Nikhil Gupta faces up to 40 years over alleged India-backed attempt to kill Gurpatwant Singh Pannun

The Indian man who US prosecutors accused of plotting to kill a prominent US-based activist after being recruited by an agent of the Indian government has pleaded guilty to three criminal charges, according to a spokesperson for the US attorney’s office in Manhattan.

Nikhil Gupta faces a maximum 40 years in prison after he pleaded guilty to murder-for-hire, conspiracy to commit murder-for-hire, and money-laundering charges in connection to the failed attempt to assassinate Gurpatwant Singh Pannun, a US resident who is an advocate for a sovereign Sikh state in
northern India.

Continue reading...

© Photograph: Jane Rosenberg/Reuters

© Photograph: Jane Rosenberg/Reuters

© Photograph: Jane Rosenberg/Reuters

India’s technology ambitions are no longer limited to policy announcements, they are now translating into capital flows, institutional reforms, and global positioning. At the center of this transformation is the IndiaAI Mission, a flagship initiative that is reshaping AI in India while influencing private sector investment and deep tech growth across multiple domains. Information submitted in the Lok Sabha on February 11, 2026, by Minister of Electronics and IT Ashwini Vaishnaw outlines how government-backed reforms and funding mechanisms are strengthening India’s AI and space technology ecosystem. For global observers, the scale and coordination of these efforts signal a strategic push to position India as a long-term technology powerhouse.

IndiaAI Mission Lays Foundation for AI in India

Launched in March 2024 with an outlay of ₹10,372 crore, the IndiaAI Mission aims to build a comprehensive AI ecosystem. In less than two years, the initiative has delivered measurable progress. More than 38,000 GPUs have been onboarded to create a common compute facility accessible to startups and academic institutions at affordable rates. Twelve teams have been shortlisted to develop indigenous foundational models or Large Language Models (LLMs), while 30 applications have been approved to build India-specific AI solutions. Talent development remains central to the IndiaAI Mission. Over 8,000 undergraduate students, 5,000 postgraduate students, and 500 PhD scholars are currently being supported. Additionally, 27 India Data and AI Labs have been established, with 543 more identified for development. India’s AI ecosystem is also earning global recognition. The Stanford Global AI Vibrancy 2025 report ranks India third worldwide in AI competitiveness and ecosystem vibrancy. The country is also the second-largest contributor to GitHub AI projects—evidence of a strong developer community driving AI in India from the ground up.

Private Sector Investment in AI Gains Speed

Encouraged by the IndiaAI Mission and broader reforms, private sector investment in AI is rising steadily. According to the Stanford AI Index Report 2025, India’s cumulative private investment in AI between 2013 and 2024 reached approximately $11.1 billion. Recent announcements underscore this momentum. Google revealed plans to establish a major AI Hub in Visakhapatnam with an investment of around $15 billion—its largest commitment in India so far. Tata Group has also announced an $11 billion AI innovation city in Maharashtra. These developments suggest that AI in India is moving beyond research output toward large-scale commercial infrastructure. The upcoming India AI Impact Summit 2026, to be held in New Delhi, will further position India within the global AI debate. Notably, it will be the first time the global AI summit series takes place in the Global South, signaling a shift toward more inclusive technology governance.

Deep Tech Push Backed by RDI Fund and Policy Reforms

Beyond AI, the government is reinforcing the broader deep tech sector through funding and policy clarity. A ₹1 lakh crore Research, Development and Innovation (RDI) Fund under the Anusandhan National Research Foundation (ANRF) has been announced to support high-risk, high-impact projects. The National Deep Tech Startup Policy addresses long-standing challenges in funding access, intellectual property, infrastructure, and commercialization. Under Startup India, deep tech firms now enjoy extended eligibility periods and higher turnover thresholds for tax benefits and government support. These structural changes aim to strengthen India’s Gross Expenditure on Research and Development (GERD), currently at 0.64% of GDP. Encouragingly, India’s position in the Global Innovation Index has climbed from 81st in 2015 to 38th in 2025—an indicator that reforms are yielding measurable outcomes.

Space Sector Reforms Expand India’s Global Footprint

Parallel to AI in India, the government is also expanding its ambitions in space technology. The Indian Space Policy 2023 clearly defines the roles of ISRO, IN-SPACe, and private industry, opening the entire space value chain to commercial participation. IN-SPACe now operates as a single-window agency authorizing non-government space activities and facilitating access to ISRO’s infrastructure. A ₹1,000 crore venture capital fund and a ₹500 crore Technology Adoption Fund are supporting early-stage and scaling space startups. Foreign Direct Investment norms have been liberalized, permitting up to 100% FDI in satellite manufacturing and components. Through NewSpace India Limited (NSIL), the country is expanding its presence in the global commercial launch market, particularly for small and medium satellites. The government’s collaboration between ISRO and the Department of Biotechnology in space biotechnology—including microgravity research and space bio-manufacturing—signals how interdisciplinary innovation is becoming a national priority.

A Strategic Inflection Point for AI in India

Taken together, the IndiaAI Mission, private sector investment in AI, deep tech reforms, and space sector liberalization form a coordinated architecture. This is not merely about technology adoption—it is about long-term capability building. For global readers, India’s approach offers an interesting case study: sustained public investment paired with regulatory clarity and private capital participation. While challenges such as research intensity and commercialization gaps remain, the trajectory is clear. The IndiaAI Mission has become more than a policy initiative, it is emerging as a structural driver of AI in India and a signal of the country’s broader technological ambitions in the decade ahead.

India has taken another step toward expanding AI literacy in India with the launch of Kaushal Rath under the national programme Yuva AI for All. Flagged off from India Gate in New Delhi, the mobile initiative aims to bring foundational Artificial Intelligence (AI) education directly to students, youth, and educators, particularly in semi-urban and underserved regions. For a country positioning itself as a global digital leader, the message behind Yuva AI for All is clear: AI cannot remain limited to elite institutions or metro cities. If Artificial Intelligence is to shape economies and governance, it must be understood by the wider population.

Yuva AI for All: Taking AI to the Doorstep

Launched by the Ministry of Electronics and Information Technology (MeitY) under the IndiaAI Mission in collaboration with AISECT, Yuva AI for All focuses on democratising access to AI education. Launching the initiative, the Minister of State Jitin Prasada stated, “Through the Yuva AI for All initiative and the Kaushal Rath, we are taking AI awareness directly across the country, especially to young people. The bus will travel across regions to familiarise students and youth with the uses and benefits of Artificial Intelligence, fulfilling the Prime Minister Narendra Modi’s vision of ensuring that awareness and access to opportunity transcend geography and demography.” Adding to this, he also said that “The Yuva AI for All with Kaushal Rath initiative is a precursor to the India AI Impact Summit 2026, which is set to take place in New Delhi next week. It is a great pride for India to be hosting a Summit of this kind for the first time, to be held in the Global South. “ [caption id="attachment_109449" align="aligncenter" width="600"] Image Source: PIB[/caption] At the centre of this effort is Kaushal Rath, a fully equipped mobile computer lab with internet-enabled systems and audio-visual tools. The vehicle will travel across Delhi-NCR and later other regions, visiting schools, ITIs, colleges, and community spaces. The aim is not abstract policy messaging, but practical exposure—hands-on demonstrations of AI and Generative AI tools, guided by trained facilitators and contextualised Indian use cases. The course structure is intentionally accessible. It is a four-hour, self-paced programme with six modules, requiring zero coding background. Participants learn AI concepts, ethics, and real-world applications. Upon completion, they receive certification, a move designed to add tangible value to academic and professional profiles. Kavita Bhatia, Scientist G, MeitY and COO of IndiaAI Mission highlighted, “Under the IndiaAI Mission, skilling is one of the seven core pillars, and this initiative advances our goal of democratising AI education at scale. Through Kaushal Rath, we are enabling hands-on AI learning for students across institutions using connected systems, AI tools, and structured courses, including the YuvAI for All programme designed to demystify AI. By combining instructor-led training, micro- and nano-credentials, and nationwide outreach, we are ensuring that AI skilling becomes accessible to learners across regions.” In a global context, this matters. Many nations speak of AI readiness, but few actively drive AI education beyond established technology hubs. Yuva AI for All attempts to bridge that gap.

Building Momentum Toward the India AI Impact Summit 2026

The launch of Yuva AI for All and Kaushal Rath also builds momentum toward the upcoming India AI Impact Summit 2026, scheduled from February 16–20 at Bharat Mandapam, New Delhi. Positioned as the first global AI summit to be hosted in the Global South, the event is anchored on three pillars: People, Planet, and Progress. The summit aims to translate global AI discussions into development-focused outcomes aligned with India’s national priorities. But what distinguishes this effort is its nationwide groundwork. Over the past months, seven Regional AI Conferences were conducted across Meghalaya, Gujarat, Odisha, Madhya Pradesh, Uttar Pradesh, Rajasthan, and Kerala under the IndiaAI Mission. These conferences focused on practical AI deployment in governance, healthcare, agriculture, education, language technologies, and public service delivery. Policymakers, startups, academia, industry leaders, and civil society participated, ensuring that discussions were not limited to theory. Insights from these regional consultations will directly shape the agenda of the India AI Impact Summit 2026.

A Nationwide AI Push, Not Just a Summit

Several major announcements emerged from the regional conferences. Among them:

• A commitment to train one million youth under Yuva AI for All
• Expansion of AI Data Labs and AI Labs in ITIs and polytechnics
• Launch of Rajasthan’s AI/ML Policy 2026
• Announcement of the Uttar Pradesh AI Mission
• Introduction of Madhya Pradesh’s SpaceTech Policy 2026 integrating AI
• Signing of MoUs with institutions including Google, IIT Delhi, and National Law University, Jodhpur
• Rollout of AI Stacks and cloud adoption frameworks for state-level governance

These developments suggest that India’s AI roadmap is not confined to policy speeches. It is being operationalised across states, with funding commitments and institutional backing. For global observers, this signals something important. Emerging economies are not merely consumers of AI technologies—they are actively shaping governance models and skilling frameworks suited to their socio-economic realities.

Why AI Literacy in India Matters Globally

Artificial Intelligence is often discussed in terms of advanced research and frontier innovation. Yet the real challenge is adoption—ensuring people understand what AI is, what it can do, and how it should be used responsibly. By launching Yuva AI for All, India is placing emphasis on foundational awareness, not just high-end research. That approach reflects a broader recognition: AI will influence public service delivery, agriculture systems, healthcare models, and digital governance worldwide. Without widespread literacy, the risk of exclusion grows. At the same time, scaling AI education in a country as large and diverse as India is no small task. The success of Kaushal Rath will depend on sustained outreach, quality training, and long-term institutional support. Still, the initiative marks a visible shift. AI is no longer framed as a specialist subject—it is being positioned as a public capability. As preparations intensify for the India AI Impact Summit 2026, Yuva AI for All stands out as a reminder that AI’s future will not be shaped only in boardrooms or research labs, but also in classrooms, ITIs, and community spaces across regions often left out of the digital conversation.

The internet and a new film have breathed life into old conspiracy theories about one of the world’s most famous landmarks.

By Gauravdeep Singh, Head – State e-Mission Team (SeMT), Ministry of Electronics and Information Technology The Digital Personal Data Protection (DPDP) Act has fundamentally altered the risk landscape for Indian organisations. Data breaches now trigger mandatory compliance obligations regardless of their origin, transforming incidents that were once purely operational concerns into regulatory events with significant financial and legal implications.

Case Study 1: Cloud Misconfiguration in a Consumer Platform

A prominent consumer-facing platform experienced a data exposure incident when a misconfigured storage bucket on its public cloud infrastructure inadvertently made customer data publicly accessible. While no malicious actor was involved, the incident still constituted a reportable data breach under the DPDP Act framework. The organisation faced several immediate obligations:

• Notification to affected individuals within prescribed timelines
• Formal reporting to the Data Protection Board
• Comprehensive internal investigation and remediation measures
• Potential penalties for failure to implement reasonable security safeguards as mandated under the Act

Such incidents highlight a critical gap in traditional risk management approaches. The financial exposure—encompassing regulatory penalties, legal costs, remediation expenses, and reputational damage—frequently exceeds conventional cyber insurance coverage limits, particularly when compliance failures are implicated.

Case Study 2: Ransomware Attack on Healthcare and EdTech Infrastructure

A mid-sized healthcare and education technology provider fell victim to a ransomware attack that encrypted sensitive personal records. Despite successful restoration from backup systems, the organisation confronted extensive regulatory and operational obligations:

• Forensic assessment to determine whether data confidentiality was compromised
• Mandatory notification to regulatory authorities and affected data principals
• Ongoing legal and compliance proceedings

The total cost extended far beyond any ransom demand. Forensic investigations, legal advisory services, public communications, regulatory compliance activities, and operational disruption collectively created substantial financial strain, costs that would have been mitigated with appropriate insurance coverage.

Case Study 3: AI-Enabled Fraud and Social Engineering

The emergence of AI-driven attack vectors has introduced new dimensions of cyber risk. Deepfake technology and sophisticated phishing campaigns now enable threat actors to impersonate senior leadership with unprecedented authenticity, compelling finance teams to authorise fraudulent fund transfers or inappropriate data disclosures. These attacks often circumvent traditional technical security controls because they exploit human trust rather than system vulnerabilities. As a result, organisations are increasingly seeking insurance coverage for social engineering and cyber fraud events, particularly those involving personal data or financial information, that fall outside conventional cybersecurity threat models.

The Evolution of Cyber Insurance in India

The Indian cyber insurance market is undergoing significant transformation in response to the DPDP Act and evolving threat landscape. Modern policies now extend beyond traditional hacking incidents to address:

• Data breaches resulting from human error or operational failures
• Third-party vendor and SaaS provider security failures
• Cloud service disruptions and availability incidents
• Regulatory investigation costs and legal defense expenses
• Incident response, crisis management, and public relations support

Organisations are reassessing their coverage adequacy as they recognise that historical policy limits of Rs. 10–20 crore may prove insufficient when regulatory penalties, legal costs, business interruption losses, and remediation expenses are aggregated under the DPDP compliance framework.

The SME and MSME Vulnerability

Small and medium enterprises represent the most vulnerable segment of the market. While many SMEs and MSMEs regularly process personal data, they frequently lack:

• Mature information security controls and governance frameworks
• Dedicated compliance and data protection teams
• Financial reserves to absorb penalties, legal costs, or operational disruption

For organisations in this segment, even a relatively minor cyber incident can trigger prolonged operational shutdowns or, in severe cases, permanent closure. Despite this heightened vulnerability, cyber insurance adoption among SMEs remains disproportionately low, driven primarily by awareness gaps and perceived cost barriers.

Implications for the Cyber Insurance Ecosystem

The Indian cyber insurance market is entering a period of accelerated growth and structural evolution. Several key trends are emerging:

• Higher policy limits becoming standard practice across industries
• Enhanced underwriting processes emphasising compliance readiness and data governance maturity
• Comprehensive coverage integrating legal advisory, forensic investigation, and regulatory support
• Risk-based pricing models that reward robust data protection practices

Looking ahead, cyber insurance will increasingly be evaluated not merely as a risk-transfer mechanism, but as an indicator of an organisation's overall data protection posture and regulatory preparedness.

DPDP Act and the End of Optional Cyber Insurance

The DPDP Act has fundamentally redefined cyber risk in the Indian context. Data breaches are no longer isolated IT failures; they are regulatory events carrying substantial financial, legal, and reputational consequences. In this environment, cyber insurance is transitioning from a discretionary safeguard to a strategic imperative. Organisations that integrate cyber insurance into a comprehensive data governance and enterprise risk management strategy will be better positioned to navigate the evolving regulatory landscape. Conversely, those that remain uninsured or underinsured may discover that the cost of inadequate preparation far exceeds the investment required for robust protection. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

Shashank Bajpai, CISO & CTSO at Yotta 2026 is the execution year for India’s Digital Personal Data Protection (DPDP) regime , the Rules were notified in November 2025 and the government has signalled a phased enforcement timeline. The law is consent-centric, imposes heavy penalties (up to ₹250 crore for the most serious security failures), creates a new institutional stack (Data Protection Board, Consent Managers), and elevates privacy to boardroom priority. Organizations that treat compliance as a strategic investment, not a cost centre, will gain trust, operational resilience, and competitive advantage. Key themes for 2026: consent at scale, data minimization, hardened security, vendor accountability, and new dependency risks arising from Consent Manager infrastructure.

Why 2026 Matters

The DPDP Act (2023) becomes operational through Rules notified in November 2025; the result is a staggered compliance timetable that places 2026 squarely in the execution phase. That makes 2026 the inflection year when planning becomes measurable operational work and when regulators will expect visible progress. The practical effect is immediate: companies must move from policy documents to implemented consent systems, security controls, breach workflows, and vendor governance.

The High-Impact Obligations

• Explicit consent architecture: Consent must be free, specific, informed and obtained by clear affirmative action. Systems must record, revoke and propagate consent signals reliably.
• Data minimization & purpose limitation: Collect only what’s necessary and purge data when the purpose is fulfilled.
• Reasonable security safeguards: Highest penalty bracket (up to ₹250 crore) for failures to implement required security measures. Encryption, tokenization, RBAC, monitoring and secure third-party contracts are expected.
• Breach notification: Obligatory notification to the Data Protection Board and affected principals, with tight timelines (public guidance references 72-hour reporting windows for board notification).
• Data subject rights: Access, correction, erasure, withdrawal of consent and grievance mechanisms must be operational and auditable.
• Children’s data: Verifiable parental consent and prohibitions on behavioural profiling/targeted advertising toward minors; failures risk very high penalties.
• Consent Managers: New regulated intermediaries where individuals may centrally manage consent; only India-incorporated entities meeting financial/operational thresholds (minimum net worth indicated in Rules) can register. This constructs a new privacy infrastructure and a new dependency vector for data fiduciaries.

Implementation Challenges & Strategic Opportunities

1. Key Implementation Challenges

Challenge Area	What Will Break / Strain in 2026	Why It Matters to Leadership	Strategic Imperative
Regulatory Ambiguity & Evolving Interpretation	Unclear operational expectations around “informed consent,” Significant Data Fiduciary designation, and cross-border data transfers	Risk of over-engineering or non-compliance as regulatory guidance evolves	Build modular, configurable privacy architectures that can adapt without re-platforming
Legacy Systems & Distributed Data	Difficulty retrofitting consent enforcement, encryption, audit trails, and real-time controls into legacy and batch-oriented systems	High cost, operational disruption, and extended timelines for compliance	Prioritize modernization of high-risk systems and align vendor roadmaps with DPDP requirements
Organizational Governance & Talent Gaps	Privacy cuts across legal, product, engineering, HR, procurement—often without clear ownership; shortage of experienced DPOs	Fragmented accountability increases regulatory and breach risk	Establish cross-functional privacy governance; leverage fractional DPOs and external advisors while building internal capability
Children’s Data & Onboarding Friction	Age verification and parental consent slow user onboarding and impact conversion metrics	Direct revenue and growth impact if UX is not carefully redesigned	Re-engineer onboarding flows to balance compliance with user experience, especially in consumer platforms
Consent Manager Dependency & Systemic Risk	Outages or breaches at registered Consent Managers can affect multiple data fiduciaries simultaneously	Creates concentration and third-party systemic risk	Design fallback mechanisms, redundancy plans, and enforce strong SLAs and audit rights

 2. Strategic Opportunities: Turning Compliance into Advantage

Opportunity Area	Business Value	Strategic Outcome
Trust as a Market Differentiator	Privacy becomes a competitive trust signal, particularly in fintech, healthtech, and BFSI ecosystems.	Strong DPDP compliance enhances brand equity, customer loyalty, partner confidence, and investor perception.
Operational Efficiency & Risk Reduction	Data minimization, encryption, and segmentation reduce storage costs and limit breach blast radius.	Privacy investments double as technical debt reduction with measurable ROI and lower incident recovery costs.
Global Market Access	Alignment with global privacy principles simplifies cross-border expansion and compliance-sensitive partnerships.	Faster deal closures, reduced due diligence friction, and improved access to regulated international markets.
Domestic Privacy & RegTech Ecosystem Growth	Demand for Consent Managers, RegTech, and privacy engineering solutions creates a new domestic market.	Strategic opportunity for Indian vendors to lead in privacy infrastructure and export DPDP-aligned solutions globally.

DPDP Readiness Roadmap for 2026

Time Horizon	Key Actions	Primary Owners	Strategic Outcome
Immediate (0–3 Months)	• Establish Board-level Privacy Steering Committee •Appoint or contract a Data Protection Officer (DPO) • Conduct rapid enterprise data mapping (repositories, processors, high-risk data flows) • Triage high-risk systems for encryption, access controls, and logging • Update breach response runbooks to meet Board and individual notification timelines	Board, CEO, CISO, Legal, Compliance	Executive accountability for privacy; clear visibility of data risk exposure; regulatory-ready breach response posture
Short Term (3–9 Months)	• Deploy consent management platform interoperable with upcoming Consent Managers • Standardize DPDP-compliant vendor contracts and initiate bulk vendor renegotiation/audits • Automate data principal request handling (identity verification, APIs, evidence trails)	CISO, CTO, Legal, Procurement, Product	Operational DPDP compliance at scale; reduced manual handling risk; strengthened third-party governance
Medium Term (9–18 Months)	• Implement data minimization and archival policies focused on high-sensitivity datasets • Embed Privacy Impact Assessments (PIAs) into product development (“privacy by design”) • Stress-test reliance on Consent Managers and negotiate resilience SLAs and contingency plans	Product, Engineering, CISO, Risk, Procurement	Sustainable compliance architecture; reduced long-term data liability; privacy-integrated product innovation
Ongoing (Board Dashboard Metrics)	• Consent fulfillment latency & revocation success rate • Mean time to detect and notify data breaches (aligned to regulatory windows) • % of sensitive data encrypted at rest and in transit • Vendor compliance score and DPA coverage	Board, CISO, Risk & Compliance	Continuous assurance, measurable compliance maturity, and defensible regulatory posture

Board-Level Takeaway

DPDP compliance in 2026 is not a one-time legal exercise, it is an operating model change. Organizations that treat privacy as a board-governed, product-integrated, and metrics-driven discipline will outperform peers on regulatory trust, customer confidence, and incident resilience.

The Macro View: Data Sovereignty & Trust Infrastructure

The Rules reinforce India’s intention to control flows of citizen data while creating domestic privacy infrastructure (DPB + Consent Managers + data auditors). This is not just regulation; it is an economic strategy to build domestic capability in cloud, identity, security and RegTech, and to position India as a credible participant in global data governance conversations.

Act Strategically, Not Reactively

DPDP is a structural shift: it will change products, engineering practices, contracts, and customer expectations. 2026 will reveal winners and laggards. Those that embrace privacy as a governance discipline and a product differentiator will realize measurable advantages in trust, operational resilience, and market value. The alternative, waiting until enforcement escalates, risks fines, reputational harm and erosion of customer trust. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

Recent data released by the National Crime Records Bureau (NCRB) paints a troubling picture of the rapid rise in cybercrime in India, particularly cases executed through mobile phones and computers.   The NCRB report notes that India recorded over 52,000 cybercrime incidents in 2021, a number that escalated to more than 86,000 by 2023. The Minister of State for Home Affairs, Bandi Sanjay Kumar, shared these figures in a written reply in the Rajya Sabha. 

Regional Trends Show Sharp Contrasts Across Northern India 

Haryana recorded 751 cybercrime cases in 2023, making it the highest among northern states, followed by Himachal Pradesh with 127 cases, a major jump from just 77 the previous year. Punjab, however, reported a decline, registering 511 cases in 2023 compared to 697 in 2022.  Among northern Union Territories, Delhi led with 407 cases, followed by Jammu & Kashmir with 185 and Chandigarh with 23. To strengthen cyber forensic capabilities, the Ministry of Home Affairs provided support to 20 states and UTs under the Nirbhaya-funded scheme. Punjab received ₹7.98 crore from 2018–19, while Himachal Pradesh received ₹7.29 crore. 

Ransomware Surge Places India and Asia-Pacific in a High-Risk Zone 

Beyond NCRB’s findings, rising digital threats in the Asia-Pacific region further illustrate the scale of cybercrime in India and neighboring countries. Cyble’s Monthly Threat Landscape Report: July 2025 reveals that India remains a priority target for ransomware groups. The Warlock ransomware group breached an India-based manufacturing firm, exfiltrating HR files, financial records, design archives, and internal repositories.   Additional leaks on dark web forums exposed stolen data from two Indian companies, a technology consulting firm and a subscription-based SaaS platform.  Unauthorized access to an Indian telecom network was also put up for sale for US$35,000, including credentials, CLI access, and operational network details. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims, with India and the Philippines close behind. The manufacturing, government, and critical infrastructure sectors faced the brunt of attacks. Meanwhile, South Asia witnessed hacktivist activity, with the pro-India Team Pelican Hackers claiming breaches of major Pakistani research and academic institutions.  Globally, July 2025 saw 423 ransomware victims, with the U.S. accounting for 223. Qilin ransomware topped global activity with 73 victims, followed by INC Ransom with 59. Cyble’s sensors also detected more than 1,000 daily attacks on U.S. industrial control systems, while the UK, Vietnam, China, Singapore, and Hong Kong recorded high targeting levels. A booming market for zero-day exploits added to the risk landscape, with vulnerabilities in WinRAR and leading VPN platforms being sold for USD $80,000 to 1 BTC. 

Insights from 2024 Call for Urgency of Cyber Preparedness 

Insights from the India Threat Landscape Report 2024 add critical context to the rising threat levels highlighted by the National Crime Records Bureau (NCRB). In the first half of 2024 alone, India recorded 593 cyberattacks, 388 data breaches, 107 data leaks, and 39 ransomware incidents, highlighting the need for stronger threat intelligence across tactical, operational, strategic, and technical layers.  Combined with Cyble’s observations on escalating ransomware activity, dark web exposure, and exploit markets, cybercrime in India is becoming the next big thing and demands a coordinated, intelligence-driven response.  Organizations seeking to stay protected from these threats can benefit from Cyble’s AI-powered threat intelligence ecosystem and autonomous security capabilities. Explore Cyble’s platform, experience Blaze AI, or schedule a free demo to strengthen your organization’s preparedness against modern-day cyber risks. 

India has reversed its earlier directive requiring mobile phone manufacturers and importers to pre-install the government-backed Sanchar Saathi application on all new smartphones sold in the country. The Communications Ministry announced on Wednesday that the government had “decided not to make the pre-installation mandatory for mobile manufacturers,” marking a notable shift just 48 hours after the original order was issued.  The initial directive, communicated privately to major firms including Apple, Samsung, and Xiaomi on November 28, required that all new devices sold in India be equipped with Sanchar Saathi within 90 days. The ministry said the earlier mandate was aimed at preventing the purchase of counterfeit devices and supporting efforts to “curb misuse of telecom resources for cyber fraud and ensure telecom cybersecurity.” 

Sanchar Saathi and India’s Cybersecurity Push Sparks Political Backlash 

Manufacturers and importers had originally been told to push the app to smartphones already circulating in distribution channels through software updates. However, the requirement immediately generated controversy. Opposition parties argued that the move had serious privacy implications, accusing the government of “watching over every movement, interaction, and decision of each citizen.” Privacy concerns escalated after activists and digital rights groups likened the situation to an order in Russia requiring all smartphones to install the state-backed Max app, which critics described as a mass surveillance tool.  While the government initially claimed that Sanchar Saathi was optional and removable, the confidential instruction given to companies stated the opposite, leading to further criticism. Several technology companies, including Apple and Google, signaled privately that they would not comply, saying the requirement conflicted with internal privacy policies and raised security concerns for their operating systems. 

Government Defends Sanchar Saathi as a Cybersecurity Tool 

Despite the swift backlash, the government continued to defend the app itself. Officials emphasized that Sanchar Saathi, which enables users to block or track lost or stolen devices and report fraudulent calls, was intended to assist citizens against “bad actors.” The Communications Ministry noted that 14 million users had already downloaded the app and were collectively contributing information on roughly 2,000 fraud incidents each day. This usage, the ministry stated, demonstrated the public’s trust in the government-provided cybersecurity tool.  Communications Minister Jyotiraditya Scindia responded directly to opposition allegations, calling the fears unfounded. He insisted the app remained voluntary: “I can delete it like any other app, as every citizen has this right in a democracy. Snooping is not possible through the app, nor will it ever be.”  The matter reached parliament, where opposition MPs sharply criticized the original order. Randeep Singh Surjewala of the Indian National Congress warned that Sanchar Saathi could function as a “possible kill switch” capable of turning “every cell phone into a brick,” suggesting it could be misused against journalists, dissidents, or political opponents. 

India Reverses Course as Public and Industry Push Back 

Following the growing national outcry, the Department of Telecommunications formally revoked the mandate. Civil society groups welcomed the reversal, though some urged caution. The Internet Freedom Foundation said the decision should be viewed as “cautious optimism, not closure,” until a formal legal direction is issued and independently verified.  While India continues to expand its digital public infrastructure and its cybersecurity initiatives, the short-lived mandate illustrates the ongoing tensions between national security measures and privacy concerns. With the withdrawal of the order, the government reaffirmed that adopting Sanchar Saathi will remain a user choice rather than a compulsory requirement for all smartphone owners in India. 

The Union government of India, the country’s central federal administration, on Monday confirmed several instances of GPS spoofing near Delhi’s Indira Gandhi International Airport (IGIA) and other major airports. Officials said that despite the interference, all flights continued to operate safely and without disruption. The clarification came after reports pointed to digital interference affecting aircraft navigation systems during approach procedures at some of the busiest airports in the country.

What Is GPS Spoofing?

GPS spoofing is a form of signal interference where false Global Positioning System (GPS) signals are broadcast to mislead navigation systems. For aircraft, it can temporarily confuse onboard systems about their true location or altitude. While pilots and air traffic controllers are trained to manage such situations, repeated interference requires immediate reporting and stronger safeguards.

Government Confirms Incidents at Multiple Airports

India’s Civil Aviation Minister Ram Mohan Naidu informed Parliament that several flights approaching Delhi reported GPS spoofing while using satellite-based landing procedures on Runway 10. In a written reply to the Rajya Sabha, the minister confirmed that similar signal interference reports have been received from several India’s major airports, including Mumbai, Kolkata, Hyderabad, Bengaluru, Amritsar, and Chennai. He explained that when GPS spoofing was detected in Delhi, contingency procedures were activated for flights approaching the affected runway. The rest of the airport continued functioning normally through conventional ground-based navigation systems, preventing any impact on overall flight operations.

Safety Procedures and New Reporting System

The Directorate General of Civil Aviation (DGCA) has issued a Standard Operating Procedure (SOP) for real-time reporting of GPS spoofing and Global Navigation Satellite System (GNSS) interference around IGI Airport. The minister added that since DGCA made reporting mandatory in November 2023, regular interference alerts have been received from major airports across the country. These reports are helping regulators identify patterns and respond more quickly to any navigation-related disturbances. India continues to maintain a network of traditional navigation and surveillance systems such as Instrument Landing Systems (ILS) and radar. These systems act as dependable backups if satellite-based navigation is interrupted, following global aviation best practices.

Airports on High Cyber Vigilance

The government said India is actively engaging with global aviation bodies to stay updated on the latest technologies, methods, and safety measures related to aviation cybersecurity. Meanwhile, the Airports Authority of India (AAI) is deploying advanced cybersecurity tools across its IT infrastructure to strengthen protection against potential digital threats. Although the cyber-related interference did not affect flight schedules, the confirmation of GPS spoofing attempts at major airports has led to increased monitoring across key aviation hubs. These airports handle millions of passengers every year, making continuous vigilance essential.

Recent Aviation Challenges

The GPS spoofing reports come shortly after a separate system failure at Delhi Airport in November, which caused major delays. That incident was later linked to a technical issue with the Automatic Message Switching System (AMSS) and was not related to cyber activity. The aviation sector also faced another challenge recently when Airbus A320 aircraft required an urgent software update. The A320, widely used in India, led to around 388 delayed flights on Saturday. All Indian airlines completed the required updates by Sunday, allowing normal operations to resume. Despite reports of interference, the Union government emphasised that there was no impact on passenger safety or flight operations. Established procedures, trained crews, and reliable backup systems ensured that aircraft continued operating normally. Authorities said they will continue monitoring navigation systems closely and strengthening cybersecurity measures across airports to safeguard India’s aviation network.