Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Crunchyroll Probes Alleged Breach Affecting 6.8 Million Users, 100 GB Data Stolen
Crunchyroll said it is investigating a claimed cyberattack that could have leaked personal data of 6.8 million users and up to 100 GB of support‑ticket records. The breach is linked to a third‑party vendor, Telus International, and the hacker allegedly demanded a $5 million ransom.
Google Launches Threat Disruption Unit, Stops Short of Calling It ‘Offensive’
Google has unveiled a new Threat Disruption Unit that operates defensively, targeting the infrastructure hackers rely on rather than conducting offensive hacks. The unit will leverage Google’s visibility into global internet services to obtain court orders, expose malicious actors, and...
SentinelOne, Snyk Introduce New Tools for Securing AI Agents
SentinelOne and Snyk unveiled a suite of AI‑agent security tools, including SentinelOne’s Prompt AI Agent Security and Prompt AI Red Teaming, which guard AI data flows and simulate attacks on models. The companies also introduced an AI‑native data pipeline that...
More Launches, More Cyber Threats: Space Force Stands Up Units to Defend Ranges
The U.S. Space Force activated the 630th Cyberspace Squadron at Vandenberg Space Force Base on March 10 to protect launch‑range networks from cyber intrusions. This follows the September reassignment of the 645th Cyberspace Squadron to Space Launch Delta 45 at...
Auto‑copy 2FA Codes Top Convenience, Vaccines Follow
Automatic copying of confirmation codes for 2FA on your phone. But I agree vaccines are a close second
How Capital One Software Is Using Tokens to Turn Dark Data Into a Secure AI Asset
Capital One Software is leveraging format‑preserving tokenization to turn sensitive, unstructured "dark data" into a secure AI asset. At RSAC 2026 the company unveiled expanded Databolt capabilities that automatically scan, classify and tokenize data in PDFs, emails and transcripts. By replacing...
FCC Bans Import of Foreign-Made Consumer Routers over Security Concerns
The Federal Communications Commission has prohibited the import of consumer routers manufactured abroad, warning that foreign hardware poses a national security threat. The move could upend supply chains, force retailers to source domestically, and trigger a wave of regulatory scrutiny...
Why Fintechs Are Moving to Automated Compliance
Fintechs are turning to automated compliance platforms to eliminate the manual, time‑consuming audit preparation that slows product delivery. By deploying on Upsun’s PCI‑DSS Level 1, SOC 2 Type 2, ISO 27001 and HIPAA‑certified infrastructure, companies shift core security controls to the provider under a...
Administration Releases Cyber Strategy, Executive Order on Cybercrime and Fraud
The administration released a National Cyber Strategy aimed at keeping the United States unrivaled in cyberspace, outlining six policy pillars that stress AI deployment and reduced regulation. An accompanying Executive Order directs agencies to develop plans for dismantling transnational cybercrime...
ISACs Confront AI’s Promise and Peril for Threat Intelligence-Sharing
Information Sharing and Analysis Centers (ISACs) are grappling with how to integrate artificial intelligence into threat‑intelligence workflows while preserving the trust that underpins member collaboration. Leaders from Retail & Hospitality, Health, and Financial Services ISACs highlighted AI’s potential to speed...
Mazda Discloses Security Breach Exposing Employee and Partner Data
Mazda Motor Corp disclosed a security incident that exposed personal data of employees and business partners. The breach, discovered in December, involved 692 records and originated from a vulnerability in a warehouse‑management system used for parts sourced from Thailand. No...
10 Hacks Every Ring User Should Know
Ring’s suite of privacy and notification settings lets users tighten security while reducing nuisance alerts. Features such as Global and Device‑specific snooze, custom motion zones, and Smart Alerts let homeowners filter out irrelevant motion. Additional controls—including disabling Amazon Sidewalk, turning...
DHS CISO Departs After Driving AI, Risk-Based Security
Hemant Baidwan stepped down as the Department of Homeland Security’s CISO after a two‑year tenure focused on scaling secure artificial intelligence and accelerating zero‑trust adoption. Under his leadership, DHS transitioned from a compliance‑driven posture to a risk‑based cybersecurity model anchored...
Tycoon2FA Phishing Platform Returns After Recent Police Disruption
The Tycoon2FA phishing‑as‑a‑service platform, disrupted by Microsoft and Europol in early March, has rebounded to pre‑disruption activity levels within days. Law‑enforcement seized 330 domains that hosted its control panels and phishing pages, but the takedown proved temporary. CrowdStrike observed daily...
What to Look for in a Managed Security Service Provider (MSSP)
The article offers a HIMSS‑sponsored checklist to help healthcare organizations evaluate Managed Security Service Providers (MSSPs). It stresses that MSSP selection directly affects patient safety, requiring seamless integration with existing IT and robust visibility and incident‑response capabilities. The guide outlines...
After Hackers Hit an Iowa Company, Cars Around the Country Failed to Start
Intoxalock, a leading provider of ignition interlock devices, suffered a cyberattack on March 14 that crippled its calibration and installation systems. The outage prevented monthly calibrations, putting an estimated 7‑10% of Connecticut users and thousands nationwide at risk of vehicle lockouts....
QNAP Fixed Four Vulnerabilities Demonstrated at Pwn2Own Ireland 2025
QNAP has patched four critical SD‑WAN router vulnerabilities (CVE‑2025‑62843 to CVE‑2025‑62846) that were exploited by Team DDOS at Pwn2Own Ireland 2025, earning a $100,000 bounty. The flaws allowed privilege escalation through physical access, weak LAN authentication, an SQL injection, and...
Washington Establishes Bureau of Emerging Threats
The U.S. State Department has launched the Bureau of Emerging Threats to centralize efforts against cyber attacks, space‑domain risks, and military uses of AI and quantum tech. Led by former China chargé d’affaires Anny Vu, the bureau will employ diplomatic...
TeamPCP Deploys Iran-Targeted Wiper in Kubernetes Attacks
TeamPCP, the group behind the recent Trivy supply‑chain breach and the CanisterWorm campaign, has rolled out a new destructive payload that targets Kubernetes clusters configured for Iran. The malware deploys a privileged DaemonSet called "Host‑provisioner‑iran" to wipe host files and...
AI Agents Pose Immediate Commerce Security Risks
Your AI agent doesn't have brand loyalty. It doesn't verify addresses properly. And it might just hand $500K in USDC to a scammer. The agentic commerce security problem is real, and it's already here now. Laurens Fraussen and Steven Ehrlich...
Charlotte-Mecklenburg Students Targeted by Phishing Scam
A phishing email promising fraudulent job opportunities was sent to students at Ardrey Kell High School in the Charlotte-Mecklenburg school district, requesting banking information. The district quickly removed the unauthorized message, secured the affected student accounts, and issued a Canvas...
Jmem Tek Joins GlobalFoundries Ecosystem to Expand Post-Quantum Security Solutions
Jmem Tek has joined GlobalFoundries’ GlobalSolutions™ Ecosystem as an official IP Network Partner, bringing its proprietary Physical Unclonable Function (PUF) and post‑quantum cryptography (PQC) IP to GlobalFoundries customers worldwide. The partnership gives semiconductor designers access to silicon‑proven hardware root‑of‑trust, secure...
Taceo Network Enables ‘Private Shared State’ for Hosting Sensitive Parts of Workflow
Austrian startup Taceo has opened public access to its Taceo Network, a private execution layer that lets organizations run sensitive identity, biometric and payment logic on shared digital infrastructure without exposing raw data. The platform uses coSNARKs, a cryptographic tool...
How to Address Shadow AI in Healthcare
Healthcare organizations are confronting a new wave of shadow IT, now termed shadow AI, where staff adopt generative AI tools without oversight. The article outlines three mitigation strategies: establishing robust AI governance, deploying technical guardrails such as monitoring and sandbox...
An AI-Powered Phishing Campaign Has Compromised Hundreds of Organizations
Huntress uncovered an AI‑driven phishing campaign that leveraged Railway’s PaaS to spin up credential‑harvesting infrastructure, compromising hundreds of organizations across sectors. The attackers used generative AI to craft unique email lures and exploited Microsoft’s device authentication flow, stealing OAuth tokens...
DeFi Has Seen Resolv's $25M USR Exploit Many Times Before
Resolv Labs suffered a $25 million USR stablecoin exploit after an attacker compromised its AWS‑managed service key, minting 80 million USR from roughly $100,000 of USDC. The depegged USR and its wrapped version were still priced at $1 by oracles, causing cascading...
SWISSPORT’S MATCHBOX PLATFORM ACHIEVES ISO 27001, 27017 AND 27018 CERTIFICATIONS
Swissport’s Matchbox, a cloud‑based travel document validation platform, has earned ISO 27001, ISO 27017 and ISO 27018 certifications, confirming its information‑security, cloud‑security and privacy controls. The platform already validates more than four million passengers with 100% accuracy on inadmissible traveler...
Access to Registry Data
A University College Dublin lecturer has been charged with unlawfully accessing personal data of more than 100 students and using it to harass them. The alleged breach involved malware that captured student passwords, allowing the lecturer to view addresses, phone...
SandboxAQ Launches New AQtive Guard Capabilities
SandboxAQ unveiled major upgrades to its AQtive Guard platform, expanding AI Security Posture Management (AI‑SPM) ahead of RSA Conference 2026. The new suite adds real‑time guardrails for inbound prompts and outbound responses, autonomous risk analysis for Model Context Protocol (MCP)...
Cybersecurity as a Team Sport
Cybersecurity is shifting from isolated defenses to a collaborative model, especially in the hospitality sector where data breaches can damage brand trust and revenue. Attackers now operate in coordinated groups, sharing tools and tactics, prompting defenders to form trusted information‑sharing...
Routers Replace PCs as Primary Threat Vector in Evolving Device Risk Landscape
Forescout’s 2026 Riskiest Connected Devices report shows routers have overtaken PCs as the top enterprise threat vector, accounting for roughly one‑third of critical vulnerabilities. On average, routers and switches now expose about 32 flaws each, and 75% of the riskiest...
FBI Warns of $20 Million ATM Jackpotting Surge in 2025
The FBI has issued a cybersecurity alert after documenting nearly 1,900 ATM jackpotting attacks since 2020, with losses topping $20 million in 2025 alone. The surge underscores a widening vulnerability in legacy ATM software that criminals are exploiting nationwide.
_Wavebreakmedia_Ltd_IFE-210813_Alamy%5B1%5D.png?width=1280&auto=webp&quality=80&disable=upscale)
Attackers Hide Infostealer in Copyright-Infringement Notices
Attackers are disguising a fileless phishing campaign as copyright‑infringement notices to deliver PureLog Stealer, a low‑cost infostealer. The operation targets critical sectors—including healthcare, government, hospitality and education—in Germany, Canada, the United States and Australia. Victims receive a seemingly legal PDF...
Agentic AI Expands Attack Surface, Prompting Injection Focus
As AI systems become more agentic, we are rapidly expanding the attack surface. Prompt injection isn’t a corner case—it’s a natural outcome of: – untrusted inputs – tool access – delegated autonomy This shifts the question from “does it work?” to “how does it fail...
Cato Networks Unveils GPU-Powered SASE Platform with Native AI Security
Cato Networks announced two major upgrades to its SASE platform: Cato Neural Edge, which embeds NVIDIA GPUs across its global private backbone to accelerate AI‑driven traffic inspection, and Cato AI Security, a suite that merges AI governance and runtime protection...
Iran Built a Camera Network to Control Dissent, Israel Made It a Targeting Tool
Israel exploited Iran’s extensive street‑camera network to pinpoint Supreme Leader Ayatollah Ali Khamenei, turning the regime’s own surveillance into a targeting tool. The operation, confirmed by leaked data and AP reporting, relied on dozens of unsecured cameras and AI‑driven video analysis...
Dell Technologies Integrates Quantum-Ready Security and AI Resilience Across Portfolio
Dell Technologies announced a portfolio‑wide security upgrade that embeds quantum‑resistant cryptography into firmware and BIOS across its commercial PCs and data‑center products. The company also introduced AI‑driven recovery tools in its PowerProtect line, delivering up to twice the backup speed...
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
A North Korean hacker answered a generic help‑wanted ad, passed standard background checks, and was hired for a remote IT role handling sensitive Salesforce data on August 15, 2025. Ten days later, a login from an unmanaged device in St. Louis,...
FBI Says Iranian Hackers Are Using Telegram to Steal Data in Malware Attacks
The FBI warned that Iranian Ministry of Intelligence and Security (MOIS) hackers are leveraging Telegram bots as a command‑and‑control channel to exfiltrate data from dissidents, opposition groups, and journalists. Attackers first send phishing links masquerading as Telegram or WhatsApp apps,...
Open‑Source XIAM: Seven Years of Identity Innovation
Talked to Fletcher Heisler from Authentik about Extended Identity Access Management — XIAM. Open source identity, seven years in the making. Worth a listen: https://risky.biz/RBNEWSSI120/
Agentic AI Demands an Observability Control Plane
“In this era of Agenetic AI, organizations will need an ‘observability control plane’”, says Vasu Jakkal, Corporate Vice President, Microsoft Security, @Microsoft during her Monday keynote ‘Ambient and Autonomous Security: Building Trust in the Agentic Al Era’ at #RSAC2026 in...
Attackers Keep Spinning up VMs to Hide From EDR. What's the Answer?
Hackers are increasingly launching QEMU virtual machines at system startup to conceal malicious activity from endpoint detection and response (EDR) tools. Microsoft observed this method in recent attacks on exposed SolarWinds Web Help Desk instances, where a scheduled task creates...
Update iOS Immediately to Block DarkSword Exploit
NEW from @zackwhittaker @lorenzofb: Someone has posted an exploit kit that can hack hundreds of millions of iPhones to Github. The hacking tool, known as DarkSword, targets out-of-date and older iOS devices. Apple recommends updating to the newest OS now. https://t.co/tJfqYWDOe1
Cyber War Begins: Companies Face First Attacks
The War Is Going Cyber and Companies Are the First to Be Attacked #ArtificialDecisions #MCC https://t.co/PGGJukkaqK
Top Vulnerability Scanning Tools for Security Teams
Vulnerability scanning tools have matured from simple network probes to sophisticated platforms that assess hosts, applications, cloud environments, and code. Leading solutions such as Burp Suite, Intruder, Nessus, OpenVAS, and Snyk now embed AI features to prioritize findings and reduce...
Understanding Where FIDO2 Passkey Private Bits Reside
Where are the Private Bits of FIDO2 Compliant Passkey Stored? Just because you’re vibe coding doesn’t mean you no longer need to understand how things work. Research for my tool to start a batch job with a Yubikey. https://t.co/GK9IGy1Vi9 https://t.co/5NFLp5P7Oc
China's OpenClaw AI Fuels Lobster Agent Cybersecurity Panic
"Raising a lobster" is the new Labubu OpenClaw AI goes viral in China, raising cybersecurity fears Email deletion scare underscores risks as ‘lobster’ agents surge across real-world AI systems handling sensitive personal data #China #techwar #chips #tech @baoshaoshan @thecyrusjanssen @DOualaalou @lajohnstondr @PSTAsiatech https://t.co/LceRUFV7T6
The M-Trends 2026 Report Shows How to Strengthen Business Cybersecurity.
Mandiant’s M‑Trends 2026 report reveals a pivotal shift in cyber‑criminal tactics, moving from pure data theft to actively disrupting business operations. The research shows attackers increasingly embed themselves within the very technologies that power enterprises, creating hidden attack vectors. By mapping...
The Phone Call Is the New Phishing Email
Voice‑based phishing surged in 2025, representing 11% of the incidents Mandiant investigated, while email phishing dropped to just 6% of initial‑access vectors. Exploited software vulnerabilities remained the dominant entry point, featuring in 32% of attacks. The rise reflects attackers’ willingness...
AI Security and AI-Driven Defense Lead Microsoft Pre-Day
On the ground for @Microsoft's Security Pre-Day. This is always a good session to kick off RSAC week. Lots to unpack, but suffice it to say that security-for-AI and AI-for-security were the key themes. Full analysis to come. #CIO #CISO #RSAC2026...