Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Dozens of U.S. Cities Pull Flock Safety License‑Plate Cameras After Privacy Outcry
More than 30 U.S. cities have terminated contracts with Flock Safety, removing its AI‑powered license‑plate readers after public pressure over privacy and data‑sharing with ICE. The wave of cancellations, which began in early 2026, underscores growing scrutiny of municipal surveillance tech and could reshape GovTech procurement.
Why Backup Automation Is Critical for Agency Hosting
Digital agencies face site failures that can cost revenue, SEO rankings, and reputation. Manual backups are error‑prone; automated backups provide reliable, frequent snapshots with retention. A modern system should deliver daily backups, 30‑day history, one‑click restores, and client‑visible reporting. Implementing...
New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
Apple has issued a global warning about a new wave of social‑engineering scams that target iPhone users through fake Apple Pay alerts and urgent phone calls. The fraudsters create panic, press victims to call a supplied number, and in extreme cases...
Inside the FBI’s Router Takedown that Cut Off APT28’s ‘Tremendous Access’
The FBI’s Operation Masquerade forced a reset of DNS settings on more than 18,000 compromised TP‑Link routers, cutting off Russian GRU‑linked APT28 (Fancy Bear) from infiltrating over 200 organizations worldwide. By targeting the routers themselves, the agency blocked the malicious IP...
MailRoute Expands MSP Program to Simplify Email Security Delivery
MailRoute has refreshed its MSP and channel partner program to deliver email security as a fully white‑label service that can be provisioned in minutes via MX‑level filtering. The new model lets managed service providers onboard client domains by changing two...
SOCRadar Unveils AI Agent Marketplace and Identity Intelligence to Protect Against Identity-Driven Cyberattacks
SOCRadar has launched an AI Agent Marketplace that lets organizations buy and deploy specialized autonomous agents for tasks like phishing detection, brand abuse protection, and dark‑web monitoring. The company also introduced Identity and Access Intelligence to expose credential leaks across...
USCIS Explores Remote Identity Verification for Immigration Services
U.S. Citizenship and Immigration Services (USCIS) issued a Request for Information seeking a software‑only, API‑driven platform that can authenticate identity documents and perform facial comparison remotely. The agency wants a solution that works on any mobile device or web browser,...
STX RAT Targets Finance Sector With Advanced Stealth Tactics
A new remote access trojan, STX RAT, was discovered after an attempted intrusion in a financial services firm in February 2026. The malware employs multi‑stage scripts, in‑memory execution, and encrypted C2 traffic to evade traditional defenses. It can harvest browser data,...
Little Snitch Comes To Linux To Expose What Your Software Is Really Doing
Little Snitch, the macOS network‑monitoring utility, is being ported to Linux. The prototype leverages eBPF for kernel‑level traffic interception and is built primarily in Rust with a web‑based interface that can monitor both local and remote machines. Early testing on...
Tesla Cracks Down on FSD Hacking Devices, Remotely Shuts Down Access
Tesla has begun remotely disabling Full Self‑Driving (FSD) on vehicles equipped with unauthorized CAN‑bus hack modules that bypass regional software locks. The €500 devices, popular in Europe, South Korea, China and Turkey, unlock FSD where regulatory approval is pending, prompting...
WatchGuard Targets EDR Pricing Pressure with MSP-Focused Endpoint Model
WatchGuard launched a new endpoint security portfolio that bundles AI‑driven detection, vulnerability management, and URL filtering into a tiered licensing model aimed at managed service providers (MSPs). The approach removes the so‑called “entry‑level tax,” allowing MSPs to offer baseline protections...
8 Best Practices for a Bulletproof IAM Strategy
Organizations must move beyond default IAM configurations to counter rising identity‑related threats such as AI‑driven attacks, machine identities, and sophisticated phishing. The article outlines eight best practices, including adopting zero‑trust, deploying phishing‑resistant MFA, enforcing strong password policies, applying least‑privilege access,...
Fuzzing: What Are the Latest Developments?
Fuzz testing has moved from a niche security tool to a mainstream assurance technique, now covering cloud‑native, embedded, and safety‑critical systems. Innovations such as grammar‑based, hybrid, and AI‑assisted fuzzers boost coverage and efficiency, while emulation‑based approaches enable early testing of...
Lumen: Upstream Network Visibility Is Enterprise Security’s New Front Line
Lumen’s 2026 Defender Threatscape Report argues that modern cyber‑attacks reveal their most decisive signals upstream, in the network, rather than on endpoints. Leveraging its backbone visibility into 99% of public IPv4 space, Black Lotus Labs monitors over 200 billion NetFlow sessions...
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
LayerX researchers discovered that the CLAUDE.md configuration file can be weaponized to bypass Claude Code’s safety guardrails, enabling automated SQL‑injection attacks without any programming. By inserting just three lines of plain English, the AI assistant was convinced it had permission to...
XDR vs SIEM vs SOAR: What’s the Right Cybersecurity Strategy in 2026?
The article examines the evolving roles of SIEM, SOAR and XDR in 2026, emphasizing that no single tool can address modern threat landscapes alone. While SIEM provides foundational log collection and compliance, SOAR automates response workflows, and XDR delivers context‑rich,...
Critical Open‑Source Projects Need Funding and Stronger Oversight
Feels like one of the cybersecurity risks over the coming months will be widely used open-source projects that are simply too lightly maintained for how critical they’ve become. A few ways to help: - fund open source more, and reward maintainers better -...
Google Addresses Privacy Concerns Around Gemini in Gmail
Google announced that its Gemini AI embedded in Gmail will not use personal email content for model training, processing each request locally and discarding the data afterward. The company emphasized that Gemini acts as a temporary assistant, keeping user inboxes...
Audit First, Build Later: Counterintuitive Path to 8‑Figure ARR
Would you pay auditors to audit you 10 times before building your product? This founder did. His startup hit 8-figure ARR. @grease_ is the co-founder of @sprintoHQ, a compliance automation platform that's now at 8-figure ARR with 3,000+ customers....
WhatsApp Enhances Privacy, Yet Gaps Remain
WhatsApp might be improving its privacy options, but there's still more to be done. https://t.co/Ibrc6RGxAp
Apple Intelligence AI Guardrails Bypassed in New Attack
Researchers from RSAC demonstrated a method to bypass Apple Intelligence's on‑device AI guardrails, achieving a 76% success rate across 100 test prompts. The technique merges the Neural Execs prompt‑injection attack with Unicode right‑to‑left override manipulation, allowing malicious output to slip...
Ex‑Trenchant Exec Sold Exploits Amid Depression, Money Woes
Former Trenchant exec who stole exploits from his employer and sold them to Russian broker says he was suffering depression & money troubles when he decided to sell exploits. New info also reveals work he did for Australian intel agency...
AI Models Will Soon Design Advanced Weapons and Threats
“That’s exactly what we expect from those models – they’re going to become better at developing hacking tools, biological weapons, chemical weapons, novel weapons we can’t even envision,” Yampolskiy added.
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
The FBI recovered deleted Signal messages from a suspect’s iPhone by extracting the device’s push‑notification database, which stored copies of incoming messages even after the app was removed. The evidence was used in a trial concerning a July incident at...
Tech Roundup: Podcasts, Supply-Chain Breach, Docs Framework
Fragments: two podcasts, a worryingly well-done supply-chain attack, framework for tech documentation, and a particularly thoughtful AI coding experience https://t.co/ABSAxWDYqw
AI Threat Real; Demands Global Government and Industry Cooperation
Yes, the threat from AI systems is real, and requires nation state cooperation, including across industry....
The Ghost in the Machine: Securing Non-Human Identities
BeyondTrust will address the growing risk of non‑human identities at the ITWeb Security Summit in Johannesburg, highlighting how machines, applications and service accounts are becoming prime attack vectors. The firm warns that attackers now prefer logging in with over‑privileged or...
Meta Shuts Down Internal AI Token Leaderboard Amid Privacy Concerns
Meta eliminated the employee‑created "Claudeonomics" leaderboard that tracked AI token usage across its 85,000‑strong workforce. The tool had recorded more than 60 trillion tokens in a 30‑day span, prompting concerns over data privacy, cost control and internal governance.
Security Researchers Tricked Apple Intelligence Into Cursing at Users. It Could Have Been a Lot Worse
Security researchers at RSAC demonstrated that Apple Intelligence, the on‑device AI built into iPhones, iPads, Macs and Vision Pro, can be hijacked through prompt‑injection attacks. Using a Neural Exec technique combined with a Unicode right‑to‑left override, they forced the model to utter...
As Fraud Escalates, Taking a Beat Becomes a Critical Defense
Fraud in the United States surged to an all‑time high, with the FBI reporting nearly $21 billion in losses last year and over one million complaints filed. Cryptocurrency investment scams alone accounted for $11 billion in damages, while AI‑driven schemes generated $893 million in...
Microsoft 365 Modernization Is Becoming a Data Sovereignty Challenge
Enterprises are now treating Microsoft 365 data sovereignty as a front‑line buying criterion rather than a post‑deployment check. Modernization projects—migrations, restructurings, and Copilot rollouts—are accelerating, exposing gaps in permissions, guest access, and identity sprawl that can undermine compliance. Governance must travel...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
ThreatsDay bulletin highlights a surge in the hybrid P2P botnet Phorpiex, a 13‑year‑old Apache ActiveMQ RCE chain, record cyber‑fraud losses, AI‑driven DDoS evolution, and multiple supply‑chain and malware incidents. Phorpiex now infects roughly 125,000 devices daily, using peer‑to‑peer communication to...
Secure Accounts by Binding Them to Physical SIMs
Ties accounts to physical SIMS (not sketchy auto shared seeds and profiles -see my blog.)
From AML to Data Reform: The 2026 Compliance Agenda for UK Law Firms
In 2026 UK law firms will face intensified scrutiny across anti‑money‑laundering, sanctions, data protection and court‑transparency rules. The transition of AML oversight from the SRA to the FCA, the rollout of Companies House identity‑verification requirements, and the Data (Use and...
Weak at the Seams
The article argues that cyber risk is no longer a collection of isolated silos but a systemic threat amplified by digital transformation across healthcare, finance and manufacturing. While global security spending is projected to exceed $212 billion in 2025, the exposure...
‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online
Bellingcat uncovered nearly 800 compromised email‑password pairs belonging to 12 of Hungary’s 13 ministries, exposing senior officials in defence, foreign affairs and interior ministries. The breaches, traced through the Darkside breach database, reveal simple passwords like "Password" and "1234567" as...
Lotte Card Given Notice of $3M Penalty, Business Suspension over Massive Data Breach
Lotte Card has been served a notice from South Korea's Financial Supervisory Service requiring a penalty of roughly 5 billion won (about $3.38 million) and a suspension of new customer sign‑ups for more than four months. The penalties will be finalized by...
Beware BTS Ticket Scams: Spot Fake Sites Quickly
Global K-pop sensation BTS are back with a world tour, and tickets are disappearing in seconds — but so is fans’ money via fake “official” sites. Scammers are cloning ticket-booking pages to steal from K-poppers worldwide. How to spot fakes...
86% of Businesses Refused to Pay Cyber Ransoms in 2025 — Coalition Insurance
Coalition’s 2026 cyber claims report, covering over 100,000 policyholders in the US, Canada, UK, Australia and Germany, found that 86% of the 1,400 high‑signal ransomware claims from 2025 did not result in a ransom payment. Ransom demands surged 47% year‑over‑year,...
Did Your IT Department Tell You About What Happened in AI This Week?
Anthropic unveiled Mythos, an AI model that identified tens of thousands of hidden vulnerabilities across banks, hospitals, operating systems and browsers, prompting a coordinated warning to twelve leading tech firms through Project Glasswing. Simultaneously, the company launched Claude Managed Agents,...
Capita Under Investigation After Workers Hit by Pensions Data Breach
Capita, the administrator of the UK Civil Service Pension Scheme, is under government investigation after confirming a second data breach within three years. The latest incident affected up to 138 retirees, who either received incorrect annual statements or had their...
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
The Madras High Court dismissed cybersecurity specialist Himanshu Pathak’s appeal seeking a multi‑ministry investigation into alleged security lapses at Star Health Insurance. While his petition was pending, Star Health suffered a cyber‑attack on October 9 2024 that exposed policyholder data. Pathak, a policyholder,...
A Hacker Has Allegedly Breached One of China’s Supercomputers and Is Attempting to Sell a Trove of Stolen Data
A hacker claims to have exfiltrated over 10 petabytes of classified data from China’s National Supercomputing Center in Tianjin, including defense documents and missile schematics. The breach allegedly spanned months and went undetected, affecting more than 6,000 clients across scientific...
ENISA Launches Public Consultation on Draft EUDI Wallet Certification Schemes
ENISA has opened a public consultation on a draft certification scheme for providers of the EU Digital Identity (EUDI) wallet, following a two‑year agreement to back the European Commission’s rollout. The core EU wallet regulation took effect in May 2024, and...
Amid Rising Cyber and Physical Threats, Center for Cross-Sector Coordination Launches
The Center for Cross‑Sector Coordination (CXC) launched as an industry‑driven, not‑for‑profit hub that links owners and operators across all 16 U.S. critical infrastructure sectors. Its mission is to improve coordination, share security tools, training, and threat intelligence, and act as...
Don’t Just Fight Fraud, Hunt It
The article warns that AI has transformed fraud into an industrialized, global enterprise that can create tens of thousands of synthetic identities in days. Traditional detection methods—such as tracking reused emails or devices—are rapidly losing relevance, with unique email patterns...
OPSWAT Adds Predictive AI Engine to MetaDefender for Pre-Execution Threat Detection
OPSWAT introduced Predictive Alin AI, its first proprietary AI‑driven threat detection engine, into the MetaDefender platform. The static‑analysis engine predicts malicious intent in milliseconds, delivering sub‑100‑ms inference while maintaining a tiny memory footprint. In internal tests the engine achieved 99.99%...
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Palo Alto Networks and SonicWall each released emergency patches addressing multiple vulnerabilities, including two high‑severity flaws. Palo Alto fixed three bugs—most notably CVE‑2026‑0234 affecting Cortex XSOAR/XSIAM’s Microsoft Teams integration—and added dozens of Chromium security updates. SonicWall patched four issues in...
Russian Hackers Exploit SOHO Routers for DNS Hijacking Campaign
Russian-linked threat group Forest Blizzard has been hijacking home and small‑office routers since at least August 2025, turning them into covert DNS infrastructure. Microsoft reported over 200 organizations and more than 5,000 consumer devices infected, enabling passive traffic monitoring and targeted...
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
A new macOS malware dubbed notnullOSX is targeting cryptocurrency wallets holding more than $10,000. The threat, linked to a hacker known as 0xFFF (now alh1mik), spreads via fake Google Docs warnings and a malicious Terminal command called ClickFix, then requests...