 third-party and cloud integrations.
- More than 1,100 preconfigured correlation rules.
- Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
- Prebuilt playbooks and automated response capabilities.
(Sources: https://www.mckinsey.com/about-us/new-at-mckinsey-blog/ai-is-the-greatest-threat-and-defense-in-cybersecurity-today)
Sources: https://investors.opentext.com/press-releases/press-releases-details/2025/OpenText-Cybersecurity-2025-Global-Ransomware-Survey-Rising-Confidence-Meets-a-Growing-AI-Threat/default.aspx)
Critical React Native CLI Vulnerability Enables OS Command Injection
Summary: React Native is an open source framework maintained by Meta . A critical remote code execution vulnerability in the @react-native-community/cli package, a core toolset used by React Native developers. The flaw allows unauthenticated remote attackers to execute arbitrary OS commands on machines running the React Native Metro development server.
| Severity | Critical |
| CVSS Score | 9.8 |
| CVEs | CVE-2025-11953 |
| POC Available | Yes |
| Actively Exploited | No |
| Advisory Version | 1.0 |
Overview
A critical remote code execution vulnerability in the @react-native-community/cli package, a core toolset used by React Native developers. The flaw allows unauthenticated remote attackers to execute arbitrary OS commands on machines running the React Native Metro development server.
The vulnerability comes from unsafe input handling in the /open-url endpoint using the insecure open() function, and a React Native CLI flaw that exposes the server to remote code execution. Immediate updates and mitigations are recommended for all using the affected package versions.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| OS Command Injection | CVE-2025-11953 | @react-native-community/cli @react-native-community/cli-server-api | Critical | @react-native-community/cli-server-api versions 4.8.0 through 20.0.0-alpha.2 |
Technical Summary
The Metro development server’s /open-url HTTP POST endpoint unsafely passes unsanitized user input (url field) as an argument to the open() function from the open NPM package which leads to OS command injection.
On Windows, the vulnerability allows arbitrary shell command execution with full control over parameters via cmd /c start command invocation. On macOS/Linux, arbitrary executables can be launched with limited parameter control. Further exploitation may lead to full RCE, but not confirmed yet. The server binds to all interfaces by default (0.0.0.0), exposing the endpoint externally to unauthenticated network attackers.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-11953 | Development Server’s /open-url Endpoint | The React Native CLI’s Metro server binds to external interfaces by default and exposes a command injection flaw, letting remote attackers send POST requests to run arbitrary executables or shell commands on Windows. | Remote OS Command Injection |
Recommendations
- Update to @react-native-community/cli-server-api version 20.0.0 or later immediately.
If upgrading is not possible,
- Restrict the Metro server to localhost by adding the flag: –host 127.0.0.1 when starting the server.
- Integrate static and dynamic code analysis tools in development pipelines to detect injection risks early.
How these kind of security flaw can cause damage?
This vulnerability poses a critical threat to React Native developers using the Metro development server due to unauthenticated RCE via network exposure. For any unauthenticated network attacker this is privilege they can weaponize the flaw and send a specially crafted POST request to the server. Then run arbitrary commands.
The attack takes a different turn when it comes to Windows and the exploitation is severe. The attackers can also execute arbitrary shell commands with fully controlled arguments, while on Linux and macOS, it can be widely used to execute arbitrary binaries with limited parameter control.
The vulnerable endpoint, /open-stack-frame, is designed to help developers open a file in their editor at a specific line number when debugging errors. This endpoint accepts POST requests with parameters such as file and lineNumber.
The incident highlight requirement for more rigorous input validation and secure-by-default configurations in developer environments.
What should organizations looks for while selecting a comprehensive tools that can provide thorough combing across their IT environment, networks, applications and cloud infrastructure.
Detecting vulnerabilities, misconfigurations with GaarudNode from Intruceptlabs makes it a go to scanner
- GaarudNode excels at detecting vulnerabilities, misconfigurations, and compliance issues across a wide range of systems and applications.
- Provides a comprehensive security framework that ensures your applications are built, tested, and deployed with confidence.
- Any Application security tools are designed to identify a wide range of vulnerabilities across different stages of the software development lifecycle and other types of security issues.
- GaarudNode can be used for intrusion detection, making it a flexible tool for cybersecurity professionals on a budget.
- Prompt patching and secure server binding are essential to mitigate this type of risk. There is no current evidence of active exploitation, but the ease of exploitation makes this a high priority vulnerability to fix. Continuous, real-time monitoring of vulnerabilities is necessary to stay ahead of threats.
References:
Recent Comments