Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Anthropic’s Claude Code Source‑map Leak Exposes Enterprise Features, Sparking Compliance Concerns
Anthropic inadvertently published a 59.8 MB source‑map file for its Claude Code CLI on npm, exposing the full TypeScript code, unreleased features and internal attribution controls. The leak hits a product that generates over $1 billion in run‑rate revenue and serves regulated enterprises such as Netflix, KPMG and Salesforce, raising immediate security and EU AI Act compliance questions.
Data Security Posture Management Has Become Essential for Governments
State and local governments are rapidly expanding multicloud environments and adopting generative AI, yet many lack clear visibility into where sensitive citizen data resides. Data Security Posture Management (DSPM) emerges as a solution, continuously discovering, classifying, and monitoring data across...
Guardian AI Emerges: Second‑layer Agents Monitor and Secure Systems
The category is called guardian AI, or supervisor agents. The idea: deploy a second layer of AI to watch what the first layer is doing. ServiceNow has the most developed commercial product here, sold as part of its AI Control...
Check City Notifies 322,687 People of March 2025 Data Breach
Check City, a payday‑loan provider, disclosed that a March 2025 cyber‑attack exposed personal data of 322,687 individuals. The breach compromised names, Social Security numbers, government IDs, financial account details, credit and debit card numbers, dates of birth, and addresses. A...
How the World Got Owned Episode 2: The 1990s, Part One
Episode 2 of "How the World Got Owned" dives into the 1990s hacking scene, highlighting the rise of hacker conventions like DEF CON and Black Hat, the emergence of a vibrant but ego‑driven community, and the clash between hackers and...
Bug Bounties Aren’t Universal, AI Hype Is Overblown
Had a great conversation with Mackenzie Jackson from Aikido Security on The Secure Disclosure — we got into some contrarian takes: not every org should run a bug bounty (yes, from the Bugcrowd founder), AI slop is really just 2014...
Malicious Android Apps Reach 2.3 M Downloads, Deploy Undeletable NoVoice Malware
McAfee researchers identified 50 malicious Android apps on Google Play that have been downloaded 2.3 million times. The apps install the NoVoice strain, which gains root, rewrites system libraries and survives factory resets, exposing users in Africa, India, the U.S. and...
Digital Forensics and Incident Response (DFIR): A CISO’s Guide
Digital Forensics and Incident Response (DFIR) combines evidence collection with threat containment, forming a critical capability for CISOs. The guide outlines core functions—evidence preservation, malware and network analysis, and emerging cloud forensics—while stressing the need for pre‑enabled logging. It recommends...
OT Network Segmentation: A Practical Guide for Security Teams
Network segmentation is the most effective control for safeguarding operational technology (OT) environments, limiting attackers to isolated zones rather than allowing lateral movement. Implementing segmentation in OT differs from IT because industrial protocols and legacy equipment resist typical firewall solutions...
Incident Response Planning for Business Continuity
Organizations lacking a tested incident response plan face escalating costs, reputational damage, and evidence loss during cyber attacks. The article outlines the NIST incident response lifecycle—preparation, detection, containment, and post‑incident review—and stresses integrating business continuity to meet recovery time objectives....
Americans' Passports Purportedly Stolen in Hacktivist Attack Against Dubai Airport
Nasir Security, a hacktivist group linked to Iran, claimed to have stolen a large data set from Dubai International Airport after a months‑long intrusion. The breach includes passport photos of American, Arab and Emirati travelers, as well as luggage and...
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers
Security cameras, IoT and OT devices are increasingly being compromised and repurposed as attack vectors, enabling nation‑state reconnaissance, espionage, ransomware pivots, and massive botnets. Recent incidents include Iranian hackers hijacking Hikvision cameras during missile strikes, Russian operatives streaming compromised webcams...
PSA: Anyone with a Link Can View Your Granola Notes by Default
Granola, an AI‑powered note‑taking app, shares notes publicly by default to anyone with a link, contradicting its claim of private‑by‑default. Users can change the setting to “Only my company” or “Private,” but the default exposes potentially sensitive meeting content. The...
Quantum Encryption’s Hidden Weakness Exposed by New Eavesdropping Attack
Researchers at the School of Physics and Astronomy have unveiled a new eavesdropping technique called Manipulate-and-Observe that targets the classical reconciliation phase of quantum key distribution (QKD). By intercepting between 0% and 11% of photons and injecting subtle errors, the...
The DOJ’s Cyber FCA Playbook Is Working as Enforcement Triples and Shows No Signs of Slowing
The Department of Justice’s cyber fraud initiative has accelerated, with nine False Claims Act settlements in FY 2025 totaling more than $52 million—a three‑fold increase over the prior two years. Enforcement targets misrepresentations of cybersecurity compliance rather than actual data breaches, implicating...
Agentic Development Security: Why AppSec Needs A New Operating Model
Application security is being reshaped by faster exploit cycles and the rise of AI‑driven coding agents. Traditional testing tools now detect vulnerabilities but struggle to provide real‑world context such as exploitability and business impact. Large language models are enabling richer...
Why Australia’s Tech Sovereignty Needs Smart Partnerships
Mark Hile, Managing Director of Datacom Infrastructure Products, warns that rising cyber threats, geopolitical risk and supply‑chain disruptions are forcing Australia to rethink its digital infrastructure. He argues the country must double down on regionally‑owned, sovereign technology or cede strategic...
Amazon Middle East Datacenter Suffers Second Drone Hit as Iran Steps up Attacks
Iranian drones struck Amazon's ME‑SOUTH‑1 data center in Bahrain for the second time this month, igniting a fire and prompting AWS to label the incident as the lowest level of service disruption. The attack follows a March strike on the...
How Do NHIs Build Trust in Cloud Security?
Machine (non‑human) identities are becoming the backbone of cloud security, requiring end‑to‑end lifecycle management from discovery to remediation. Organizations that integrate NHI controls into a unified cybersecurity strategy can close gaps that expose sensitive data, especially in regulated sectors like...
Agentic Era Demands New Trust Layer, ZKML Offers Solution
Finally going to write a bit more about this (in tomorrow's Clouded Judgement). A snippet of what I wrote: The way I think about it: every major platform shift has required a corresponding trust layer. The internet needed SSL/TLS. Mobile needed...
Broadcom Donates Velero to CNCF Sandbox, Elevating Kubernetes Data‑Protection Tools
Broadcom has transferred ownership of the open‑source backup/restore project Velero to the Cloud Native Computing Foundation (CNCF) Sandbox. The donation, announced at KubeCon Europe 2026, is intended to remove perceived vendor lock‑in and accelerate Velero’s evolution into a de‑facto standard for Kubernetes...
Supply‑Chain Attack Hijacks TrueConf Video‑Conferencing Used by Southeast Asian Governments
Security firm Check Point disclosed a sophisticated supply‑chain intrusion that exploited a zero‑day in TrueConf, a video‑conferencing platform favored by Southeast Asian governments and militaries. The flaw, tracked as CVE‑2026‑3502 with a 7.8 severity score, was patched in version 8.5.3...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters, identified as UNC6040, issued a final warning to Cisco, demanding contact before April 3 2026 or face a public data leak. The group alleges it has exfiltrated more than three million Salesforce records, along with GitHub repositories, AWS storage buckets, and...
How Ecommerce Brands Should Budget for Penetration Testing in 2026 Without Under-Scoping Risk
E‑commerce brands in 2026 must treat penetration testing as a revenue‑protection expense rather than a simple compliance line‑item. Modern stacks combine headless front‑ends, APIs, third‑party services, and mobile apps, expanding the attack surface far beyond the public storefront. Budgeting errors...
What Internal Audit Needs to Know About Zero Trust Architecture
Zero Trust Architecture (ZTA) is reshaping security by demanding continuous verification of users, devices, and connections rather than trusting network perimeters. Internal auditors must evaluate ZTA implementations against standards such as MFA enforcement, least‑privilege access, micro‑segmentation, and immutable logging to...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Hackers are exploiting the critical CVE‑2025‑55182 flaw in Next.js to gain remote code execution and compromise at least 766 hosts across several cloud providers. The UAT‑10608 threat cluster deploys a multi‑phase dropper that harvests SSH keys, cloud IAM tokens, API...
ConductorOne Extends Reach of Identity Governance to AI
ConductorOne has broadened its identity governance platform to cover AI tools, agents and integrations using the Model Context Protocol, and has linked the platform with CrowdStrike Falcon Next‑Gen Identity Security for real‑time threat intelligence. A recent survey shows 95% of organizations...
Even Tech‑Savvy Users Still Fall for Phishing Scams
I just analyzed this BofA text, and it’s a perfect example of why even tech-savvy people get burned. Why do we still fall for these?
CrystalX RAT Bundles Prankware to Taunt Victims During Data Theft
CrystalX RAT comes with a handful of prankware, allowing hackers to tease their victims as they steal their data. https://t.co/aOjjo0ApuY
US Military Contractor Open Sources Tool for Validating Hidden Communications Networks
RTX’s BBN research arm has released Maude‑HCS, a DARPA‑funded toolkit for modeling and validating hidden communication systems, under the Apache 2.0 license on GitHub. Built on the Maude language, the open‑source tool lets users specify protocol behavior, adversary observables, and environmental...
Indirect Prompt Injection Threats and Google’s Defense Strategies
Indirect prompt injection "enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query." https://t.co/smO5fyBfLT < what @google Security does to...
Don’t Trust Your Supply Chain Blindly—Follow Docker’s Guidance
These recent software supply chain breaches are worrisome. How can we avoid assuming trust where we shouldn't? @Docker has a good post up with recommendations for engineering teams ... https://t.co/O5Mfag8N4y
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic unintentionally published a JavaScript sourcemap for Claude Code v2.1.88, exposing roughly 512,000 lines of TypeScript. Within days, security firm Adversa AI uncovered a critical flaw in Claude Code’s permission system that lets deny‑rule checks be bypassed when more than 50 sub‑commands are generated....
FCC Cracks Down on Foreign Bank Impersonation Scams
FCC Acts to Protect U.S. Consumers from Bank Impersonation Scams Linked to Suspicious Foreign Call Traffic https://t.co/4LNmknNXR0
Iran Claims Cyberattack on Oracle, AWS Data Centers
Iran says that they have hit Oracle datacenter in Dubai, AWS datacenter in Bahrain - CNBC (just now)
Amazon’s AWS Bahrain Data Center Damaged in Iranian Strike, Second Disruption in a Month
Amazon Web Services’ Bahrain data center was hit by a fire after an Iranian strike, confirmed by Bahrain’s Interior Ministry. The incident follows a prior outage in the same region last week, marking the second AWS disruption in a month....
AI Is Simplifying Cybercrime; Future Threats Loom
#AI is already making online crimes easier. It could get much worse. (MIT Technology Review) #JVGpost https://t.co/CbJaHfE8I9 https://t.co/Z89pKDgCWW
Durable Nonces Are Intentional Feature, Not a Bug
SOLANA FOUNDER JUST SAID IT OUT LOUD: “durable nonces observed on chain” ⚠️ Not a bug… it’s a permanent feature of how on-chain authority works. Every system has this invisible attack surface. ~ @omeragoldberg https://t.co/1jXnOLapcr
Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh
Microsoft is quietly updating Secure Boot certificates that were issued in 2011 and will expire in June 2026. The new certificates are being delivered through Windows Update and become visible in April 2026 via a badge in the Windows Security...
Fake Collateral Added, Enabling Oracle Manipulation on Drift
💥 DRIFT EXPLOIT BREAKDOWN 💥 “They added CVT as a new collateral asset on the Drift Protocol” That single move changed everything. Whitelist a fake asset → use it as collateral → start manipulating the oracle + market feed. Game over waiting to happen. ~...
Second Cosignature
2-of-5 in ONE second tells you everything 🚨 “Immediately signed by a second cosigner one second after it was created” That kind of speed is just wild. The admin key was already exposed. ~ @omeragoldberg https://t.co/DpFazTNV4V
New Rowhammer Attacks Give Complete Control of Machines Running Nvidia GPUs
Researchers have unveiled two GPU‑focused Rowhammer attacks, GDDRHammer and GeForge, that can flip bits in Nvidia Ampere‑generation GDDR memory and gain arbitrary read/write access to CPU RAM. By massaging GPU page‑table allocations, the exploits break isolation and open a root...
Old Multi‑Sig Signer Omitted Themselves, Triggering Drift Confusion
The most confusing detail in the Drift hack… until it clicks 😬 “a signer from the old multi-sig… created it but then… did not add themselves to the new role” That reads like compromised access during migration. ~ @omeragoldberg https://t.co/DpFazTNV4V
Beware: Fake Login Alerts with Password Reset Links
Received an email from X warning you of new or unusual login attempts, with a handy 'change password' link? Beware, it's a slick new phishing attack that can trick even the most vigilant user. I've seen this with other sites...
Money Transfer App Duc Exposed Thousands of Driver’s Licenses and Passports to the Open Web
The Canadian fintech Duc App left an Amazon‑hosted storage bucket publicly accessible, exposing over 360,000 files that included driver’s licenses, passports, selfies and transaction spreadsheets. The data was stored without encryption, allowing anyone with the URL to view and download the...
Admin Keys Threaten DeFi; Implement Circuit Breakers
“Admin key can drain all funds. Otherwise DeFi means nothing.” ⚠️ Every protocol should have circuit breakers, timelocks, and emergency security councils. Sacrifice a bit of UX. Save billions. ~ @omeragoldberg https://t.co/DpFazTNV4V
Attackers Leveraged Signers, Oracles, Fake Tokens, Massive Pools
They didn’t just steal. They manipulated signers, touched oracles, faked tokens, and ran massive pool volumes. 💥 Next-level attack. ~ @omeragoldberg https://t.co/DpFazTNV4V
Web2 Mindset Misses the Mark in Web3
“Wasn’t paranoid enough.” 😬 Top 10 hack, billions in TVL, and the team still got caught off guard. Classic Web2 ops fail in a Web3 world. ~ @omeragoldberg https://t.co/DpFazTNV4V
Solana Hack Spreads Across 20+ Protocols, Proving Contagion
“This hack hit over 20 protocols.” 🔗 Drift wasn’t just a single platform — it spread like wildfire through the Solana ecosystem. Contagion is real. ~ @omeragoldberg https://t.co/DpFazTNV4V
One Compromised Signer Can Collapse Massive TVL
“So much TVL… you’d want to see who’s signing is actually who you think it is.” 🔑 One compromised signer and it’s over. ~ @omeragoldberg https://t.co/DpFazTNV4V