Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Microsoft’s Defender Security Research team has uncovered a new web‑shell tradecraft that leverages HTTP cookies as a covert control channel for PHP loaders on Linux servers. The shells remain dormant until a specific cookie value is presented, then execute malicious payloads, while a cron job periodically recreates the obfuscated loader to ensure persistence. This dual‑layer approach—cookie‑gated activation and cron‑based self‑healing—makes detection difficult for traditional logging and IDS tools. The findings highlight a shift toward using legitimate server mechanisms to maintain post‑compromise access.
6G Could Introduce New Cybersecurity Vulnerabilities, Report Finds
The FCC’s Communications Security, Reliability and Interoperability Council warned that 6G networks could bring unprecedented cybersecurity and reliability risks. The report highlights that 6G’s reliance on virtualization, artificial intelligence, and cloud‑native infrastructure expands attack surfaces and complicates threat detection. It...
New Presidential Executive Order Targets Transnational Cybercrime
In March 2026 President Trump signed an Executive Order targeting transnational cybercrime, directing the State, Treasury, War, Homeland Security and Justice departments to produce a coordinated action plan by July. Fraud losses have surged 430% since 2020, with AI‑driven scams...
Sri Lanka Arrests 152 in Alleged Chinese-Run Cyberscam
Sri Lankan police arrested 152 foreign nationals, primarily Chinese, in a hotel‑based cyber‑scam raid in Chilaw. The operation uncovered 143 laptops, 120 desktops and 370 mobile phones, indicating a sophisticated fraud hub. The Chinese embassy pledged cooperation, while officials cited...
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
TeamPCP’s supply‑chain campaign has broadened, compromising open‑source tools like Trivy and LiteLLM and giving attackers stolen AWS credentials. The breaches surfaced at AI startup Mercor and the European Commission, where compromised code‑scanning utilities enabled unauthorized cloud access. Third‑party groups ShinyHunters...
Cybersecurity's New Challenge: Decision, Not Tools
Cybersecurity isn’t a tooling problem anymore. It’s a decision problem. AI-driven threats are moving faster than human response models. Most orgs still rely on: • alerts • dashboards • manual decisions That’s the real vulnerability. The shift? → Decision Intelligence systems Comment “DECISION” and I’ll show you how to implement...
FBI Calls China-Linked Intrusion a Major Cyber Incident
The FBI reportedly classified a China-linked effort to penetrate one of its surveillance systems this week as a “major cyber incident,” meaning it was a significant risk to U.S. national security. The definition of a “major incident” was established by the...
High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week
This week’s cybersecurity landscape was dominated by a wave of high‑severity flaws, including a Cisco IMC vulnerability (CVSS 9.8) that grants unauthenticated admin access, a Chrome WebGPU use‑after‑free exploit actively seen in the wild, and a critical GIGABYTE Control Center remote‑code‑execution...
Security Giants Bet Big; Execution Determines AI Success
When companies like ServiceNow and Mastercard start making big security bets, you know the lines are blurring. Now it’s about execution. Who deploys AI securely and actually succeeds? https://t.co/QOSbQN1WO8
Crypto’s Core Strengths Threaten Its Quantum Future
Here's the irony: the things that make crypto work, immutability, decentralization, public addresses, are exactly what make it extremely vulnerable to quantum computers. @apruden08 on why blockchain faces a deadline other systems don't. 😓 https://t.co/7Lt08CnIfJ
Data Privacy At The Kitchen Table
Lawmakers are increasingly prioritizing data privacy as voters bring the issue to the kitchen table, highlighted by Delaware Rep. Krista Griffith at the IAB Public Policy & Legal Summit. The topic gained further traction at two Washington, DC privacy conferences,...
Discovered “NomShub” Sandbox Breakout Bug in Cursor
New blog: We found a sandbox breakout and remote dev tunnel bug in Cursor. Called it NomShub. It was fun making my vscode dev tunnel C2 dashboard pink. https://t.co/KfPBzqEOYe https://t.co/Owgxbnge1b
Metrics Mislead: Scans Don't Equal Security Progress
Counting scans and alerts isn’t security progress—it's masking unresolved vulnerabilities and rising cyber risk. https://t.co/fsb8M3fbRc
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Ransomware attacks surged 49% in 2025, affecting healthcare, finance and manufacturing, with incidents like the University of Mississippi Medical Center shutdown forcing chemotherapy cancellations. Threat actors have evolved from simple encryption to double and triple extortion, stealing data before encrypting...
AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech
Tech week saw a surge in AI investment and model releases, highlighted by OpenAI’s record $122 billion funding round and Alibaba’s Qwen3.5 Omni multimodal system. At the same time, major security incidents—from the NoVoice Android rootkit infecting 2.3 million devices to a...
Massachusetts Emergency Communications System Impacted by Cyberattack
A cyberattack on the Patriot Regional Emergency Communications Center disrupted non‑emergency and business phone lines for several northern Massachusetts towns, though 9‑1‑1 services remained functional. The intrusion affected municipal public‑safety computer systems, prompting officials to engage insurers, external cybersecurity firms,...
Enforcers Project Plans to Strengthen European Cybersecurity
The EU‑funded Enhanced Cooperation for Cybersecurity (Enforcers) project launched in February, bringing together manufacturers, security providers, and research institutes to build a unified platform for industrial automation protection. The system will interconnect private SOCs, trusted hardware anchors, automated mitigation playbooks,...
FBI Warns Chinese Apps Store Data Accessible to Government
Chinese apps store sensitive data on servers in China, which the government can access, FBI warns. https://t.co/irVklBM99j
Ukraine Warns Russian Hackers Are Revisiting Past Breaches to Prepare New Attacks
Ukraine’s cyber incident response team (CERT‑UA) warns Russian‑linked hackers are revisiting previously compromised systems to re‑establish footholds, marking a shift from the 2025 “steal‑and‑go” approach to sustained, long‑term access. Attackers now favor sophisticated social‑engineering, using phone calls and video chats...
Tönnjes Offers New RFID Security Solutions for Vehicle Identification
Tönnjes, in partnership with Swiss chip maker EM Microelectronic, unveiled a next‑generation hybrid RFID/NFC chip for vehicle identification at Intertraffic in Amsterdam. The dual‑frequency tag combines long‑range RAIN RFID with smartphone‑compatible NFC, featuring AES‑128 encryption and expanded memory for secure,...
Navigating Data Privacy and Compliance Challenges in Digital Transformation
Digital transformation is accelerating adoption of cloud, automation, and AI, but it also amplifies data‑privacy and compliance risks. Organizations must juggle regulations such as GDPR, CCPA/CPRA, HIPAA, and emerging AI oversight rules across multiple jurisdictions. Strategies like privacy‑by‑design, comprehensive data...
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
Chainguard introduced Factory 2.0 at the Assemble conference, revamping its supply‑chain hardening platform with an AI‑powered control plane and agentic reconciliation bots. The new DriftlessAF framework continuously updates and patches approved open‑source artifacts across containers, libraries, and CI/CD workflows. Chainguard also...
FIDO Seminar: Advancing Passkeys in the Workforce
On the opening day of the RSA Conference, the FIDO Alliance hosted a one‑day seminar titled “Advancing Passkeys in the Workforce.” The event gathered senior security and identity executives to discuss practical rollout strategies, user‑experience considerations, and measurable impact of...
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
This week’s cybersecurity roundup revealed a wave of high‑profile threats, from a new Android banking trojan called Mirax that can be rented for $3,000 a month to an Android rootkit dubbed NoVoice that has infected roughly 2.3 million devices via Google...
DataCore Launches Swarm Appliance to Address Cyber Resilience and Compliance for the Edge
DataCore Software introduced the Swarm Appliance, a turnkey object‑storage solution designed for edge and remote‑office (ROBO) environments. The appliance consolidates data protection, archiving, and long‑term retention while embedding immutability, encryption, and malware detection. It aims to simplify compliance and cyber‑resilience...
Rubrik Rolls Out Industry’s First Semantic AI Governance Engine
Rubrik unveiled its Semantic AI Governance Engine (SAGE), the first industry‑wide solution that uses a custom small language model to interpret natural‑language policies and control autonomous agents in real time. The engine replaces static rule‑sets with intent‑driven governance, enabling the...
Data Protection Reinforced with Veeam Backup and NGX Storage Partnership
Veeam announced a partnership with NGX Storage, whose solutions have earned Veeam Ready‑Repository and Ready‑Object certifications. The accreditation confirms NGX’s compatibility as a file, block, or object backup target for Veeam Backup & Replication. Together, the two firms promise faster...
CloudCasa Joins Nutanix Kubernetes Platform (NKP) Partner Catalog, Expanding Data Protection for Kubernetes Users
CloudCasa by Catalogic is now listed in the Nutanix Kubernetes Platform (NKP) Partner Catalog, delivering Kubernetes‑native backup, disaster recovery, and migration tools to NKP users. The integration lets organizations protect persistent data, cluster resources, and applications across on‑prem, edge, and...
Coralogix and Skyflow Redefine Privacy-Safe Observability for the AI Era
Coralogix and Skyflow have formed a strategic partnership to deliver privacy‑safe observability for enterprises. By replacing redaction with consistent tokenization, the solution keeps sensitive customer data out of logs while preserving full searchability and correlation. The joint offering supports AI‑driven...
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
CrowdStrike announced that its Falcon Next‑Gen SIEM now ingests telemetry from Microsoft Defender for Endpoint, making Defender the first EDR integrated with the platform. The integration enables real‑time analytics, intelligent filtering and faster threat detection across heterogeneous endpoint stacks. CrowdStrike...
Windows Security App Gets Secure Boot Certificate Status Indicators as 2026 Expiration Approaches
Microsoft has introduced Secure Boot certificate status indicators in the Windows Security app to help IT teams monitor the replacement of 2011‑issued certificates that expire in 2026. The indicators are delivered via Windows Update, but they are disabled by default...
Company that Secretly Records and Publishes Zoom Meetings
A new service, WebinarTV, is automating the recording of Zoom meetings and generating AI‑driven transcripts and summaries without informing participants. Unlike archival tools such as the Internet Archive, the company profits from bulk capture of live video calls. The practice...
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
Third‑party risk has become the largest security gap for many organizations, accounting for 30% of data‑breach incidents and an average remediation cost of $4.91 million. The modern perimeter now extends across SaaS applications, vendor APIs, and subcontractors, prompting regulators such as...
Mobile Attack Surface Expands as Enterprises Lose Control
Jamf’s 2025 mobile security report, based on 1.7 million devices, reveals a sprawling, poorly‑controlled attack surface. Over half of enterprises host at least one device with a critically outdated OS, while 86% of the 135 most common apps contain known vulnerabilities....
T-Mobile Sets the Record Straight on Latest Data Breach Filing
T‑Mobile USA clarified that a recent data breach notification filed with the Maine Attorney General stemmed from an isolated insider incident affecting a single customer. The compromised data included personal identifiers such as name, address, SSN, driver’s license and account...
PgEdge Launches MCP Server for Postgres, Pushing Message‑Based Protocol Over APIs for AI Agents
pgEdge announced a production‑ready MCP Server for Postgres, positioning a message‑based communication protocol as a superior alternative to traditional APIs for AI agents. The service promises built‑in security, deep schema introspection and reduced token consumption, aiming to curb hallucinations and...
Axios Npm Supply‑chain Breach Exposes Millions of Developers to North Korean‑linked RAT
A compromised Axios maintainer account allowed attackers to publish malicious versions of the popular JavaScript library, injecting a remote‑access trojan that reached an estimated 180 million weekly downloads. The three‑hour window before removal highlights the fragility of open‑source supply chains and...
Finance of America Faces Early Data Breach Class Action
A Texas federal court received a class‑action lawsuit alleging Finance of America suffered a data breach two weeks ago. Consumer Melanie Place claims the ransomware group Word Leaks accessed customers’ personal data, including Social Security numbers. The suit is notable for...
Naoris Protocol's Quantum-Resistant Blockchain Goes Live as Bitcoin and Ethereum Face 'Q-Day' Threats
Naoris Protocol launched a quantum‑resistant mainnet built on NIST‑approved post‑quantum algorithms, marking its shift from proof‑of‑concept to production. The network has already validated over 100 million transactions and mitigated more than 603 million threats during testing. Its debut comes as Bitcoin and...
Real‑Time Location Tracking Threats: How to Protect Yourself
240 - Warning, They Can Know Where You Are in Real Time. How to Protect Yourself #ArtificialDecisions #MCC https://t.co/LUlIN36Wjm
Understanding the Risks of OpenClaw
OpenClaw AI Agent Platform functions as an orchestration layer rather than a standalone cloud service, providing the plumbing for agents to interact with external models and enterprise systems. While it can be run locally, its real value emerges only when...
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
The Cyber Express weekly roundup highlights a sharp rise in ransomware incidents and supply‑chain compromises across multiple sectors. High‑profile breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and...
Your Token Was Stolen. Now What?
The article warns that stolen JWTs let attackers impersonate users until the token expires, exposing a critical weakness in many API authentication flows. It outlines the typical login sequence, then highlights how tokens stored in insecure locations or with long...
A New Open-Source Protocol Wants to End the War Between Encryption and Safety
A new open‑source framework called the Open Moderation Safety Protocol (OMSP) proposes to reconcile end‑to‑end encryption with content safety by performing all classification locally on the user’s device or a platform‑controlled node. The protocol uses a three‑tier pipeline—pattern matching, a...
Outlook Mobile 2FA: Frequently Fails, Users Frustrated
Question - is it just me - or does the @Microsoft Outlook Mobile based 2 factor authorization ever work?
TCCA White Paper Gives Direction on Building Cybersecurity Into Critical Communications
The Telecoms Critical Communications Association (TCCA) has published its first white paper on cybersecurity for mission‑critical broadband networks, marking a key step toward securing 4G and 5G‑enabled communications. The document outlines international standards, frameworks and deployment models, and stresses the...
Keysight Introduces SBOM Manager for Cybersecurity Compliance
Keysight has launched an SBOM Manager platform that automates the creation and upkeep of software bills of materials for manufacturers facing tighter cybersecurity regulations. The tool scans binaries, firmware and containerised applications, linking components to multiple vulnerability databases and supporting...
Which Messaging App Takes the Most Limited Approach to Permissions on Android?
A recent analysis of Android versions of Messenger, Signal and Telegram reveals stark differences in permission requests and data handling. Messenger requests the most permissions (87 total, 24 dangerous), while Telegram requests the fewest (71 total) but the highest number...
Cambridge Global Advisors Wins Australian Grant for Pacific Cybersecurity
Cambridge Global Advisors has secured an Australian Department of Foreign Affairs and Trade grant to launch the Pacific Women in Cyber (PWiC) program, an 18‑month initiative delivering cybersecurity training and internships to women in Tonga, Fiji and Samoa. Funded under...
Use AI Defensively To
Cyber attacks launched by malicious humans using AI are a very real AI risk. The best way to guard against them is to use AI to proactively find vulnerabilities in our systems and harden them, along with parallel efforts in...