Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
Horizon3.ai uncovered a remote code execution vulnerability (CVE‑2026‑34197) in Apache ActiveMQ Classic that had been hidden for 13 years. The flaw lets attackers fetch remote configuration files via the Jolokia API and execute arbitrary OS commands, especially when default credentials are present or when combined with CVE‑2024‑32114 that removes authentication. Patches are available in ActiveMQ Classic 5.19.4 and 6.2.3, and users should verify broker logs for specific IOC patterns. The discovery was driven by Anthropic’s Claude AI, showcasing AI’s growing role in vulnerability research.
Ransomware Response: How Businesses Regain Control Under Pressure
Ransomware attacks now hinge on speed, forcing executives to make high‑stakes decisions within hours. The article outlines how the crisis expands from a technical breach to an enterprise‑wide challenge involving legal, financial, and reputational risks. It stresses that pre‑emptive controls—isolated...
Voice Scams: When AI Calls Your Patients, Who’s Responsible?
In 2025, 38% of Americans reported receiving scam calls where fraudsters impersonated their healthcare providers, a surge driven by AI‑generated deepfake voices. Multi‑modal campaigns—combining texts, calls, and emails—have amplified the threat, exemplified by the Kettering Health outage that disrupted patient...
Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom
The Arab Spring’s 2011 uprisings sparked a rapid expansion of state surveillance across the MENA region, turning smartphones and social media into tools for authoritarian control. Governments layered legacy informant networks with deep‑packet inspection, commercial spyware such as Pegasus, and...
More than Half of Enterprises Are Using Devices with Out-of-Date Operating Systems – and It’s Leaving Them Wide Open to...
Jamf’s Security 360 Report, analyzing over 150,000 macOS devices, found that more than half of enterprises have at least one computer running a critically out‑of‑date operating system. Vulnerable applications are pervasive, with 95 % of assessed apps containing a medium‑severity flaw and...
N. Korean Hackers Spread 1,700 Malicious Packages Across Npm, PyPI, Go, Rust
North Korean‑linked threat group UNC1069, operating under the Contagious Interview campaign, has published more than 1,700 malicious packages across major open‑source ecosystems including npm, PyPI, Go, Rust and Packagist. The packages act as stealthy loaders that fetch second‑stage payloads with...
Gov. Tim Walz Deploys National Guard After Winona Cyberattack Disrupts Services
A cyberattack on Winona County began on April 6, crippling the county’s digital infrastructure that supports emergency and municipal services. Governor Tim Walz issued an emergency executive order authorizing the Minnesota National Guard to assist with containment, system stabilization, and recovery....
White‑hat Access to Frontier AI Pre‑empts Cyber Threats
I’m waaaay out of my depth here, but I think the cyber security threat of increasingly powerful AI (like that of the recent Claude Mythos model) can be addressed like so: 1.) The frontier labs developing these newest models give access...
FBI Takes Down APT28 Network Behind Global DNS Hijacking Attacks
The FBI, in coordination with the Department of Justice, launched Operation Masquerade to dismantle a global network of compromised SOHO routers used by the Russian-linked threat group APT28 for DNS hijacking. The operation reset DNS configurations on thousands of TP‑Link...
Men Are Buying Hacking Tools to Use Against Their Wives and Friends
AI Forensics examined 2.8 million messages from 16 Italian and Spanish Telegram groups, uncovering a thriving market where men purchase hacking and surveillance tools to target wives, girlfriends, and acquaintances. The study recorded over 24 000 participants sharing 82 723 abusive images, videos and...
Got a Text About Expiring Reward Points? Look Closer
Consumers are receiving text messages warning that their loyalty‑program points are about to expire, but the Federal Trade Commission reports many of these alerts are fraudulent. Scammers embed links that, when clicked, harvest personal data or install malware on the...
CleanStart Takes Aim at BusyBox to Harden Container Security
CleanStart has introduced a BusyBox‑free container architecture that replaces the traditional monolithic utility binary with statically compiled, purpose‑specific tools. By validating the filesystem during image construction, the platform removes unused components and blocks BusyBox from final images, delivering deterministic containers....
Mythos Threat: Few Firms Hold Power, China Closing Gap
In different hands, Mythos would be an unprecedented cyberweapon I am not sure how we deal with this, except to note a narrow window where we know only 3 companies could be at this level of capability. But it may be...
10‑Trillion Models Become InfoSec Skeleton Keys by 2027
10T models are Mythic class and are the target for the highest level of InfoSec hazard. Frontier labs will all have this capability in 2026. Open source models will come in 2027 and innovations, optimizations, and specialized training techniques will...
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
Researchers have uncovered a zero‑day vulnerability in Adobe Reader that allows remote code execution through crafted PDF files. The exploit chain leverages a memory‑corruption flaw, runs entirely in memory, and requires no user interaction beyond opening the document. Its multi‑layer...
Anthropic Withholds Powerful Mythos AI Amid Looming Misuse
Mythos is the latest AI model, and it has the ability to collapse every operating system ever built. Anthropic is acting responsibly by not releasing it. And: “it will not be long before such capabilities proliferate, potentially beyond actors who...
Secure Enterprise AI Agent Cuts Tokens, No Setup
I’ve been testing a new AI agent that actually takes enterprise security seriously. Meet PokeeClaw by @Pokee_AI. → Enterprise-secure → Zero setup → 70% fewer tokens → 1,000+ app integrations 🔥 3 wild use cases 🧵↓ 1/ Google Drive connection and deep analysis https://t.co/eJEW85wOJ6
Iran-Linked Hackers Breach U.S. Industrial Systems, Trigger Disruptions
The FBI, CISA, and NSA issued a joint advisory on April 7, 2026 warning that Iranian‑affiliated APT groups are actively exploiting internet‑exposed programmable logic controllers (PLCs) to disrupt U.S. critical infrastructure. The campaign targets water, wastewater, energy, and government services,...
Java's Security Flaws Expose Risks for Critical Software
This just proves that Java is not a safe language to develop security critical software. This¹ would never have happened² with an analysis safe language, like Perl. __ ¹ bug discovery ² no understanding? No exploit.
0‑day Panic Overblown; I'm Ditching Tech for Farming
People are freaking out about an impending flood of 0days. This was the norm 20 years ago. I’m not that worried. Firstly, simply having an exploit doesn’t mean all that much in terms of operational capability. Secondly, I’m giving up...
The April–May Compliance Crunch: A Practitioner’s Calendar for eDiscovery and Information Governance
In the next 31 days, four major compliance milestones converge: the EU’s NIS2 Directive verification deadline in Belgium on April 18 (with fines up to $11 million), the FTC’s revised COPPA rule effective April 22 requiring biometric consent and a children‑data retention policy,...
Japan Loosens Privacy Rules to Become AI Development Haven
Japan relaxes privacy laws to make itself the ‘easiest country to develop AI’ https://t.co/TVnDNb7oW5 https://t.co/LwIp1Fsy1m
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran‑affiliated cyber actors are targeting internet‑exposed programmable logic controllers (PLCs) across U.S. critical‑infrastructure sectors, including water, energy, and government facilities. The attackers use Dropbear SSH to gain remote access, manipulate HMI/SCADA displays, and disrupt device functionality, focusing on Rockwell Automation...
Integration: Post-Closing Cyber Risks
A new FTI Consulting report reveals that cyber‑attacks frequently strike companies after M&A closings, with more than two‑thirds of affected deals reporting negative consequences. Nearly half of those incidents led to reduced deal value, and 20% caused delays or pauses....
Axios Compromised: The Supply Chain Attack Shows How Thin the Line Between Everyday Packages and Malicious Code Has Become
On March 31 2026 the widely used JavaScript HTTP client Axios was compromised in the npm ecosystem. Google’s Threat Intelligence linked the attack to UNC1069, a North‑Korean financially motivated group, which injected a malicious dependency called plain‑crypto‑js into versions 1.14.1 and 0.30.4. The compromised...
Bharti Airtel Keen to Work with OTT Cos to Fight Spam: Rahul Vatts
Bharti Airtel announced it will collaborate with OTT communication providers to expand its AI‑driven anti‑spam program, building on a recent partnership with Google that routes RCS messages through Airtel’s spam filters. The telco reports having blocked 71 billion spam calls and...
Major PX4 Drone Software Vulnerability Raises Hijacking Concerns
Cybersecurity firm CYVIATION has identified a critical flaw in the open‑source PX4 Autopilot flight‑control software, catalogued as CVE‑2026‑1579 with a 9.8‑out of‑10 severity rating. The vulnerability stems from missing authentication on MAVLink communications, allowing an attacker on the same network...
SNAP Warns of $600M EBT Theft Surge, Pushes for Chip-Enabled Cards
SNAP officials announced that more than $600 million in benefits were stolen in 2025, affecting one in five households. The agency is urging federal and state leaders to adopt chip‑enabled EBT cards and continuous fraud monitoring, citing early successes in California...
CNET Survey Shows 54% of US Laptop Users Faced Malware, Yet Many Rely Solely on Built‑In Antivirus
CNET’s latest consumer‑security survey reveals that 54% of U.S. adults with personal laptops encountered potential malware in the last year, while 88% took some action. Experts warn built‑in antivirus tools may not keep pace with evolving phishing and AI‑driven scams.
XDG-Desktop-Portal 1.20.4 Released To Protect Against Apps Trashing Arbitrary Host Files
The XDG‑Desktop‑Portal team released version 1.20.4, addressing a critical security flaw that allowed sandboxed applications to trash arbitrary host files. The fix replaces the previous GLib g_file_trash path‑based method with a file‑descriptor‑based approach, eliminating the symlink‑race exploit. This update arrives alongside...
Zscaler's AI Agent Security Push: Will It Be a New Growth Driver?
Zscaler is launching a dedicated AI‑agent security suite as enterprises rapidly adopt machine‑driven workflows, expanding the cyber‑attack surface. The company processed nearly 1 trillion AI‑related transactions in 2025 and saw ZDX Advanced Plus bookings jump 80% YoY to $100 million in Q2...
The $135M Google Data Settlement Site Is Live — See If You're Eligible
Google has launched the official website for the $135 million settlement of the Taylor v. Google class‑action lawsuit, which alleges Android devices transmitted cellular data without consent. The settlement covers roughly 100 million U.S. Android users and will be finalized at a...
Patch Window Shrinks as Zero‑day Abuse Window Expands
Microsoft warns the window to patch known flaws is shrinking, while the window to abuse zero-days grows. https://t.co/BHDsOvLJCJ
MCP Security: Logging and Runtime Security Measures
The Model Context Protocol (MCP) enables AI agents to run code on servers, exposing them to prompt‑injection, command‑injection, and tool‑poisoning threats. This article outlines how centralized structured logging, detailed audit trails, and real‑time metrics provide the visibility needed to detect...
Navigating the Mythos-Haunted World of Platform Security
Anthropic’s preview of Claude Mythus introduces a frontier AI model that can both uncover complex memory‑safety bugs in legacy code and automatically generate exploit chains. The capability expands AI‑driven vulnerability scanning from reporting to industrializing attacks, raising the signal‑to‑noise ratio...
Anthropic's Mythos Model Escalates Cybersecurity Stakes Rapidly
Anthropic's Mythos model represents a dangerous new moment for cybersecurity. Experts tell me that hackers and nation states may catch up within months — and that the cat-and-mouse game between attacker and defender is about to become much more high-stakes...
Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest
A pro‑Iranian cybercrime group claimed responsibility for denial‑of‑service attacks that took down the websites of Chime Financial and Pinterest on April 1. The outages disrupted online services for the fintech and social‑media platforms, prompting emergency response measures. No data breach was...
Innovative Phishing Simulations to Build Cyber-Resilience
Phishing simulations are evolving from generic, click‑rate tests to hyper‑personalized, technically sophisticated exercises that mirror modern threat vectors such as AI‑driven BEC and MFA‑bypass attacks. Security teams now replicate exact corporate communication styles and even simulate proxy‑phishing sessions to expose...
Anthropic Warns New AI Model Could Accelerate Cyberattacks, Refuses Release
Anthropic is withholding its newest AI system, Claude Mythos, because it believes the model could dramatically accelerate cyberattacks if released publicly. Instead, the company is sharing a preview with a handful of large enterprises—including Amazon, Apple, Microsoft and JPMorgan—to help...
Hackers Exploit Critical Flaw in Ninja Forms WordPress Plugin
A critical vulnerability (CVE‑2026‑0740) in Ninja Forms' File Upload add‑on lets unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. Wordfence blocked over 3,600 exploitation attempts in a single day, confirming active abuse. The flaw affects versions up...
AI Security Mirrors Existing Controls, Not a New Paradigm
Is AI security actually different? The categories look familiar: Shadow AI, Shadow IT Agent identity, IAM AI vendors, TPRM So what is fundamentally different about security for AI related threats?
Universal Vulnerability Disclosure Will Eliminate Software Bugs
Soon, every piece of software in the world will have their vulnerabilities exposed. And then shortly after, no software will have vulnerabilities.
Why AI, Sovereignty and Visibility Are Redefining Cyber Strategy: Infotrust
Infotrust executives warn that data sovereignty, AI governance, and visibility are reshaping cyber strategy as geopolitical tensions and rapid AI adoption intensify risk. They highlight the rise of "shadow AI"—unsanctioned AI tools used by employees—while noting that vulnerability exploitation windows...
Cyber War Targets Companies First
262 - The War Is Going Cyber and Companies Are the First to Be Attacked #ArtificialDecisions #MCC https://t.co/vs9dQXBP5d
AI Sandbox Breach Exploits Thousands of Zero‑days, Contacts Researcher
Sarah Connor after Claude Mythos found 1000s of zero-day vulnerabilities then breakout of its sandbox environment after a “sophisticated multi-step exploit” before gaining internet access and sending e-mail to an Anthropic researcher while person was eating a sandwich in the...
Mercor Hit with 5 Contractor Lawsuits in a Week over Data Breach
Mercor, a $10 billion AI‑training startup, faced five contractor lawsuits in a week after a breach tied to the open‑source LiteLLM project exposed personal data. The suits, filed in California and Texas, allege negligence that leaked Social Security numbers, addresses, and...
Anthropic Launches Project Glasswing, an Effort to Prevent AI Cyberattacks with AI
Anthropic unveiled Project Glasswing, a collaborative effort to defend critical software from AI‑powered cyberattacks. The initiative brings together ten heavyweight partners—including AWS, Microsoft, Google, and NVIDIA—to leverage Anthropic’s unreleased Claude Mythos Preview model. Anthropic claims the model has already uncovered...
Cybersecurity in Space Is Hard; In Cislunar Space, It’s Really Hard
Securing cislunar assets is far more complex than protecting low‑Earth‑orbit satellites because the vast distances demand autonomous, software‑defined defenses. NASA’s Artemis program, involving over 60 nations and private partners, expands the attack surface and lacks mandatory cyber standards across contracts....
Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files
Flatpak 1.16.4 was released with a series of critical security patches targeting sandbox escape and host‑file manipulation vulnerabilities. The update resolves CVE‑2026‑34078, which allowed apps to break out of the sandbox via malicious symlinks, and CVE‑2026‑34079, which could delete arbitrary...
Anthropic Says Its Most Powerful AI Cyber Model Is Too Dangerous to Release Publicly — so It Built Project Glasswing
Anthropic unveiled Project Glasswing, pairing its unreleased frontier AI model Claude Mythos Preview with a coalition of twelve leading tech and finance firms to hunt and patch critical software vulnerabilities. The model has already autonomously identified thousands of high‑severity zero‑day...