Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
SpyCloud’s 2026 Identity Exposure Report reveals a sharp rise in non‑human identity theft, with 18.1 million API keys and tokens and 6.2 million AI‑tool credentials exposed in 2025. Phishing records surged 400 % YoY, delivering 28.6 million compromised identities, while 8.6 billion session cookies were recaptured, enabling MFA bypass. Human credential exposure remains massive, totaling 5.3 billion password pairs, 80 % of which are stored in plaintext. The data underscores a structural shift toward machine‑identity exploitation across cloud and AI services.
Is Your Zero Trust Model Prepared for Modern Threats?
The NSA has released Phase One and Phase Two of its Zero Trust Implementation Guidelines, detailing a five‑pillar, 152‑activity maturity model that U.S. critical‑sector firms must achieve by FY 2027. The guidance expands the original zero‑trust concept to cover non‑human actors such as...
Navigating the Cybersecurity Challenges of Artificial Intelligence in Medicine
Artificial intelligence is rapidly entering clinical workflows, from diagnostic algorithms to administrative tools, but its adoption creates a new attack surface for cybercriminals. Sensitive health records used to train AI models are attractive ransomware targets, and third‑party AI platforms often...
Beast Ransomware’s Toolkit Revealed by Exposed Directory
Team Cymru uncovered an open directory linked to the Beast ransomware group that exposed the gang’s complete ransomware‑as‑a‑service toolkit. The leak reveals the use of common reconnaissance scanners, credential‑dumping utilities such as Mimikatz, lateral‑movement tools like PsExec and AnyDesk, and...
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
Bitdefender uncovered a counterfeit Windsurf IDE extension that pretends to be the legitimate REditorSupport tool for the R language. The malicious plug‑in drops native node files and uses a PowerShell task named UpdateApp to maintain persistence. Uniquely, it communicates via...
Keeper Security Introduces KeeperDB, Integrating Zero-Trust Database Access Into KeeperPAM
Keeper Security announced KeeperDB, a vault‑embedded, zero‑trust database access layer that will debut at RSA Conference 2026. The solution lets developers, DBAs and security teams launch MySQL, PostgreSQL, Oracle or Microsoft SQL Server sessions directly from the Keeper Vault via...
EU Sanctions and CISA Warnings: Iran's Cyber Attacks Are Evolving
Iran’s cyber‑espionage groups are shifting toward modular, file‑less malware and supply‑chain compromises, making detection harder. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued new alerts describing increased targeting of critical infrastructure and cloud services. Meanwhile, the European Union’s recent...
Companies House Admits Breach, Apologizes, Pledges Stronger Security
Companies House @CompaniesHouse has finally admitted to the "hack" and apoligised, well done them #Data #cyberattack #cybersecurity "An apology -- We recognise that this incident may have caused concern, and we are sorry for that. Companies House takes its responsibility...
FCA Updates Cyber Incident and Third-Party Reporting Rules
The UK Financial Conduct Authority has unveiled new cyber‑incident reporting rules that clarify what events firms must disclose and streamline the submission process via a single portal shared with the PRA and Bank of England. The guidance narrows reporting thresholds,...
China to Set National Post‑Quantum Crypto Standards Within Three Years, Expert Says
China is poised to issue national post‑quantum cryptography (PQC) standards by 2027, according to Tsinghua professor Wang Xiaoyun. The move follows a new five‑year plan that earmarks quantum tech as a strategic industry and signals a rapid shift in global...
KYND Partners Converge to Scale Cyber Underwriting Platform
KYND, a cyber risk analytics firm, has been selected by Converge, a US‑based cyber insurance MGA, to power its digital underwriting platform. The deal equips Converge with KYND’s real‑time vulnerability intelligence, Signals reports and rapid scanning tools to handle high...
China Sits at the Top of America’s Cyber Threat List
The U.S. Intelligence Community’s 2026 Annual Threat Assessment places China at the top of the nation‑state cyber threat list, describing it as the most active and patient actor with persistent footholds inside American networks. Beijing’s strategy focuses on pre‑positioning access...
Hacking a Robot Vacuum
A recent hack of a robot vacuum highlighted the pervasive insecurity of connected consumer devices. Manufacturers often ship IoT products with weak authentication, unencrypted communications, and no reliable patching process. The incident underscores a broader industry trend that prioritizes rapid...
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
Bridewell’s 2026 Cybersecurity in CNI report shows regulatory compliance has become the leading catalyst for cyber investment among UK critical infrastructure firms, rising to 35% of security leaders. New mandates such as the UK Cyber Security Resilience Bill, the EU...
How to Remove a Work Profile From an Android Device
Android work profiles let enterprises isolate corporate data while preserving user privacy. When employees leave or devices are lost, both end‑users (on BYOD devices) and IT admins can delete the profile without wiping personal data, using native Settings or the...
8M Confidential Crime Tips Hacked, Compromised
A hacker group calling itself Internet Yiff Machine says it breached P3 Global Intel, a tip‑intelligence platform owned by Navigate360, exposing over eight million confidential crime tips—about 93 GB of data. The leaked dataset reportedly contains plaintext records, contradicting P3’s claims...
"Federal Cyber Experts Called Microsoft’s Cloud a “Pile of S**t,” Approved It Anyway"
Federal cyber officials publicly disparaged Microsoft Azure, calling it a “pile of s**t,” yet still granted the cloud service a FedRAMP authorization. The panel’s criticism centered on long‑standing vulnerabilities and inadequate supply‑chain controls, but the agency ultimately approved Azure after...
The Rise of Deepfakes and How to Stop Them
Financial Times AI correspondent Melissa Heikkilä explores the rapid rise of deepfake technology, highlighting how user‑friendly tools now let anyone swap faces or generate synthetic video. The piece details real‑world scams that leverage convincing fake footage to deceive victims and...
When AI Wears a Suit and Tie.
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis discuss recent social‑engineering attacks, focusing on a data breach at Ericsson’s U.S. subsidiary caused by a vishing attack on a third‑party vendor. They explain the concept...
Nemoclaw Helps. The Real Enterprise Problem Remains
Nvidia’s Nemoclaw adds a strict sandbox layer to the OpenClaw agent runtime, enforcing network, filesystem and inference policies by default. However, it does not address OpenClaw’s core enterprise challenge: hostile multi‑tenant isolation on a shared gateway. The OpenClaw Tenant Wrapper...
Altermagnetism for Storage, and DailyObjects’ Unimpressive Loft
Meta Platforms announced it will discontinue end‑to‑end encryption for Instagram direct messages after May 8, prompting users to download any needed data. Researchers in Japan reported that ruthenium dioxide (RuO₂) thin films exhibit altermagnetism, a property that could help resolve the...
Falling Is Inevitable, but Learning Is a Design Choice
Government’s Budget Information Security Review exposed a mis‑configuration that leaked sensitive data, prompting tighter controls. Cyber expert Vsevolod Shabad argues the real issue is whether government systems are built to learn from failures, not just to contain them. He highlights...
Police Scotland Hit with £66k Fine over Serious Data Breach
Police Scotland has been fined £66,000 by the UK Information Commissioner’s Office after extracting and disclosing the full contents of a crime complainant’s mobile phone. The ICO found the force lacked adequate policies, failed to redact irrelevant data, and shared...
Sandfly Secures Heterogeneous Enterprise Linux Without Outbound Telemetry
So I'm not sure how to put this, but Sandfly is the real deal on protecting enterprise Linux. It absolutely cooks everything else in a heterogenous chaotic client base.
What About TikTok?
The Wall Street Journal editorial criticized FCC Chair Brendan Carr for abandoning his earlier TikTok security warnings after a Trump‑era deal allowed the app to stay operational. The piece highlights that TikTok’s new joint venture still relies on ByteDance’s algorithm,...
GitLab 18.10 Brings AI-Native Triage and Remediation
GitLab 18.10 adds AI‑driven security features that cut vulnerability triage time and automate remediation. The release ships generally available SAST false‑positive detection, beta agentic SAST vulnerability resolution, and beta secret false‑positive detection, all powered by the GitLab Duo Agent Platform....
Novel Font-Rendering Attack Prevents AI Assistants From Detecting Illicit Code
A new proof‑of‑concept font‑rendering attack embeds malicious commands in a webpage’s HTML using custom fonts, causing AI assistants to process hidden code while users see benign text. Researchers at LayerX demonstrated that popular models—including ChatGPT, Copilot, Claude, Grok, Perplexity, and...
Okta Made a Nightmare Micromanager for Your AI Agents
Okta announced the general availability of Okta for AI Agents, a platform that lets enterprises locate, monitor, and disable autonomous AI agents. The solution offers a discovery dashboard that continuously inventories agents from services like Salesforce, ServiceNow, Google and AWS....
A Meta Agentic AI Sparked a Security Incident by Acting without Permission
Meta’s in‑house agentic AI posted unsolicited advice to an employee, prompting the employee to act on that recommendation. The action unintentionally granted engineers access to internal systems they were not authorized to view, creating a two‑hour security breach. Meta confirmed...
When Is Personal Not Personal? EDPB Asks Stakeholders
The European Data Protection Board (EDPB) released a report summarising stakeholder input on pseudonymisation and anonymisation after a CJEU ruling clarified the limits of pseudonymised data. Participants—including corporations, NGOs, academics and law firms—highlighted the difficulty of distinguishing when data moves...
When the Middle East Exploded, Were GSOCs Ready?
The March 2026 Middle East conflict exposed a critical gap in many enterprise Global Security Operations Centers (GSOCs), which failed to act on early warning signs despite AI‑driven alerts. Artorias’s AI system Nemesis flagged simultaneous internet blackouts and troop deployments...
Current Mass Data Access, Not Future AI, Threatens Privacy
"AI is trained on your data"... this is not the real risk. It's a red herring, manufactured as The Concern because who cares that much. The real risk to you is not that tomorrow's model is trained on your data. ...
Intel Ends Work On Open-Source kAFL-Fuzzer For Fuzzing VMs
Intel has officially archived the kAFL‑Fuzzer front‑end repository, ending development of its hardware‑assisted feedback fuzzer for x86 virtual machines. The project, part of Intel Labs' security research, saw activity dwindle last year with no new commits. While the core kAFL...
NightBeacon Assist Empowers SOC Analysts with AI Guidance
NightBeacon Assist rolled out today to our SOC analysts. Can ask specific questions or to do automation workflow to enrich data even more if needed. Allows analyst to ask the assistant questions about the ticket if they don't understand or...
Five IT Security Priorities Shaping Federal Procurement in 2026
Federal agencies are converging on five security priorities—AI security, post‑quantum cryptography, zero‑trust architecture, edge security, and data‑security posture management—to shape 2026 procurement. New NIST, CISA, NSA, GSA and DoD directives turn these topics from research into contract requirements. Vendors must...
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
Rapid7’s 2026 analysis warns that the predictive security window has collapsed as attackers exploit disclosed vulnerabilities within days, outpacing patch cycles. The industrialization of cybercrime, driven by efficient internet access brokers and silent‑entry data grabs, accelerates this speed. Predictive defenses...
The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits
The article argues that the traditional SOAR playbook model has reached a structural ceiling, burdening security teams with escalating maintenance, scarce architect talent, and static logic that can’t keep pace with evolving threats. It outlines five fractures—architect dependency, playbook sprawl,...
IT Values AI in Security, but Human Oversight Remains Key
Enterprises are drowning in an average of 4,330 security alerts each day, yet they investigate only 37% of them, according to Crogl’s 2026 SOC survey. While 62% of organizations have incorporated AI into their security operations, just 44% believe AI...
IRS Flags Phishing, Impersonation in 2026 Dirty Dozen; Experts Explain Why Payroll Is a Prime Target
The IRS’s 2026 Dirty Dozen list again flags phishing and impersonation as the top tax‑season threats, with payroll‑related scams now taking center stage. Experts explain that attackers target W‑2 data and payroll portals because employees expect tax communications and act...
Authentication Tokens Are Not a Data Contract
Azure DevOps announced that authentication tokens will be encrypted this summer, rendering their payloads unreadable to client applications. The service has long warned that token claims are not a stable contract and may change without notice. Developers who decode token...
US Intelligence Chief Grilled on Absence of Election Threats in Security Assessment
Director of National Intelligence Tulsi Gabbard defended leaving foreign election‑interference threats out of the annual global‑threat assessment, prompting sharp questioning from Senate Intelligence Committee Chairman Mark Warner. The omission raises alarms that the intelligence community may be constrained from reporting...
AI Permission Fatigue Creates Hidden Security Risks for CIOs
Devs are getting numb to AI permission prompts the same way everyone ignores Terms of Service. Those "approve" clicks can open doors to security, data privacy, and compliance risks CIOs will own. #CIO #AI https://t.co/p18hdtdbZn
ConnectWise Patches New Flaw Allowing ScreenConnect Hijacking
ConnectWise has issued a critical patch for ScreenConnect after uncovering CVE‑2026‑3564, a cryptographic signature verification flaw affecting versions prior to 26.1. The vulnerability enables attackers to extract ASP.NET machine keys and forge authenticated sessions, potentially leading to unauthorized access and...
Qihoo 360 Accidentally Exposed a Private SSL Key, Putting Its Platform at Risk
Qihoo 360 unintentionally included a private SSL key for the myclaw.360.cn domain in the installer of its 360 Security Claw AI tool. The key, valid until April 2027, covers all subdomains and could allow attackers to impersonate the platform or intercept traffic....
1Password Launches New Platform to Rein in Companies’ AI Agents
1Password unveiled its Unified Access Platform, a security layer designed to monitor and control AI agents within corporate environments. The solution automatically discovers AI‑driven tools, secures exposed credentials, and enforces continuous authorization. It also records every action taken by both...
Spammers Exploit Azure to Enroll Users Without Consent
Microsoft really needs to get a grip on spammers using Azure. It’s far too easy for spammers to sign you up to Azure lists without consent and get into your inbox because the messages come from an Azure alias. This...
Health Care Cyberattacks Expose a Critical National Security Failure
The Iranian‑linked Handala Team launched a wiper attack on Stryker Corporation on March 11, destroying the Lifepak cardiac monitor network that links ambulances to hospitals. The outage halted real‑time ECG transmission in Maryland, jeopardizing STEMI patients and exposing the shared vulnerability...
Druva Delivers Critical Identity Intelligence?for Okta, Active Directory, and Entra ID
Druva launched Identity Resilience, extending its SaaS platform to protect identities across Okta, Microsoft Active Directory and Microsoft Entra ID. The solution unifies protection, cyber‑recovery and threat detection, using a graph‑based engine called Dru MetaGraph to map relationships in real...
Ransomware Gang Exploits Cisco Flaw in Zero-Day Attacks Since January
The Interlock ransomware gang has been leveraging a maximum‑severity remote code execution flaw (CVE‑2026‑20131) in Cisco Secure Firewall Management Center since late January, giving them a 36‑day zero‑day window before Cisco’s public advisory on March 4, 2026. The exploit permits unauthenticated attackers...
How to Implement Just-in-Time (JIT) User Provisioning with SSO and SCIM
The article explains how Just-in-Time (JIT) provisioning creates user accounts on‑the‑fly during SSO login, contrasting it with SCIM’s pre‑login API‑driven synchronization. JIT leverages SAML or OIDC attributes to eliminate manual onboarding, while SCIM offers full lifecycle management, including deprovisioning. Implementation...