Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
North Korean Agents Embedded in 40+ DeFi Platforms for Nearly a Decade: Taylor Monahan
Security researcher Taylor Monahan revealed that North Korean actors, linked to the Lazarus Group, have been embedded in more than 40 decentralized finance (DeFi) platforms for almost ten years. The disclosure ties the recent $280 million Drift Protocol exploit to this long‑running infiltration network. NCC Group’s research confirms similar attack patterns across the crypto sector dating back over a decade. The finding underscores systemic weaknesses in DeFi operational security.
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
Security researchers have identified a campaign that scans cloud IP ranges for exposed ComfyUI instances—a popular Stable Diffusion UI—and hijacks them for cryptocurrency mining and proxy botnet operations. The Python‑based scanner exploits a misconfiguration in custom nodes to achieve unauthenticated...
AI Is Reshaping Cyber Risk. Boards Need to Manage the Threat.
AI‑enabled cyber attacks now cost an average $4.88 million per breach and have surged 44% in a single year, while 77% of organizations still lack basic AI security practices. The article argues that traditional VUCA thinking no longer fits; instead, a...
Cyberattack Hits Northern Ireland’s Centralized School Network, Disrupting Access for Thousands
A cyberattack on Northern Ireland’s centralized C2K school network forced the Education Authority to shut down access for hundreds of thousands of pupils and teachers. The breach, discovered last week, prompted immediate containment actions, including system shutdown and collaboration with...
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
Keeper Security’s new report, presented at RSA 2026, reveals that companies are rapidly deploying AI agents and other non‑human identities (NHIs) without adequate security controls. Nearly half of surveyed firms give AI‑powered tools access to critical data, yet 76% lack...
AI-Enabled Device Code Phishing Campaign Exploits OAuth Flow for Account Takeover
Microsoft Defender Security Research uncovered an AI‑enabled phishing campaign that weaponizes the OAuth Device Code Authentication flow to hijack organizational accounts. The attackers automate live device code generation, bypassing the standard 15‑minute expiration and multi‑factor authentication by decoupling the user’s...
AI Coding Surge Overwhelms Security Review Capacity
Vibe coding security risks (based on the sheer amount of new code being introduced at companies) -> The rapid adoption of AI coding tools has let workers generate massive volumes of code, leaving companies scrambling to review and secure the...
Your Keys to Secure Password Management—Included with Zoho Workplace
Zoho has added its password manager, Zoho Vault, to the Zoho Workplace suite at no extra cost. The integration lets teams generate, store, autofill and securely share passwords while providing role‑based access controls and real‑time security alerts. By backing up...
Fake Gemini Npm Package Steals AI Tool Tokens
Hackers published a counterfeit npm package named gemini‑ai‑checker, posing as a Google Gemini token verifier, to hijack developers' AI coding environments. The package contacts a Vercel‑hosted endpoint during installation, retrieves an obfuscated JavaScript backdoor, and executes it in memory, stealing...
Load Shedding and Request Prioritization: Keeping Critical Flows Alive During Outages
A sudden bot flood of 50,000 requests per second can cripple a payment processing service, inflating response times from 50 ms to eight seconds and exhausting CPU and database connections. Load shedding counters this by proactively rejecting low‑priority requests once system...
The Hidden Cost of Recurring Credential Incidents
Recurring credential incidents impose hidden operational costs beyond headline breach expenses. IBM reports the average breach cost $4.4 million, yet everyday password resets represent up to 30 % of help‑desk tickets, each costing roughly $70. Weak policies and forced periodic changes drive...
GPUBreach Exploit Uses GPU Memory Bit-Flips to Achieve Full System Takeover
Researchers unveiled GPUBreach, a novel GPU Rowhammer attack that flips bits in GDDR6 memory to corrupt GPU page tables and achieve full system compromise. By chaining arbitrary GPU memory reads/writes with driver‑level bugs, an unprivileged CUDA kernel can elevate privileges...
CII Reveals ‘Labelling Problem’ as Barrier to Effective Vulnerability Management
The Chartered Insurance Institute’s new Road to Consumer Trust report flags the industry’s “labelling problem” – advisers avoid recording client vulnerability because it triggers extra compliance steps. CII proposes a proportionate, practical approach that aligns FCA Consumer Duty expectations with...
Cybersecurity Unicorn Torq Is in Talks to Acquire This AI Startup for $50 Million
Cybersecurity unicorn Torq, valued at $1.2 billion after a $140 million funding round, is in advanced talks to acquire Boston‑based AI security assistant Jit for about $50 million. The deal would merge Torq’s large security command center with Jit’s automated tools to create...
Quantum Penetration Testing: Are We Ready Yet?
Is It Time For A Quantum Penetration Test? by J Nathaniel Ader @Forbes Learn more: https://t.co/CodfvKavfv #QuantumComputing #EmergingTech #Technology #Innovation #Tech https://t.co/rKyowhOBLq
FIRESIDE CHAT: Geopolitical Turmoil, Rising AI Risk Add a New Layer to Enterprise Cyber Defense
At RSAC 2026, enterprise security leaders highlighted a dual crisis: a surge of unsanctioned AI tools and growing geopolitical distrust of U.S.-controlled cloud services. Skyhigh Security’s Sanjay Castelino reported that European firms are reassessing reliance on American cloud infrastructure, demanding...
Airrived Named Among Only 11 Startups in Gartner’s “Emerging Tech: AI Vendor Race — Startups to Watch in Agentic AI”
Airrived has been named one of only 11 startups in Gartner’s March 2026 report on emerging agentic AI, standing out as the sole company purpose‑built for cybersecurity and IT operations. The Gartner evaluation covered 129 startups, and Airrived’s Agentic OS platform...
Data Breach Exposes Jones Day Client Files After Ransomware Threat
Jones Day disclosed a data breach that exposed confidential client files after a ransomware threat forced the firm to shut down parts of its network. The intrusion, discovered in early April 2026, affected both internal documents and client communications, prompting...
FCC Proposes Extending Ban on Chinese Networking Gear to All Products
The Federal Communications Commission has issued a proposal to expand its existing ban on Chinese networking gear, covering not only new models but also equipment previously authorized. The move targets Huawei, ZTE, Hikvision, Dahua, Hytera and other firms, prompting comments...
Family Firms More Exposed To Cybersecurity Risks
Family businesses are increasingly exposed to the same cyber threats as large corporations, yet many still treat security as a technical afterthought. High trust, legacy technology, and informal governance create unique vulnerabilities that can lead to insider breaches and ransomware...
Metro Cities Halt Flock Safety License‑Plate Readers Amid Privacy Outcry
Dunwoody, Georgia, and several other U.S. cities have voted to defer renewal or shut down Flock Safety’s automated license‑plate‑reader cameras after residents raised privacy and security concerns. The move puts roughly $860,000 of recent municipal spending under review and signals...
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers have revived the ClickFix social‑engineering scheme to drop a sophisticated Node.js‑based remote access Trojan on Windows machines. The campaign uses a fake CAPTCHA page to execute a Base64‑encoded PowerShell command that silently installs a malicious MSI containing a full...
Google Says Quantum Computer Could Crack Bitcoin in Under 9 Minutes, Prompting Urgent Security Push
Google researchers released a whitepaper indicating that a sufficiently powerful quantum machine could derive a Bitcoin private key in under nine minutes, with a 41% success probability. The finding compresses the timeline for a practical quantum attack to as early...
Fake Buffett, Real Reputation Risk: How Deepfakes Are Reshaping the Cyber Landscape
In November 2025 a TikTok video featuring a hyper‑realistic deepfake of Warren Buffett promoted crypto giveaways, exposing how synthetic media can be weaponized for fraud. The clip amassed over 17,000 subscribers before the deception was uncovered, highlighting the speed at...
Supply Chain Security Is Now a Board-Level Issue: Here’s What CSOs Need to Know
Supply chain security has moved from a niche technical issue to a board‑level priority, driven by stringent regulations like the European Cyber Resilience Act and U.S. EO 14028. Open‑source components now appear in 97% of commercial applications, with 86% harboring vulnerabilities,...
Hong Kong Police Can Force You to Reveal Your Encryption Keys
Hong Kong police have gained the legal authority to compel individuals to disclose encryption keys for computers, phones, hard drives and other devices under a revised National Security Law framework. The power extends to anyone transiting the city’s airport, and...
Every Encryption System Needs a Cryptography Bill of Materials
Cybeats Blog | Cryptography Bill of Materials (CBOM): Why Every Encryption Ecosystem Needs One https://t.co/DGQpWfPZ3F
Infinite Electronics Facility Earns CMMC Level 2
Infinite Electronics announced that its Hayden, Idaho facility has earned Cybersecurity Maturity Model Certification (CMMC) Level 2 after a third‑party audit. The certification validates compliance with all 110 NIST SP 800‑171 controls required to protect Controlled Unclassified Information and Federal Contracting Information....
Cloudflare and GoDaddy Ink Partnership to Rein in AI Agents Reshaping Web Traffic
Cloudflare and GoDaddy announced a partnership that extends Cloudflare’s AI traffic‑control suite to GoDaddy’s roughly 20 million small‑business websites. The deal adds the Web Bot Auth system, which uses cryptographic verification to let legitimate bots prove their identity while blocking impersonators....
As Breakout Time Accelerates, Prevention-First Cybersecurity Takes Center Stage
Cyber attackers are leveraging AI to accelerate ransomware and lateral movement, cutting average breakout time to about 30 minutes—29% faster than a year ago. Roughly 80% of ransomware‑as‑a‑service groups now embed AI or automation in their kits, enabling rapid credential...
Cloud-First Vs. Sovereign-First: Navigating the Trade-Off
Enterprises are increasingly adopting sovereign cloud solutions to meet data‑residency mandates, mitigate geopolitical risk, and reduce reliance on foreign cloud providers. Gartner defines sovereign cloud as locally hosted services that ensure legal and operational autonomy, a definition echoed by Forrester...
U.S. CISA Adds a Flaw in Fortinet FortiClient EMS to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet FortiClient EMS vulnerability CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated 9.1 on the CVSS scale, enables unauthenticated attackers to bypass authentication via an API and...
Open‑source Tool Simplifies SOC 2, ISO 27001, HIPAA, GDPR Compliance
Comp AI: The open-source way to get compliant with SOC 2, #ISO27001, #HIPAA and #GDPR https://t.co/mvwHwvS9mu https://t.co/q7t0s2qhc4
SEALSQ and IC’Alps Achieve Key Common Criteria Certification Steps
SEALSQ Corp and its subsidiary IC’Alps announced major progress in their Common Criteria (CC) security certification programs. Independent evaluator SERMA confirmed that the QS7001 Secure Element achieved a PASS on fault‑injection and side‑channel resistance tests, moving the platform toward full...
Comp AI: The Open-Source Way to Get Compliant with SOC 2, ISO 27001, HIPAA and GDPR
Comp AI launches an open‑source compliance platform that automates SOC 2, ISO 27001, HIPAA and GDPR readiness. The tool combines an AI‑driven policy editor, automated evidence collection, and a device‑agent that monitors encryption, antivirus, password and screen‑lock settings. Core code is released...
ICO Urges Parents to Treat Online Privacy Like Road Safety
The UK Information Commissioner’s Office has launched the “Switched on to Privacy” campaign, urging parents to treat children’s online privacy with the same vigilance as road safety and stranger danger. New research of 1,000 parents shows 75% fear their kids...
Maidar Secure, Strike48 Bring Agentic AI to the SOC
Maidar Secure has teamed up with Strike48 to embed the latter’s agentic AI platform into its managed security services and SOC operations. The integration promises autonomous threat detection, real‑time attack simulation and machine‑speed incident response, turning traditional reactive defenses into...
I2P Vs. Tor: Defeating Global Adversary Deanonymization of Your Bitcoin Node.
The post argues that routing Bitcoin node traffic solely through Tor no longer guarantees anonymity against modern Global Passive Adversaries (GPAs). It explains how state‑level actors can use timing and traffic‑correlation attacks to link transactions to a user’s physical IP....
Germany Names Suspected Leader of REvil and GandCrab Ransomware Gangs
German authorities have identified a 31‑year‑old Russian, Daniil Maksimovich Shchukin, as the suspected leader of the REvil and GandCrab ransomware gangs. The BKA says he directed at least 130 attacks in Germany from 2019‑2021, extorting roughly €2 million (about $2.1 million) and...
![Who’s Logging In? [OMITB]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Who’s Logging In? [OMITB]
In this episode of Only Malware in the Building, host Selina Larson and guests Keith Malarski and Dave discuss the rapid rise of identity‑based attacks, noting that identity‑related root causes now outpace traditional malware. They cite recent reports from Sophos,...
When Silicon Got Serious About Security
The article traces cryptography’s evolution from the 1970s Data Encryption Standard (DES) to today’s Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). It highlights how silicon’s exponential speed gains exposed DES’s 56‑bit weakness, prompting the 1998 Deep Crack break. The...
Exclusive-Russia Supplies Iran with Cyber Support, Spy Imagery to Hone Attacks, Ukraine Says
Russian reconnaissance satellites conducted at least 24 passes over 46 military and critical sites in 11 Middle Eastern countries during March 21‑31, sharing high‑resolution imagery with Iran. The data preceded Iranian missile and drone attacks on bases, including a strike on...
FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE
Fortinet disclosed two critical vulnerabilities in its FortiClientEMS endpoint management platform that are already being exploited in the wild. CVE-2026-21643 is a SQL injection flaw in the admin interface of version 7.4.4, allowing unauthenticated remote code execution. CVE-2026-35616 is an...
Flowise AI Agent Builder Faces Active CVSS 10 RCE Attack
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed https://t.co/aINT8EHBFi https://t.co/SKA564pKd5
Trump Administration Releases Cyber Strategy
The Trump administration unveiled a new Cyber Strategy for America in March 2026, paired with Executive Order 14390 to intensify federal action against cybercrime. The strategy outlines six pillars—deterrence, streamlined regulation, federal network modernization, critical‑infrastructure protection, technology superiority, and talent...
$20 Billion Lost to Cybercrime as AI and Investment Scams Surge: FBI Report
The FBI’s 2025 Internet Crime Report records a historic $20.8 billion in losses from more than one million complaints. Cyber‑enabled fraud accounted for roughly $17.7 billion, with investment scams—especially cryptocurrency schemes—driving $8.6 billion of that damage. AI‑powered scams emerged as a new threat,...
Unpatched Claude Coding Flaw Lets Attackers Steal Cowork Files
Attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in https://t.co/noHjpUqN1I chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability. It...
Iran's Cyber Arsenal Now Targets Critical Infrastructure Worldwide
Iran has rapidly developed advanced cyber capabilities, evolving from information gathering to conducting destructive, state-linked attacks against critical infrastructure in the U.S., Israel, and the Gulf states. https://t.co/XlKdD8VuZu
The Case for Fixing CWE Weakness Patterns Instead of Patching One Bug at a Time
CWE is transitioning from a background taxonomy to a core element of vulnerability disclosure, with a growing share of CVE records now including CNA‑provided CWE IDs. Precise, lower‑level CWE mappings are improving root‑cause visibility, enabling teams to target systemic weakness...
Jones Day Law Firm Says Hackers Accessed Some Clients’ Data
Jones Day disclosed that the cyber‑criminal group Silent breached its network, accessing dated files for ten clients. The intrusion stemmed from a phishing attack, and the firm confirmed that all impacted clients have been notified. Hackers also exfiltrated internal data...