Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Microsoft, RSA Make Identity Security Push in the Age of AI
Microsoft announced the general availability of external multi‑factor authentication (MFA) in its Entra ID platform, letting enterprises integrate third‑party MFA providers without abandoning existing setups. The feature uses OpenID Connect and sits alongside Microsoft’s native MFA within a single admin console, preserving Conditional Access policies. RSA Security unveiled an expanded partnership, embedding its ID Plus solution into Microsoft 365 E7 to secure the emerging "AI workforce" of autonomous agents. Together, the moves signal a shift toward unified identity controls for both human users and AI agents.
Pyongyang, versus Nebraska?
North Korean state‑backed group UNC1069 infiltrated the popular Axios npm package, compromising two releases that were downloaded by millions of developers. Within three hours the malicious versions infected roughly 3% of cloud environments, according to cloud‑security firm Wiz. The breach...
AI Supercharges FISA 702 Renewal, Raising Enterprise Surveillance Risks
The pending renewal of FISA Section 702, set to expire on April 20, is now being framed as an AI‑enabled surveillance tool. Experts warn that machine‑learning can accelerate mass‑data searches, heightening compliance burdens for corporations that handle foreign communications.
Wells Fargo Warns AI‑Generated Scams Surge, Threatening Payments Industry
Wells Fargo’s fraud team announced that AI‑generated phishing, deepfake and voice‑cloning attacks have exploded, driving a 466% jump in phishing reports and pushing payment‑fraud exposure to nearly four‑in‑five organizations in 2024. The bank warns that traditional detection cues are fading,...
RansomHouse Ransomware Cripples Vivaticket, Halting Louvre Ticket Sales Across Europe
RansomHouse breached ticketing platform Vivaticket, stealing personal reservation data and forcing the shutdown of online sales for major cultural institutions including the Louvre. The incident threatens millions of users across 50 countries and has drawn in French cyber‑security authorities.
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes' liability in a biometric privacy lawsuit, finding the fast‑food chain lacked direct control over a franchisee’s fingerprint‑time‑clock system. The plaintiff, an employee of an Illinois Popeyes franchise, alleged violations of the Biometric...
Project 0 Saved a User's $3M Portfolio From a Live Wallet Hack
Project 0 (P0) rescued a DeFi user whose $3 million portfolio was nearly emptied after a phishing attack on a Raydium link. Thanks to its evolved account architecture, the attacker’s drain function was blocked, leaving the funds intact. The P0 team...
Spilling the Neural Tea: A Journey Down the Side-Channel
Recent research highlights the growing use of side‑channel attacks to reverse‑engineer deep neural networks, revealing model architectures and, in limited cases, weight information. Physical side channels on edge devices and micro‑architectural channels in cloud environments have demonstrated success in extracting...
Vectra AI Supercharges Network Observability with Proactive Exposure Management
Vectra AI unveiled new exposure management capabilities on its platform, targeting AI‑driven enterprises operating in hybrid, multi‑cloud environments. The suite adds continuous, agentless asset inventory, proactive detection of security and compliance gaps, and broader environment observability covering zero‑trust and post‑quantum‑crypto...
Apiiro?s AI Threat Modeling Is Built to Target Security and Compliance to Prevent Risks Before Code Exists
Apiiro has launched AI Threat Modeling, an extension of its Guardian Agent platform that automatically creates architecture‑aware threat models before any code is written. The feature uses the company’s patented Deep Code Analysis technology to map software architecture across code,...
SecuGen Advanced Fingerprint Biometrics Device Now Available in MOSIP Marketplace
SecuGen’s Unity 20 fingerprint scanner has been added to the MOSIP Marketplace after achieving compliance with MOSIP’s SBI 2.0 L1 specifications. The device incorporates Live Finger Detection for presentation‑attack detection and a FIPS 140‑3 Level 3‑certified Foundational Trust Module that encrypts biometric data at...
Breach of FBI Surveillance System Considered a “Major Incident,” Security Experts Weigh In
The FBI confirmed a breach of its Digital Collection System Network (DCSNet), labeling it a “major incident” under the Federal Information Security Modernization Act. Attackers accessed the system through a compromised vendor ISP, bypassing the agency’s own defenses. Federal officials...
Global Cyber Fraud Attacks Rose Last Year
LexisNexis Risk Solutions reported that global cyber‑fraud rates rose to 1.6% across 116 billion online transactions last year, up from 1.5% in 2024. Bot‑driven attacks surged 59%, while human‑initiated fraud grew only 8%, with gaming, gambling and e‑commerce most affected. In...
SparkCat Malware Returns on App Stores, Targeting Cryptocurrency Users
A new SparkCat variant has reappeared on both the Apple App Store and Google Play, masquerading as benign enterprise messenger and food‑delivery applications. The trojan employs optical character recognition to scan photo libraries for cryptocurrency wallet recovery phrases, exfiltrating any...
Users Demand One-Click IP Blocking in Cloudflare
The main thing I miss on Cloudflare is a single [ Block IP ] button It boggles my mind it's not there, you can see a traffic spike and a person doing 50,000 requests per minute, but you have to write...
Defeating the Single Point of Failure W/ Mike Belshe of BitGo | BFC Show Ep. 33
In this episode, BitGo co‑founder Mike Belshe discusses the origins of BitGo, its pioneering use of multi‑signature (multi‑sig) technology to eliminate single points of failure, and how the company evolved from a self‑custody solution into a regulated global custodian with...
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare has unveiled EmDash CMS, a server‑less, AI‑built content platform designed to rival WordPress, which powers over 40% of websites. EmDash isolates each plugin in a Dynamic Worker sandbox, limiting access to declared permissions and addressing the 96% plugin‑related security...
IBM Achieves FedRAMP Status for 11 Software Solutions
IBM announced FedRAMP authorization for 11 AI and automation solutions, including several watsonx products, marking a four‑fold expansion of its FedRAMP portfolio in just one year. The solutions are hosted exclusively on AWS GovCloud (U.S.), allowing federal agencies to access...
All Emerging Cyber Threats Targeting Power Infrastructure at a Glance
Researchers at Morocco’s Higher School of Technology examined the expanding cyber‑threat landscape facing smart grids, cataloguing attacks such as DDoS, false‑data injection, replay, IoT‑based malware and zero‑dynamics exploits. Their study highlights the growing role of artificial‑intelligence and machine‑learning intrusion detection...
Bitwarden Vs. 1Password: I Tested Both Password Managers
A hands‑on comparison of Bitwarden and 1Password evaluated onboarding, import, autofill, sharing, and security controls. Bitwarden’s free forever plan and granular sharing options give it a cost advantage, while 1Password’s guided import flow and Watchtower monitoring provide a smoother user...
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security teams are increasingly adopting workflow automation to combat alert fatigue and accelerate investigations. Automated pipelines now enrich indicators of compromise, aggregate threat intelligence, and run continuous recon for red teams and bug bounty hunters. Open‑source, self‑hosted platforms such as...
Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Shadowserver reports that more than 14,000 F5 BIG‑IP Access Policy Manager (APM) instances remain publicly reachable, and attackers are actively exploiting the newly‑re‑classified critical remote code execution flaw CVE‑2025‑53521. The vulnerability, now scored 9.8 on the CVSS v3.1 scale, allows...
Convicted Spyware Maker Bryan Fleming Avoids Jail at Sentencing
Founder Bryan Fleming, operator of the stalkerware service pcTattletale, was sentenced in San Diego to time served and a $5,000 fine after pleading guilty to federal charges for creating and selling illegal spyware. The conviction marks the first successful U.S. Department...
FBI Warns AVrecon Malware Infiltrates Network Devices in 163 Countries
The FBI has issued a public alert that the AVrecon malware family is actively targeting roughly 1,200 types of network equipment in 163 countries. The campaign’s modular design lets attackers add new tools as vulnerabilities emerge, raising concerns for critical...
GlobalLogic Completes Cybersecurity Audit of Ahmedabad Municipal Transport Corporation’s EV Bus Fleet
GlobalLogic, a Hitachi Group company, completed a cybersecurity audit of the Ahmedabad Municipal Transport Corporation’s electric‑bus fleet deployed on February 13, 2026. The audit, conducted with IRCLASS Systems, examined in‑vehicle networks, firmware, CCTV, passenger‑information displays, emergency mechanisms, and the supporting...
Stop Trying to Remember Your Passwords (And Use a Password Manager Instead.)
The article argues that relying on memory for passwords is insecure and advocates using a password manager to generate, store, and sync strong, unique credentials. It explains how password reuse fuels credential‑stuffing attacks and how weak, memorable passwords are easily...
NYS School Data Incidents Rose 72% in 2025, with 44 Reported on Long Island
State education officials reported a sharp rise in compromised student data across New York schools in 2025, with incidents climbing 72% from 384 in 2024 to 662 this year. The surge was highlighted in an annual report from the Department...
Two Data Security Incidents Affected Immigration Law Firms and Their Clients
Immigration case‑management platform DocketWise disclosed a data breach that exposed personal information of 116,666 individuals, including Social Security numbers, passports, medical records, and payment details. The breach stemmed from compromised credentials to a third‑party partner, allowing attackers to clone repositories...
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
German authorities have unmasked the hacker known as “UNKN,” identifying him as 31‑year‑old Russian Daniil Maksimovich Shchukin. Shchukin led the notorious ransomware groups REvil and GandCrab, orchestrating at least 130 sabotage and extortion attacks in Germany between 2019 and 2021....
Researchers Didn’t Want to Glamorize Cybercrims. So They Roasted Them.
Security researchers at Trellix have launched the Dark Web Roast, a campaign that publicly mocks notorious cybercrime groups. The effort responds to calls from former CISA chief Jen Easterly and other industry leaders to stop glorifying threat actors with heroic...
Russia's VPN Crackdown Triggers Nationwide Bank Outage
Russia’s VPN Crackdown Caused Bank Outage, Telegram Founder Says Telegram founder Pavel Durov says filters overloaded critical systems Millions rely on VPNs as Telegram ban fails to stick Disruption briefly forced Russians to rely on cash payments nationwide
75% of Cyberattacks Start with Phishing Emails, UAE Cyber Council Says
The UAE Cyber Security Council warned that over 75% of cyberattacks now begin with phishing emails, citing a daily global volume of 3.4 billion deceptive messages. Attackers rely on urgent language, brand impersonation, and simple tricks to lure users into revealing...
Google Wants to Transition to Post-Quantum Cryptography by 2029
Google announced its goal to migrate all its services to post‑quantum cryptographic algorithms by 2029, aiming to replace current RSA and elliptic‑curve systems with NIST‑selected quantum‑resistant standards. The move is presented as a proactive security upgrade, though internal critics argue...
LinkedIn Allegedly Scans Browsers for Extensions, Gathers Data
LinkedIn is secretly scanning your browser for 6,000 extensions A report alleges LinkedIn uses hidden JavaScript on its website to scan visitors' browsers for installed extensions + collect device data The system collects 48 device signals, including CPU, memory, screen, language, audio...
AI Revolutionizes Penetration Testing: My Museum Talk
How I Use AI for Penetration Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026 https://t.co/tTRkze5Enp https://t.co/aYFdKg7G78
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Cisco Talos and Trend Micro report that Qilin and Warlock ransomware groups are employing a bring‑your‑own‑vulnerable‑driver (BYOVD) strategy to neutralize endpoint detection and response (EDR) solutions. Qilin’s malware drops a malicious msimg32.dll that side‑loads two drivers—rwdrv.sys and hlpdrv.sys—to terminate more than...
LinkedIn Silently Harvests Chrome Extension Data
Every time you open LinkedIn in a Chrome or Chromium-based browser, covert code silently scans your browser for info about any extensions you've installed, then transmits the info back to LinkedIn and partners. From this, they can glean info about...
Security Tools Chase CVEs, Miss Planted Backdoors
"Modern-day security tooling looks for the wrong things ... a deliberately planted backdoor doesn’t have a CVE." https://t.co/1wbJMiZMrj
Russia's VPN Blockade Cripples Banking Payments, Triggers Cash Surge
Russia’s latest effort to curb VPN usage overloaded the state’s traffic‑filtering systems, knocking out major banking apps and leaving cash as the only payment method for hours. Telegram founder Pavel Durov said the move “just triggered a massive banking failure,”...
LinkedIn Denies Smear, Admits Browser Extension Scanning
LinkedIn calls it a smear campaign, but does not deny scanning people's browsers for extensions. https://t.co/q5Kp0kwh1J
New VENOM Kit Steals 2FA Codes and Access Tokens
Researchers found a new phishing kit called VENOM, capable of stealing 2FA codes and access tokens. https://t.co/g6Ctmm3PM2
Meta Suspends $10B AI‑Training Contractor Mercur After Data Breach
Meta has indefinitely paused its partnership with Mercur, the $10 billion AI‑training startup, after a supply‑chain attack leaked parts of its model‑pipeline data. The breach, linked to the open‑source LiteLLM library, forces the tech giant to reassess AI data‑supply‑chain security.
Backups Aren't Enough; Data Exposure Drives Ransomware Pressure
While backups continue to be essential, they no longer determine preparedness when attackers steal sensitive data and use exposure as the primary pressure point. https://t.co/lyA68DaCBf
Yearly Crypto Security Guide After Screen‑Hijacking Hack
In 2019 a hacker took over my computer screen and tried to get crypto from me. It was a terrifying experience. So I decided to make a crypto security guide and continually update it every single year to help protect others. ↓ https://t.co/m4IiWtvtvf
Fortinet Deploys Emergency Patches for Actively Exploited FortiClient EMS Zero‑Day (CVSS 9.1)
Fortinet rolled out out‑of‑band hotfixes for CVE‑2026‑35616, a critical 9.1‑CVSS pre‑authentication API bypass in FortiClient EMS that is already being exploited in the wild. The patches cover versions 7.4.5 and 7.4.6, with a full fix slated for the upcoming 7.4.7...
Samsung One UI 9 May Add MTE Toggle
Samsung One UI 9 could introduce a Memory Tagging Extension (MTE) toggle directly in the Auto Blocker app Currently Pixel 8+ series allow you to enable MTE with advanced protection mode or through developer options ✅ Details - https://t.co/JQvyuOuoyz https://t.co/z98eEoLPOq
FCC Proposes Ban on Pre‑2024 Chinese Tech
ICYMI: @FCC on Friday proposed barring Chinese tech on the Covered List added in 2024 or earlier https://t.co/SObMOT0jXm
North Korea Bypasses 2FA Using Stolen Tokens, Evading AV
“It doesn’t matter that you have 2FA. They can just use that token to be you.” @tayvano_ on how DPRK bypasses 2FA entirely — and why most antivirus won’t detect it. With @kaiynne and @LucaNetz on @unchained_pod: https://t.co/izx08LxSbO
OpenClaw Silently Steals Emails and Calendars, Warns Researchers
Cisco found OpenClaw skills that performed data theft without user awareness. Security researchers called it “a nightmare.” Maybe don’t give it your email and calendar. https://t.co/MFj5pVF0o6
Ask These Five Questions for Data Resilience
The CISO’s Mandate: Five Critical Questions to Ask Your Storage Provider for Data Resilience https://t.co/O79CRe7P1i