Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Businesses Are Struggling to Combat AI-Based Fraud, a Study Finds
A Darwinium study of 500 senior executives reveals that 97% of businesses have seen a rise in AI‑driven fraud over the past year, with 45% attributing attacks to advanced fraud‑as‑a‑service platforms. While 95% now list agentic AI among their top security priorities, only 36% can stop fraud throughout the customer journey, leaving many reliant on blunt‑force controls that generate costly false positives. AI‑enabled deepfake scams have hit 93% of firms, and the average financial hit from AI fraud sits at $4.5 million per company.
Enterprise Data Protection, Governance, and Cost Optimization with Xray and Revyz in Jira
Revyz has launched an integrated backup and governance layer for Xray, Atlassian’s test‑management add‑on in Jira. The solution replaces native Atlassian backups with automated, forever‑incremental, immutable snapshots that also deduplicate attachments. By adding configuration‑drift analytics and role‑based access controls, Revyz...
Denver’s Crosswalks Hacked to Broadcast Anti-Trump Messages
In Denver, two newly installed pedestrian‑crossing audio units were hacked to broadcast profanity‑laden anti‑Trump messages, startling commuters. The intrusion leveraged factory‑default passwords, a vulnerability previously exploited in crosswalk systems in California and Seattle. City officials confirmed the devices were activated...
Just 10% Secure AI, DivisionHex Unveils Threat Hunting Tool
Coalfire’s DivisionHex practice launched an AI Threat Hunting service aimed at detecting shadow AI, compromised agents, and emergent agentic insider risks within enterprise environments. The offering extends traditional threat‑hunting techniques to monitor AI behavior, flagging unauthorized data access, privilege escalation,...
Aikido Receives the 2026 Global ASPM Customer Value Leadership Recognition
Aikido Security has been honored with Frost & Sullivan’s 2026 Global Customer Value Leadership Recognition in the Application Security Posture Management (ASPM) sector. The award highlights the company’s AI‑driven, developer‑first platform that unifies security across code, cloud, and runtime while...
How CISOs Can Survive the Era of Geopolitical Cyberattacks
Geopolitical cyber threats are shifting from ransomware to destructive wiper campaigns, exemplified by Iran‑linked Handala’s March 2026 attack on Stryker that crippled operations in 79 countries. The article outlines a five‑step containment playbook for CISOs, emphasizing credential protection, zero‑trust network segmentation,...
Ekco Launches Managed Risk Operations Centre to Help Irish Organisations Reduce Cyber Risk
Ekco has introduced a Managed Risk Operations Centre (ROC) in Ireland, powered by Qualys Enterprise TruRisk Management. The service consolidates fragmented vulnerability data into a continuous, business‑aligned risk reduction model. It prioritises exposures based on exploit likelihood, asset criticality and...
Why Flat Kubernetes Networks Fail at Scale
Flat Kubernetes networking models work for small clusters but break at scale. As policies proliferate, the lack of hierarchy leads to unpredictable rule precedence and debugging challenges. Introducing security hierarchies—platform, security, and application tiers—adds explicit ordering and aligns with Zero...
Eon Strengthens Enterprise Data Protection Capabilities with Latest Enhancements
Eon, a data and AI infrastructure platform, announced ransomware protection tailored for cloud databases. The solution detects anomalies such as row‑count drops and schema changes across major databases and provides automated recovery points. It extends unified protection to VMs and...
Explainer: How Cybercrime Outpaces Digital Revolution
Nigeria’s rapid shift to a digital‑first economy is being shadowed by a surge in cybercrime, with global losses projected at $10.5 trillion and Nigerian fraud losses climbing 196% to N52.26 billion over five years. Attackers are leveraging AI‑generated phishing, deep‑fakes and automated...
How Dropzone AI Is Bringing A ‘Software-Only’ Approach To Agentic SOC: CEO
Dropzone AI, founded in 2023 by former ExtraHop scientist Edward Wu, launched a fully software‑only AI SOC Analyst platform that resolves security alerts without any human analyst involvement. The solution promises greater consistency, scalability and transparency, addressing the chronic alert‑overload...
Zimperium Report: Banking Malware Targets 1,200+ Apps
Zimperium’s 2026 Banking Heist Report reveals that 34 active malware families are targeting 1,243 mobile banking apps across 90 countries. Android‑based financial fraud surged 67% year‑over‑year in 2025, with sophisticated campaigns that can fully control devices and bypass traditional defenses....
Key Security Docs Often Missing; Use Templates
Cybersecurity scales with process + templates 🔐 Key docs every org needs: 🛡️ InfoSec: incident logs, access matrix, data classification 🌐 Network: DDoS plan, VPN/NAC logs, patch schedule ☁️ Cloud: config baseline, IR log, backup testing, asset inventory 🧩 AppSec: secure coding checklist, SAST logs,...
Spring Clean Your Digital Life for Better Security
Spring cleaning isn’t just for closets. It’s a good time to clean up your digital life too: update passwords, remove old accounts, review app permissions, and enable MFA. A little data hygiene now goes a long way in protecting your personal cybersecurity.
Top Attack Surface and Exposure Management Platforms to Watch in 2026
Security teams are shifting from patch‑centric tactics to holistic exposure management, which ties together vulnerabilities, misconfigurations, and over‑privileged identities across cloud, SaaS, and IoT assets. Vendors such as Check Point, Palo Alto Networks, Tenable, Microsoft, Wiz, CrowdStrike, Cisco, and Qualys...
Quantum Networks Secure Expanding IoT Across Critical Sectors
Quantum networks are extending IoT architectures with qubits, QKD and entanglement-based links. As connected assets multiply in energy, healthcare and mobility, secure key exchange and synchronized nodes reduce risk and protect critical services at scale. Microblog @antgrasso https://t.co/BjZH6mjWA6
AI Is Simplifying Cybercrime; the Threat Will Intensify
AI is already making online crimes easier. It could get much worse. | MIT Technology Review https://t.co/OOi3OhIPMa
One Year on From Retail’s Devastating Cyber Attacks, What’s Changed?
A year after a wave of sophisticated cyber attacks crippled ecommerce platforms and supply chains, retailers have begun overhauling their security models. The industry is moving from perimeter‑based defenses to zero‑trust architectures, with roughly 63% of organisations adopting at least...
NIST Releases DNS Guide; Infoblox Leads Protective DNS
The new NIST Secure Domain Name System (DNS) Deployment Guide is out. Kudos to @Infoblox for helping author this and for also providing imho the world's best protective DNS service. https://t.co/vprZTZ5sfH https://t.co/OxZ0qSLxWK
FBI Launches Leak Investigation Into Ex‑NCTC Director Joe Kent Amid Iran War Resignation
The FBI has opened a classified‑leak investigation into former National Counterterrorism Center director Joe Kent, a probe that started before his March 18 resignation over the Iran war. Kent, a retired Green Beret and Trump ally, is accused of sharing...
Taming the Threat Beast: Building a Threat-Led Cybersecurity Program
A threat‑led cybersecurity program shifts focus from sheer data volume to relevance, enabling organizations to prioritize the threats that truly affect their business. The piece cites a Google Cloud study showing 61 % of security professionals feel overwhelmed by threat feeds...
Global Cybercrime Crackdown: Over 373,000 Dark Web Sites Shut Down
Operation Alice, a March 2026 Europol‑led initiative, dismantled the largest known network of fraudulent dark‑web platforms, shutting down over 373,000 sites that hosted child sexual abuse material and cyber‑crime‑as‑a‑service tools. German authorities identified the platform’s operator and, together with 22...
University College of Dublin Staff Member Due in Court over Accessing Student Data
A University College Dublin employee in his 50s has been arrested and charged for unlawfully accessing student records, appearing in court today. The investigation, led by Ireland's Garda Síochána, uncovered unauthorized database queries that exposed personal information of dozens of...
Bots to Outpace Humans Online by 2027
Online bot traffic will exceed human traffic by 2027, Cloudflare CEO says | TechCrunch https://t.co/WGWoAMpWVy
Jaguar Land Rover's Cyber Bailout Sets Worrying Precedent, Watchdog Warns
The UK government provided Jaguar Land Rover with a £1.5 billion loan guarantee after a ransomware attack that the Cyber Monitoring Centre estimates cost up to £1.9 billion to the British economy. The cyber watchdog warned that rescuing a single firm without clear criteria...
5 Best Password Managers for Teams (Free & Paid) in 2026
The updated 2026 guide ranks the five best password managers for teams, naming Dashlane as the overall leader, Keeper for enterprise, 1Password for small teams, Bitwarden as the top open‑source option, and Enpass for third‑party cloud storage. It highlights that...
Fake Interactive Zoom Call Leads to Malicious ScreenConnect Download
Security researchers discovered a novel phishing campaign that uses a fake, interactive Zoom call to trick users into downloading a malicious update. The lure relies on AI‑generated JavaScript to mimic a glitchy Zoom meeting, directing victims to a counterfeit Microsoft...
UK Cyber Monitoring Centre Plans Expansion in US Amid Risk of Category 5 Attack
The UK Cyber Monitoring Centre (CMC) is preparing a US‑based operation to quantify the financial fallout of cyber incidents, targeting a 2027 launch after proving its model in Britain. In its first year, the CMC rated two 2025 attacks –...
Oracle Pushes Emergency Fusion Middleware Patch
Oracle released an out‑of‑band emergency patch for a critical pre‑authentication remote code execution vulnerability (CVE‑2026‑21992) affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw, located in the Fusion Middleware REST and security components, is easily exploitable and resembles...
Linux Kernel Scale Is Swamping an Already-Flawed CVE System
The Linux kernel became a CVE Numbering Authority in 2024, prompting a policy shift that assigns identifiers to virtually every defect. In 2025 the kernel topped vulnerability lists with over 48,000 CVEs, flooding security feeds with low‑impact and theoretical issues...
Cybersecurity Isn’t Just a Safeguard — It Can Help Businesses Perform Better
A new study by Binghamton University’s School of Management examined conference‑call transcripts of top‑tier U.S. public firms from 2000 to 2023 and found that explicit cybersecurity readiness signals boost financial performance. The researchers used a keyword‑driven algorithm to measure how...
Rapid7 Enhances Exposure Command with Runtime Validation and DSPM for Risk Analysis
Rapid7 has added runtime validation and Data Security Posture Management (DSPM) to its Exposure Command platform, turning continuous assessment into continuous validation. The new features use eBPF‑based sensors and AI to identify which cloud vulnerabilities and misconfigurations are actively exploitable...
Listed Firms Risk 30% Share Plunge Amid Rising Cyber Attacks
JSE‑listed companies face the risk of a 30% share‑price plunge after a cyber‑attack, as weekly cyber incidents in South Africa jumped 36% year‑on‑year to 2,145. Response speed dramatically influences losses: incidents contained within hours limit share erosion to 4%, while...
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
A coordinated defacement campaign has compromised over 7,500 Magento sites in just three weeks, leveraging an unauthenticated file‑upload flaw across Open Source, Enterprise and B2B deployments. Threat actors are posting plaintext files, often bearing the handle “Typical Idiot Security,” to...
GUEST ESSAY: Executives Trust AI Security Even as Security Teams Confront Blind Spots, New Risks
Recent Manifest Cyber research reveals a stark confidence gap: 80% of executives believe their AI systems are well‑secured, while just 40% of application security practitioners share that view. The study also found that 63% of organizations have uncovered “shadow AI”—unaudited...
FBI Probes Ex‑NCTC Director Joe Kent Over Alleged Classified Leak Amid Iran War Fallout
The FBI’s Criminal Division opened a probe into former National Counterterrorism Center director Joe Kent for suspected leaks of classified material, a case that began before his resignation in protest of the U.S.‑Israel‑driven strike on Iran. The investigation has sparked...
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial intelligence is empowering cybercriminals to craft hyper‑personalized phishing, automate credential abuse, and generate adaptive malware that mimics legitimate user behavior. Traditional rule‑based and signature‑based defenses struggle because AI‑driven attacks operate within normal activity thresholds and continuously evolve their code....
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Langflow, a widely used open‑source AI workflow builder, disclosed a critical remote code execution flaw (CVE‑2026‑33017) with a CVSS score of 9.3. The vulnerability affects an unauthenticated POST endpoint that processes a ‘data’ parameter, allowing attackers to inject Python code...
Delve's Compliance Certificates Exposed as Fraudulent and Worthless
Damning evidence suggesting that compliance certificates issued by Delve (a startup founded in 2023) are fraudlent + worthless I never understood how eg Cluely could be GDPR, SOC2, HIPAA compliant in ~a week. Now we know: they probably aren't. Just wild https://t.co/XoUjOBAUSD https://t.co/eaqLo0nAJS
Android Malware Campaign Targets Indian Users via Fake eChallan Alerts
CERT-In has warned of a coordinated Android malware campaign that lures Indian vehicle owners with fake eChallan and RTO challan SMS alerts. The messages direct users to download malicious APKs such as "RTO Challan.apk," which act as droppers for multi‑stage...
Semgrep Multimodal Brings AI Reasoning and Rule-Based Analysis to Code Security
Semgrep unveiled Multimodal, a hybrid system that merges its deterministic Pro engine with large‑language‑model reasoning to boost code‑security detection. The solution claims up to eight times more true positives and a 50% reduction in noise compared with LLM‑only scans, already...
ConductorOne Unveils AI Access Management to Accelerate Secure, Compliant AI Adoption
ConductorOne launched AI Access Management, a unified control plane that governs access to AI tools, agents, and managed connectivity points across enterprises. The solution lets employees request AI services and be provisioned in under 60 seconds while IT retains full...
Clean up Your Digital Clutter or Face the Risks, Firms Warn
South African firms are warned that unchecked digital clutter—dubbed “data toxicity”—is costing millions and exposing them to security breaches. Experts from Integrity360 and KnowBe4 Africa argue that redundant, obsolete (ROT) data inflates cloud storage fees, increases cognitive load, and creates...
Bonfy ACS 2.0 Helps Organizations Control Data Use in AI Environments
Bonfy.AI unveiled Bonfy Adaptive Content Security (ACS) 2.0, a platform that extends enterprise data protection to AI agents, copilots, and generative applications across cloud, SaaS, and on‑premises environments. The solution adds real‑time, context‑aware controls—including a data‑in‑use guardrail, browser extension for...
U.S. Shuts Down Websites Behind Iran-Linked Cyber Attacks and Death Threats
The U.S. Justice Department seized four domains—Justicehomeland.org, Handala‑Hack.to, Karmabelow80.org and Handala‑Redwanted.to—allegedly operated by Iran’s Ministry of Intelligence and Security. Investigators say the sites acted as fake hacktivist fronts that claimed cyberattacks, published stolen data and issued death threats against journalists,...
Everything You Need to Know About Online Fraud
Online fraud, encompassing financial scams and identity theft, surged as pandemic‑driven digital adoption expanded across banking, retail, and services. In South Africa, criminal syndicates generated between R200 billion and R300 billion in annual losses, with banking fraud alone exceeding R3.3 billion in 2023....
Blockchain Boosts Data Security for Modern Enterprises
How to Use #Blockchain for Enhanced #Data Security by @antgrasso #CyberSecurity #Infosec #IT #Technology https://t.co/3ayIWGHho2
Friendly Cyber Fire: How Much Did NotPetya Cost Russia?
The NotPetya ransomware attack of June 2017 generated an estimated $10 billion in worldwide economic losses, affecting governments, utilities, and multinational corporations. Recent analysis estimates that Russian entities—most notably Sberbank, Rosneft, and other domestic firms—absorbed roughly $245 million of that damage, a...
Perseus Android Malware Targets Mobile Banking Users via Fake IPTV Apps
Researchers at ThreatFabric have uncovered a new Perseus Android malware variant that masquerades as IPTV streaming apps to infiltrate smartphones. The strain builds on Cerberus and Phoenix code, leveraging Accessibility Services to stealthily control devices, scan note‑taking apps, and overlay...
Exabeam Adds MSSP Commercial Framework to APEX Partner Program
Exabeam has introduced a dedicated commercial framework for managed security service providers within its APEX partner program. The new structure replaces fragmented licensing with a single pooled licence for high‑volume, multi‑tenant deployments and a federated subscription model for region‑specific isolation....