Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Russia's VPN Blockade Triggers Nationwide Banking Collapse
Telegram founder Pavel Durov said Russia's Friday effort to block VPNs overloaded the country's traffic filters and knocked out banking apps, leaving cash as the only payment method for hours. The incident highlights how aggressive internet controls can destabilize critical financial infrastructure.
Post-Quantum Cryptography: Moving From Awareness to Execution
Google’s new whitepaper moves the anticipated quantum‑break date, or “Q‑Day,” to 2029 and urges enterprises to adopt post‑quantum cryptography (PQC). The tech giant highlights that elliptic‑curve encryption could be compromised with fewer qubits than previously thought, and it showcases concrete...
Your Neighbor Just Got a Home Security System, but Should You Be Worried? ‘It’s Inherently a Little Creepy’ Says Surveillance...
Hilary Schneider, CEO of SimpliSafe, says rising privacy concerns are reshaping the home‑security market after a controversial Ring Super Bowl ad and backlash against AI‑powered license‑plate cameras. SimpliSafe differentiates itself by giving customers ownership of video footage, employing mechanical privacy...
The Hack That Exposed Syria’s Sweeping Security Failures
In early March 2026, several Syrian government accounts on X—including the presidency, central bank and ministries—were hijacked, posting pro‑Israel messages and explicit content. The breach was quickly contained, but investigators traced the takeover to shared credentials and a lack of...
Why DDoS Mitigation Fails: 5 Gaps That Testing Reveals
Companies pour money into DDoS mitigation, yet outages persist because the tools are rarely tested under realistic attack conditions. Red Button’s simulations reveal that 68% of faults are severe, with an average DDoS Resilience Score of 3.0—far below the 4.5‑5.0 benchmark....
ESP32-S3 Gets Post-Quantum Encryption with Aethyr Edge Node Open-Source Firmware
Aethyr Research has released open‑source firmware for ESP32‑S3 that adds post‑quantum encryption using ML‑KEM‑768, BLAKE3, and XChaCha20‑Poly1305. The firmware boots in 2.1 seconds and completes a full PQC handshake in 35 ms, with an 833 KB flash footprint and 157 KB free SRAM. It...
Houston, We Have a Protocol.
The episode dives into space cybersecurity, featuring Brandon Bailey of the Aerospace Corporation and Cass (Kaz) Vogel, Blue Origin’s Director of Cybersecurity Governance, Risk, and Compliance. They discuss the evolving threat landscape as humanity expands beyond Earth, emphasizing the need...
Android 17 Upgrades the Boot Chain for the Quantum Age: Google Is Embedding Post-Quantum Cryptography Deep Within the System
Google announced that Android 17 will embed post‑quantum cryptography (PQC) across its core security stack, including Verified Boot, Remote Attestation, and the Android Keystore. The implementation relies on NIST‑approved lattice‑based algorithms such as ML‑DSA‑65 and ML‑DSA‑87, with testing slated for the...
Mercor Cyberattack Forces Meta to Suspend AI Recruiting Partnership
AI recruiting platform Mercor confirmed a security breach linked to the open‑source LiteLLM tool, leading Meta to suspend its partnership. The incident, tied to extortion group Lapsus$, underscores growing cyber‑risk for HRTech firms that rely on third‑party AI infrastructure.
FCC Proposes Ban on Foreign‑Made Routers, Raising Enterprise Network Security Stakes
The U.S. Federal Communications Commission announced a proposal to extend its ban on Chinese‑made routers and related telecom gear to include devices already approved for import. The move targets equipment from Huawei, ZTE, Hikvision, Dahua and Hytera, compelling large enterprises...
DOJ Privacy Chief Quits as Agency Plans to Hand Voter Data to DHS
Kilian Kagle, the Justice Department’s chief FOIA and privacy officer, resigned days after the agency disclosed a plan to transfer sensitive state voter‑registration data to the Department of Homeland Security. The move, part of a broader push for a national...
Perplexity AI Sued in Class Action over Alleged Data Sharing with Meta, Google
Perplexity AI is confronting a proposed class‑action lawsuit filed in Utah that alleges the company secretly transmitted user chat transcripts to Meta and Google, even when users enabled its Incognito mode. The complaint claims the practice violates privacy statutes and...
Chinese Firms Publish Iran War Intel, Revealing U.S. Force Deployments
Chinese firms have begun marketing granular intelligence on U.S. force movements in the Iran war, posting equipment inventories, carrier group routes and aircraft assembly details. The disclosures, flagged by social‑media analysts, raise alarms about potential leaks of sensitive U.S. military...
Delve Blames Coordinated Cyberattack After Y Combinator Cuts Ties
Delve, the San Francisco‑based compliance platform, announced that a coordinated cyberattack triggered anonymous attacks on its service and led Y Combinator to remove the startup from its directory. The company pledged new auditor partnerships, free re‑audits and greater transparency to...
Apple Expands Emergency iOS 18.7.7 Patch to Block DarkSword Exploit
Apple has broadened its emergency iOS 18.7.7 and iPadOS 18.7.7 update to cover a far larger fleet of devices, aiming to close the DarkSword vulnerability that enables stealthy data theft. The move comes after security firms warned the exploit kit...
Pete Recommends – Weekly Highlights on Cyber Security Issues, April 6, 2026
April 2026 saw a wave of cyber‑security concerns spanning covert AI‑driven content harvesting, regulatory crackdowns, and evolving threat vectors. WebinarTV was exposed for secretly recording Zoom webinars and turning them into AI podcasts, while the FCC announced a ban on...
Zero‑Trust BYO‑VPS Delivers Commercial Features
So, I built more or less complete platform to test whether I could match the core features of commercial vendors with a zero-trust, BYO-VPS platform. Zero-trust: The control plane stores no credentials, only metadata. A worker running next to your server...
Is That Image Actually Malware? Find Out
Image or Malware? Read until the end and answer in comments :) https://t.co/5nD545aoAi #BreakingNews https://t.co/Vvny6JzyBD
Check Point Uncovers ChatGPT Data Leak Flaw, Raising Big‑data Security Alarms
Cybersecurity firm Check Point discovered a DNS‑tunneling vulnerability in OpenAI's ChatGPT that can exfiltrate user data without alerts. The flaw, found in the model’s runtime environment, comes as OpenAI serves over 800 million weekly users and handles 18 billion messages, underscoring the...
GStack Receives 14 Security Fixes, Half From Community
14 security bug fixes just landed for GStack, half of which were community PR's. https://t.co/98jmCzQ38i
Zero‑Trust BYO VPS Platform Matches Commercial Features
I've built: A zero-trust BYO VPS platform. It has feature parity with commercial alternatives, but it still needs a lot of polish. 😀
Introduction to Risk Management: A Complete Guide for Security Professionals
Dr. Erdal Ozkaya’s free guide delivers a complete, step‑by‑step introduction to cyber risk management, covering definitions, the seven core concepts, quantitative formulas, and the NIST Risk Management Framework. It shifts security teams from reactive alert firefighting to strategic decision‑making by...
How Scalable Is Agentic AI for Growing Businesses
Enterprises increasingly rely on Non‑Human Identities (NHIs) to power automated processes, yet many still lack comprehensive management. Effective NHI governance—covering discovery, access control, and continuous threat monitoring—delivers risk reduction, compliance assurance, and operational efficiency. Agentic AI adds scalability by automating...
Security Must Match Your Attractiveness as a Target
Scary stuff. The best security remains obscurity. Unfortunately just being “anonymous” isn’t enough anymore due to constant third party data breaches, like Coinbase leaking user balances and addresses. The potential security holes are endless. Basically every...
The Breach Lasted 25 Minutes. How Long Will the Litigation Last?
On February 17, 2026, Auger & Auger suffered a 25‑minute unauthorized intrusion that exposed personal data of 5,102 individuals, including Social Security numbers and medical information. The firm notified affected parties on March 30 and provided a year of complimentary identity‑protection services. Within...
Sample Malware Phone Back C&C (Command and Control) MD5s From Domains Belonging to XSS Forum Users – A Compilation
Security Boulevard published a curated list of over 80 domain names and their corresponding MD5 hashes that serve as command‑and‑control (C2) servers for phone‑based malware. All the entries are tied to users of the XSS forum, revealing a coordinated effort...
OCSF Explained: The Shared Data Language Security Teams Have Been Missing
The Open Cybersecurity Schema Framework (OCSF) is emerging as a de‑facto standard for describing security events, findings, and context across vendors. Since its 2022 launch, the community has expanded to roughly 900 contributors after joining the Linux Foundation, and major...
Want a Private Homelab? Put These 12 Apps at the Top of Your List
The article lists twelve privacy‑focused self‑hosted applications that let users replace popular cloud services such as Dropbox, Google Photos, and GitHub with locally run alternatives. Each app runs in Docker or similar containers, enabling easy deployment on a home server...
Rushing Bitcoin to PQ Signatures Risks New Vulnerabilities
It’s been almost 10 years since the Blocksize Wars ended and Brian hasn’t changed at all. He still carries the exact same complete lack of humility and understanding. Brian forms the opinion first, along with a prescribed course of action and...
Lawsuit Claims Perplexity’s ‘Incognito’ Sold Chats for Ads
Perplexity’s “Incognito Mode” is a “sham,” -lawsuit says Google, Meta, and Perplexity accused of sharing millions of chats to increase ad revenue. https://t.co/vxnnXugoR4
LinkedIn Is Spying on You, According to a New 'BrowserGate' Security Report — Scripts Stealthily Scan Visitors' Browsers for over...
A new BrowserGate security report reveals that LinkedIn’s web pages run hidden scripts that probe visitors’ browsers for more than 6,000 Chrome extensions and collect hardware fingerprints such as screen resolution and device type. The data is harvested without explicit...
Enable WhatsApp Two‑Step Verification: Simple Yet Essential
Whether you just joined @WhatsApp or have been using it for years, it's a smart idea to enable two-step verification. Here's how, step by step, and why it's not as good as 2-factor authentication, but better than nothing... https://t.co/KDT8J6yjkd #whatsapp...
CISA Lists TrueConf Client Flaw in Exploit Catalog
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog https://t.co/LEm093lFfD #BreakingNews https://t.co/7HuNg6hJGV
How to Back up Your Phone, Photos and Computer without Overthinking It
The article demystifies data backup by urging readers to adopt a single, reliable copy rather than the complex 3‑2‑1 rule. It walks through practical solutions for home‑based NAS storage, photo archiving via Google Takeout or iCloud, and automated computer backups...
Military Personnel Leak Sensitive Data via Fitness App
We've got more cases of military personnel revealing a significant amount of information through the fitness app. https://t.co/BwTkOxURPX
TriZetto Breach Exposes Data of 3.4 Million Patients, Sparking Industry Alarm
Cognizant-owned health‑tech firm TriZetto disclosed a cyberattack that stole personal and medical information of more than 3.4 million patients. The breach, discovered in October 2025, may have lingered since November 2024, underscoring systemic vulnerabilities in health‑technology platforms.
Hong Kong Hospital Authority Apologises for Data Breach Involving 56,000 Patients
Hong Kong’s Hospital Authority announced a data breach that exposed the personal and medical records of more than 56,000 patients from hospitals in Kowloon East. The unauthorized retrieval included names, identification numbers, contact details and health information. Hong Kong’s privacy...
Claude Code Leak Used to Push Infostealer Malware on GitHub
Threat actors are leveraging the recent Claude Code source‑code leak to create counterfeit GitHub repositories that distribute the Vidar information‑stealing malware. Claude Code, Anthropic’s terminal‑based AI coding agent, was exposed in a public dump, giving attackers a ready‑made framework to...
UK: School IT System Targeted in Cyber Attack Ahead of Exam Season
The Education Authority (EA) in Northern Ireland confirmed that its centralized school IT platform was hit by a cyber attack just days before the exam period. The breach prompted an emergency password reset for every user across the network. Authorities...
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Meta has indefinitely paused all collaborations with data‑contracting firm Mercor while investigating a significant security breach at the startup. The breach, which exposed proprietary training datasets, has prompted other leading AI labs—including OpenAI and Anthropic—to reevaluate their relationships with Mercor....
Private VPC Without NAT Blocks Internet Access Securely
AWS Security Agent-Penetration Testing Overview | by Sena Yakut | AWS in Plain English Was just reading this and pretty good review. If you put in a private VPC no NAT or peering can’t reach Internet which is what you want...
IBM Highlights Agentic AI Security Gaps at RSA Conference
At RSA’s 2024 cybersecurity conference, over 43,000 attendees highlighted the rise of agentic AI, yet few vendors offered end‑to‑end security solutions. IBM executives warned that AI agents change behavior at runtime, expanding attack surfaces and exposing a critical gap in...
Keeper Security Brings Zero-Trust Database Access to Its PAM Platform with KeeperDB
Keeper Security announced KeeperDB, a new database‑access capability embedded in its KeeperPAM privileged access management platform. The feature lets developers and DBAs connect to MySQL, PostgreSQL, Oracle, and Microsoft SQL Server directly from the vault, eliminating plaintext credential exposure. KeeperDB...
Axios NPM Supply Chain Breach Exposes Millions of Developers to Malware
Hackers hijacked the npm account of a lead Axios maintainer and published two poisoned versions of the library, exposing a remote‑access trojan to any developer who installed them. The malicious packages were live for about three hours before removal, underscoring...
Quantum Threat Makes Crypto Existential, Not Just Technical
What keeps me up at night about quantum is that centralized companies can just rewrite their ledgers when hacked. Bitcoin can't. That's why a quantum threat to crypto isn't just a tech problem, it's existential. 👀 h/t @apruden08 https://t.co/ZZnqMsa0hq
5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)
In this episode the hosts dive into five critical Entra ID updates for 2026, focusing on the new Entra Backup and Recovery preview, tenant governance enhancements, the Unified Risk Score core, and improvements to passkeys and Conditional Access agents. They...
Microsoft’s Identity Chief Joy Chik Retires, Sparking Senior Exec Exodus
Joy Chik announced her July retirement after nearly 30 years at Microsoft, ending a tenure that spanned from software design engineer to president of identity and network access. The departure coincides with the exit of VP of energy Bobby Hollis...
Over 500 UK Service Members Leak Nuclear Base Locations on Strava
A senior military source says over 500 British armed‑force personnel have publicly logged runs on Strava that map routes inside the Trident nuclear complex and other high‑security sites. The breach, uncovered by the iPaper, raises fears of intelligence gathering, blackmail...
Reuters Saudi Reporter Warns of WhatsApp Impersonation Scam
The chief Saudi correspondent for @Reuters warns that someone's impersonating him on WhatsApp with links and requests for information; at least one individual in the UAE was contacted by this number already. https://t.co/OkG01CK0TK
FIATA Makes Data Protection a Standard
FIATA and the Global Shippers Forum have introduced a signable version of their Data Governance Charter, converting previously voluntary principles into a binding framework for digital supply chains. The charter outlines mandatory standards on data ownership, permission controls, protection duties,...