Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data is the new currency of the digital world — and with that comes responsibility. The DPDP Act India (Digital Personal Data Protection Act), passed in 2023, is a landmark regulation designed to ensure accountability, transparency, and protection of personal data. For Chief Information Security Officers (CISOs) and compliance leaders, this law is not just another checkbox exercise — it’s a strategic mandate shaping how businesses operate in 2025.

In my ongoing monitoring of cyber threats in South Asia, I’ve encountered a series of advanced persistent threat (APT) activities. This region has long been a hotspot for sophisticated cyberattacks, with various groups ramping up their operations in terms of frequency and technical complexity. Starting from early July, I’ve captured multiple new malware samples targeting both Windows and Linux platforms.

Buying a business can feel like stepping into a new world of opportunity — more revenue, a stronger market presence, and a ready customer base. But in today’s landscape, every new business also comes with something unseen: inherited cyber risks. From customer records to cloud software and connected devices, digital operations now sit at the heart of almost every business.

Jingle Thief gift card fraud is a reminder that attackers don’t always need zero-day bugs or exotic malware to make millions — they need credentials and patience. In 2024–2025, security teams observed a financially motivated cluster (tracked by defenders as “Jingle Thief” / CL‑CRI‑1032) that focused on phishing and identity misuse to quietly harvest access to cloud platforms, then abuse gift-card issuance workflows at scale.

In one of the UK’s most significant cybersecurity incidents of 2023, Capita, a major outsourcing and professional services provider, was fined £14 million by the Information Commissioner’s Office (ICO). The penalty came after a massive data breach compromised the personal information of 6.6 million individuals, revealing systemic gaps in access control, threat detection, and incident response.

In a hyperconnected era where everything from classes to finances happens online, students face increasing exposure to cyber risks. From identity theft to ransomware attacks, digital threats are evolving faster than ever. That’s why cybersecurity training for students is no longer optional — it’s essential. Much like learning financial literacy or time management, understanding digital safety is a life skill that protects not just your data, but your future.

Modern cybersecurity can no longer rely solely on penetration testing. While pen tests remain vital for spotting technical vulnerabilities, they capture only a moment in time. True cyber resilience requires organizations to test how well their people, processes, and technology perform under real-world pressure. At Foresiet, we’ve seen that resilience comes from continuous practice — from crisis simulations to recovery rehearsals — not just from patching systems.

In late 2025, a critical pre-authentication remote-code-execution vulnerability (tracked as CVE-2025-61882) in Oracle E-Business Suite (EBS)— specifically the Concurrent Processing / BI-Publisher integration — was exploited in a large-scale extortion/data-theft campaign attributed to the Cl0p/Clop extortion cluster. Attackers abused the flaw to run attacker-controlled XSLT/Java payloads, gain remote code execution on EBS application servers, and exfiltrate sensitive data for extortion.

A critical CVE-2025-61882 Oracle E-Business Suite vulnerability is under active exploitation by the Cl0p ransomware group. This unauthenticated remote-code-execution (RCE) vulnerability — CVE-2025-61882 — in Oracle E-Business Suite (EBS) was patched by Oracle in October 2025 and is being actively exploited in the wild. Multiple security vendors attribute attacks to Cl0p/associated ransomware extortion campaigns and Oracle has published an emergency Security Alert.

Researchers at Foresiet are actively investigating a major data leak targeting Red Hat, following claims made by Scattered LAPSUS$ Hunters, who have reportedly joined forces with the Crimson Collective, following claims made by the Scattered LAPSUS$ Hunters, who have reportedly teamed up with the Crimson Collective.