Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Agent Skill Trust & Signing Service
The blog introduces Skill Trust & Signing Service (STSS), an open‑source layer that secures AI agent skills before execution. It highlights how malicious post‑install scripts and hidden prompts can give attackers full access to an agent’s environment, a risk far beyond traditional library supply‑chain attacks. STSS combines static scanning, import‑chain tracing, and an LLM‑driven behavioral audit, then signs the skill’s Merkle tree with an Ed25519 key. At runtime the agent verifies the signature, blocking any tampered or rogue code.
Deepfakes, Scams, and Small Business Security (6 Prompts)
An event‑security firm nearly fell victim to a deepfake voice scam that demanded a $5,000 emergency deposit. Fraudsters leveraged Deepfake‑as‑a‑Service to clone a supervisor’s voice from a brief social‑media clip, putting small businesses at risk of costly losses or liability....
Niantic's CIA Ties Spark Data Privacy Concerns
Should Niantic's background with the CIA make us nervous about what it's going to do with the virtual world created from 30 billion data points accumulated by Pokemon Go?
Microsoft Azure Monitor Alerts Abused for Callback Phishing Attacks
Microsoft Azure Monitor alerts are being exploited to send phishing emails that appear to originate from the legitimate azure‑noreply@microsoft.com address. Attackers create custom alert rules with malicious descriptions, causing the platform to email victims billing‑style warnings and a callback phone...
Meta Removes Instagram Encryption, Sparking User Frustration
Here’s a good article about Meta’s very frustrating decision to pull encryption out of Instagram. https://t.co/ajH18YCDZK
FBI and CISA Alert on Russian-Linked Signal Account Compromise
The FBI, together with the Cybersecurity and Infrastructure Security Agency, warned that Russian-linked threat actors are compromising Signal accounts. The advisory did not disclose the number of users affected, highlighting a high‑impact threat to consumer privacy and national security.
From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson
In this episode, Darren “Doc” Robinson, a long‑time Microsoft MVP and identity‑governance expert, walks through the evolution of identity management from legacy systems like Novell and FIM/MIM to today’s cloud‑first approach with Azure AD, Entra ID, and Cloud Sync. He...
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
Arctic Wolf reported active exploitation of the critical authentication‑bypass flaw CVE‑2025‑32975 in Quest KACE Systems Management Appliance (SMA) instances exposed to the internet. The vulnerability, patched by Quest in May 2025, allows unauthenticated actors to impersonate users and gain full administrative control. Exploitation...
Absa Fraud Warning
Absa has issued a broad warning about phishing scams that distribute fake e‑statement links and counterfeit account‑security alerts. The messages mimic the bank’s branding, use spoofed email addresses and unrelated URLs such as pouiyt.tech, and lure customers into entering login...
NemoClaw Review: Strong Security Design, Rough Setup Experience
NVIDIA’s NemoClaw adds a security‑first layer to autonomous AI agents, introducing real‑time monitoring, declarative policies, and sandbox isolation. Built on the open‑source OpenClaw stack, it requires manual approvals for flagged actions, tightening control but slowing time‑sensitive workflows. Deployment hinges on...
Secrets Management Vs. Secrets Elimination: Where Should You Invest?
Enterprises are weighing two divergent authentication philosophies: traditional secrets management, which safeguards static credentials in vaults, and secretless authentication, which eliminates static secrets by issuing short‑lived tokens tied to workload identities. While secretless reduces attack surface and operational friction for...
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five high‑severity flaws affecting Apple WebKit, Apple kernel components, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, mandating remediation by April 3 2026. The vulnerabilities carry CVSS scores from...
Cryptographer Challenges RustSec Ban on Bug Reports
Cryptographer fights RustSec ban over bug reports • The Register ~ What’s your take? Critical or not? https://t.co/a7d2iTtF6J
Compliance Startup Fakes Certifications, Leaves Data Unprotected
Chefs kiss. Delve issues “vibe complaince” rubberstamp SOC and other certifications, while leaving their own door wide open w sensitive documents unsecured… for who knows how long. Security 101 A cautionary tale of a complaince startup faking everything, and almost making it...
Digital Arrest Scams: Centre Directs WhatsApp To Block Involved Device IDs
India’s Union Home Ministry has instructed WhatsApp to block the device IDs of users involved in digital‑arrest scams and retain data from deleted accounts for 180 days. The platform will add AI‑driven safeguards, logo‑detection, deep‑fake warnings, and a mandatory SIM‑binding...
Check Your ProtonMail Account Before It Gets Deleted
If you have a @ProtonMail account and haven’t logged in recently better check it. I luckily randomly saw a message. Not really cool to randomly cancel people’s email accounts.
DOJ Shuts Down Iran‑Linked Hacktivist Sites After Handala Claims Stryker Attack
The U.S. Justice Department seized four websites operated by Iran’s Ministry of Intelligence and Security that were used by the hacktivist persona Handala to claim a destructive malware attack on medical‑technology maker Stryker. The move follows the March 11 breach...
Security Considerations on Istio's CRDs with Namespace-Based Multi-Tenancy
Istio’s VirtualService resource, when configured as a mesh gateway, applies routing rules across the entire service mesh, not just the namespace where it is defined. This design flaw enables tenants with permission to create or modify Istio CRDs to launch...
While LeakBase Is Gone, Data Remains At Risk
The FBI and Europol have taken down LeakBase, a dark‑web forum that facilitated large‑scale trading of stolen credentials. The takedown ends the forum’s operations but the data posted there—over 200,000 posts and millions of compromised accounts—likely persists across other underground...
Iranian Cyberattacks Ahead of US, Israel Strikes Discovered
Iranian advanced persistent threat groups, notably MuddyWater, staged six CIDR blocks in September using an Estonian autonomous system, indicating pre‑operational cyber preparation six months before the February 28 U.S.–Israel missile strikes. The buildup was corroborated by Augur Security, which linked the...
A Potential Breach of an Anonymous Tip App Could Have Exposed Sensitive Student Data
Navigate360, a K‑12 safety solutions provider, disclosed a possible breach of its anonymous tip platform, P3 Global Intel, after a hacker claimed access to data from more than 30,000 U.S. schools. The attacker, identifying as Internet Yiff Machine, alleged the...
Weill Cornell Medicine Discloses an Insider Data Breach
Weill Cornell Medicine reported a breach affecting 516 patients after a former employee accessed electronic medical records without authorization. The employee only viewed contact details and visit reasons, with no clinical or financial data disclosed. The hospital notified the patients...
How Controlled Should Your Cloud-Native AI Security Be
Enterprises adopting cloud‑native architectures must secure machine identities, known as Non‑Human Identities (NHIs), and the secrets they carry. A full lifecycle—discovery, classification, continuous monitoring, and remediation—shifts protection from point solutions to proactive governance. Automation and real‑time oversight cut breach risk,...
New Speagle Malware Hijacks Cobra DocGuard for Data Theft
Security researchers have uncovered a new malware strain called Speagle that subverts the legitimate document security platform Cobra DocGuard to steal data. The malware disguises exfiltration as normal client‑server traffic and uses a compromised DocGuard server for command‑and‑control. It selectively infects...
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ has posted a claim that it exfiltrated roughly 3 GB of AstraZeneca data, including source code, cloud‑infrastructure configurations, and employee‑related records. The group shared sample files that appear to contain authentic GitHub Enterprise user exports and contractor onboarding logs, suggesting...
![Warframe Players Fear The Game Has Been Hacked After Receiving ‘Nefarious Invites’ [Update]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://kotaku.com/app/uploads/2026/03/warframe-metacard-1200x675.jpg)
Warframe Players Fear The Game Has Been Hacked After Receiving ‘Nefarious Invites’ [Update]
Warframe players reported receiving bizarre, often offensive in‑game invite messages, prompting fears of a hack. Digital Extremes investigated and confirmed the messages resulted from altered invite text fields, not from compromised accounts or data breaches. The studio deployed a fix...
Google Threat Intel Flags 'Ghostblade' Crypto-Stealing Malware
Google Threat Intelligence has uncovered Ghostblade, a new JavaScript‑based malware targeting iOS devices to steal cryptocurrency private keys and messaging data. The tool operates only during a brief browsing session, exfiltrates data to malicious servers, and then self‑deletes, erasing crash...
US Seizes Handala Domains After Stryker Wiper Attack Tied to Iran’s MOIS
The Justice Department, FBI and CISA seized four websites used by the Iran‑linked hacktivist group Handala following its destructive wipe of roughly 80,000 Stryker devices. The move publicly attributes the attack to Iran’s Ministry of Intelligence and Security and triggers...
How SW and HW Vulnerabilities Can Complement LLM-Specific Algorithmic Attacks (UT Austin, Intel Et Al.)
A collaborative paper titled “Cascade” reveals how conventional software and hardware flaws can be weaponized alongside LLM‑specific algorithmic attacks to compromise compound AI pipelines. The authors demonstrate two proof‑of‑concept attacks: a code‑injection combined with a Rowhammer guardrail bypass that injects...
SEALSQ Deploys Post-Quantum Cryptography to Bolster Blockchain Security
SEALSQ Corp is integrating NIST‑selected post‑quantum cryptographic algorithms, notably CRYSTALS‑Kyber and CRYSTALS‑Dilithium, into its secure elements and TPM‑class chips to create a hardware root‑of‑trust for blockchain keys. The company is partnering with Swiss platform WeCan to embed these algorithms in...
FBI, CISA Issue PSA on Russian Intelligence Campaign to Target Messaging Apps
The FBI and CISA released a joint public service announcement warning that Russian intelligence‑linked hackers are conducting a global phishing campaign against commercial messaging apps. The attackers impersonate Signal support staff to coax verification codes, compromising accounts of current and...
AI Is Now the Decisive Factor in Cyber Conflict
AI has become a decisive factor in cyber conflict, especially across the Asia‑Pacific region. Deep‑fake and generative AI have driven social‑engineering incidents up 53% year‑over‑year and fraud claims up 233%. By 2025, AI‑driven threats are projected to affect 56% of...
California City Reports Ransomware Attack as LA Transit Agency Finds ‘Unauthorized Activity’
Foster City, California declared a state of emergency after a ransomware attack forced the city to pause all non‑emergency public services. Emergency 911 and police dispatch remained functional, and the city council meeting was shifted to an in‑person format without...
GAO Evaluation of CMMC Program and Important Information for Defense Contractors
The Government Accountability Office released a report reviewing the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, calling it fundamentally sound but in need of adjustments. GAO highlighted gaps in external factor analysis, such as the limited pool of...
New Methods for Assuring Digital Identity and Authenticity
The surge of generative AI has made realistic deepfakes and synthetic media commonplace, prompting a market shift toward foolproof digital identity verification. Emerging defenses combine hardware‑enforced trust, cryptographic watermarks and continuous behavioral biometrics to prove content provenance. Regulatory pressure, such...
Big Tech Signs Anti-Scam Pact as AI-Driven Fraud Surges
Google, Microsoft, Meta, Amazon and OpenAI announced a voluntary anti‑scam accord aimed at curbing the surge of AI‑driven fraud. The pact commits the signatories to share threat intelligence, coordinate investigations and harmonize detection models across their platforms. With global scam...
Strengthening Cybersecurity in Canada’s Municipal Sector: A Verified Analysis
The City of Hamilton’s February 2024 ransomware attack crippled 80% of its network and forced the municipality to spend roughly C$18.3 million on response, recovery and upgrades. A demanded ransom of C$18.5 million was refused, and a subsequent C$5 million cyber‑insurance claim was denied...
Socure’s Deepanker Saxena Breaks Down How to Spot Fake Job Candidates
Socure’s head of product Deepanker Saxena warns that AI‑driven fake job applicants are infiltrating hiring pipelines, giving fraudsters rapid access to corporate systems. He explains that a compromised employee can cause ransomware, data theft, or IP loss within minutes of...
Rubrik Intros Google Workspace Data Protection
Rubrik announced Rubrik Data Protection for Google Workspace, targeting enterprises that rely on Gmail and Google Drive. The solution offers immutable, air‑gapped backups and a point‑and‑click recovery interface that can shrink restoration times from days to minutes. It integrates policy‑driven...
Rubrik Intros Google Workspace Data Protection
Rubrik announced Rubrik Data Protection for Google Workspace, extending immutable, air‑gapped backups to Gmail and Google Drive. The solution promises rapid, point‑and‑click recovery that can shrink restoration times from days to minutes while preserving original data and permissions. It includes...
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a widely used open‑source vulnerability scanner, suffered a second supply‑chain breach when attackers force‑pushed 75 of 76 tags in the official aquasecurity/trivy‑action repository to deliver a malicious payload. The code runs inside GitHub Actions runners, harvesting environment variables, cloud...
Fake ‘Trusted Sender’ Labels Misused in New Apple Mail Phishing Scheme
A new phishing campaign embeds counterfeit “trusted sender” banners directly into email bodies, tricking recipients into believing messages are verified by Apple Mail. Apple’s mail client does not generate such labels, so the banners are pure HTML graphics that appear...
FBI Takes Down Leak Sites Tied to Iran’s Ministry of Intelligence and Security
The FBI seized four domains that Iran’s Ministry of Intelligence and Security used to host stolen data, linking the operation to the state‑run “Handala” group. Handala leveraged Microsoft Intune’s wipe function to destroy data on more than 200,000 Stryker devices,...
New ‘Quirks’ Could Make States’ Privacy Laws Impossible to Follow, Experts Worry
Federal efforts to create a unified data‑privacy framework stalled as the American Privacy Rights Act failed to pass, leaving roughly 20 state laws in force. Experts warn that emerging state‑level quirks—such as Virginia’s notice‑consent model, Maryland’s data‑minimization focus, and New...
Securing the Code Factory: Why SDLC Infrastructure Has Become a Core Cloud Risk
Software supply‑chain security is shifting from protecting shipped code to defending the infrastructure that builds it. Recent incidents—Ultralytics’ GitHub Actions hijack, the Shai‑Hulud 2.0 campaign compromising tens of thousands of CI runners, and the Trust Wallet breach—show attackers can inject...
ISMG CXO Advisory Reveals Top Cybersecurity Priorities
One advantage of working with ISMG's CXO advisory practice is exposure to thousands of cybersecurity leaders. You hear what is actually worrying them. Right now the themes are pretty consistent: AI governance Identity security Third party risk Board level accountability What's top of your list?
LinkedIn Faces SOC2 Non‑compliance Shock Monday
LinkedIn gonna be crazy on Monday when they all find out they’re not SOC2 compliant
CISA Recommends Privileged Access Controls for Endpoint Management After Stryker Incident
CISA issued an urgent advisory after a March 11 cyberattack on Stryker that leveraged a compromised Microsoft Intune administrator account to create a global admin and wipe managed devices. The breach highlights a growing trend where attackers target the control planes...
AI Agents Can Leak DNS: Bug or Intentional Abuse?
AI Agent DNS Leaks 🤖 Is this really a bug? Or is it functionality abuse? Because this is how the internet works. You decide. In any case be aware... https://t.co/Fmvxsh8210 https://t.co/uZo5hLB09k
Deep Secrets of Agent‑Based D&R Sell Out Fast
One of my #RSAC presentation is a sponsored session ... and yes, this is the one that sold out :-) Because it is about the deep secrets of how we use agents for D&R. We should probably make a...