Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and Supply‑Chain Breaches Surge Across Industries
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises. High‑profile attacks include a ransomware intrusion at Hasbro, a malicious LiteLLM package update that hit AI startup Mercor, and a North Korean‑linked exploit of the Axios JavaScript library.
Also developing:
Enterprises are witnessing a rapid, uncontrolled rollout of Model Context Protocol (MCP) servers, with research showing 15.28% of a 10,000‑person workforce running an average of two servers each. Most deployments use full‑privilege personal access tokens, store credentials in plaintext, and remain invisible to traditional security tools. Strata’s Maverics AI Identity Gateway addresses this gap by federating MCP servers and AI agents through OAuth/OIDC, issuing task‑scoped tokens and centralizing governance via an agent registry. The solution collapses the runtime reachable state space, delivering auditability and least‑privilege enforcement at scale.
Aembit’s test automation team built an internal dashboard to aggregate nightly test results from Qase.io and Slack, using the Aembit Workload IAM platform for runtime credential injection. By centralizing access policies, the Flask‑Vue service never handled static API keys, eliminating...
A 25‑year‑old Montana man, Jeremiah Daniel Starr, received a 46‑month federal prison sentence for a three‑year cyberstalking campaign that escalated into a fake shooting inside the victim's apartment. Investigators uncovered his use of more than 50 phone numbers and NordVPN...
Protests erupted after a federal officer killed Renee Nicole Good in Minneapolis, sparking nationwide unrest against the Trump administration's immigration policies. Activists warn that modern surveillance tools—from IMSI catchers to facial‑recognition cameras—are being deployed to monitor and suppress dissent. The...
A Texas district court issued a temporary restraining order (TRO) on Jan. 5 prohibiting Samsung from collecting audio and visual data from smart‑TVs using Automated Content Recognition (ACR). The order cited deceptive enrollment practices and alleged Chinese Communist Party access to...
Texas a district court issued a temporary restraining order prohibiting Samsung from collecting, selling, or transferring audio‑visual data from smart TVs owned by Texas residents. The order targets Samsung’s Automated Content Recognition (ACR) system, which captures screenshots every 500 milliseconds...
Researchers at Radware disclosed a new prompt‑injection method called ZombieAgent that lets ChatGPT exfiltrate data from integrated services such as Gmail, Outlook, Google Drive, and GitHub. The technique sidesteps OpenAI’s recent URL‑modification guardrails by using pre‑built static URLs, leaking information...
Cisco Talos has identified a long‑running cyber‑espionage campaign, designated UAT‑7290, targeting high‑value telecommunications infrastructure across South Asia since at least 2022. The group compromises public‑facing edge devices using one‑day vulnerabilities and SSH brute‑force techniques, deploying a suite of Linux‑based tools...
The article debunks the myth that Linux’s inherent security makes it invulnerable, emphasizing that unpatched vulnerabilities are a growing risk for enterprises. Recent SANS and NVD data show rising ransomware, kernel exploits, and misconfigurations targeting Linux workloads. Automated, autonomous patch...
CISA has added two high‑severity flaws to its 2026 Known Exploited Vulnerabilities (KEV) catalog: CVE‑2025‑37164, a code‑injection bug in Hewlett Packard Enterprise OneView rated 10.0, and CVE‑2009‑0556, a 9.3‑severity remote‑code‑execution issue in legacy Microsoft PowerPoint 2000‑2004. Rapid7 published a proof‑of‑concept...
Enterprises now juggle an average of 45 cybersecurity products, yet breach reductions remain modest. Organizations that adopt continuous threat exposure management see far better outcomes than those relying on larger toolsets. The article argues that security teams often base defenses...
Zero-knowledge proofs are emerging as a privacy-preserving alternative to traditional compliance reporting, allowing firms to demonstrate regulatory adherence without revealing sensitive data. The article highlights adoption in finance, healthcare, and cybersecurity, noting that ZK‑SNARKs and ZK‑STARKs each offer distinct trade‑offs...
The article warns that any API key embedded in a frontend—web, mobile, or desktop—can be extracted, citing studies where over half of Android apps and 71 % of iOS apps leaked credentials. It recommends the Backend for Frontend (BFF) pattern, which...
CrowdStrike announced a $740 million cash acquisition of identity‑security startup SGNL, aiming to embed real‑time, AI‑aware access controls into its platform. SGNL’s identity‑first solution eliminates static credentials and continuously grants or revokes permissions for human, non‑human and AI agents. The deal,...
Cybersecurity has shifted from an IT concern to a material business risk, with 43% of UK firms reporting breaches in the past year and average losses of £3.29 million per incident. Boards now face pressure to demonstrate proactive risk management, and...
A China‑linked threat group identified as UAT‑7290 has been conducting espionage‑focused intrusions against telecom providers in South Asia and, more recently, organizations in southeastern Europe. The actor performs extensive reconnaissance before exploiting one‑day vulnerabilities and SSH brute‑force to compromise edge...
Upwind has launched Choppy AI, an add‑on that embeds generative‑AI capabilities throughout its Cloud‑Native Application Protection Platform (CNAPP). The tool converts natural‑language commands into visible, editable queries and security rules, letting teams investigate inventories, policies, and vulnerabilities without opaque black‑box...
Edge computing is now integral to defense, utilities and public safety, relying on rugged IoT devices that operate in extreme, disconnected environments. These deployments break traditional cybersecurity assumptions such as continuous connectivity and frequent patching, exposing critical infrastructure to heightened...
Researchers have uncovered a sophisticated phishing campaign that impersonates DocuSign to deliver the Vidar information‑stealing malware to Windows computers. The attack uses a look‑alike domain and a fake installer signed with a legitimate Chinese code‑signing certificate to bypass reputation filters....
Methodist Homes of Alabama and Northwest Florida disclosed a second data breach, stemming from a compromised employee email account accessed between May 8 and May 21, 2025. The breach exposed personal identifiers such as Social Security numbers, dates of birth, Medicare numbers, and...
The article demonstrates how AI agents built with Pydantic AI can use union‑type structured output to manage uncertainty in software vulnerability triage. By allowing the model to return either a detailed CriticalVulnerability record or an UnableToAssess response, agents avoid hallucinating fields...
Azul Intelligence Cloud now integrates with the open‑source OpenRewrite engine to automatically identify, flag, and safely remove unused or dead Java code. The solution combines runtime visibility from Azul Code Inventory with rule‑based refactoring, applying incremental annotations before code deletion....
This week’s ThreatsDay bulletin highlighted a surge in cyber threats across multiple fronts. CISA expanded its KEV catalog by 245 high‑risk flaws, while a critical hard‑coded token in RustFS exposed clusters to remote takeover. OpenAI faced a court order to...
Microsoft confirmed an Exchange Online outage that intermittently blocks mailbox access via IMAP4, first reported at 23:35 UTC on Wednesday. The issue stems from a code conflict that introduced an authentication misconfiguration, while other connection methods remain functional. Microsoft has deployed...
Security researchers from QED Secure Solutions uncovered a critical Bluetooth authentication flaw in WHILL’s Model C2 and Model F electric wheelchairs (CVE‑2025‑14346). The vulnerability allows attackers within range to pair with the device, seize control of movement, override speed limits,...
A new Absolute Security report, based on a poll of 750 CISOs in the US and UK, finds that endpoint disruptions from cyber‑attacks often require 3‑6 days to remediate, with 19% taking up to two weeks. The average cost to...
Microsoft announced that starting next month it will require multi‑factor authentication for every user who signs into the Microsoft 365 admin center. The policy applies to all admin‑level accounts, regardless of organization size or licensing tier. Existing MFA configurations will...
Today's K‑12 schools must protect students across physical spaces, emotional climate, psychological trust, and digital platforms. Research shows that safety directly boosts engagement, participation, and academic achievement. Districts ignoring any safety dimension risk lower attendance, disrupted instruction, and eroding community...
The React Server Components “Flight” protocol remote code execution flaw (CVE‑2025‑55182), known as React2Shell, has become the focus of a massive exploitation campaign. GreyNoise has logged over 8.1 million attack sessions, with daily volumes stabilizing at 300‑400 k after a December peak...
Chainguard’s quarterly “State of Trusted Open Source” report analyzes usage of over 1,800 container images across its customer base, revealing that Python is the most popular image and that the majority of production workloads rely on a long‑tail of less‑common...
Trend Micro issued a critical patch (Build 7190) for its on‑premise Apex Central platform, addressing three remotely exploitable flaws disclosed by Tenable. The most severe, CVE‑2025‑69258, enables unauthenticated attackers to inject a malicious DLL into MsgReceiver.exe and gain SYSTEM‑level code execution....
According to a Financial Times investigation, Chinese state‑linked hackers breached email systems used by staff of several influential House committees. The intrusion gave the actors access to legislative drafts, policy discussions and potentially classified briefings. U.S. officials highlighted the vulnerability...
Site reliability engineering (SRE) and security teams traditionally operate in separate silos, creating friction that stalls reliability initiatives and slows security controls. The article proposes a unified framework that merges reliability goals, risk budgets, joint observability, and integrated incident response...
The Trump administration signed an executive order on Jan. 7 withdrawing the United States from 66 international bodies, including the Global Forum on Cyber Expertise (GFCE) and the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE). Both organizations coordinate...
President Donald Trump signed a memorandum ordering the United States to withdraw immediately from three major cyber‑security coalitions: the European Centre of Excellence for Countering Hybrid Threats, the Global Forum on Cyber Expertise, and the Freedom Online Coalition. The exits...
Researchers disclosed a new Windows rootkit technique that hides malicious processes by using the legitimate PsSetCreateProcessNotifyRoutineEx API to repair ActiveProcessLinks just before the kernel’s PspProcessDelete validation runs. This timing‑based bypass evades both PatchGuard and Hypervisor‑Protected Code Integrity, allowing processes to...
Credential stuffing exploits reused passwords by feeding leaked username‑password pairs into login forms across services. The technique surged as data breaches and infostealer malware supply vast credential caches, with 62% of Americans admitting frequent reuse. High‑profile incidents—35,000 PayPal accounts in...
Cybersecurity researchers disclosed eleven critical‑severity flaws in Coolify, an open‑source self‑hosting platform, that enable authenticated users to execute arbitrary commands as root and even escape containers. The vulnerabilities, catalogued as CVE‑2025‑66209 through CVE‑2025‑59158, carry CVSS scores from 9.4 to 10.0....
Cisco has released patches for a critical vulnerability (CVE‑2026‑20029) in its Identity Services Engine (ISE) that allows administrators to read arbitrary files via malformed XML uploads. A proof‑of‑concept exploit is publicly available, prompting Cisco to advise immediate upgrades to the...
IPFire released Core Update 199, bringing Wi‑Fi 6 and Wi‑Fi 7 support, native LLDP/CDP discovery, and a Linux 6.12.58 kernel. The update upgrades Suricata to version 8.0.2 and refines OpenVPN handling, including multiple DNS/WINS pushes. It also patches a proxy‑related CVE and improves web‑interface...
Managed service providers (MSPs) are facing a market shift where cybersecurity is now a core expectation rather than an optional add‑on. Data Security Posture Management (DSPM) offers a continuous, automated view of sensitive data across tenants, turning security into a...
GitLab has issued emergency patches—versions 18.7.1, 18.6.3 and 18.5.5—to close seven newly disclosed vulnerabilities affecting self‑managed instances. The flaws include two high‑severity stored and reflected cross‑site scripting bugs, missing authorization checks in AI GraphQL endpoints, and a runner‑removal issue that...
Recorded Future’s Insikt Group uncovered a credential‑harvesting campaign by the Russian‑state backed BlueDelta group throughout 2025. The actors deployed phishing emails with legitimate‑looking PDFs to lure victims into fake Microsoft Outlook Web Access, Google, and Sophos VPN login portals, using...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has designated a maximum‑severity vulnerability in Hewlett Packard Enterprise (HPE) OneView as actively exploited. Identified as CVE‑2025‑37164, the flaw permits unauthenticated code‑injection attacks that lead to remote code execution on any OneView...
In December 2025 scammers hijacked PayPal’s subscription feature to generate authentic‑looking notification emails from service@paypal.com, inserting fake purchase details and a phone number to lure victims into callback scams. The abuse relied on a paused subscription triggering a legitimate “payment no...
StackRox is an open‑source Kubernetes security platform that unifies build‑time image scanning, configuration analysis, and runtime telemetry. It ingests data from container images, Kubernetes APIs, and live cluster activity to drive policy checks covering vulnerabilities, privilege escalation, and network exposure....
Australian insurer Prosura confirmed a cyber incident on Jan 3, 2026 after detecting unauthorized access to internal systems. The breach led the company to temporarily disable its self‑service portal, halting online policy purchases, claims and account management. Fraudulent phishing emails were sent...
A vulnerability in the TLP power‑profiles daemon (version 1.9.0) lets local users bypass Polkit authentication and tamper with system power settings. The flaw stems from using Polkit’s deprecated “unix‑process” subject, creating a PID race condition that grants elevated control without admin...
The episode covers a wave of social‑engineering threats targeting holiday travelers, charitable donors, and taxpayers, highlighting fake booking sites, fraudulent cancer‑research crowdfunding, and IRS‑impersonation scams that promise "too‑good‑to‑be‑true" refunds. Hosts share real‑world examples—a suspicious nonprofit chair email, a BBC investigation...
In a Help Net Security video, Living Security CEO Ashley Rose explains that AI’s integration into everyday workflows expands the definition of insider risk to include autonomous agents and automated processes. She notes that most risky actions stem from broken...
