The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. 

Rather than relying on one-off intrusions, attackers are now building sustained access paths into enterprise systems, enabling repeated exploitation, data theft, and extortion from within trusted environments. 

The Cyber Express Weekly Roundup

Pink Extortion Group Targets Microsoft 365 Users via Voice Phishing 

A newly identified cyber extortion group known as “Pink” is using voice phishing (vishing) campaigns to steal credentials for Microsoft 365 accounts. Once access is gained, the group rapidly exfiltrates data from cloud platforms such as SharePoint and OneDrive and sends extortion messages directly from compromised internal accounts to pressure victims. Read more… 

China-Linked VerdantBamboo Maintains 18-Month Network Access 

Researchers have uncovered an 18-month intrusion attributed to the China-linked threat group VerdantBamboo. The attackers maintained long-term access using compromised MSP credentials, multiple malware families, and repeated re-entry techniques after remediation attempts. Read more… 

DPDP and Cybersecurity: Why Less Data Means Better Security

India’s DPDP framework promotes data minimization as a key cybersecurity strategy. Organizations are urged to collect only necessary data, store it briefly, and delete unused information to reduce breach risk. Excess data increases attack surface and impact, making deletion as important as protection in modern security practices. Read more…

Google Patches Actively Exploited Android Zero-Day (CVE-2025-48595) 

Google’s June 2026 security update addresses 124 vulnerabilities in Android, including CVE-2025-48595, a high-severity zero-day that was actively exploited in targeted attacks. The flaw enables local privilege escalation without user interaction, underscoring the growing focus of sophisticated threat actors on mobile devices as high-value entry points. Read more… 

CBSE Launches Security Review of OSM Platform After Vulnerability Reports 

The Central Board of Secondary Education (CBSE) has engaged experts from the Indian Institute of Technology Madras and the Indian Institute of Technology Kanpur to review security concerns in its On-Screen Marking (OSM) system used for Class 12 board examinations. The audit follows reports of weak authentication controls and potential cloud storage exposure, prompting a full-scale security assessment and hardening exercise.  Read more… 

Weekly Cybersecurity Takeaway 

This week’s incidents reinforce a consistent pattern: attackers are prioritizing identity compromise and trusted cloud platforms over traditional perimeter breaches. From phishing-as-a-service extortion campaigns targeting Microsoft 365 to long-term espionage operations and mobile zero-days, the common thread is the abuse of legitimate access rather than forced intrusion. 

As organizations continue to expand cloud and mobile reliance, the attack surface is increasingly defined not by infrastructure boundaries, but by identity trust and administrative privilege.