By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
In India, 2.91 lakh BWSSB user records were leaked on the dark web, while Proton Mail faced a nationwide block over deepfake-related abuse. France formally blamed Russia’s GRU for sustained cyber-espionage. Google reported a drop in zero-day exploits but warned of rising attacks on security software.
Apple’s AirPlay was found vulnerable to “AirBorne” malware spread, and a ransomware strike paralyzed DuPage County’s court systems. Together, these incidents highlight growing risks in digital infrastructure, national security, and consumer tech—demanding urgent cybersecurity reinforcements globally.
BWSSB Breach: Data of 2.91 Lakh Citizens Leaked, Sold on Dark Web
A massive data breach at the Bangalore Water Supply and Sewerage Board (BWSSB) has exposed the personal records of nearly 2.91 lakh users, Bengaluru-based CloudSEK reported. Hackers exploited a vulnerability in BWSSB’s water connection application portal, leaking Aadhaar, PAN, contact details, and payment histories.
The stolen data appeared on the dark web’s BreachForum, offered by a user named “pirates_gold” for $500. The seller’s eagerness to offload the trove hints at urgency or fear of exposure. The breach raises questions over public sector cyber hygiene amid growing threats to citizen data.
France Points Finger at Russia’s GRU for Targeted Cyber Espionage
France’s foreign ministry formally accused Russia’s GRU military intelligence unit APT28 of orchestrating cyberattacks on government and defense-linked entities since 2021. The Kremlin-backed hackers, operating from Rostov-on-Don, allegedly targeted French ministries, arms manufacturers, and think tanks in a destabilization effort.
While Western nations have previously blamed Russian groups, this marks the first direct attribution from Paris based on its domestic intelligence. The cyber campaign underscores a growing pattern of geopolitical aggression extending into digital territory, as Europe shores up defenses against state-sponsored interference.
Google: Fewer Zero-Days in 2024, But Hackers Shift Focus
Google’s latest zero-day vulnerability report logged 75 in-the-wild exploits in 2024—down from 98 last year—but warned of a shift in attack patterns. While fewer bugs were exploited, attackers increasingly targeted security software and enterprise appliances over traditional platforms like browsers and mobile OS.
Espionage remains the top motivation. Google credited tech firms’ enhanced security for pushing hackers into more complex territories. The report split vulnerabilities between end-user platforms and backend tools, emphasizing the need for deeper resilience across enterprise and infrastructure-level software.
Karnataka High Court Orders Nationwide Ban on Proton Mail
India has blocked access to encrypted email provider Proton Mail following a Karnataka High Court order dated April 29. The ruling follows a complaint by M Moser Design Associates India, which cited emails containing vulgar AI-generated content and deepfake images. The platform, popular for privacy-first communications, has previously faced scrutiny in India over its misuse in hoax bomb threats.
While Proton Mail opposes illegal activity and adheres to Swiss law, this legal move revives debates on privacy, accountability, and the balance between digital freedom and law enforcement.
“AirBorne” Bugs in Apple AirPlay Could Infect Entire Networks
Cybersecurity firm Oligo revealed a set of critical flaws in Apple’s AirPlay protocol and SDK, dubbing the threat “AirBorne.” Two vulnerabilities are classified as “wormable,” enabling malware to spread across devices connected to the same local network. An attacker must first gain access to the same network, but once in, could hijack AirPlay-enabled devices and infect others.
While Apple has yet to issue public patches, experts are warning users to isolate susceptible devices and update firmware as soon as fixes roll out. The incident underscores hidden risks in smart home ecosystems.
Ransomware Hits DuPage County Courthouse Systems, FBI Notified
A ransomware attack crippled multiple IT systems at Illinois’ DuPage County, affecting the sheriff’s office, courthouse, and circuit clerk’s operations. Officials confirmed that jail functions remain unaffected and that in-person court sessions will continue. The county has involved the FBI and Secret Service as investigations continue.
Authorities are working to assess the damage and restore systems while maintaining judicial continuity. The attack reflects the rising trend of ransomware groups targeting government and legal infrastructure, often with the dual goal of disruption and ransom extortion.
