By Ashwani Mishra, Editor-Technology, 63SATS
India faces staggering cyber losses of ₹20,000 crore in 2025, with brand abuse driving major financial fraud. Meanwhile, attackers are exploiting both newly disclosed and decades-old vulnerabilities, accelerating breaches within hours. Poland’s Space Agency suffered a cyberattack amid geopolitical tensions, while Indian stockbroker Angel One reported an AWS breach, rattling investors.
Automation giant Zapier exposed customer data due to mismanaged debugging files. Microsoft is pursuing legal action against a global cybercrime network manipulating AI to create explicit celebrity deepfakes. As cyber risks surge, businesses must reinforce defenses against evolving threats.
India’s Cyber Losses to Cross ₹20,000 Crore in 2025
India is expected to suffer cybercrime-related financial losses exceeding ₹20,000 crore this year, according to CloudSEK. Their study, based on data from 200 firms, 5,000 domain takedowns, and 16,000 brand abuse cases, highlights a worrying trend.
A significant ₹9,000 crore loss stems from brand impersonation, which accounts for nearly one-third of all cyber frauds. The report underscores the urgent need for businesses to strengthen digital defenses as brand abuse plays a role in 70% of high-value cyber scams targeting Indian enterprises.
Hackers Exploit Decades-Old Bugs, Attack Faster Than Ever
Cybercriminals are actively exploiting both newly disclosed vulnerabilities and long-forgotten security flaws, some dating back to the 1990s. GreyNoise’s 2025 Mass Internet Exploitation Report found that 40% of vulnerabilities targeted in 2024 were from 2020 or earlier. Attackers are also accelerating their exploitation speed, sometimes breaching systems within hours of vulnerability disclosure.
The study also notes that ransomware groups accounted for 28% of vulnerabilities exploited before they were flagged by CISA’s KEV catalog. Organizations must adopt rapid patching strategies to counter these growing threats.
Polish Space Agency Hit by Cyberattack
Poland’s Space Agency (POLSA) fell victim to an unauthorized cyber intrusion, prompting authorities to secure compromised systems and launch an investigation. Minister for Digitalization Krzysztof Gawkowski confirmed the breach, stating that aggressive efforts are underway to trace the perpetrators.
Poland has frequently accused Russia of cyber warfare tactics aimed at destabilizing the nation, particularly due to its role in supporting Ukraine. While no official attribution has been made, the attack raises concerns over critical infrastructure security in geopolitical conflicts.
Indian Stock Broker Angel One Suffers AWS Breach
Angel One, a major Indian stockbroker, reported a security incident involving compromised Amazon Web Services (AWS) resources. The company assured investors that client funds, securities, and credentials remain unaffected.
Angel One has engaged external forensic experts to assess the breach’s impact. As financial firms increasingly rely on cloud services, this incident underscores the importance of stringent cloud security protocols to prevent unauthorized access.
Zapier Security Breach Exposes Customer Data
Automation platform Zapier revealed that an unauthorized actor accessed its code repositories, potentially exposing customer data. The breach occurred when sensitive information was unintentionally copied into debugging files.
While Zapier asserts that its databases, authentication systems, and infrastructure were not affected, the incident highlights risks associated with improper data handling. With Zapier integrating with thousands of business applications, any compromise raises concerns about downstream impacts on users who rely on the platform for workflow automation.
Microsoft Sues Over AI Deepfake Network
Microsoft has identified six developers—four foreign and two U.S.-based—behind a scheme that manipulated AI models to create explicit deepfake content featuring celebrities. The illicit tools were built using unauthorized access to Microsoft’s Azure OpenAI services and later resold.
Microsoft’s lawsuit, filed in Virginia, is part of a broader crackdown on AI misuse. The group, tracked as Storm-2139, is linked to a global cybercrime network. As deepfake threats escalate, tech companies face increasing pressure to prevent AI abuse while preserving ethical innovation.
