Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Amazon Security Boss: AI Makes Pentesting 40% More Efficient
Amazon’s chief information security officer CJ Moses says AI‑driven penetration testing has lifted efficiency by roughly 40%, slashing human and operating costs. The AI handles data‑heavy vulnerability discovery while humans review critical exploit decisions, enabling continuous testing beyond traditional point‑in‑time scans. Despite expanding cloud services and codebases, Amazon is keeping security staffing flat, relying on AI to maintain velocity and coverage. The shift also highlights the need to secure AI agents with the same rigor applied to human users.
Nissan Says Stolen Data Came From Third-Party Vendor After Hacking Group Claims Breach
Nissan confirmed that a recent cyber‑incident involved a third‑party vendor that services its North American dealerships, not the automaker’s own systems. The Everest hacking group alleges it stole 910 GB of data, including customer, dealership and loan information, and threatened to...
Cloudflare Announces EmDash As Open-Source 'Spiritual Successor' To WordPress
Cloudflare unveiled EmDash, an open‑source platform marketed as a spiritual successor to WordPress, aiming to resolve chronic plugin‑security issues. Built from the ground up with AI‑assisted coding, EmDash is written entirely in TypeScript and adopts a server‑less, sandboxed architecture. The...
US May Push Tencent Gaming Divestiture Over Privacy Risks
The FT reported earlier this month that the Trump administration is considering forcing Tencent to divest certain gaming assets over security concerns. The notion that gaming assets, particularly mobile gaming assets, could be useful in user-level profiling is not implausible; recall...
Fireside Chat: AI Agents Are Reshaping Mobile Attacks — and Exposing Weak API Trust Models
At RSAC 2026, Approov CEO Ted Miracco warned that AI agents are taking over routine mobile‑app actions, fundamentally changing how requests reach backend APIs. Because APIs were built to trust human‑generated patterns, attackers can train AI to imitate those patterns...
Cetera, Ameriprise Face Class Action Lawsuits Over Data Breaches
Cetera Financial and Ameriprise are facing class‑action lawsuits after data breaches exposed client personally identifiable information. Cetera’s breach stemmed from an unauthorized email account access, leaking names, Social Security numbers and account details. Ameriprise was hit by the ShinyHunters ransomware...
Exclusive: Verlata Partners with ActiveNav to Tackle Unstructured Data Risks for Law Firms
Verlata Consulting has partnered with data‑discovery specialist ActiveNav to offer law firms a joint solution for locating, governing, and securing unstructured content stored outside traditional document‑management systems. ActiveNav Cloud scans network shares, cloud storage and local drives, classifying files and...
Top EU Officials’ Signal Group Chat Shut Down over Hacking Fears
The European Commission ordered senior officials to shut down a Signal group chat after fearing it could be targeted by hackers. The directive follows a series of recent cyber incidents, including a website breach and a mobile‑device infrastructure attack that...
New Report Warns Federal Fraud Controls Are Falling Behind
A new Socure‑sponsored report warns that federal fraud controls are lagging behind rapidly evolving identity‑theft tactics powered by AI and automation. The Government Accountability Office estimates annual federal fraud losses between $233 billion and $521 billion, with pandemic relief programs alone losing...
The AI Intelligence Layer for SIEM, Explained: What It Does, Why It Matters, and How to Evaluate One
Security teams face a massive investigation gap: 67% of SIEM alerts go uninvestigated, with each manual review averaging 70 minutes. While SIEMs excel at log collection and alert generation, they lack the ability to reason about attack chains. An AI...
Data Security in Digital Health: Protecting Patient Privacy in Recovery Programs
A panel of five digital‑health experts outlines how recovery programs can harden patient‑data protection. They stress mandatory encryption, role‑based least‑privilege access, continuous audit logging, and a shift toward zero‑trust architectures. Limiting data collection, enforcing vendor accountability, and embedding privacy‑by‑design are...
North Dakota Water Treatment Plant Reports March Ransomware Attack
A ransomware intrusion hit the Minot, North Dakota water treatment plant on March 14, forcing operators to unplug a server and run manual controls for about 16 hours. The city kept water safe and pressure stable, and no ransom was...
Review: Rubrik Security Cloud Helps Agencies Build Data Resilience
Rubrik Security Cloud offers state and local governments a zero‑trust, immutable backup platform that combines data‑observability with rapid cyber‑recovery. Its architecture stores unalterable backups, detects anomalies across on‑prem, cloud and SaaS workloads, and automates restoration of clean data. The solution...
Galaxy Digital's Testnet Suffers Hack but No Client Funds or Information Were Compromised
Galaxy Digital disclosed an unauthorized intrusion into an isolated research‑and‑development testnet, resulting in a loss of less than $10,000. The breach was contained quickly, and the firm confirmed that no client funds or account information were accessed. Core trading platforms,...
What Happens When GPS Goes Dark?
In this episode, host Ken Miller talks with Dana Goward, president of the Resilient Navigation and Timing Foundation, about the pervasive reliance on GPS and other GNSS for everything from military targeting to financial transactions and everyday timing. Goward explains...
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A new phishing campaign is tricking LinkedIn users with counterfeit notification emails that appear to come from the platform. The emails, sent from a freshly registered khanieteam.com domain, direct victims to a look‑alike site (inedindigital) that harvests login credentials. Cofense's...
Agentic AI Governance: How to Approach It
Agentic AI agents are now in production at roughly 70% of enterprises, creating a hidden layer of "identity dark matter" that traditional IAM tools cannot see or control. Existing identity providers struggle to enforce runtime policies for these autonomous, short‑lived...
Google Deepmind Study Exposes Six "Traps" That Can Easily Hijack Autonomous AI Agents in the Wild
Google DeepMind’s new paper defines six “AI agent traps” that exploit the perception, reasoning, memory, action, multi‑agent dynamics, and human‑in‑the‑loop stages of autonomous agents. The study shows real‑world proof‑of‑concept attacks, from hidden HTML instructions to coordinated multi‑agent flash‑crash scenarios. Researchers...
Facephi Expands LATAM Behavioral Biometrics Footprint with New Banking Contract
Facephi has signed a five‑year deal with an unnamed Central American bank to deploy its mule‑account detection and behavioral biometrics platform across the institution’s operations. The solution will monitor the full customer lifecycle, targeting synthetic identities, organized fraud networks and...
Is “Hackback” Official US Cybersecurity Strategy?
The White House’s 2026 Cyber Strategy for America adopts a more aggressive tone, explicitly urging the private sector to identify and disrupt adversary networks. This language is interpreted as an endorsement of “hack‑back” – allowing companies to conduct offensive cyber...
Cyberattacks Intensify Pressure on Latin American Governments
Latin American governments are confronting a surge in cyber attacks, with organizations in the region experiencing about 3,050 incidents per week in March—well above the global average of roughly 2,000. Government agencies face even higher pressure, enduring around 4,200 weekly...
FCC Router Rules Shake U.S. Market: Ookla Data Reveals Top Vendors and Wi-Fi Upgrade Gap
The FCC’s new router rule forces any consumer router built abroad to obtain a waiver before sale, aiming to curb cyber‑attacks linked to foreign hardware. Ookla data shows the U.S. market is led by Eero, TP‑Link, Netgear and others, all...
WhatsApp Notifies Hundreds of Users Who Installed a Fake App Made by Government Spyware Maker
WhatsApp disclosed that it alerted roughly 200 users—mostly in Italy—who installed a counterfeit iOS version of its app containing spyware. The fake client was traced to Italian surveillance firm SIO, which has a history of producing government‑grade spyware. WhatsApp logged...
The First Quantum Computer to Break Encryption Is Now Shockingly Close
Two independent studies reveal that a quantum computer capable of cracking the elliptic‑curve discrete logarithm problem (ECDLP) – the backbone of most internet encryption – is nearer than previously believed. The analyses suggest the world’s largest quantum processor is already...
Anthropic Rushes to Limit Leak of Claude Code Source Code
Anthropic PBC moved quickly to contain an accidental public release of the source code powering Claude Code, its flagship AI‑assistant that drives most of the company’s revenue. The firm issued copyright takedown notices that removed thousands of copies from GitHub....
Peppa Pig and Transformers Owner Hasbro Hit by Cyber-Attack
Hasbro disclosed an unauthorized intrusion into its corporate network, first identified on March 28 and reported in an SEC filing. The breach forced portions of the company’s main and brand‑specific websites offline, displaying error messages and prompting warnings of possible...
HCP Terraform Adds IP Allow List for Terraform Resources
HashiCorp announced that IP allow lists are now generally available in HCP Terraform, enabling organizations to define approved CIDR ranges for both platform access and Terraform agents. The new organization‑level setting can be scoped to individual agent pools, restricting UI,...
Report Sheds More Light on Phantom Stealer
A multi‑wave phishing campaign targeting European manufacturing, technology and logistics firms deployed the .NET‑based Phantom Stealer, bundled with a crypter and remote‑access tool. The attackers sent spoofed emails lacking DKIM signatures and failing SPF checks, attaching either a malicious executable...
Prompt Injection Lets Agents Bypass Read‑Only Permissions
If you are using OpenClaw on AWS or anywhere else please understand the following: > How prompt injection attacks work such as the Copilot attack I just reposted. > Understand indirect prompt injection where the attack is in a calendar invite, email...
Widespread Microsoft 365 Account Compromise Sought by Iran-Linked Hackers
Iran‑linked threat groups have compromised Microsoft 365 accounts across more than 300 Israeli organizations, 25 firms in the United Arab Emirates, and a limited set of targets in the United States, Saudi Arabia and Europe. The campaign began in early March with...
PQShield Clears Path for ML-KEM Inclusion in Japan’s National Cryptographic Standard
PQShield has completed an external evaluation of the NIST‑approved ML‑KEM algorithm for Japan’s CRYPTREC body, clearing the way for its inclusion on the national Ciphers List. This milestone accelerates the adoption of quantum‑safe encryption across Japanese government, infrastructure, and technology...
Key Leaks, Vault Failures, and TEE Attacks: Highlights From RWC 2026
GitGuardian presented at the Real World Cryptography Symposium 2026, revealing that 945,560 private keys have leaked in the wild, compromising 139,767 certificates. The team also demonstrated 27 attacks that break the zero‑knowledge promises of four leading password managers and showcased...
5 AWS AI Controls Every Security Team Should Have
AWS now offers organization‑wide controls that let security teams govern AI workloads beyond the application layer. Five key mechanisms—MCP server access blocks, Bedrock policy guardrails, model‑specific SCP denies, service‑wide SCP disables, and long‑term Bedrock API‑key restrictions—can be applied uniformly across...
Joint Offering Combines CrowdStrike's Falcon with HCLTech's AI Force
CrowdStrike and HCLTech have deepened their alliance by launching a continuous threat exposure management service that merges CrowdStrike’s Falcon platform with HCLTech’s VERITY framework and AI Force. The solution delivers real‑time visibility, AI‑driven insights, and automated remediation across endpoints, cloud, identity,...
Microsoft Deploys yet Another Emergency Patch for Windows 11 — but at Least the Fix for the Broken March Update...
Microsoft issued an emergency patch for Windows 11 to address critical failures introduced by the March 2024 cumulative update. The patch restores login functionality, resolves file‑system corruption, and stabilizes system performance. Microsoft rolled out the fix within 48 hours, marking a...
Resemble AI Unveils Deepfake Detection Tools Amid Synthetic Media Surge
Resemble AI released a deepfake threat report and two free detection tools—a Chrome extension that scans images, video and audio, and an X bot that lets users verify suspicious posts without leaving the platform. The company also added enterprise features...
48 Hours: The Window Between Infostealer Infection and Dark Web Sale
Whiteintel researchers mapped the full infostealer lifecycle and found that stolen corporate credentials appear on dark‑web marketplaces within 48 hours of infection, often much sooner. The five‑stage process—infection, harvest, packaging, marketplace listing, and exploitation—compresses credential theft into a window far...
Halcyon Days for HYCU as the Pair Link up on Ransomware Pitch
HYCU is embedding Halcyon’s ransomware‑detection software into its R‑Shield platform, creating a unified solution for ransomware detection, prevention, and recovery. The enhanced offering protects workloads across virtual machines, data warehouses, finance apps, storage buckets, and git repositories in hybrid and...
Restrict Agent Permissions to Mitigate Data Exfiltration
Why I am using agents on locked down sandboxes on EC2 instances and still have more to do. I don’t give agents credentials for the most part. The data needs to somehow be exfiltrated and sent back to the attacker....
Malicious Axios Dependency Silently Compromises Projects
"They'll push a dependency to Axios so that anyone who used these packages or worked on projects that had these packages in them are compromised. Then they get one person on a call and make them run that... It's silent...
AI-Driven Identity Must Exist in a Robust Compliance Framework
Enterprises are rapidly adopting AI‑driven identity and verification tools, but UK regulators are demanding that governance, risk and compliance (GRC) precede deployment. New legislation such as the Data (Use and Access) Act 2025, the Online Safety Act 2025, and updated ICO guidance...
Thousands of API Keys Exposed, Highlight Ongoing Security Gaps
Researchers examined millions of webpages and found thousands of exposed API credentials, revealing persistent security gaps across cloud services and development environments. https://t.co/loHYTptzxC
Agentic AI Unifies ITOps and SecOps for Resilience
RT Most orgs still treat ITOps and SecOps as separate universes, but incidents don't care about org charts. Agentic AI gives leaders a reason to redesign workflows around end-to-end resilience. #CIO #CISO #AI @Star_CIO https://t.co/e3w3lXkvfc
Rapid Response: How Boston Children’s Hospital Overcame the Stryker Cyberattack
Boston Children’s Hospital faced a massive wiper cyberattack that crippled Stryker’s Vocera communication platform, prompting an immediate, coordinated response. Within 30 minutes the hospital isolated the vendor network and began dismantling the compromised system. By evening, Epic Secure Chat was...
Quantum Threat to Bitcoin Imminent—Start Solving Now
Regarding the Quantum threat to Bitcoin: It's not a question of if, it's a question of when. And if when is being pulled closer by best estimates, then it's common sense to start discussing solutions. That's not FUD or hysterics,...
Illegalizing Ransom Payments Would Protect Future Victims
We would all have been much better off if we had made paying a ransom to ransomware criminals illegal. Tough for the first few victims, but then better for all.
Cybersecurity Is The Responsibility Of The Board & Not An Afterthought
Family businesses face heightened cyber risk due to legacy systems, informal processes and a culture of trust that can be exploited by phishing and CEO‑fraud attacks. The article argues that cybersecurity must move from an afterthought to a board‑level governance...
Beware: This Account Is Impersonating Me
THIS IS NOT ME! Don't fall for any posts made by this account pretending to be me.
Red‑team Your AI: Guard Against Fraudsters and Edge Cases
Your AI harness needs to handle adversarial inputs Financial services aren't just about helpful customers asking good-faith questions It's fraudsters, edge cases, and people trying to break your system for profit. If your testing doesn't include red-teaming, you're not ready
Chrome Extensions Silently Adding Tracking—Build Your Own
I think I'll just vibe code all my Chrome extensions with Claude Code to avoid having to use any and being dependent on someone getting bribed to add malware to their extension It's not a question IF it happens, just WHEN