Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
RPKI vs Social Engineering: A Case Study in Route Hijacking
At APRICOT 2026, APNIC and LACNIC disclosed a BGP hijack in July 2025 that combined technical spoofing with social engineering. The attacker forged identity documents to convince a multinational upstream provider to activate transit for a stolen ASN, enabling short‑lived, unauthorized route announcements. Although RPKI validation was not bypassed, overly broad ROA MaxLength values allowed the bogus prefixes to appear legitimate, and the lack of ASPA enforcement facilitated the intrusion. Coordinated response among LACNIC, APNIC, and Indonesia’s NIR quickly terminated the session and highlighted gaps in upstream provisioning security.
AI Will Supercharge Security, But Transition Will Be Rough
I think the situation with AI and security this talk highlights is kind of indicative of how AI disruption will play out. AI is going to make it really, really easy and cheap to find exploits in software. The end...
AI Bot PwnedClaw Analyzes This Week's Data Breaches
Weekly update is up! Join Me in Investigating Today’s Data Breaches With the PwnedClaw, the OpenClaw Agentic AI Bot Doing My Legwork: https://t.co/KeML1pLTOL
How We Eliminated Long-Lived CI Secrets Across 70+ Repos
Pulumi eliminated long‑lived CI secrets across more than 70 repositories by swapping static GitHub secrets for short‑lived, OIDC‑driven credentials via Pulumi ESC. The new flow exchanges a GitHub‑issued JWT for a Pulumi access token, which then opens an ESC environment...
Kernel Observability for Data Movement
Modern security stacks rely on user‑space logs, leaving a blind spot at the operating system layer where data actually moves. Kernel‑mediated events—file reads, network writes, process creation—provide a complete, immutable record of every data flow, yet most tools never tap...
Popular AI Gateway Startup LiteLLM Ditches Controversial Startup Delve
LiteLLM, a widely used AI gateway for developers, announced it is ending its partnership with compliance startup Delve and will pursue new certifications through Vanta and an independent auditor. The move follows a credential‑stealing malware breach that exposed weaknesses in...
UN Norms: Tackling the Rise of Cyber Capabilities
The UN Open‑Ended Working Group (OEWG) wrapped up its 2025 cycle, reaffirming the 2015 GGE’s eleven cyber norms but delivering few fresh agreements. A new permanent Global Mechanism has been created to keep multilateral dialogue on state behaviour in cyberspace...
![[Payments Arriving] Evolve Bank & Trust Data Breach + $20 Settlement](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://www.doctorofcredit.com/wp-content/uploads/2024/07/evolve-data-breach.png)
[Payments Arriving] Evolve Bank & Trust Data Breach + $20 Settlement
Evolve Bank & Trust disclosed a ransomware breach in May 2024 attributed to the LockBit criminal group. An employee’s click on a malicious link allowed attackers to download customer data and encrypt files, though backups limited operational loss and no...
Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters
Hybrid vishing attacks now combine phishing emails with voice scams by abusing trusted SaaS platforms such as Google Calendar, Microsoft Teams, Zoom, and Squarespace to deliver authenticated invitations that prompt victims to call fraudulent numbers. By leveraging SPF, DKIM, and...
Hackers Hit Patel Email While Cyber Defenses Weakened by Shutdown
The Cybersecurity and Infrastructure Security Agency (CISA) is operating with roughly 60% of its workforce furloughed amid a partial DHS shutdown, forcing the agency to shift from proactive threat hunting to merely reacting to imminent attacks. Within days, Iranian-linked hackers...
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
BeyondTrust Phantom Labs uncovered a critical command‑injection flaw in OpenAI's Codex that leveraged hidden Unicode characters in GitHub branch names to steal OAuth tokens. The vulnerability affected the ChatGPT web interface, Codex SDK, and several developer extensions, exposing full repository...
New RoadK1ll WebSocket Implant Used to Pivot on Breached Networks
Security firm Blackpoint uncovered a new Node.js WebSocket implant called RoadK1ll, which enables attackers to pivot from a compromised host to internal systems via outbound tunnels. The lightweight reverse‑tunneling tool establishes a persistent WebSocket connection to attacker infrastructure, allowing multiple...
ILTA Just-in-Time: When Data Becomes More Valuable Than Downtime, Law Firms Become a Prime Target
Ransomware attacks have shifted focus from merely disrupting operations to stealing and monetizing sensitive data, making downtime less valuable than the information compromised. Law firms, with their troves of confidential client and case files, have become prime targets for these...
Shadow AI Emerges as Active Threat Amid Rapid Adoption
Shadow IT was always a problem. Shadow AI is different. Now it can act, not just exist. And the pace of adoption is like nothing I have seen before. What are you doing to manage shadow AI?
Enhancing Security Operations Builds on Zero Trust: Strengthening National Security Through Deception
The Pentagon is moving zero‑trust from policy to full‑scale execution, establishing maturity goals across the department. Recognizing that breaches are inevitable, defense leaders are adding cyber deception to actively engage attackers and gather intelligence. AI‑driven deception platforms now automate decoy...
APRA Pulls Data Submission System After Security Pentest
The Australian Prudential Regulation Authority (APRA) decommissioned its legacy Direct To APRA (D2A) data‑submission system after a routine penetration test on March 19 uncovered unnamed vulnerabilities. The regulator took the system offline on March 20 and urged all banks, insurers and superannuation funds to...
Why Identity-Led Security Services Matter Now for MSPs
Identity-led security is becoming a growth engine for managed service providers as 60 % of breaches now involve compromised identities. MSPs that layer modern IAM—phishing‑resistant MFA, passwordless login, and continuous risk assessment—onto existing services can differentiate themselves and command higher margins....
Okta CEO Todd McKinnon Unveils AI‑Powered Agent Identity Platform
Okta chief executive Todd McKinnon introduced an AI‑powered agent identity platform that will manage credentials for autonomous software agents. The move targets growing security concerns as enterprises deploy more AI tools, and it reflects Okta’s effort to stay ahead of...
Iran‑linked Hackers Breach FBI Director Kash Patel’s Personal Email, $10 M Bounty Announced
A group identified as the Iran‑linked Handala Hack Team infiltrated FBI Director Kash Patel’s personal email, leaking hundreds of private messages and documents. U.S. authorities have offered a $10 million reward for information leading to the hackers’ arrest, underscoring the vulnerability...
Public Health Providers Have to Obey Strict Cyber Security Rules – so Should Private Contractors
New Zealand’s recent cyber‑security strategy follows high‑profile health data breaches that exposed over 120,000 patients’ records. The government argues that existing privacy legislation does not impose enforceable cyber standards on private IT contractors supporting public health providers. It calls for...
Steakhouse Financial Warns Users of Phishing Attack
Steakhouse Financial, a Zug‑based DeFi platform, warned users on March 30 to stop using its website and app after detecting a phishing attack that duplicated its front‑end. The compromise, traced to code from the Angelferno wallet‑drainer operation, primarily targets new...
6 Biggest Cybersecurity Mistakes CEOs Make
A 2025 EY study found 84 % of organizations faced a cyber incident in the past three years, many of which were preventable with stronger leadership. CEOs often treat cybersecurity as a technical checkbox rather than a strategic priority, leading to...
AI-Driven Code Surge Is Forcing a Rethink of AppSec
AI‑driven code generation is causing organizations to produce ten to twenty times more software than a year ago, overwhelming traditional application‑security tools. The surge expands the attack surface, making vulnerabilities easier for adversaries to exploit. Black Duck’s CEO Jason Schmitt...
Italian Regulator Fines Financial Giant $36 Million for Data Protection Failures
Italian Data Protection Authority fined Intesa Sanpaolo €31.8 million ($36 million) for unauthorized access to over 3,500 customers' data between February 2022 and April 2024. The regulator cited serious shortcomings in technical and organizational safeguards, noting that internal controls failed to detect the breach....
Never Store Passports; Avoid KYC Data Leaks
I'm not sending anyone my passport anymore My Portuguese lawyer wanted me to email her a copy of my passport for KYC I rejected and she was confused "I've never been hacked" 99% of people are not aware any account probably can and will...
15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow
A fifteen‑year‑old integer underflow bug (CVE‑2026‑25075) in strongSwan’s EAP‑TTLS plugin can crash VPN services by requesting an impossible 18 exabyte memory allocation. The flaw affects versions 4.5.0 through 6.0.4 and triggers a two‑phase “ghost” attack that only crashes the charon daemon...
Secure Sandbox Empowers Local AI Assistants with Control
OpenClaw has proven that local AI assistants have product-market fit. But the big issue with them has been security. The team at @Pokee_AI is fixing it with PokeeClaw: works like OpenClaw, but with in a secure sandbox architecture with isolated environments, approval workflows,...
Most Firms Can't Apply Zero Trust to AI Agents
Zero trust for humans – but implicit trust for machines? - Raconteur “In 65% of organisations, zero trust controls cannot secure non-human identities (NHIs), including new agentic AI systems.” https://t.co/pK57KjAzoS https://t.co/JA0DMauDdc
OKCupid Gave User Photos To Facial Recognition Company, FTC Charges
The Federal Trade Commission alleges that OKCupid supplied photos and demographic data of roughly three million users to facial‑recognition startup Clarifai in 2014, contrary to its privacy policy. The FTC complaint says OKCupid and its owners concealed the transfer and...
National Labs Drive Multi‑Agency Solar Cybersecurity Standards
National laboratories lead multi-agency push for solar cybersecurity standards #energysky -- via pv magazine usa: https://t.co/2zCsruApti
Veteran Researcher Warns: AI-Driven Security Apocalypse Underway
Another veteran computer security research — Thomas Ptacek — says we're currently in middle of the Computer Security AIpocalypse: https://t.co/80HQZjpMDb https://t.co/8llU4N93SX
Huskeys Raises $8m Seed to Modernise Legacy Web Security
Edge security startup Huskeys announced its emergence from stealth after closing an $8 million seed round led by investors such as 10D, SV Angel and a roster of athlete angels. The company launched its Edge Security Management platform, which sits atop...
New Have I Been Pwned Features Boost Privacy, Usability, Performance
Today, after many months of hard work, we're launching a bunch of new @haveibeenpwned features that improve privacy, usability and performance. We're a little team, but we've done a lot since this pic in November. Here are all the details:...
New WordPress Flaw Lets Hackers Read Any File
Hackers can read arbitrary files, including those containing passwords, with this newly discovered WordPress flaw. https://t.co/rCE6SHGYXW
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
Researchers at ReliaQuest uncovered DeepLoad, a new malware loader delivered through a ClickFix social‑engineering lure that tricks users into running obfuscated PowerShell commands. The loader employs AI‑generated code obfuscation, APC injection, and dynamic C# compilation to avoid static and behavioral...
Percona and Chainguard Partner to Deliver Secure Open Source Software
Percona has teamed up with Chainguard to offer secure, production‑ready container images for its open‑source database portfolio, including MySQL, PostgreSQL, MongoDB and others. Chainguard builds minimal, provenance‑verified images that aim for near‑zero CVE exposure, while Percona provides enterprise‑grade support and...
Beyond Static Checks: Designing CI/CD Pipelines That Respond to Live Security Signals
Traditional CI/CD pipelines rely on pre‑deployment tests and static scans, but they miss real‑time security signals. Modern distributed systems can become vulnerable after a build due to compromised hosts or newly discovered exploits. The article proposes augmenting pipelines with runtime...
Scamnetic and VanishID Partner to Deliver an Integrated Approach to Identity Protection and Scam Prevention for Enterprises
Scamnetic and VanishID announced a partnership that combines Scamnetic’s real‑time scam and deep‑fake detection with VanishID’s identity exposure reduction platform. The integrated offering lets enterprises automatically block fraudulent communications and lower the amount of publicly exposed executive data. By addressing...
Almost €19 Million Lost by SMEs to Email Related Scams over the Past 2 Years
Irish small and medium enterprises have lost almost €19 million (≈ $20.5 million) to email‑based scams over the past two years, according to FraudSMART data. The average loss per incident exceeds €22,000 (≈ $23,800). A new FraudSMART awareness campaign, launched by Tánaiste Simon Harris...
Nanocosmos Targets Rising Stream Misuse with New Security Solution
German video‑delivery specialist nanocosmos launched nanoStream Control, a security and monitoring layer for its ultra‑low latency streaming platform. The solution lets operators revoke access tokens, block unauthorized joins, and enforce referrer allow‑lists in real time. Continuous anomaly detection, forensic watermarking...
Apple Adds macOS Terminal Warning to Block ClickFix Attacks
Apple’s macOS Tahoe 26.4 introduces a built‑in warning that intercepts potentially malicious commands pasted into Terminal. The feature specifically targets ClickFix attacks, where scammers trick users into executing harmful code under the guise of a fix. When a risky paste is...
How Small Medical Practices Can Build HIPAA-Aligned DevSecOps Without Enterprise Budgets
Small medical practices handle protected health information but often lack the security resources of large hospitals. The article outlines how adopting a HIPAA‑aligned DevSecOps approach—using AWS native tools, strict access controls, secret management, and automated CI/CD pipelines—can close common gaps...
McAfee Review 2026: Solid Protection, Mediocre Performance
McAfee’s 2026 review awards the suite an 8.1‑out of‑10 rating, highlighting strong real‑time protection and a robust identity‑theft insurance offering. The standout feature is unlimited‑device coverage on Plus plans, priced between $50 and $200 for the first year. However, the...
Sri Lanka Building Data Minimization Into Digital ID to Protect Privacy
Sri Lanka is set to launch its first digital ID, SL‑UDI, later this year, embedding data minimization and purpose limitation at the core of the system. The platform uses role‑based access controls, encryption, immutable audit logs, and secure API integrations...
It’s a Mystery … Alleged Unpatched Telegram Zero-Day Allows Device Takeover, but Telegram Denies
TrendAI Zero Day researcher Michael DePlante disclosed a critical zero‑click vulnerability in Telegram (ZDI‑CAN‑30207) that could allow remote code execution via a crafted animated sticker, earning a CVSS score of 9.8. The flaw impacts Android and Linux clients and currently...
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
The week’s cyber‑threat landscape was dominated by a critical Citrix NetScaler flaw (CVE‑2026‑3055) that is now being actively exploited, a confirmed breach of FBI Director Kash Patel’s personal email with a $10 million bounty offered, and the emergence of Red Menshen’s BPFDoor...
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
Hackers on the dark‑web marketplace Threat Market claim to have obtained 375 TB of Lockheed Martin data and are offering it for a $600 million buy‑out. The alleged sale, posted via a Telegram account linked to the market and attributed to an APT...
Identity Remains Primary Defense in AI-Driven Threats
Identity is the first line of defense, especially in an AI-fueled threat landscape | Cybersecurity Dive https://t.co/8y0zjDUN0H
Drone Attacks Expose Risk of Centralized Cloud Infrastructure
Iranian drones hit AWS data centres twice this month. Banks went down. Apps went offline. Thats centralised cloud, one strike and everything breaks. This war is making the case for decentralised computing like Ocean Network. No single point of failure. No data centre...
Compliance Without Validation Is a False Sense of Security
Compliance teams can pass audits and keep perfect documentation yet remain vulnerable to third‑party breaches. The article argues that without real‑world validation, controls are merely theoretical and provide a false sense of security. It highlights that 68% of organizations experience...