Panorama Studios International Discloses Cybersecurity Incident at Third-Party Service Provider

Panorama Studios International has filed a disclosure with the Bombay Stock Exchange under Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, informing stakeholders of a cybersecurity incident at a third-party service provider responsible for hosting and managing the company's official email systems and website. The disclosure, dated 07 May 2026, was signed by Company Secretary Yatin Chaphekar.

Nature of the Cybersecurity Incident

The incident originated from a critical zero-day vulnerability, identified as CVE-2026-41940, which affects servers running the latest versions of cPanel/WHM. The vulnerability was disclosed by cPanel on 30 April 2026, with the advisory noting that it could potentially allow unauthorized access to hosting control panels, resulting in modification or deletion of user data. The company received a communication dated 07 May 2026 from the service provider detailing the sequence of events.

According to the service provider's communication, despite the immediate implementation of recommended security updates and mitigation measures upon receiving the advisory, the hosting infrastructure was subjected to a sophisticated cyberattack. The attacker gained unauthorized access and severely damaged user data and services. Multiple suspicious files were also identified on certain user accounts.

Impact on Data and Operations

The following table summarises the key details of the incident as disclosed:

Parameter:	Details
Vulnerability ID:	CVE-2026-41940
Affected Software:	cPanel/WHM (latest versions)
Vulnerability Disclosed By:	cPanel on 30 April 2026
Communication Received:	07 May 2026
Services Affected:	Official email systems and company website
Data Impact:	Partial or no recovery possible for certain data
Backup Status:	Historical backup data deleted by attacker

The attacker allegedly deleted database server data as well as historical backup data from the compromised environment, thereby restricting restoration from backup sources. As a result, certain data may only be partially recoverable or may not be recoverable at all. The service provider has since migrated all remaining recoverable data to a new server environment, as the compromised server was no longer considered secure or trustworthy.

Company's Clarifications and Precautionary Measures

Panorama Studios International has provided the following clarifications regarding the incident:

The incident occurred at the level of the external service provider and not within the company's internal IT infrastructure.
The company is in continuous coordination with the service provider to assess the nature and extent of the incident.
The impact on the company's data and operations is currently being evaluated.

As precautionary measures, the following steps have been taken:

The company's website has been temporarily taken offline.
Email communications may be disrupted or unreliable during this period.

Stakeholders have been advised to exercise caution and verify any communication claiming to be from the company until further notice.

Ongoing Remediation and Next Steps

The service provider is currently undertaking restoration and remediation measures, with efforts underway to recover website data from alternative resources. Panorama Studios International has also stated that it is reviewing additional safeguards to mitigate such risks. The company has committed to keeping the stock exchange informed of any further material developments in this regard. A copy of the communication received from the third-party service provider has been enclosed as Annexure – A with the regulatory filing.

1 Day	5 Days	1 Month	6 Months	1 Year	5 Years
+6.15%	-4.87%	-5.19%	-22.15%	-28.58%	+1,762.91%

Panorama Studios International Limited has executed a Memorandum of Understanding (MoU) with Durga Devi Pictures LLP for the exploitation of theatrical rights of the Telugu language film titled Leelavathi. The announcement was made pursuant to Regulation 30 read with Schedule III of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015. The disclosure was filed with the Bombay Stock Exchange Limited on 06/05/2026.

MoU Details

The agreement grants Durga Devi Pictures LLP the rights to exploit theatrical distribution of Leelavathi across the North India including Orissa territory. The film is produced in the Telugu language and features a notable ensemble cast. The key details of the MoU are summarised below:

Parameter:	Details
Agreement Type:	Memorandum of Understanding (MoU)
Counterparty:	Durga Devi Pictures LLP
Rights Type:	Theatrical Rights Exploitation
Territory:	North India including Orissa
Film Title:	Leelavathi
Language:	Telugu
Disclosure Date:	06/05/2026
Regulatory Reference:	Regulation 30, SEBI LODR Regulations, 2015

Film Cast and Crew

The film Leelavathi features a prominent cast and is helmed by an established director. The key creative contributors are as follows:

Lead Cast: Lavanya Tripathi, Dev Mohan, VTV Ganesh, VK Naresh, Saptagiri, Jaffar Sadiq, and others
Director: Tatineni Satta

Regulatory Disclosure

The MoU was disclosed to the Bombay Stock Exchange Limited in accordance with Regulation 30 read with Schedule III of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, as amended from time to time. The communication was signed by Yatin Chaphekar, Company Secretary of Panorama Studios International Limited, and digitally authenticated on 06/05/2026.