Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
AI-Assisted Fraud Makes Big Debut in FBI's Cybercrime Stats
The FBI’s 2025 Internet Crime Complaint Centre report introduced AI‑assisted fraud as a distinct category, documenting $893 million in losses. Overall cybercrime losses topped $20 billion, a 26 percent rise from 2024, with investment scams leading at $8.6 billion. AI‑generated content fueled business‑email‑compromise, voice‑cloning, romance, and cryptocurrency scams, adding tens of millions in damages. The bureau warned that many AI‑related losses remain under‑reported.
Jones Day Confirms Limited Breach After Phishing Attack by Silent Ransom Group
Jones Day, one of the nation’s top law firms, confirmed a limited data breach after the Silent Ransom Group (SRG) posted files for ten clients on a dark‑web leak site. The attackers demanded roughly $13 million to delete the stolen data...
Turn Fear Into Action: Strengthen Security with AI
I was afraid this afternoon. Read a security report that a massive cyberattack is coming. Fear causes the human mind to do weird things. My mom, in 1988, thought a massive nuclear war was coming, so joined a Montana suvivalist cult. Had...
Malwarebytes Passes First Independent No-Logs VPN Audit, Boosting SaaS Trust
Malwarebytes announced that its Privacy VPN has cleared a rigorous, independent audit by security firm X41 D‑Sec, which found no evidence of user‑activity logging. The two‑month white‑box assessment also uncovered and helped fix a critical vulnerability, underscoring the company's commitment...
Claude Code Leak: Researchers Find First Vulnerability
Anthropic unintentionally published a source map that revealed roughly 512,000 lines of Claude Code's TypeScript source. Researchers used the leak to uncover a critical flaw allowing command‑chain bypass of the tool's deny‑rule system after 50 subcommands. The vulnerability could let...
New Threat Evolves Script Kiddies, Targets Everyday Users
read this when it first came out.. my first thought was crystal clear: "This is simply the natural evolution of SCRIPT KIDDIES but on steroids.." my second thought was broader: "The majority of every day people, will indeed at some point very soon, fall...
New Cyber Threats Target Power Grid Infrastructure
All emerging cyber threats targeting power infrastructure at a glance #energysky -- via pv magazine usa: https://t.co/CgfOPDFHMV
China Ready to Interfere in Local Elections: NSB
Taiwan’s National Security Bureau warned that Beijing is poised to interfere in the November nine‑in‑one local elections through a coordinated hybrid campaign. The report details more than 173 million cyber attacks on the government service network, 13,000 suspicious online accounts and...
Pipeline Security Lessons From March Supply Chain Incidents
Between March 19 and March 31, 2026, the TeamPCP threat group executed four supply‑chain attacks that compromised the open‑source scanner Trivy, the IaC scanner Checkmarx KICS, the AI model gateway LiteLLM, and the JavaScript client axios. Each breach leveraged malicious...
ATO Adds In-App Call Verification to Stop Scams
The Australian Taxation Office (ATO) has introduced a new in‑app “verify call” feature that lets taxpayers confirm whether a phone call claiming to be from the ATO is authentic within 30 seconds. The tool, available on iOS and Android, pushes...
2027 POTUS Budget Proposal Targets CISA With Funding Cuts
The FY2027 White House budget proposes cutting the Cybersecurity and Infrastructure Security Agency’s (CISA) funding by up to $707 million, reducing its budget to just over $2 billion. The administration frames the reductions as a strategic realignment that narrows CISA’s focus to...
AI-Assisted Supply Chain Attack Targets GitHub
A threat actor used AI‑assisted automation to launch the "prt‑scan" supply‑chain campaign on GitHub, opening over 500 malicious pull requests between March 11 and early April. The campaign targeted repositories that use the vulnerable pull_request_target workflow, compromising fewer than 10 %...
Autonomous Agents Pose a New Large‑scale Threat
An agent with a goal and agency can do real damage. We used to worry about compromised accounts. Now we need to worry about autonomous decision-making at scale. That is a very different risk model.
Scammers Posing as Federal Officials Drive Complaints up and Rack up $800 Million in Losses
The FBI’s 2025 Internet Crime Complaint Center report shows government‑impersonation scams nearly doubled from 2024, with complaints rising from about 17,300 to 32,500. Victims lost roughly $797 million in 2025, up from $405 million the year before, placing this fraud among the...
Axios Attack Shows Complex Social Engineering Is Industrialized
The popular JavaScript HTTP client Axios was compromised when North Korean state‑linked group UNC1069 socially engineered lead maintainer Jason Saayman into installing a malicious dependency. The attackers delivered a remote‑access Trojan via a fake Slack workspace and Microsoft Teams call,...
Maine House Advances McCabe Bill to Strengthen Cybersecurity at Maine Hospitals
The Maine House unanimously advanced Rep. Julie McCabe’s LD 2103, mandating hospitals adopt cybersecurity plans aligned with DHS and CISA best practices. The bill requires prompt law‑enforcement notification, backup communication systems, and annual staff training. It responds to spring cyber‑attacks that...
Microsoft Links Medusa Ransomware Affiliate to Zero-Day Attacks
Microsoft has identified Storm-1175, a China‑based financially motivated cybercrime group, as an affiliate of the Medusa ransomware operation. The gang is now leveraging both known (n‑day) and previously undisclosed (zero‑day) vulnerabilities in rapid, high‑velocity attacks. Microsoft’s intelligence shows Storm-1175 can...
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet issued an emergency hotfix for the critical CVE‑2026‑35616 zero‑day in its FortiClient Endpoint Management Server, a 9.1‑CVSS flaw that enables unauthenticated code execution. The vulnerability has already been exploited in the wild, prompting a security advisory that recommends immediate...
Radim Marek: Don't Let Your AI Touch Production
AI coding agents now generate SQL that looks correct but often ignores execution plans, locking behavior, and data distribution, leading to costly production incidents. Radim Marek argues that the missing piece is real‑time awareness of the production schema, including table...
Anthropic's Claude Code Leak: Should RIA Firms and Advisors Be Worried?
Anthropic accidentally exposed the raw instruction set behind its Claude Code model on GitHub, prompting a rapid takedown effort. No personally identifiable information was leaked, but the incident reveals gaps in the company’s internal security controls. Wealth‑tech advisors are urged to...
LinkedIn Faces Scrutiny Over 'BrowserGate' Script Scanning 6,236 Extensions
A report by Fairlinked e.V. alleges LinkedIn injects a hidden JavaScript that checks for 6,236 Chrome extensions and harvests detailed device telemetry. LinkedIn says the script is meant to block scraping tools, but regulators and users are questioning the privacy...
5 Email Myths That Are Quietly Damaging Your Brand’s Reputation
Retailers are enjoying AI‑driven personalization, yet 27% remain in a DMARC enforcement gap, exposing them to domain spoofing. Valimail’s 2026 State of DMARC report shows many have only reporting‑only records, which lets attackers use their brand in AI‑generated phishing emails....
CNET Study Shows 54% of US Laptop Users Face Malware, 88% Take Action
CNET’s latest survey reveals that 54% of U.S. adults with personal laptops have encountered potential malware in the last year, while 88% reported taking action. The findings highlight a gap between built‑in antivirus tools and user vigilance, prompting calls for...
Hims & Hers Says Limited Data Stolen in Social Engineering Attack
Hims & Hers disclosed a sophisticated social‑engineering breach that compromised its third‑party customer‑service platform from February 4‑7, 2026. Hackers accessed service tickets, exposing customer names and email addresses, but the firm confirmed that electronic medical records and provider communications were untouched....
New Cyber Strategy Shifts Attention to Cloud and Supply Chain Security
The White House released a new National Cybersecurity Strategy on March 6, 2026, shifting federal priorities toward cloud data protection and software supply‑chain security. While zero‑trust, AI security, and post‑quantum cryptography remain core, the strategy mandates faster cloud migration and...
Disgruntled Researcher Leaks “BlueHammer” Windows Zero-Day Exploit
A security researcher known as Chaotic Eclipse publicly released exploit code for a previously private Windows privilege‑escalation vulnerability dubbed BlueHammer. The flaw, a local privilege escalation combining a TOCTOU and path‑confusion bug, allows a local attacker to obtain SYSTEM or...
New Mexico’s Meta Ruling and Encryption
A New Mexico judge ruled that Meta’s 2023 addition of end‑to‑end encryption to Facebook Messenger created liability because predators could use the shielded platform to groom minors. The state is seeking court‑mandated changes that could force Meta to weaken or...
How to Combat Cyber-Enabled Cargo Theft: Insights From NMFTA
At its Spring Meeting in Savannah, the NMFTA highlighted the growing threat of cyber‑enabled cargo theft. A panel with Werner Enterprises, Johanson Transportation Service and NMFTA’s cybersecurity director stressed that any cargo theft should trigger immediate involvement of a company’s...
Cybercriminals Accelerate: Storm-1175 Beats Patches in Days
It is not every day that a financially motivated threat actor manages to move faster than the vendors trying to secure their products. Yet that is precisely what Microsoft says Storm-1175 has been doing. The China-based cybercriminal group, closely associated...
Y Combinator Leader Overlooks OpenClaw Security Vulnerabilities
Wild: the head of Y Combinator seems pretty blind to the security risks in OpenClaw.
Athens, Ohio, Claws Back Half of $700,000+ Phished Away in Cyber Fraud
City of Athens, Ohio, recovered more than half of the $722,000 lost to a phishing scheme that mimicked a Pepper Construction invoice. The fraud exploited a simple typo—swapping “U” and “C” in the contractor’s email address—to divert payment to a...
Sherlock Bug Bounty for Aave V4 Now Live
Sherlock bug bounty for Aave V4 is live. Learn more below about the program and scope.
Negligence Fuels Social Engineering Attacks, Accountability Needed
"It's mainly social engineering attacks. ... If you're grossly negligent, you should definitely be held accountable." https://t.co/8bYXWatFF8
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
Iranian‑linked threat actors launched a password‑spraying campaign against more than 300 Israeli Microsoft 365 organizations, exploiting common weak credentials. The operation, attributed to an APT group with ties to Tehran, was uncovered by security researchers who observed repeated login attempts...
Questioning TestFlight Use After Drift Hack Tactics
"Do you stay away from TestFlight right now?" -- @perkinscr97 on the tactics used in the Drift hack https://t.co/8bYXWatFF8
Nation‑state Attacks on Startups Guarantee Their Own Victory
"When a nation-state attacks a startup, the nation-state is going to win every single time." -- @perkinscr97 https://t.co/jfZlSDnB86
A.I. Is on Its Way to Upending Cybersecurity
New AI models from Anthropic, OpenAI and others are reshaping cybersecurity as hackers begin to leverage autonomous agents that can write code and exploit systems with minimal human input. Anthropic disclosed the first known AI‑driven breach, affecting about 30 companies...
Seal911 Success Highlights Need for Stronger Endpoint Security
"The fact that that Seal911 has been the saving grace for a bunch of teams shows that people could put more resources into better endpoint security." -- @llewellenmichael https://t.co/8bYXWatFF8
Enterprise Domain Management Requires Strict Renewal and Security Processes
Hive mind - how do large enterprises manage their domains? I'd love to talk to some IT leaders - what processes ensure https://t.co/VFOQyhfres or https://t.co/kuiRO5DwUb or https://t.co/N7kgQgrxQy doesn't expire, or get socially engineered into a redirect or transfer?
The Digital Financial Crime or Manipulation of Financial Information Indicators
Digital financial crime leverages technology to alter or conceal financial data, exposing firms to material misstatements and regulatory scrutiny. Auditors now face a growing checklist of red flags, from untimely transaction entries to unexplained credit adjustments and missing original documents....
Scammers Take Advantage of Austrian Digital ID Certificates’ Expiry
Around 300,000 Austrian ID Austria digital certificates are set to expire in 2026, prompting scammers to exploit the uncertainty with phishing texts that appear to come from the Federal Ministry of Finance. Victims who entered personal data were later contacted, convinced...
Multiple Hackers Warned Anti-Porn App Quittr About Security Issue for Months
Quittr, a self‑help app aimed at reducing pornography consumption, faced a serious security flaw in its Firebase backend that allowed unrestricted read/write access to user data. Independent researchers warned the company about the misconfiguration as early as September 2025, but...
PcTattleTale Stalkerware Maker Sentence Includes Fine, Supervised Release
A federal judge sentenced Bryan Fleming, the creator of pcTattleTale stalkerware, to supervised release and a $5,000 fine after he pleaded guilty to manufacturing a device for covert communication interception. The case marks the first stalkerware conviction since 2014, when...
ENISA Invites Feedback for EU Digital Identity Wallet Cybersecurity Certification
ENISA has launched a public consultation on a draft cybersecurity certification scheme for the EU Digital Identity (EUDI) Wallets, aiming to standardize security across member states. The consultation, which includes a webinar on April 8, 2026, invites feedback until April 30, 2026,...
Digital Identity Research Warns of ‘Password Debt’ as Enterprises Delay IAM Rollouts
Enterprises recognize identity threats but large‑scale passwordless rollouts are stalling. Hypr’s State of Passwordless Identity Assurance 2026 report shows only 43% of firms use passwordless methods while 76% still rely on passwords, with 32% citing legacy‑app incompatibility as a barrier....
Companies, Your Lack of Attention Is Disturbing
Leonard Klie reports that his work email address was harvested from the dark web, resulting in a flood of phishing and scam messages impersonating reputable brands. He finds most companies unresponsive or offering only generic advice when he forwards these...
Harvard Faces ‘Active and Specific Cybersecurity Threat’
Harvard University has identified an active, specific cybersecurity threat involving actors posing as IT staff and deploying counterfeit login portals. The campaign targets faculty, staff, and students to harvest credentials and infiltrate the campus network. Chief Information Security and Data...
North Korea’s Hijack of One of the Web’s Most Used Open Source Projects Was Likely Weeks in the Making
North Korean state‑linked hackers compromised the widely used Axios open‑source library on March 31. They spent weeks building trust through a fake company, Slack workspace, and deceptive video call, eventually delivering malware that granted remote access to the maintainer’s computer. The...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
Researchers at Cofense uncovered a new phishing campaign that disguises itself as urgent missile‑alert emails tied to the Iran‑Israel conflict. The messages, sent from a spoofed Ministry of Interior address, contain QR codes that lead victims to a counterfeit Microsoft...
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
Valley Family Health Care (VFHC) disclosed a TriZetto Provider Solutions breach on Jan. 12 that exposed the personal and health‑insurance data of 4,300 patients. In March, the cyber‑crime group Insomnia listed VFHC on a dark‑web leak, claiming more than one million...