Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Zephyr Energy Loses £700K in Cyber Hit that Rerouted Contractor Payment
Zephyr Energy plc disclosed a cyber‑fraud incident that diverted about £700,000 (≈$890,000) from a routine contractor payment to an attacker‑controlled account. The attack, described as “highly sophisticated,” hit a U.S. subsidiary but left day‑to‑day operations intact. Zephyr promptly involved law enforcement, banks and external consultants, and has added tighter payment‑verification controls. The loss is covered by the company’s working capital, underscoring the financial resilience of the oil‑gas firm despite the breach.
The Hidden Security Risks of Shadow AI in Enterprises
The article warns that shadow AI—unauthorized artificial‑intelligence tools adopted by employees—creates hidden security gaps in enterprises. A 2024 Salesforce survey shows 55% of workers use AI solutions outside IT approval, exposing data to external platforms. These tools can leak credentials,...
Intruder Expands Cloud Security with Agentless Container Image Scanning
Intruder introduced Container Image Scanning, an agent‑less service that automatically checks container images for vulnerabilities across AWS Elastic Container Registry, Google Artifact Registry and Azure Container Registry. The feature runs daily, prioritizing active tags and presenting findings alongside other attack‑surface...
Guidance: MOD Law Enforcement Privacy Notices
The UK Ministry of Defence (MOD) has updated its Law Enforcement Privacy Notices, originally published in January 2024, to clarify how personal data is processed for policing and security purposes. The April 2026 revision renamed the notice, expanded the "Details" section, and...
5 Best Zero Trust Networking Software I Recommend for 2026
The G2‑based roundup identifies the five leading zero‑trust networking platforms for 2026: Zscaler Private Access, Cisco Duo, Palo Alto Networks IoT/OT Security, Okta, and FortiClient. Each tool was evaluated on policy depth, identity and device integrations, deployment speed, and day‑two...
Unstructured Data Is Piling up as AI Risks Rise
A new Thales report, based on a survey of 210 IT and security leaders, finds that more than half of enterprises lack full visibility into their unstructured data estates, and 68% say most of that data remains unprotected. Only 9%...
On Microsoft’s Lousy Cloud Security
In late 2024, federal cybersecurity evaluators warned that Microsoft’s Government Community Cloud High (GCC High) lacked detailed security documentation, describing the offering as “a pile of shit.” Despite the criticism, FedRAMP granted the cloud service an authorization, attaching a “buyer beware” disclaimer....
UK Firms Must Implement New Complaints Process by June 2026
UK Mandatory Data Protection Complaints Handling Process: What Organisations Must Do by 19 June 2026 https://t.co/2KlCF4BOUs https://t.co/CgoOn00PqA
CMMC Non-Compliance: Violations of FCA
Defense contractors must recognize that CMMC gaps alone do not trigger the False Claims Act, but false statements about compliance do. The FCA targets companies that knowingly assert they meet DoD cybersecurity requirements when evidence or internal knowledge contradicts those...
Why Security Automation Is Changing How Teams Protect Enterprise Networks
Enterprise security teams face exploding alert volumes and slow manual triage, prompting a shift toward automation. SIEM platforms aggregate and normalize logs, while SOAR solutions execute playbooks that isolate threats, block IPs, and open tickets without human clicks. High‑quality connectors...
Advenica’s File Scanner Kiosk Scans USB Media for Malware
Advenica introduced the File Scanner Kiosk, a dedicated appliance that scans USB drives for malware before they connect to corporate networks. The kiosk leverages multiple built‑in antivirus engines and features dual USB ports to handle source and destination media simultaneously....
Anthropic’s Mythos Is the Cyberthreat Every CISO Feared
Anthropic is quietly developing Claude Capybara, code‑named Mythos, an AI model that excels at finding vulnerabilities, crafting exploits and chaining multi‑step attacks. The leak of Mythos signals that frontier AI has crossed a cybersecurity threshold, allowing attackers to automate sophisticated code‑review...
Foxcove IT Expands Portland Operations to Target High‑Growth Companies
Foxcove IT, a premium IT consulting firm, announced the expansion of its Portland, Oregon footprint to provide managed services, compliance support, and fractional CIO/CISO advisory to high‑growth businesses. The move positions the firm as a strategic partner for startups and...
Federal Appeals Court Upholds Pentagon’s Supply‑Chain Risk Designation of Anthropic
A three‑judge D.C. Circuit panel rejected Anthropic’s bid for an emergency stay, allowing the Pentagon’s supply‑chain risk designation to remain. The ruling keeps the AI firm off federal contracts and forces enterprises to reassess AI sourcing amid heightened security scrutiny.
30,000 Private Facebook Images Allegedly Downloaded by Meta Employee
A former Meta employee in London is under criminal investigation for allegedly scripting the download of about 30,000 private Facebook images. The Metropolitan Police cybercrime unit is handling the case, and Meta says it discovered the breach over a year...
Fifth Third Beats Back Impersonation Scams
Fifth Third reports a dramatic surge in bank‑impersonation scams, which now represent about 17% of its fraud cases and have tripled since 2024. Fraud leader Kristopher Edwards says scammers are spoofing caller IDs, hijacking search ads, and creating fake social‑media sites...
7 Ways to Boost the Privacy of Your Home and Gadgets
Privacy concerns are infiltrating everyday homes as smart devices collect more data than users realize. Experts advise treating gadgets as computers, disabling unused features, and favoring physical controls like camera shutters. Storing video locally rather than in the cloud reduces...
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
The SANS Institute’s 2026 State of Identity Threats & Defenses Survey reveals a 76 % rise in non‑human identities (NHIs) as AI agents proliferate across enterprises. Seventy‑four percent of firms already deploy AI agents that require credentials, causing NHIs to double...
Certes Launches V7 Platform with Quantum-Safe Encryption Across Hybrid Cloud and Edge Environments
Certes has unveiled version 7 of its Data Protection and Risk Mitigation platform, extending post‑quantum cryptography to hybrid‑cloud, edge and AI workloads. The update introduces per‑flow quantum‑safe encryption and cryptographic micro‑segmentation that can be deployed in days without rewriting legacy applications....
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Google’s Threat Intelligence Group has identified a financially motivated actor, tracked as UNC6783, launching a focused campaign against business process outsourcing firms to pilfer data from their high‑value corporate clients. The group uses live‑chat lures, spoofed Okta login pages and...
It’s Not Just Spyware Scandals: EU Is Funding the Industry that Spies on Europeans
In February 2026 a Greek court sentenced four people, including Intellexa executives, for the Predator spyware scandal that targeted journalists, politicians and business leaders. Investigations reveal that EU programmes such as the European Defence Fund, Horizon research, and the European...
AI Supercharges Scams as ASIC Hits Record Takedowns
Australia’s securities regulator ASIC dismantled a record 11,964 phishing and investment‑scam websites in 2025, a 90% jump from the 6,270 sites removed in 2024. The surge coincides with scammers exploiting artificial‑intelligence tools to craft more convincing fraud content. Despite the...
The Alleged Breach of China’s National Supercomputing Center Can Have Serious Geopolitical Consequences
A hacker group called FlamingChina claims to have exfiltrated more than 10 petabytes of classified military, aerospace and scientific data from China’s National Supercomputing Center in Tianjin. The breach allegedly lasted six months, using a compromised VPN and a botnet to...
Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
Signature Healthcare detected a cyberattack on April 6, 2026, prompting the network to shift to emergency downtime procedures. The breach forced the Brockton Hospital to divert ambulances, cancel chemotherapy infusions, and rely on manual workflows, while surgeries and urgent care continued...
Use of Unauthorised AI Sparks Security and Compliance Concerns for Businesses
Two thirds of UK business leaders worry about data security and compliance risks from employees' unauthorised AI use, according to a Studio Graphene‑commissioned poll of 500 senior managers. The survey found 48% suspect shadow AI tools are in use, rising...
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
Keeper Security has upgraded its Remote Browser Isolation (RBI) within KeeperPAM, adding multi‑tab browsing, full JavaScript support, and administrator‑controlled file uploads. The enhancements also extend KeeperAI‑powered session monitoring to RBI, enabling real‑time anomaly detection across privileged sessions. These changes aim...
Patch Windows Collapse as Time-to-Exploit Accelerates
Rapid7’s 2026 Threat Landscape Report shows confirmed exploitation of high‑ and critical‑severity vulnerabilities more than doubled, rising to 146 incidents in 2025 from 71 in 2024. The median time from public disclosure to inclusion in CISA’s Known Exploited Vulnerabilities list...
Mobile App Security with Ryan Lloyd
In this episode, Ryan Lloyd, Chief Product Officer at GuardSquare, explains how mobile app security differs from desktop and web security, emphasizing that critical logic and IP reside on users' devices, making them prime targets for reverse engineering, tampering, and...
Adobe Reader Zero-Day Exploited for Months: Researcher
A researcher has identified an actively exploited zero‑day vulnerability in Adobe Reader, discovered through a malicious PDF that can harvest system data and may enable remote code execution or sandbox escape. The exploit has been observed in the wild since...
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s Threat Intelligence Group has identified a new financially motivated threat cluster, UNC6783, targeting business process outsourcers and enterprise helpdesks. The group leverages live‑chat interactions to direct victims to spoofed Okta login pages and malicious Zendesk‑support domains, stealing clipboard data...
68% of Banks Increase Fraud Defense Spending as Account Takeovers Spike
Banks are rapidly reclassifying fraud defense from a reactive cost center to core infrastructure, driven by a surge in account‑takeover attacks. The PYMNTS 2025 State of Fraud report shows unauthorized‑party fraud now represents 71% of incidents and losses, pushing average...
Voltage Fault Injection: The Physical Hack That Breaks Open-Source Bitcoin Hardware.
The post reveals that voltage fault injection—a laboratory‑grade physical attack—can compromise 100% open‑source Bitcoin hardware wallets by directly manipulating silicon to bypass PIN protection. Even devices with transparent firmware like Trezor or Blockstream Jade are vulnerable when an adversary gains...
CLEAR1 Achieves FedRAMP® ‘In Process’ Designation to Support Public Sector and Regulated Industries
CLEAR 1, the secure identity platform of CLEAR (NYSE: YOU), has earned a FedRAMP Moderate “In Process” designation and is now listed on the FedRAMP Marketplace. The milestone builds on CLEAR’s contract with CMS to modernize Medicare.gov identity verification and signals...
Vibe Coding Is the New Shadow IT
Generative AI has turned shadow IT into "vibe coding," where employees create applications using natural‑language prompts. While the approach accelerates prototyping and lets non‑developers build tools, the resulting code often lacks testing, security reviews, and documentation. Enterprises face rogue apps...
When Your Legal Tech Vendor Gets Breached: DocketWise Incident Exposes 116,666 Immigration Records and a Profession’s Blind Spot
DocketWise, a cloud‑based immigration case‑management platform, suffered a supply‑chain breach that exposed the personal records of 116,666 individuals, including Social Security numbers, passports, medical data and attorney‑client communications. The intrusion began in September 2025, was detected in October, confirmed in...
Quantum-Safe Email: S/MIME and Post-Quantum Email Security
The article warns that today’s S/MIME email encryption, built on RSA and ECC, will become vulnerable once practical quantum computers arrive. Quantum algorithms like Shor’s could crack RSA‑2048 in hours, exposing corporate contracts, financial data, and intellectual property. The U.S....
Bitcoin Depot Discloses $3.6 Million Crypto Theft Following System Breach
Bitcoin Depot disclosed that on March 23, 2026 attackers siphoned 50.903 Bitcoin, roughly $3.665 million, from its internal settlement wallets after breaching corporate IT systems. The breach was limited to internal credentials and did not affect customer‑facing platforms or data. Bitcoin...
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
A recent comparative study scanned the internet for Modbus‑exposed industrial control system (ICS) devices and identified 179 likely live units, with the United States accounting for 57 of them. The research highlights that many of these devices run legacy protocols...
Kenya’s Cyber Threats Surge 441% in Three Months as Defence Gap Widens
Kenya’s Computer Incident Response Centre reported a 441% jump in cyber threat events, reaching 4.6 billion incidents in the fourth quarter of 2025 – the sharpest rise in at least three years. Distributed Denial‑of‑Service attacks exploded by 1,117% quarter‑on‑quarter, yet advisory...
DRAM’s Whac‑A‑Mole Security Crisis
Rowhammer remains a pervasive DRAM security flaw, and a newer variant called Rowpress is emerging as a complementary threat. Memory manufacturers have introduced refresh‑management commands—RFM, ARFM and DRFM—to target vulnerable rows, yet these mitigations are imperfect and can be weaponized....
Why Incident Response Has Become a Core Responsibility for MSPs
Recent high‑profile cyber breaches in the UK have highlighted that many organizations are unprepared for the aftermath of an intrusion. While technical safeguards remain essential, customers now judge managed service providers (MSPs) on their ability to execute a robust incident...
Quantum Computers and Post-Quantum Security
Swiss financial infrastructure operator SIX is accelerating its shift to post‑quantum cryptography as quantum computers threaten current asymmetric encryption. The firm has launched a comprehensive crypto‑inventory, built crypto‑agility into its systems, and begun hybrid testing of NIST‑standardized PQC algorithms. By...
Your MCP Server Is a Resource Server Now. Act Like It.
The March 26 2025 revision of the MCP specification reclassifies MCP servers as OAuth 2.0 resource servers, demanding a formal identity layer. The article walks through building an identity gateway that uses Keycloak, Maverics, OPA policies, and RFC 8693 token‑exchange to give Claude‑style AI...
$3.6 Million Stolen in Bitcoin Depot Hack
Bitcoin Depot, the largest U.S. Bitcoin ATM operator, disclosed that hackers stole roughly 50.903 BTC, valued at about $3.6 million, after breaching its corporate IT systems on March 23. The company says the intrusion was limited to internal wallets and did not affect...
NCSC Warns of Russian Cyber Hijack Threat
The UK National Cyber Security Centre (NCSC) warned that Russian state‑linked group APT28 is hijacking popular routers such as TP‑Link and MikroTik to reroute internet traffic through malicious DNS servers. By compromising these devices, the group conducts man‑in‑the‑middle attacks that...
AI Agent Intent Is a Starting Point, Not a Security Strategy
Token Security’s research reveals that 65% of agentic chatbots retain live access credentials despite never being used, and 51% of their external actions depend on hard‑coded keys. The study highlights how AI agents are treated as disposable experiments, creating orphaned...
Asqav: Open-Source SDK for AI Agent Governance
Asqav is an open‑source Python SDK that cryptographically signs every autonomous AI agent action using the quantum‑safe ML‑DSA‑65 algorithm and links entries in a tamper‑evident hash chain. The toolkit integrates with five popular agent frameworks—including LangChain and OpenAI Agents—and offers...
When “Opportunity” Knocks, Don’t Answer.
In this episode of Hacking Humans, Dave, Joe, and Maria dissect two major social‑engineering threats: a LinkedIn‑based phishing campaign that uses urgent “business opportunity” emails and look‑alike login pages to harvest credentials, and a $20 million Everest‑guide scam where climbers are...
Hong Kong Police Arrest Man Suspected of Stealing 56,000 Hospital Authority Patients’ Personal Data
Hong Kong police arrested a 30‑year‑old contractor employee suspected of downloading personal data of more than 56,000 Hospital Authority patients. The breach, traced to two contractor offices in the New Territories, involved surgical‑procedure details but not full medical records. Authorities...
Phishers Sneak Through Using GitHub and Jira’s Own Mail Delivery Infrastructure
Security researchers at Cisco Talos have uncovered a new phishing vector that hijacks the native notification systems of SaaS platforms such as GitHub and Atlassian Jira. By embedding malicious text in commit summaries or Jira project fields, attackers trigger automatic...