Reegun Richard Jayapaul

From Detection to Remediation: CyBrief’s Guided Approach We don’t just point problems out. We guide you until they’re fixed. #GuidedRemediation #InfosecIndia #WhereCybersecurityMeetsClarity

1

♦️Secure Talk: SOC Metrics That Actually Matter in 2026 Rethinking Security KPIs The first sign the SOC was struggling wasn’t a missed breach. It was exhaustion. Analysts were busy. Dashboards were full. Reports went out on time. However, things continued to sneak through, and leadership continued to pose the same question that everyone was avoiding: Are these numbers telling us anything real? By the year 2026, the discussion on SOC metrics and security KPIs does not revolve around the volume but the meaning since measuring it all has not helped make security more transparent. It has made it noisier. Modern Security Operations Centers are learning a hard truth: not all metrics deserve attention, and some of the most popular ones actively distract from real risk. 📌 When More Metrics Made Security Less Clear: For years, SOC maturity was equated with measurement. If you couldn’t quantify it, you couldn’t manage it. So, teams tracked alerts, tickets, escalations, tools, response times, coverage, and compliance outputs. The result? Hundreds of data points and very little insight. Many SOCs entered 2026 drowning in numbers but starved of direction. Metrics were optimized for reporting upward, not improving operations inward. Analysts learned how to “hit targets” without necessarily reducing risk. This is the backdrop against which meaningful measurement is being rediscovered. 📌 SOC Metrics and Security KPIs: What Changed in 2026: The biggest shift isn’t technological. It’s philosophical Click to read more …… https://lnkd.in/gZzvCsi4

5

1 Comment

Critical Remote Code Execution Vulnerability Discovered in FortiClient EMS India’s CERT-In has issued a critical advisory (CIVN-2026-0080) highlighting a severe Remote Code Execution (RCE) vulnerability in FortiClient Endpoint Management Server (EMS) version 7.4.4. Why this matters? Due to improper input validation in the EMS administrative interface, an unauthenticated attacker may execute arbitrary code remotely - potentially leading to full system compromise. Potential Impact: * Unauthorized control of the EMS server * Deployment of malicious configurations to endpoints * Lateral movement within the network * Disruption of enterprise security operations Recommended Actions: * Apply the latest Fortinet security patch immediately (FG-IR-25-1142) * Restrict VPN / Admin interface exposure * Ensure EMS is not publicly accessible * Review logs for suspicious SQL or admin activity * Conduct a compromise assessment If your organization is running EMS 7.4.4, prioritize patching without delay. Proactive patch management and continuous SOC monitoring are critical to minimizing enterprise risk. . . . . . #CyberSecurity #Fortinet #FortiClient #RCE #VulnerabilityManagement #SOC #ThreatIntelligence #CERTIn #InfoSec #TmenSystems 

4

My next post is live. In this one, we will build upon our previous theoretical introduction of the LAYER approach (https://lnkd.in/gc6zFkSm) and see its practical implementation using BlackBasta chatleaks - specifically related to "bypassing EDR." #cybersecurity #threathunting #thrunting #THORcollective #infosec #blueteam #threatdetection #EDRBypass #DetectionEngineering #MITRE #BlackBasta

5

CISA Alert: SharePoint Vulnerability (CVE-2025-53770) Actively Exploited CISA has warned about active attacks targeting a critical Remote Code Execution (RCE) flaw in on-premises Microsoft SharePoint servers. Dubbed “ToolShell,” this exploit gives unauthenticated attackers full control—without needing credentials. The lesson is clear: Attackers aren’t breaking in—they’re logging in. Identity abuse and misconfigurations are the low-hanging fruit. This breach underscores the urgent need for proactive visibility and control over who has access to what, and what's changing across your critical systems. Netwrix Corporation helps you shut those doors before they’re opened, and detect threats in real-time: #IdentityManagement : Enforce least privilege, streamline access reviews, and eliminate over-permissions across your SharePoint and AD environments, denying attackers the "keys under the mat." #ConfigurationManagement: Monitor every change in real-time across SharePoint and other critical systems to detect unauthorized modifications that could be exploited. #ITDR & Behavioral Analytics: Spot identity threats and suspicious user behavior—like Bob suddenly downloading 5GB of files at 2 AM—before they escalate into a full-blown breach. Actionable #AuditTrails: Accelerate investigations with clear, centralized logs that tell you exactly who did what, where, and when. Patches are available, but proactive visibility and continuous monitoring are what truly reduce risk and help you detect threats early. Let’s not wait for the next zero-day. Learn more about strengthening your security posture: https://lnkd.in/d5WpEcPt #SharePoint #CVE202553770 #CISA #Netwrix #Cybersecurity #ZeroDay #ITDR #IAM #VisibilityMatters #IdentitySecurity #SecurityPosture

24

1 Comment

India Cyber Threat Report 2026 Uncovers Credential Theft Attempts on Indian IT Sector In India’s booming IT sector, where code repositories, client portals, and cloud consoles hold the keys to billion-dollar projects, one asset has become... To Read More: https://lnkd.in/gJmGaDCt Seqrite | Sangamesh S | Sudhanshu Tripathi | Atul Lohani | Samuel Sathyajith #CyberThreatReport #IndiaCyberSecurity #CredentialTheft #ITSecurity #CyberThreats #IndiaITSector #CyberAttack #SecurityReport #CyberDefense #CyberSecurityNews #IndiaCyberThreats #ITSectorSecurity

13

🚨 CTI ALERT — Alleged sale of BreachForums' complete database ━━━━━━━━━━━━━━━━━━━━━━ A threat actor known as WHALEHUNTERS is claiming the sale of a full backup of BreachForums, dated March 10, 2026. What is alleged: ▸ Complete source code of the platform ▸ Databases containing information on over 346,000 users ▸ Associated datasets ━━━━━━━━━━━━━━━━━━━━━━ Why does this matter? BreachForums is one of the most prominent cybercriminal platforms globally. If this leak proves authentic, it could enable massive de-anonymization of threat actors — a significant leverage point for law enforcement and CTI teams alike. Estimated impact: medium to high — pending independent verification. ━━━━━━━━━━━━━━━━━━━━━━ The community is watching. Verification is ongoing. If you hold elements that could corroborate or disprove this claim, the usual channels are open. 🔍 ━━━━━━━━━━━━━━━━━━━━━━ Source: @VECERTRadar https://lnkd.in/eVguzvrT #CyberThreatIntelligence #CTI #BreachForums #DarkWeb #Cybersecurity #ThreatIntelligence #OSINT #DataBreach

3

This month’s Microsoft Patch Tuesday addresses 86 vulnerabilities, with 9 rated critical and 72 classified as important severity vulnerabilities. It also addresses two publicly disclosed zero-day vulnerabilities. Get a detailed analysis of the most impactful vulnerabilities in this blog by Diksha Ojha: https://bit.ly/42gl6QC Join the Qualys Threat Research Unit webinar this Thursday to learn how to effectively tackle these vulnerabilities: https://bit.ly/46tvy9P #PatchTuesday #ThreatResearchUnit

30

Had an excellent time on the Cyber Security Headlines - Week in Review! Here are the highlights: 1. Unpatched Flaw in LG Security Cameras - The persistent risk posed by end-of-life security hardware in critical infrastructure and the need for clearer upgrade paths or isolation strategies when patches are no longer provided. 2. Data Sovereignty & the Cloud Act - The impracticality of guaranteeing data residency in the cloud due to U.S. laws like the CLOUD Act, and the rise of digital nationalism as a possible countermeasure. 3. French Naval Group Breach via SharePoint - The espionage risks from defense contractors using common enterprise tools like SharePoint, and the historical shift from analog spying to massive digital exfiltration. 4. Scattered Spider & Youth-Fueled Hacking Groups - Is a lack of job opportunities driving young technical talent into cybercrime, especially as LLMs lower the barrier for entry? 5. Software Supply Chain Attacks - The challenge of managing indirect dependencies in modern software development and the need for deeper SBOM metadata and active threat monitoring.

10

1 Comment

“Alert fatigue in Security Operation Centers (SOC) is driven primarily by three intertwined factors, creating a crisis of operational burnout.” — Manikandan Thangaraj, Vice President of Engineering, ManageEngine In his exclusive CISO FORUM interview, Manikandan Thangaraj explains why over 80% of alerts being false positives is unsustainable — and how precision-engineered detection, identity-centric monitoring, and AI-driven augmentation can transform SOCs from firefighting units into strategic business enablers. Read the full interview 👉 https://lnkd.in/gs9xUEZ7 #Cybersecurity #SOC #AI #ThreatDetection #SecurityOperations #CISOInsights Vikas Gupta | Sachin Mhashilkar | Vandana Chauhan | Giridhar Rajagopalan | Jatinder S. | Hafeez Shaikh | Rajiv Pathak | Sourabh Dixit | Subhadeep Sen | Jagrati Rakheja | Musharrat Shahin | Aanchal G.

7

RDI Gives You Clarity Across Frameworks Ransomware Defense Initiative (RDI) doesn’t replace your existing frameworks — it enhances them. Whether your organization follows NIST CSF 2.0, CIS Controls, or ISO 27001, RDI helps you pinpoint how your ransomware defenses align with those models. Each control is written in plain language, scored by maturity, and mapped to real-world threats — not theory. With RDI, you can: • Cross-reference your findings with major cybersecurity frameworks • Understand how your controls map to real adversarial techniques like T1059 (command scripting) or T1027 (obfuscation) • Know where you’re strong and where you’re exposed — in terms that make sense to executives and engineers alike • Align your roadmap with the controls that will make the biggest difference RDI acts as a translation layer between technical reality and strategic risk. 🔗 https://rdishield.com First 100 to register receive a free upgrade to Elite for 6 months. #rdi #ransomware #cybersecurity

2

𝐓𝐡𝐚𝐭 𝐎𝐧𝐞 𝐓𝐢𝐦𝐞 𝐚 𝐕𝐞𝐧𝐝𝐨𝐫 𝐏𝐚𝐭𝐜𝐡 𝐀𝐥𝐦𝐨𝐬𝐭 𝐂𝐨𝐬𝐭 𝐔𝐬 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 A few years ago, we were helping a client with ISO 27001 readiness. Everything seemed airtight - policies, controls, and training. Then we ran a mock audit. And 𝐨𝐧𝐞 𝐠𝐚𝐩 𝐬𝐭𝐨𝐨𝐝 𝐨𝐮𝐭:  𝘈 𝘊𝘪𝘵𝘳𝘪𝘹 𝘢𝘱𝘱𝘭𝘪𝘢𝘯𝘤𝘦 𝘵𝘩𝘦𝘺 𝘶𝘴𝘦𝘥 𝘧𝘰𝘳 𝘳𝘦𝘮𝘰𝘵𝘦 𝘢𝘤𝘤𝘦𝘴𝘴 𝘩𝘢𝘥𝘯’𝘵 𝘣𝘦𝘦𝘯 𝘱𝘢𝘵𝘤𝘩𝘦𝘥 𝘪𝘯 𝘮𝘰𝘯𝘵𝘩𝘴. It wasn’t because they didn’t care. It was because no one thought vendor-managed infrastructure fell under their compliance scope. 𝐓𝐡𝐚𝐭 𝐦𝐢𝐧𝐝𝐬𝐞𝐭 𝐬𝐭𝐢𝐥𝐥 𝐞𝐱𝐢𝐬𝐭𝐬 𝐭𝐨𝐝𝐚𝐲 𝐰𝐢𝐭𝐡 𝐂𝐢𝐭𝐫𝐢𝐱𝐁𝐥𝐞𝐞𝐝 𝟐 𝐦𝐚𝐤𝐢𝐧𝐠 𝐡𝐞𝐚𝐝𝐥𝐢𝐧𝐞𝐬 𝐚𝐠𝐚𝐢𝐧. Everyone’s saying: 𝘗𝘢𝘵𝘤𝘩 𝘪𝘵 𝘧𝘢𝘴𝘵. 𝘔𝘪𝘯𝘪𝘮𝘪𝘻𝘦 𝘥𝘰𝘸𝘯𝘵𝘪𝘮𝘦. 𝘚𝘦𝘤𝘶𝘳𝘦 𝘺𝘰𝘶𝘳 𝘨𝘢𝘵𝘦𝘸𝘢𝘺𝘴. But very few are asking the deeper question: - Does this vendor system fall under our ISO 27001 scope? - Will we be liable under India’s IT Rules if something goes wrong? 𝐇𝐞𝐫𝐞’𝐬 𝐡𝐨𝐰 𝐰𝐞 𝐟𝐫𝐚𝐦𝐞 𝐢𝐭 𝐧𝐨𝐰: - Under ISO 27001 – A.14: Security must be built into all systems in the development lifecycle, including external vendor infrastructure. - Under India’s IT Rules 2021: You’re responsible for how third-party systems handle user data, including breaches caused by external tech. And yes - Citrix NetScaler, FortiWeb, load balancers, cloud WAFs; they all count. 𝐒𝐨 𝐭𝐨𝐝𝐚𝐲, 𝐰𝐡𝐞𝐧 𝐰𝐞 𝐨𝐧𝐛𝐨𝐚𝐫𝐝 𝐚 𝐧𝐞𝐰 𝐜𝐥𝐢𝐞𝐧𝐭, 𝐰𝐞 𝐚𝐬𝐤: - Where does vendor infra live in your 𝐫𝐢𝐬𝐤 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫? - Are you testing vendor systems in your 𝐕𝐀/𝐏𝐓 𝐜𝐲𝐜𝐥𝐞? - Do you have SLAs for 𝐩𝐚𝐭𝐜𝐡 𝐭𝐢𝐦𝐞𝐥𝐢𝐧𝐞𝐬 𝐚𝐧𝐝 𝐬𝐡𝐚𝐫𝐞𝐝 𝐫𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲? Because waiting for a breach or an audit finding is too late. 𝐌𝐲 𝐚𝐝𝐯𝐢𝐜𝐞 𝐭𝐨 𝐞𝐯𝐞𝐫𝐲 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐥𝐞𝐚𝐝𝐞𝐫 𝐫𝐞𝐚𝐝𝐢𝐧𝐠 𝐭𝐡𝐢𝐬: - Start treating vendor infra with the same attention you give your core tech. - The threat actors don’t care who owns the box. - And neither will your auditors, regulators, or customers. #CISOInsights #ISO27001 #CitrixBleed2 #ComplianceFirst #CyberLeadership #ITRules2021 #RiskManagement #VAPT #VendorRisk #SecureSDLC #LumiverseSolutions

15

2 Comments

"What do you wish every upcoming penetration tester knew?" Our CISO Chetna Pangare posed this question...and the team didn’t hold back. 🎧 A must-listen episode for every aspiring ethical hacker. Prashant Phatak | Jemima A. | Rachana Datar | Vaibhavi Nayak | Samruddhi Pathak | Radhika Lad, CFP® #CyberSecurity #PenTesting #EthicalHacking #RedTeam #TeamTalks #CyberPodcast

14

2 Comments

🚨 CERT-In Releases Technical Guidelines on SBOM, QBOM, CBOM, AIBOM & HBOM The Indian Computer Emergency Response Team (CERT-In) has released Version 2.0 of its technical guidelines on the Software Bill of Materials (SBOM), now significantly expanded to cover five critical domains: 1. SBOM – A detailed list of all software components, including third-party elements, used in a software product. It helps identify and mitigate vulnerabilities within the codebase. 2. QBOM – Focuses on components related to quantum computing and quantum-safe cryptography. It inventories quantum algorithms and security frameworks, aiding organizations in preparing for and adopting post-quantum cryptographic (PQC) solutions. 3. CBOM – An inventory of all cryptographic assets such as algorithms, encryption keys, and security protocols used within an organization. It helps in ensuring transparency and up-to-date security measures. 4. AIBOM – A comprehensive list of all components used in the development, training, and deployment of AI models, including hardware (e.g., GPUs), software frameworks, and datasets. AIBOMs are becoming essential for ensuring security, transparency, compliance, and risk management in AI systems. All organizations involved in AI-driven development and services are advised to include AIBOM requirements in all AI-related procurements and solutions. 5. HBOM – A list of all physical components, such as servers, networking gear, and storage devices that make up a hardware system. It helps in tracking, auditing, and managing hardware-related risks. These guidelines are especially relevant for government bodies, public sector units, essential services organizations, and entities involved in software exports and software services. It is aimed at: 1. Software Consumers – Organizations that purchase and use software to support operations. 2. Software Developers – Entities that build and maintain custom software solutions. 3. System Integrators / Software Resellers – Organizations that distribute software products and provide related services. By adopting these guidelines, organizations can bolster security, accelerate incident response, identify and patch vulnerabilities more efficiently, mitigate supply chain risks, ensure regulatory compliance, and enhance overall operational resilience. This is an essential step in building more secure, transparent, and future-ready digital ecosystems. 👉 Link to the full guidelines is in the comments. #ai #india #aigovernance #cybersecurity [This post is for educational purposes only and does not constitute legal advice. The views expressed herein are personal and not reflective of any institution or company. Likes or interactions with this content do not imply endorsements.]

17

1 Comment

Building real cybersecurity capability — not just certifications. Guy Klisman, Founder & CEO of Cyberlabs, shares the vision behind Cyberlabs India and how we prepare professionals for real-world cyber defense. #CyberSecurity #CyberDefense #InfoSec #CyberSecurityTraining #CyberSecurityIndia #CyberProfessionals #CyberlabsIndia Guy Klisman Rami Siman-Tov CYBERLABS Ofir Semel 💎 Najeeb Ibrahim Shmulik Yehezkel

15

1 Comment

Outcomes Over Compliance – Using NIST-CSF 2.0, and a DVMS® to Enable Cyber Operational Resilience Outcomes. If you are responsible for Cyber Operational Resilience, PLEASE READ THIS!! Full Blog Here: https://lnkd.in/gzRnUaw9 The Problem with the Compliance Mindset For years, many organizations have defaulted to treating cybersecurity as a compliance exercise — a series of controls to implement, audits to pass, and checkboxes to tick. This mindset has created a false sense of security: merely aligning with a control catalog or meeting regulatory minimums will ensure resilience. However, real-world data breaches and operational failures repeatedly reveal the limitations of compliance-driven approaches. The root causes are often not technical but strategic: leadership gaps, cultural inertia, unclear risk ownership, or fragmented governance. The compliance mindset tends to narrow the focus to what is mandated, overlooking what is mission critical. It can foster a culture where cybersecurity is seen as the responsibility of the IT department rather than a shared enterprise imperative. This outlook inhibits innovation, stifles responsiveness to threats, and perpetuates fragmented, siloed approaches to risk management. The NIST CSF 2.0 and the DVMS release mark a pivotal shift. No longer limited to critical infrastructure, the Framework now applies to all sectors and organizations of all sizes. Most notably, it explicitly refocuses attention on desired cybersecurity outcomes rather than prescriptive control implementations. The Framework is structured around six Functions — Govern, Identify, Protect, Detect, Respond, and Recover — which organize high-level outcomes that can be tailored to each organizational mission and risk tolerance. This outcomes-centric architecture enables organizations to align cybersecurity with enterprise risk management. It facilitates a move away from “what are we required to do?” toward “what must we achieve to protect and sustain our mission?” Ultimately, the goal is not compliance or cybersecurity per se. The goal is cyber operational resilience—the ability of the organization to anticipate, withstand, respond to, and recover from adverse conditions, stresses, and cyber events while continuing to fulfill its mission and deliver value. An outcomes-centric use of the NIST CSF supported by a DVMS guides organizations toward this end state. It provides a common language for cross-functional communication, supports strategic alignment, and fosters a culture of continual improvement. It helps organizations ask better questions, understand their exposure, and invest in the practices that matter most, not just the ones that are easiest to audit. DVMS Institute www.dvmsinstitute.com

10

3 Comments

Most organizations don’t fail at cyber strategy. They fail at operationalizing it. GRC teams talk in enterprise risk. SOC teams fight daily fires. Without shared context, everyone works hard - but often on the wrong things. We just published a blog on why Agentic Exposure Management is the missing link between cyber risk strategy and security operations, and how context-driven prioritization and remediation is becoming the real battlefield in cybersecurity. If you’re a CISO trying to answer “are we actually reducing risk?” - this one’s for you 😎.

17

In this new field guide, “Top 5 Emerging Phishing Threats in India & How Businesses Can Stop Them in 2025,” Subhajeet Naha (27+ years in enterprise security, now leading Protecte Technologies) breaks down: 👉 The 5 fastest-evolving phishing patterns hitting Indian businesses 👉 A 30-day, India-ready defense plan using DMARC, passkeys, vendor verification, and mailbox-native, post-delivery security If you’re a founder, CISO, or IT leader responsible for protecting UPI rails and Microsoft 365/Google Workspace, this is one article you can’t afford to skip. 👉 Read the full guide and see how to cut phishing risk in weeks, not quarters. 👉 See the comment section for the link. #emailprotection #phishing #mailarmorai

3

1 Comment