The past 24 hours have witnessed a surge in high-impact cybersecurity incidents, including phishing attacks, ransomware breaches at major corporations, and fraud networks. This report delves into critical events such as Barracuda’s alarming 2026 Email Threats Report, a ₹25 crore cyber fraud in Kerala, repeated breaches at Canvas, and a ransomware attack on Foxconn.
Kerala’s ₹25 Crore Cyber Fraud Network: Jharkhand ‘Ghost Identity’ Under Investigation
Kochi City Police are probing a ₹25 crore cyber fraud case involving a fake online trading platform that duped an Ernakulam businessman. Investigators have uncovered a suspected ‘ghost identity’ linked to Jharkhand, potentially fabricated to obscure the real operators and divert the money trail. Two primary suspects—Hyderabad-based Satyanarayana Murthy (36) and Tyson Raju (32)—were arrested on May 3 and revealed connections to a wider inter-state network during interrogation.
Key details of the operation include:
- Layered financial routing: Funds were moved through multiple bank accounts, digital wallets, and shell entities across states to evade tracing.
- Encrypted coordination: The syndicate allegedly used encrypted communication platforms and fragmented digital channels to prevent exposure of members’ real identities.
- Social media lure: The victim was ensnared via fake advertisements promising high returns on the fraudulent trading platform.
Forensic teams are analyzing seized devices and transaction records to map the network’s structure. Authorities suspect the case may extend beyond Kerala and Telangana, with further arrests anticipated. Cyber experts note the growing use of ghost identities in financial crimes to exploit gaps in digital verification systems. For more information on the rise in cyber frauds and scams, read our blog article on the rise in cyber frauds and scams.
Kerala’s ₹25 Crore Cyber Fraud Network: Jharkhand ‘Ghost Identity’ Under Investigation
Kochi City Police are probing a ₹25 crore cyber fraud case involving a fake online trading platform that duped an Ernakulam businessman. Investigators have uncovered a suspected ‘ghost identity’ linked to Jharkhand, potentially fabricated to obscure the real operators and divert the money trail. Two primary suspects—Hyderabad-based Satyanarayana Murthy (36) and Tyson Raju (32)—were arrested on May 3 and revealed connections to a wider inter-state network during interrogation.
Key details of the operation include:
- Layered financial routing: Funds were moved through multiple bank accounts, digital wallets, and shell entities across states to evade tracing.
- Encrypted coordination: The syndicate allegedly used encrypted communication platforms and fragmented digital channels to prevent exposure of members’ real identities.
- Social media lure: The victim was ensnared via fake advertisements promising high returns on the fraudulent trading platform.
Forensic teams are analyzing seized devices and transaction records to map the network’s structure. Authorities suspect the case may extend beyond Kerala and Telangana, with further arrests anticipated. Cyber experts note the growing use of ghost identities in financial crimes to exploit gaps in digital verification systems. More on financial frauds and ghost identities.
Instructure’s Canvas Platform: Repeated Breaches and Controversial Ransom Deal
Education software provider Instructure, operator of the widely used Canvas learning management system (LMS), faced intense scrutiny after two major data breaches in quick succession, disrupting finals for millions of students globally. The attacks, attributed to the hacking group ShinyHunters, compromised data from nearly 9,000 schools and 275 million individuals, including student IDs, emails, and messages.
Key developments:
- Initial breach: ShinyHunters threatened to leak stolen data unless schools paid a ransom by May 6, 2026, later extending the deadline amid negotiations. The group had previously breached Instructure in 2025 (Yahoo News).
- Controversial deal: Instructure announced a ransom agreement with the hackers, claiming to have received “digital confirmation” (via shred logs) that the data was deleted. However, the company acknowledged no certainty the data was permanently erased. Cybersecurity experts, including former FBI Cyber Division deputy director Cynthia Kaiser, warned that paying ransoms funds future attacks and rarely guarantees data destruction (AP).
- Congressional inquiry: The U.S. House Homeland Security Committee, led by Rep. Andrew Garbarino (R-NY), demanded testimony from Instructure CEO Steve Daly to explain the breaches and the company’s coordination with CISA. Lawmakers questioned the adequacy of Instructure’s incident response, noting the same vulnerability was exploited twice (Yahoo News).
- Operational impact: The breaches locked students and faculty out of Canvas during finals week, forcing exam delays. The platform manages grades, lectures, and submissions for millions, amplifying the disruption’s severity (Gulf Coast News Now).
Foxconn Ransomware Attack: Nitrogen Group Claims Breach of Apple/Google Supplier
Taiwanese electronics manufacturer Foxconn, a key supplier for Apple, Google, Nvidia, and Dell, confirmed a ransomware attack affecting its North American facilities. The Nitrogen ransomware group claimed responsibility, asserting it stole 11 million files, including confidential product schematics, guidelines, and bank statements from Foxconn’s clients.
Attack details:
- Double extortion: Nitrogen employs a double-extortion model, encrypting files while threatening to leak stolen data if ransom demands aren’t met. The group published sample images of the stolen files as proof (TechCrunch).
- Impacted operations: Foxconn stated the affected factories were resuming normal production, but the breach’s full scope—including potential supply chain disruptions—remains unclear.
- Client exposure: The stolen data allegedly includes sensitive information from Apple, Dell, Google, Intel, and Nvidia, raising concerns about intellectual property theft and downstream cyber risks.
Foxconn has not disclosed whether it will negotiate with the hackers or the extent of the data compromise. The incident underscores the vulnerability of global manufacturing hubs to targeted ransomware campaigns. The breach highlights the increasing sophistication of ransomware attacks, where cybercriminals not only encrypt data but also threaten to leak it unless ransom demands are met. This double-extortion tactic puts additional pressure on victims, who must decide between paying the ransom or risking the exposure of sensitive information. The situation is further complicated by the involvement of high-profile clients like Apple and Google, whose intellectual property and confidential information are at stake. The potential disruption to the supply chain adds another layer of complexity, as Foxconn is a critical supplier for major electronics manufacturers. The incident serves as a stark reminder of the need for robust cybersecurity measures in manufacturing and supply chain management. For more insights into the rising tide of data breaches and the evolving cybersecurity landscape, refer to the summary on kcnet.in.
Final words
The cybersecurity incidents of May 13, 2026, underscore the accelerating sophistication of threat actors and the urgent need for adaptive defenses. Organizations must treat cyber resilience as a strategic imperative. Transparency and cross-sector collaboration are essential to mitigating future risks. Contact us for more information.