Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh
Microsoft is quietly updating Secure Boot certificates that were issued in 2011 and will expire in June 2026. The new certificates are being delivered through Windows Update and become visible in April 2026 via a badge in the Windows Security app. The badge uses green, yellow, and red icons to indicate fully updated, pending, or critical failure states. Devices showing a red badge will lose the ability to receive boot‑level security updates once the old certificates lapse.
New Rowhammer Attacks Give Complete Control of Machines Running Nvidia GPUs
Researchers have unveiled two GPU‑focused Rowhammer attacks, GDDRHammer and GeForge, that can flip bits in Nvidia Ampere‑generation GDDR memory and gain arbitrary read/write access to CPU RAM. By massaging GPU page‑table allocations, the exploits break isolation and open a root...
Money Transfer App Duc Exposed Thousands of Driver’s Licenses and Passports to the Open Web
The Canadian fintech Duc App left an Amazon‑hosted storage bucket publicly accessible, exposing over 360,000 files that included driver’s licenses, passports, selfies and transaction spreadsheets. The data was stored without encryption, allowing anyone with the URL to view and download the...
Akira Ransomware Group Can Achieve Initial Access to Data Encryption in Less than an Hour
The Akira ransomware group can move from initial access to full data encryption in under an hour, often within four hours. Active since 2023, it has extorted roughly $245 million in ransom payments through September 2025. Akira leverages zero‑day exploits, vulnerable VPNs,...
Oracle Launches Defense Isolated Cloud to Enable Secure Collaboration at Scale
Oracle announced its Defense Industrial Base Isolated Cloud Environment (DICE), an air‑gapped OCI offering that meets U.S. Secret and future Top Secret classification requirements. The service, unveiled at the Oracle Federal Forum, is undergoing security assessments and aims for provisional...
Engineers Redesign Smartphone Security for Finance and Health Apps
Senior iOS engineer Madhuri Latha Gondi unveiled a modular, privacy‑by‑design mobile architecture that embeds security into the core of smartphone apps for finance and healthcare, meeting HIPAA and PCI DSS standards while maintaining performance. The approach, highlighted in a 2026...
Crypto Exploit Losses Climb Sharply in March 2026 as Security Threats Evolve, Report Reveals
PeckShield reported that cryptocurrency hacks stole about $52 million in March 2026, a 96 percent jump from February’s $26.5 million. The surge stemmed from roughly 20 major incidents, pushing Q1 2026 losses to $501 million across 145 events. The most severe breach at Resolv Labs involved...
Mercor Hit by Supply‑chain Cyberattack via Compromised LiteLLM Library
Mercor, the AI recruiting platform valued at $10 billion, disclosed a cyberattack linked to a compromised open‑source LiteLLM library that has impacted thousands of companies. The breach, tied to the hacking group TeamPCP and later claimed by Lapsus$, forced Mercor to...
Drift Protocol Halts Operations After $280 Million Hack, Largest Crypto Theft of 2026
Drift Protocol, Solana’s biggest perpetual futures exchange, announced a suspension of all deposits and withdrawals after a sophisticated attack siphoned roughly $280 million. The breach exploited an admin key and Solana’s durable nonce feature, prompting accusations that North Korean state‑sponsored actors...
Cyber Security Is Going in the Wrong Direction
A new CrowdStrike report shows cyber threats in Ireland and Europe spiralling, with AI‑enabled attacks up 89% and cloud intrusions up 266% year‑over‑year. A five‑year CybSafe study reveals employee security habits are eroding: MFA usage dropped from 94% in 2022...
How Iranian Hackers Pose a Threat to US Critical Infrastructure
Iran‑linked hacker group Handala claimed responsibility for a March 11, 2026 cyberattack on Michigan‑based medical‑device maker Stryker Corp., disrupting its internal Microsoft systems and halting order processing, manufacturing, and shipping. The incident underscores how regional geopolitical tensions can quickly spill...
RSAC 2026: AI Dominates, But Community Remains Key to Security
The RSAC 2026 conference placed artificial intelligence at the forefront of cybersecurity discussions, while its official theme emphasized the "Power of Community." Notably, the U.S. federal government was absent, leaving a void in public‑private collaboration and prompting concerns about AI governance....
ArmorPoint and Scudo360 Partner to Expand Managed Security Services
ArmorPoint has teamed up with Scudo360 to embed a 24/7 managed SOC and SIEM capability into Scudo360’s service portfolio. The co‑delivery model gives Scudo360’s mid‑market clients continuous threat monitoring and real‑time response without building their own security operations center. By...
Leverage Profinet’s Security Building Blocks to Navigate EU Regulations
The EU’s new Cyber Resilience Act, NIS2 Directive, and the 2027‑effective Machinery Regulation are forcing industrial automation players to embed cybersecurity into products and processes. Profinet’s security architecture—secure cell, secure access, and secure realtime—maps directly to these regulatory requirements. While...
Denuvo Has Been Broken, Company Promises Countermeasures Against New DRM Bypasses — Zero-Day Game Releases Become Norm as Security Concerns...
A community‑developed hypervisor bypass has successfully cracked Denuvo DRM, turning zero‑day game repacks into a regular occurrence. The method requires users to disable multiple Windows security features, including VBS, Credential Guard, driver signature enforcement, and Core Isolation. Irdeto, Denuvo's parent,...
Arctic Wolf CEO Nick Schneider On Delivering ‘Superior’ Security With New Agentic SOC Platform
Arctic Wolf unveiled the Aurora Agentic SOC, branded as the world’s largest agentic security operations center. Powered by the Aurora Superintelligence Platform, it leverages a proprietary knowledge graph and a swarm of AI agents to ingest more than 10 trillion security...
I Knew About North Korean Hackers—They Still Tricked Me and Got Into My Computer
A Fortune journalist was nearly compromised by a North Korean phishing scheme that masqueraded as a Zoom update, exposing a credential‑stealing script. The attackers leveraged a hijacked Telegram account to arrange a fake video call, a tactic the DPRK has...
Elon Musk's X to Deploy Scam Kill Switch by Auto-Locking First-Time Crypto Mentioners
Elon Musk's platform X will automatically lock any account that mentions cryptocurrency for the first time, requiring extra verification before further posting. The feature targets a surge in phishing attacks that hijack accounts to promote scam tokens, which Musk’s product...
A Hitchhiker's Guide to RSAC: What You May Have Missed, From Post-Quantum to NSA Veterans
The RSA Conference (RSAC) highlighted a surge in post‑quantum cryptography initiatives, with several vendors unveiling prototype algorithms and migration roadmaps. Former NSA cyber experts presented new threat‑intel platforms that blend AI with traditional analytics, aiming to shorten detection cycles. Cloud‑native...
Residential Proxies Evaded IP Reputation Checks in 78% of 4B Sessions
GreyNoise analyzed 4 billion malicious sessions and found residential proxies evaded IP reputation checks in 78% of cases. Roughly 39% of the traffic originated from home networks, yet most proxies disappear within a month, preventing reputation feeds from cataloguing them. The...
Medtech Giant Stryker Says It’s Back up After Iranian Cyberattack
Medtech leader Stryker announced it is now fully operational after a March 11 wiper attack by the Iranian‑linked Handala group, which crippled order processing, manufacturing and shipping. The breach, framed as retaliation for U.S. actions in the Israel‑Palestine conflict, forced...
Nigerian Founder Launches ADT, a New AI Model for Cyber Defense
Glemad unveiled Autonomous Defence Transformers (ADT), the first frontier‑scale AI models built from the ground up for security reasoning and autonomous cyber defence. The PulseADT service now safeguards over 680,000 assets, handling 1.8 million security events per second, and delivers a...
Polygraf AI Announces Core AI Patent and Sweeps Major Cybersecurity Awards at RSAC 2026
Polygraf AI announced a core USPTO patent for its Content Source Detection AI model and swept several top cybersecurity honors at RSA Conference 2026, including the Global InfoSec Award for Most Innovative AI Usage Control, a gold win at the...
Relyance AI Releases Lyo, Aims to Set a New Enterprise Data Security Standard
Relyance AI unveiled Lyo, an autonomous data defense engineer that continuously monitors AI agents' interactions with enterprise data. Leveraging the company’s Data Exposure Graph, Lyo maps AI‑to‑data relationships, flags over‑privileged access, and provides real‑time contextual alerts. The platform includes a...
Alleged Starbucks Incident Exposes Code and Firmware
Threat group ShadowByt3s claims it breached Starbucks by accessing a misconfigured Amazon S3 bucket, stealing roughly 10 GB of proprietary source code, firmware, and management tools. The data allegedly includes binaries for in‑store beverage dispensers, the Mastrena II espresso system, and...
OpenSSH 10.3 Patches Five Security Bugs and Drops Legacy Rekeying Support
OpenSSH 10.3 introduces five security patches and a suite of new features while removing legacy rekeying support. The update fixes a shell‑injection flaw in user‑name handling, a certificate‑principal matching bug, and an ECDSA algorithm enforcement issue. It also changes certificate behavior...
5 Best Practices to Secure AI Systems
As AI becomes integral to critical operations, its unique attack surface outpaces traditional security measures. Experts recommend a multi‑layered strategy that starts with strict access controls and encryption, followed by AI‑specific defenses such as firewalls and red‑team testing. Continuous visibility...
Why Broadcom Gave Velero to the CNCF Sandbox — and What It Means for Kubernetes Data Protection
Broadcom has transferred ownership of the Velero backup and recovery project to the CNCF Sandbox, moving governance away from its VMware unit. The donation aims to eliminate perceived proprietary control and encourage broader community contributions. Broadcom positions this move as...
Disaster Recovery Plan Checklist: Key Steps for a Smooth Restore
The article outlines an 11‑step disaster recovery (DR) planning checklist that emphasizes inventorying assets, defining recovery objectives, and establishing a trained response team. It stresses leadership involvement in setting RTO/RPO, risk assessment, and budgeting for preventive measures. The guide also...
The One-Time Pad Edition
The one‑time pad (OTP) is the only encryption method proven to be perfectly secret, but its practicality hinges on flawless key management. The key must be truly random, as long as the message, and never reused, turning the cipher into...
Cyera Achieves FedRAMP High “In Process” Designation to Securely Accelerate AI Adoption
Cyera, an AI security platform, has earned a FedRAMP High “In Process” designation, moving it toward full federal authorization. The status reflects rigorous security reviews for handling Controlled Unclassified Information, positioning Cyera for government AI deployments. Its platform offers automated...
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
Threat actors are turning vacant rental homes into anonymous mail drop points, then exploiting USPS services like Informed Delivery and change‑of‑address forwarding to intercept sensitive correspondence. The workflow combines open‑source intelligence, weak identity verification, and fake identities to create persistent...
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
TeleGuard, a messaging app boasting over one million downloads, claims end‑to‑end encryption but stores users' private keys on its servers. Security researchers discovered that the keys can be accessed trivially, allowing anyone to decrypt messages. The flaw also enables attackers...
OT vs IT Security: Why Industrial Environments Need Different Protection
The 2021 Oldsmar water‑treatment hack exposed how connected operational technology (OT) can be weaponised, highlighting the stark contrast between OT and traditional IT security. In OT, availability outweighs confidentiality, because a brief outage can trigger safety incidents or regional blackouts....
APERION Launches SmartFlow, a Secure, On-Premises Alternative to Compromised Cloud AI Gateways
APERION announced the SmartFlow SDK, an on‑premises, Kubernetes‑native AI governance platform designed to replace compromised cloud AI gateways after the LiteLLM supply‑chain attack. The attack, which impacted roughly 36% of cloud environments, triggered a 200% surge in APERION web traffic...
From Edge to Enterprise: How the Endpoint Became IT’s Most Strategic Layer and Why Lenovo Is Joining the Conversation at...
Enterprise endpoints have shifted from commodity devices to strategic layers in digital workspaces. As hybrid work, zero‑trust models, and cloud‑first applications proliferate, endpoints now enforce identity, security, and user experience. Lenovo is highlighting this evolution at IGEL’s Now & Next...
New Progress ShareFile Flaws Can Be Chained in Pre-Auth RCE Attacks
Researchers at watchTowr identified two critical flaws—CVE‑2026‑2699 and CVE‑2026‑2701—in Progress ShareFile’s Storage Zones Controller (SZC). The authentication bypass (CVE‑2026‑2699) lets attackers reach the admin interface, while the remote code execution bug (CVE‑2026‑2701) enables malicious ASPX webshell deployment. Chaining the vulnerabilities...
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
Storm, a new infostealer discovered by Varonis Threat Labs in early 2026, can decrypt Chrome’s App‑Bound Encryption and harvest credentials, session cookies, crypto wallets, and messaging app accounts from Chrome, Edge, Firefox and other browsers. The malware is offered as...
Study Finds 1,748 Exposed API Keys on 10,000 Webpages, Raising SaaS Security Alarm
Security researchers analyzing 10 million webpages identified 1,748 valid API keys on nearly 10,000 sites, many belonging to cloud, payment and developer‑tool services. The leak, largely hidden in client‑side JavaScript, underscores a systemic weakness in SaaS credential management.
Niobium Brings Fully Encrypted AI Workloads to the Cloud with The Fog
Niobium Microsystems is set to launch The Fog, a cloud platform that runs AI and data‑processing workloads on fully homomorphic encryption (FHE) without ever decrypting the data. The service relies on the company’s new mistic Core processor, an FPGA‑based chip...
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
A new multi‑stage malware campaign targeting South Korean users leverages malicious LNK shortcut files that pull PowerShell commands from GitHub repositories. The attackers embed decoding functions directly in the LNK arguments, use decoy PDF documents to mask activity, and establish...
F5 and Forcepoint Partner to Address AI Data Risk and Runtime Security
F5 and Forcepoint announced a partnership that bundles F5’s runtime AI protections with Forcepoint’s Data Security Posture Management (DSPM) for enterprise customers. The joint go‑to‑market approach uses channel partners rather than deep product integration, allowing MSPs, VARs and SIs to...
How North Korean Operatives Get Hired, and How HR Can Stop Them
The U.S. Treasury last month sanctioned six individuals and two entities for operating North Korean IT‑worker fraud networks that generated nearly $800 million in 2024. A joint report by threat‑intelligence firm Flare and IBM X‑Force detailed how these operatives infiltrate American firms...
How North Korean Operatives Get Hired, and How HR Can Stop Them
The U.S. Treasury sanctioned six individuals and two entities linked to North Korean IT worker fraud networks that generated nearly $800 million in 2024. Threat‑intelligence firms Flare and IBM X‑Force detailed how operatives infiltrate U.S. firms using fabricated LinkedIn profiles, tailored...
Boards Are Falling Short on Cybersecurity
Boards increasingly recognize the need for cybersecurity investments, yet their oversight is lagging. A 2024 FBI report shows cybercrime losses jumped 33% year‑over‑year, underscoring the growing threat. The authors identify three core weaknesses: insufficient expertise on boards, superficial risk conversations,...
Verifying AI Agent Intent Becomes Security Priority
Proofpoint is betting big on Intent in the age of AI agents. At RSA Conference 2026, Proofpoint launched Proofpoint AI Security powered by its recent acquisition of Acuvity. The core idea is simple but powerful. Traditional security tools check permissions - Does...
Denuvo Cracked; Zero‑day Releases Now Commonplace
Denuvo has been broken, company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass https://t.co/TM2KY6ritV
Quantum Computer Capable of Breaking Encryption Nearing Reality
The first quantum computer to break encryption is now shockingly close | New Scientist https://t.co/HsfzVRqn1R
Velma Tops HuggingFace: 98.9% Deepfake Audio Detection
🚨 A startup just hit #1 on @HuggingFace for deepfake audio detection. 98.9% accuracy. 30–1000× cheaper than every competitor. Nobody is talking about this. It's called Velma by @modulate_ai and it changes everything about voice security. https://t.co/XGlxDUoCj2
Hackers Shift Focus From Code to Human Exploits
🚨 JUST IN Solana Foundation president Lily Liu states that hackers are now targeting humans instead of code vulnerabilities. 👀 https://t.co/Wjh2kJ7dTT