Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
7.7 TB of LAPD Records Exposed in City Attorney Office Hack
Hackers breached the Los Angeles City Attorney’s office, publishing more than 7.7 TB of confidential LAPD records and internal affairs documents. The leak, affecting roughly 340,000 files, spotlights critical gaps in municipal cyber defenses and fuels political backlash against city leaders.
Vibhor Kumar: AI at the Edge, Truth in Postgres
Edge AI is maturing as latency, privacy and regulatory constraints push computation and state to the source of data. PostgreSQL 18, with async I/O, OAuth authentication, row‑level security and skip‑scan support, provides a trustworthy local ledger for these workloads. The...
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HackerOne announced on March 27 that it will pause new vulnerability submissions to its Internet Bug Bounty (IBB) program, citing an unsustainable surge of AI‑generated reports that outpace open‑source maintainers' remediation capacity. The influx has driven valid findings down from roughly...
Agencies Warn Iranian-Linked Hackers Targeting Critical Infrastructure
U.S. agencies warned that Iranian‑linked hacker groups are exploiting programmable logic controllers (PLCs) across multiple critical‑infrastructure sectors, causing operational disruptions and financial losses. The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the FBI urging immediate mitigation...
Disney, Google Seek Dismissal Of Children's Privacy Claims
Disney and Google are asking a California federal judge to dismiss a class‑action lawsuit that accuses them of violating the Children’s Online Privacy Protection Act by failing to label child‑directed YouTube videos as “Made for Kids,” which allegedly enabled targeted...
Banning New Foreign Routers Mistargets Products to Fix Real Problem
On March 23 the FCC updated its Covered List to ban all new consumer routers made abroad unless granted a Department of Defense or Homeland Security exception. The agency says foreign‑made routers create supply‑chain vulnerabilities that could threaten the U.S....
Tiny Open-Weight Models Replicate Anthropic's Vulnerability Detection
"But here is what we found when we tested: We took the specific vulnerabilities Anthropic showcases in their announcement, isolated the relevant code, and ran them through small, cheap, open-weights models. Those models recovered much of the same analysis. Eight...
New macOS Stealer Campaign Uses Script Editor in ClickFix Attack
Security researchers have identified a new macOS stealer campaign that leverages the built‑in Script Editor to deliver the Atomic Stealer (AMOS) malware. The attack uses an “applescript://” URL from fake Apple‑themed cleanup sites, launching a pre‑filled script that runs an...
I Didn't Realize How Many Ways Google Was Tracking Me Until I Checked These Settings
The article reveals how deeply Google tracks users through services like Web & App Activity, personalized ads, and third‑party app connections. It walks readers through step‑by‑step instructions to pause or delete activity logs, disable ad personalization, and revoke app permissions....
Reclaim Developer Hours Through Smarter Vulnerability Prioritization with Docker and Mend.io
Mend.io has integrated with Docker Hardened Images (DHI) to deliver a zero‑configuration solution that automatically distinguishes base‑image vulnerabilities from application‑layer risks. By leveraging Docker’s VEX (Vulnerability Exploitability eXchange) data, the platform filters out non‑exploitable and unreachable CVEs, allowing developers to...
AI Memory Becomes Critical Security Attack Surface
AI memory is becoming a management liability. We treat AI agents like Claude Code as intelligent partners, asking them to learn our habits and project context. But new research from Cisco highlights a fundamental business constraint: AI agents are currently too...
CISA Orders Feds to Patch Exploited Ivanti EPMM Flaw by Sunday
CISA has placed Ivanti Endpoint Manager Mobile (EPMM) in its Known Exploited Vulnerabilities catalog and issued a Binding Operational Directive requiring federal agencies to patch the critical CVE‑2026‑1340 flaw by April 11. The code‑injection bug enables unauthenticated remote code execution on...
Arelion Employs NETSCOUT Arbor DDoS Protection Products
Arelion, a Tier‑1 IP backbone provider serving 129 countries, has deepened its partnership with NETSCOUT to modernize its DDoS defense. After 16 years using Arbor Sightline and the Threat Mitigation System, Arelion added three NETSCOUT offerings—Sentinel, ATLAS Intelligence Feed, and...
6 Winter 2026 G2 Leader Badges Prove This DDoS Protection Stands Out
NETSCOUT’s Arbor Threat Mitigation System (TMS) captured five G2 leader badges for winter 2026, spanning enterprise DDoS protection, momentum, regional Asia, and web security categories. Its companion solution, Arbor Sightline, earned a leader badge in enterprise network management. The awards...
Claude Mythos Uncovers Decades‑Old Bugs, Shows Emergent Hacking Power
A researcher at Anthropic found out about a successful exploit when the model sent him an email. He was eating a sandwich on a bench outside. Anthropic released Claude Mythos yesterday. Beyond the engineer’s lunch, the model has the potential to...
Ensuring Cyber Control Over Autonomous AI Systems
Maintaining cyber control when #AI can act #Autonomously by Matthew Lloyd Davies @techradar Learn more: https://t.co/0BeRyZaQ5S #CyberSecurity #Infosec #IT #Technology https://t.co/hGtv2pnZa8
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Researchers have identified a new Chaos malware variant that now targets misconfigured cloud deployments, such as a deliberately vulnerable Hadoop instance. The updated 64‑bit ELF binary drops a SOCKS proxy feature while removing its previous SSH‑based spreading mechanisms. The attack...
Hacker Claims Breach of China's Supercomputer, Offers Data
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data https://t.co/IR3JGutX9t
Why Operationalizing AI Security Is the Next Great Enterprise Hurdle
NWN announced an AI‑powered managed security operations suite built on its Experience Management Platform (EMP). The offering stitches together telemetry from Palo Alto Networks, Cisco and Arctic Wolf into a single control plane, aiming to tame the 50‑80 tool sprawl...
Passport Numbers for More than 300,000 Leaked During December Eurail Data Breach
Eurail B.V., the Dutch‑based rail‑pass provider, disclosed a December 26 cyber‑attack that exposed personal data for 308,777 customers, including passport numbers. Hackers copied the information and posted a sample on Telegram, while offering the full dataset for sale on the dark...
How Botnet-Driven DDoS Attacks Evolved in 2H 2025
In the second half of 2025, DDoS attacks remained numerically steady but grew dramatically in scale and sophistication. AI‑enhanced DDoS‑for‑hire services enabled even non‑technical actors to launch multiterabit floods, with IoT botnets such as TurboMirai reaching 30 Tbps and 4 gigapackets per...
Open‑Weight LLMs Detect Same Vulnerabilities as Mythos
It's not just Mythos: Cheap, open-weight LLMs can find the vulnerabilities that Anthropic revealed Mythos found.
Perpetuals Launches Quantum Resilient Security Service to Strengthen Encryption Standards Across Financial Markets
Perpetuals.com Ltd announced Quantum‑Resilience‑as‑a‑Service (QRaaS), a security offering that injects quantum‑derived entropy into existing cryptographic processes for financial institutions and other high‑value users. The service integrates with RSA, AES and TLS without requiring system‑wide algorithm changes, using PCIe QRNG hardware,...
SOC2 Is an Extortion Scam Needing Disruption
What I want to see disrupted the most is SOC2. What an extortion/scam that is.
Criminals Use Emojis to Evade Dark‑Web Monitoring
Security analysts aren't scanning the dark web for emojis, allowing criminals to share messages wiithout being spotted. https://t.co/1exPH3KCtK
HaystackID Named Finalist for Intelligent Insurer’s Cyber Insurance Awards USA 2026 in Two Categories
HaystackID has been named a finalist in two categories of Intelligent Insurer’s Cyber Insurance Awards 2026, recognizing its VALID™ suite and overall cybersecurity solutions. The awards, now in their third year, spotlight firms that help insurers and insureds manage escalating...
Hack-for-Hire Spyware Campaign Targets Journalists in Middle East, North Africa
A suspected Indian‑linked hack‑for‑hire group, identified as the Bitter APT, has been deploying Android ProSpy spyware against journalists and activists across the Middle East and North Africa. The campaign, active since at least 2022, uses spear‑phishing messages from fake social‑media...
Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign
The Department of Justice and FBI announced the takedown of a Russian GRU‑run cyber‑espionage operation, dubbed Operation Masquerade, that compromised thousands of home and small‑office routers, primarily TP‑Link devices, across 23 U.S. states and abroad. The attackers, identified as the APT28/Fancy Bear...
FBI Says AI and Crypto Scams Drove $21 B in U.S. Fraud Losses in 2025
The FBI’s 2025 Internet Crime Report revealed that Americans lost $20.87 billion to fraud, a 26% jump from the prior year. AI‑generated deepfakes and cryptocurrency schemes accounted for a large share, while elder fraud topped $7.7 billion. The surge underscores growing vulnerabilities...
AI‑Generated Phishing Costs U.S. Firms $12.5 B in 2024, Prompting New Enterprise Defenses
AI‑generated phishing attacks drove $12.5 billion in losses for U.S. companies in 2024, up 25% from the prior year. IBM’s research shows generative AI can produce a convincing phishing email in minutes, accelerating the threat. CIOs are scrambling to blend technology...
Anthropic’s Project Glasswing May Not Be Enough to Prevent Model Abuse
Anthropic launched Project Glasswing, a coalition with AWS, Apple, Nvidia, JPMorgan Chase and Palo Alto Networks, to protect critical software using its Claude Mythos preview model. Mythos can autonomously discover thousands of vulnerabilities across major operating systems and browsers, highlighting...
Russian State‑Backed Fancy Bear Hijacks 18,000 Routers in 120 Countries to Steal Passwords
Russian intelligence‑linked group Fancy Bear infiltrated at least 18,000 MikroTik and TP‑Link routers in roughly 120 countries, rerouting traffic to harvest passwords and access tokens. The campaign, uncovered by Black Lotus Labs, the U.K. NCSC and Microsoft, underscores the vulnerability of...
Google API Keys Quietly Gain Access to Gemini on Android Devices
A flaw in Google’s API‑key system automatically grants Gemini AI access to any key once the service is enabled, exposing Android apps to unauthorized use. CloudSEK’s analysis of 10,000 apps uncovered 32 active keys in 22 applications that together have...
Hackers Steal and Leak Sensitive LAPD Police Documents
Hackers infiltrated the Los Angeles Police Department’s internal network and exfiltrated thousands of sensitive files, including officer personnel records, internal‑affairs investigations, and unredacted discovery documents. The data was posted online by the Distributed Denial of Secrets platform, which identified the...
ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet
A new campaign is hijacking publicly exposed ComfyUI instances—an open‑source UI for stable diffusion models—to run illicit cryptocurrency mining and proxy botnet operations. Threat actors scan cloud IP ranges with a custom Python tool, exploiting unauthenticated deployments to execute malicious...
Synthetic Identities And Malicious Bots Boost Fraud Attacks, LexisNexis Says
LexisNexis Risk Solutions reports synthetic‑identity fraud as the fastest‑growing fraud type in 2025, representing 11% of global fraud—a rise eight‑fold from 2024. The surge is driven by criminals using generative AI to craft realistic identities, especially in Latin America, which...
Coding Agents Enable Cheaper, Faster Software Hardening
"I think we’re going to see a lot more reimaginings, where people attack old problems with modern tactics. Coding agents lower the costs of taking on stalwarts and raise our ability to rapidly harden our software." https://t.co/rDAftsXXKe < I like...
Telenor Facing Legal Action over Myanmar Claims
Telenor is facing a Norwegian class‑action lawsuit filed by the Justice and Accountability Initiative on behalf of Myanmar customers, accusing the telecom of handing over user data and surveillance technology to the military junta. The suit alleges that at least...
Telenor Sued Over Claims It Exposed Myanmar Customers to Junta Repression
A Swedish non‑profit has filed a class‑action lawsuit in Norway on behalf of more than 1,200 Myanmar citizens whose call‑log and location data were allegedly handed to the military junta by Telenor’s local subsidiary. The complaint seeks €9,000 (about $10,500)...
Quantum Threat Looms: Upgrade Cybersecurity Now
Quantum computing is coming. And it will challenge current cybersecurity. Even if quantum-ready machines are 5–10 years out, moving to quantum-safe systems can’t wait. https://t.co/WhtoSQvyc4
Aztec - Privacy as a Native Execution Layer
Aztec unveiled its Alpha Network on March 31, 2026, a Layer‑2 solution that embeds private execution, identity, and data directly into the contract layer using its Noir programming language. The network enables developers to label functions as public or private,...
Stopping Remote Support Ransomware Footholds Before Attack
Great post here and read from @Binary_Defense and a real-life story and breach we prevented at a customer. Remote Support to Ransomware Foothold: Stopping a Pre-Ransomware Intrusion https://t.co/xUGW63zCeL #BinaryDefense
Timor-Leste Is Vulnerable to ‘Infiltration by Foreign Organized Crime’, President José Ramos-Horta Says
Timor‑Leste’s president José Ramos‑Horta warned that the island nation is vulnerable to infiltration by foreign organized crime. Australian Federal Police have deployed digital‑forensics and cyber experts to help local law enforcement after a December 2025 visit. A joint Guardian‑OCCRP investigation linked...
Most CISOs Ignore Mythos Alerts; Threats Arrive Within Nine Months
Curious how many large organization CISO offices have taken the Mythos red team reports as the red alert that it is. (I suspect very few) Based on historical trends in AI they have, at most, about six to nine months until...
Latest $285M Crypto Hack Suggests Next Major Exploit Could Come From ‘Compromised’ Developers
On April 1, Drift Protocol halted deposits after a coordinated attack that siphoned roughly $285 million in a 12‑minute drain. investigators linked the breach to the same actors behind the October 2024 Radiant Capital hack, identifying a social‑engineering campaign that compromised multisig signers...
Alarm in Health Service over Palantir Staff Being Given NHS Email Accounts
Health service staff are alarmed after Palantir engineers were given NHS.net email accounts, granting them access to a directory of up to 1.5 million NHS employees. The access accompanies Palantir's £300 million ($380 million) contract to deliver its Federated Data Platform, which promises...
Sensitive LAPD Materials, Including Officer Personnel Files, Leaked in Suspected Hack
A suspected hack of the Los Angeles city attorney’s office exposed a massive trove of LAPD records, including officer personnel files and Internal Affairs investigation documents. Approximately 7.7 terabytes of data and more than 337,000 files were made available for download,...
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Pluralsight unveiled SecureReady, an end‑to‑end cybersecurity skill development platform aimed at closing talent gaps for CISOs and IT leaders. The solution pairs a constantly refreshed library of on‑demand courses with more than 350 hands‑on labs and expert‑led seminars, releasing new...
Is a $30,000 GPU Good at Password Cracking?
The article tests whether a $30,000 AI‑grade GPU can outpace a high‑end consumer card in password cracking. Using Hashcat, Specops benchmarked Nvidia's H200, AMD's MI300X, and the RTX 5090 across MD5, NTLM, bcrypt, SHA‑256 and SHA‑512 hashes. The RTX 5090 consistently delivered...
Content Security Policy Drift in Salesforce Lightning: Engineering Stable Embedded Integration Boundaries
Salesforce Lightning embeds external CTI frames via iframes that depend on Content Security Policy (CSP) settings. Because CSP is evaluated at runtime, any change in the external vendor’s CDN or redirect path can cause the frame to be blocked, even...