Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
Popular DeFi Platform Warns Users to Stay Away From Its Site After Security Breach
CoW Swap, a decentralized exchange aggregator, temporarily paused its platform after a DNS hijacking attack redirected users to a fraudulent site. The breach occurred at 14:54 UTC on April 14, 2026, prompting the team to warn traders to avoid the interface while they investigate. Although the core backend and APIs were not compromised, the incident highlights persistent front‑end security risks in DeFi. CoW Swap’s governance DAO is working to restore safe access to swap.cow.fi.
Philippines Launches Broad Crackdown on Deepfakes as AI Drives Identity Fraud Surge
The Philippines has launched a whole‑of‑government campaign against deepfakes and disinformation, formalized by a memorandum of agreement among the Department of Justice, the Presidential Communications Office and the Department of Information and Communications Technology. The initiative comes amid a dramatic...
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Microsoft’s April 2026 Patch Tuesday delivered fixes for 165 vulnerabilities, highlighted by an exploited SharePoint Server zero‑day (CVE‑2026‑32201) rated “important” with a CVSS score of 6.5. The flaw enables network‑level spoofing and has been added to CISA’s Known Exploited Vulnerabilities list, prompting...
Microsoft Releases Windows 10 KB5082200 Extended Security Update
Microsoft released the Windows 10 KB5082200 extended security update, addressing the April 2026 Patch Tuesday fixes. The update patches 167 vulnerabilities, including two zero‑day flaws, and upgrades Windows 10 to build 19045.7184 (Enterprise LTSC 2021 to 19044.7184). It adds RDP file phishing protections, Secure Boot status...
Joint Industry Perspective Released by the Industrial Security Harmonization Group (ISHG)
The Industrial Security Harmonization Group (ISHG) released a joint industry perspective emphasizing that industrial cybersecurity depends on how communication protocols are deployed and managed, not merely on the protocols themselves. The group—comprising FieldComm, ODVA, OPC Foundation, and Profibus & Profinet International— stresses...
McGraw-Hill Confirms Data Breach Following Extortion Threat
McGraw‑Hill disclosed that hackers leveraged a misconfigured Salesforce page to view a limited set of internal data. The company emphasized that the breach did not compromise its Salesforce accounts, customer databases, courseware, or any sensitive student information. Extortion group ShinyHunters...
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Microsoft’s April 2026 Patch Tuesday released updates for 163 CVEs, including eight critical and 154 important vulnerabilities. The update contains two zero‑day flaws, one of which (CVE‑2026‑32201) was exploited in the wild targeting SharePoint. Notable critical issues include a remote...
Anthropic Mythos: Separating Signal From Hype
Anthropic’s Mythos model pushes large‑language‑model reasoning into full codebases, enabling multi‑step vulnerability discovery and realistic exploit chaining. While it outperforms earlier LLMs that suffered from context fragmentation, its power hinges on having source‑code visibility, making closed‑source and SaaS environments less...
War with Iran Raises Proxy Attack Risk and Cyber Threats in Southeast Europe
Tensions between Iran and pro‑U.S./pro‑Israel Balkan states have moved from rhetoric to concrete threats, including cyberattacks on Albanian government systems and proxy‑style terrorist plots. Albania and Kosovo have labeled Iran a state sponsor of terrorism, while Montenegro, North Macedonia and...
How to Hide Sensitive Info From Your Notifications
The FBI recently recovered deleted Signal messages from a defendant’s iPhone by extracting them from the device’s push‑notification database, exposing a hidden privacy flaw. iOS, macOS, Android and Windows all retain notification content, even after an app is removed, making...
Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It
Ransomware groups are increasingly deploying “EDR killers” to silently disable endpoint detection and response tools before launching encryption. By first neutralizing security agents, attackers create a blind spot that lets them move laterally, elevate privileges, and establish persistence without triggering...
Hackers Are Targeting Critical Infrastructure to Cause Real-World Damage
Hackers linked to Iran’s CyberAv3ngers group are shifting from symbolic cyber‑espionage to sabotage of U.S. critical infrastructure. They are exploiting internet‑exposed programmable logic controllers in water, energy and industrial environments, enabling direct physical disruption. The attacks expose the danger of...
Google Rolls Out Gmail Encryption and Meet on Android Auto
Google announced that Gmail will now support end‑to‑end encryption for personal and enterprise users, leveraging OpenPGP standards. At the same time, the company integrated Google Meet into Android Auto, allowing drivers to join video calls hands‑free. The encryption feature rolls...
Hackers Are Using GitHub and Jira to Bypass Your Security
Hackers are weaponizing collaboration platforms such as GitHub and Jira by sending malicious links through native notifications like pull‑request updates and ticket comments. Because these alerts originate from trusted services, they often evade email gateways and endpoint filters. The attacks...
California’s Cybersecurity Audit Rule Is Now in Effect: Its Impact for Class Litigation
The California Privacy Protection Agency’s new cybersecurity audit rule took effect on Jan. 1, 2026, obligating certain businesses to conduct and certify an annual audit covering 18 technical and organizational safeguards. While the audit report itself is not filed publicly, the certification...
Building a CUI Enclave in Fintech: A Practical Guide to CMMC Compliance
Fintech firms handling Controlled Unclassified Information (CUI) are increasingly required to isolate that data in hardened digital enclaves to meet Cybersecurity Maturity Model Certification (CMMC) standards. The latest CMMC 2.0 condenses the original five levels into three, with Level 2 aligning...
Ethereum Foundation Launches Audit Subsidy Program for Builders
The Ethereum Foundation announced a new audit subsidy program aimed at lowering the cost of security audits for developers building on Ethereum. The initiative, launched in partnership with leading audit firms, will provide financial assistance to eligible projects, making professional...
Hardening the Silicon: Why Analog Anti-Tamper IP Is the New Security Baseline
Analog anti‑tamper IP is emerging as a baseline for hardware security as billions of IoT and automotive SoCs face increasingly sophisticated physical attacks. Hackers now employ fault injection, glitching, side‑channel, and micro‑probing techniques that can bypass software‑only protections and compromise...
TechJutsu Launches Browser Extension to Bring MFA to the Web
TechJutsu, a Calgary‑based identity‑access firm founded in 2015, unveiled its Caller Verify Universal Connector, a browser extension that embeds multi‑factor authentication (MFA) into any web application. The plug‑in works in Chrome and Edge and integrates with major CRM and collaboration...
SEAL Alliance Offers Essential Crypto Security Playbooks Amid Rising Threats
.@_SEAL_Org has been publishing "the most practical tips" for crypto operations and security, like for multisigs. They ask teams to think about what privileged actions should exist, they have playbooks for incident response, how to coordinate disclosures, etc. -- @TuongvyLe12...
Passwords and 2FA Are Cumbersome; Security Needs Simplicity
All good and fine, but the fundamental problem is that long, complex passwords and 2FA are a pain in the a**. The cybersecurity industry needs to come up with a creative way to make our devices and apps more secure,...
How Your CCTV Becomes a Hacker’s Spy
CCTV systems are increasingly exploited by hackers who use default factory passwords to breach IP cameras worldwide. In India, a cyber‑crime ring stole 50,000 video clips from 80 cameras across 20 states, selling each for roughly $9‑$50. In response, India...
Unseen AI, Unchecked Risk: The CISO Wake-Up Call
Shadow AI—unauthorized use of generative AI tools—is emerging as a blind spot for security teams, exposing proprietary code and sensitive data without detection. More than a third of companies still lack formal AI compliance policies, leaving employees free to paste...
Fake Ledger Live App on Apple’s App Store Stole $9.5M in Crypto
A counterfeit Ledger Live macOS app posted on Apple’s App Store siphoned roughly $9.5 million in cryptocurrency from about 50 users within days. Victims entered seed phrases, giving attackers control over wallets across Bitcoin, Ethereum, Tron, Solana and Ripple. The stolen...
Reevaluating Security Basics for Modern AI Threats
Which "security basics" are more relevant today vs potential AI attackers and which basics don't matter anymore? #question
Venice Hydraulic Pump System Hacked, Hackers Claim Power to Create Floods
A hacker group identifying as “Infrastructure Destruction Squad” or “Dark Engine” claims to have breached Venice’s hydraulic pump system that protects Piazza San Marco, asserting it can open floodgates. The group says it stole administrative credentials for the flood‑risk management...
Black Basta’s Playbook Lives on as Former Affiliates Launch Fast-Scale Intrusion Campaign
A loose network of former Black Basta affiliates has launched a fast‑scale intrusion campaign, targeting over 100 senior employees across dozens of organizations. The attackers employ mass email bombing and Microsoft Teams help‑desk impersonation to gain rapid remote access, often...
Virginia Governor Signs Law Banning Sales Of Location Data
Virginia Governor Abigail Spanberger signed Senate Bill 338, a privacy law that bans the sale of precise location data within a 1,750‑foot radius. The measure, effective July, replaces the 2021 consent‑based framework and joins Maryland and Oregon in prohibiting such...
CowSwap Front-End Under Attack; Use Aave via ParaSwap
CowSwap front-end (not related to Aave) is experiencing web2-style attack. Avoid interacting with the interface until further notice from their team. Aave interface swaps are routed via ParaSwap to ensure continuity. Stay safe.
Quantum Threats Could Undermine Bitcoin’s Private‑Key Ownership
"The question quantum raises for me as a laywer is that Bitcoin's notion of ownership rests on you owning your private key. But if quantum allows someone else to make that signature, then whose bitcoin is it?" -- 👀 @kkirkbos https://t.co/jY4EquQA7V
Comcast Agrees to $117 Million Settlement Over 2023 Data Breach
Comcast has agreed to a proposed $117.5 million settlement to resolve a class‑action lawsuit stemming from a data breach in October 2023. The breach exposed customers’ personal information after a third‑party gained unauthorized access. The settlement fund will pay claimants for documented...
War Game Exercise Demonstrates How Social Media Manipulation Works
University of New South Wales turned a classroom exercise into a four‑week war‑game called “Capture the Narrative.” Over 270 participants from 18 Australian universities deployed AI‑driven bots on a custom social‑media sandbox, Legit Social, to sway a simulated South‑Pacific island...
A16Z‑backed Doublespeed Hacked, Exposing AI‑generated TikTok Accounts
Doublespeed, the a16z‑funded phone‑farm startup that creates AI‑generated TikTok influencers, was breached for a second time, exposing 573 accounts and 47 MB of data. The hacker attempted to post a meme calling a16z the “antichrist,” but the company says no unauthorized...
8 Wi-Fi Security Guidelines Issued by Wireless Broadband Alliance
The Wireless Broadband Alliance (WBA) has published eight security guidelines aimed at elevating Wi‑Fi networks to carrier‑grade protection. The recommendations span certificate‑based authentication, WPA3‑Enterprise encryption, privacy‑preserving identities, end‑to‑end credential safeguards, hardened access‑network infrastructure, and secure AAA signaling. They also stress...
WBA Unveils Framework to Boost Wi‑Fi Security, Privacy
WBA's new Wi-Fi Security Guidelines report defines "a new industry framework designed to strengthen security, privacy and trust across Wi-Fi networks, including public, enterprise, IoT and roaming environments." https://t.co/vlrgPy3QiH
EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
The Electronic Frontier Foundation filed complaints with the California and New York attorneys general accusing Google of violating its promise to notify users before handing over data to law‑enforcement agencies. The complaint centers on Amandla Thomas‑Johnson, whose ICE subpoena was...
Your Accountant Handles Your Books. Let CyberFin Handle Your Cybersecurity
CyberFin urges insurance agencies to treat cybersecurity like accounting or HR by delegating it to specialists. The firm provides a managed security service that monitors firewalls, endpoints and a security operations center, and offers a free cyber assessment to pinpoint...
Open‑source AI Tool Detects Real Bugs Automatically
Open sourced simple AI model that finds real bugs, from the folks at @Aisle_Inc . Is it getting hot in here? 🔥
OpenSSL 4.0.0 Release Cuts Deprecated Protocols and Gains Post-Quantum Support
OpenSSL has released version 4.0.0, removing legacy protocols such as SSLv3 and the SSLv2 client hello, and eliminating the engine API. The update introduces Encrypted Client Hello (ECH) per RFC 9849 and adds several post‑quantum cryptographic primitives, including the hybrid curveSM2MLKEM768...
Editorial. Cyber Insecurity
The Reserve Bank of India’s latest discussion paper reveals a dramatic surge in digital fraud, with reported incidents climbing from 260,000 in 2021 to 2.8 million in 2025 and losses swelling from roughly $67 million to $2.8 billion. The paper attributes much of...
Pro-Iranian Actor Claims L.A. Metro Cyberattack
Last month, Los Angeles Metro shut down portions of its network after detecting a cyber intrusion, and it is still working to restore services. Intelligence from Dataminr attributes the attack to a pro‑Iranian hacktivist group called Ababil of Minab, which...
AI Treated as Force-Multiplier for Cyber Losses. Introduces Aggregation, Correlation Risks: CyberCube
CyberCube warns that artificial intelligence is becoming a force‑multiplier for cyber losses, accelerating attack speed and scale. The firm says AI compresses the cyber‑attack lifecycle, making recovery capability a key loss driver. It urges insurers and reinsurers to embed AI‑specific...
LMT's Security System Blocks over 2 Mln Spam Calls in First 2 Months
Latvian telecom operator LMT reported that its Call Firewall solution blocked more than 2.3 million spam calls in the first two months since rollout. The system, part of a broader industry initiative to curb fraudulent calls, saw a sharp spike in...
April Patch Tuesday Brings Zero-Days in Defender, SharePoint Server
Microsoft’s April 2026 Patch Tuesday shipped more than 160 Microsoft updates, including two actively‑exploited zero‑day flaws. The SharePoint Server XSS (CVE‑2026‑32201) can be triggered without authentication, while the Defender elevation‑of‑privilege bug (CVE‑2026‑33825) has public proof‑of‑concept code. A third zero‑day in Chromium’s...
Your Biggest Cyber Risk: Trusted Callers, Not Malware
Your biggest cyber risk is not malware. It's a polite caller who knows your helpdesk script. In one case, attackers used OAuth tokens & APIs to pull 3TB in 39 seconds. No malware. No phishing link. When...
This New Tool Can Steal Your Passwords And Info – Even With 2FA Enabled
Storm, a new Windows‑only infostealer discovered in early 2026, can steal encrypted browser data, decrypt it on remote servers, and use harvested session cookies to bypass two‑factor authentication. The malware exfiltrates passwords, autofill details, crypto‑wallet credentials, and messaging app data,...
Brute-Force Cyberattacks Originating in Middle East Surge in Q1
Barracuda reported a sharp rise in brute‑force authentication attacks on network devices during Q1 2026, with roughly 90% of the activity traced to Middle‑East sources. SonicWall and Fortinet FortiGate firewalls were the most frequently targeted, accounting for over half of the...
Cloudflare Partners with Wiz to Secure the Global AI Attack Surface, Eliminating Blind Spots Caused by Shadow AI
Cloudflare announced a partnership with Wiz, now part of Google Cloud, to embed its AI Security for Apps into Wiz’s Security Graph. The integration creates a unified, model‑agnostic view of an organization’s AI footprint, detecting shadow AI, prompt‑injection attacks and...
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Cybersecurity firm HUMAN uncovered a new ad‑fraud operation dubbed Pushpaganda that weaponizes AI‑generated news articles to infiltrate Google Discover. The scheme tricks Android and Chrome users into enabling push notifications that deliver scareware and financial scams, driving traffic to malicious...
Cloudflare Launches Mesh to Secure the AI Agent Lifecycle
Cloudflare announced Mesh, a private networking solution built for AI agents that unifies agents, humans, and multicloud infrastructure into a single secure fabric. The service replaces legacy VPNs and manual tunnels, letting developers provision private connectivity in minutes while keeping...