Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
How to Implement Just-in-Time (JIT) User Provisioning with SSO and SCIM
The article explains how Just-in-Time (JIT) provisioning creates user accounts on‑the‑fly during SSO login, contrasting it with SCIM’s pre‑login API‑driven synchronization. JIT leverages SAML or OIDC attributes to eliminate manual onboarding, while SCIM offers full lifecycle management, including deprovisioning. Implementation steps include configuring SSO, mapping IdP attributes, checking for existing users, and dynamically creating accounts. The author recommends a hybrid model that pairs JIT’s speed with SCIM’s control for enterprise‑grade identity systems.
Fortinet’s AI-Driven Defense for a Machine-Speed Era
At Fortinet Accelerate 2026, the company unveiled FortiOS 8.0 and previewed FortiSOC, its cloud‑delivered Security Operations Platform. The new OS adds AI‑aware controls, deep OCR‑based DLP, expanded SASE capabilities and built‑in post‑quantum cryptography to protect the growing shadow‑AI surface. FortiSOC consolidates...
Blackwired’s ThirdWatch: Powering Operational Resilience with Cyber Intelligence
Blackwired’s ThirdWatch platform aims to transform cyber‑threat intelligence into actionable operational‑resilience insight for financial institutions. It addresses the systemic risk exposed by the 2023 MOVEit Transfer breach, where a single third‑party vulnerability compromised hundreds of firms. Leveraging Direct Threat Intelligence,...
When the Atom Becomes the Target: Poland’s Nuclear Research Centre Repels a Cyberattack
On March 12, 2026 Poland’s National Centre for Nuclear Research (NCBJ) thwarted a cyber intrusion targeting its IT network. The breach was identified and contained before any disruption to the MARIA research reactor or ongoing scientific work. Preliminary analysis points...
DarkSword iPhone Spyware Threatens Up to 270 Million Devices
Google, iVerify and Lookout disclosed a new iPhone exploit called DarkSword that can silently hijack iOS 18.x devices, potentially compromising 220‑270 million iPhones. The tool, left exposed on Ukrainian websites, can exfiltrate personal data and cryptocurrency wallet credentials.
Threat Actors Target the Entire Retail Supply Chain
Black Kite’s 2026 report warns that threat actors now view wholesalers and retailers as a single, highly interconnected organization, exposing the entire retail supply chain to systemic cyber risk. Over 70% of major retailers, nearly 60% of wholesalers, and more...
Descope's Agentic Identity Hub Secures AI Agent Access
Looking for bulletproof security for AI agent access? @DescopeINC just changed the game with their Agentic Identity Hub 🔥 → MCP server authentication backing OAuth 2.1, PKCE, DCR, and CIMD → A secure vault stocked with 50+ templates and short-lived tokens → Strictly scoped,...
Specialized DNS Proxy Needed for Detecting Beacon
I work up thinking about this and think I’m going to update my agent framework to use traffic inspection proxy that only allows specific domain names for DNS. There are other reasons you might want to do that which I’ve...
Technical Analysis of SnappyClient
In December 2025 Zscaler ThreatLabz uncovered SnappyClient, a C++‑based command‑and‑control implant delivered through the HijackLoader dropper. The malware provides screenshot capture, keylogging, remote terminal access, and browser data theft while employing multiple evasion methods such as an AMSI bypass, Heaven’s...
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
Researchers at Oasis Security uncovered a trio of vulnerabilities in Anthropic's Claude AI that can be chained into a full‑scale attack dubbed “Claudy Day.” The chain combines an invisible prompt‑injection via URL parameters, an open‑redirect flaw, and a data‑exfiltration route through...
GuardDog Telehealth Accesses Sensitive Medical Records Under False Pretenses
GuardDog Telehealth admitted to accessing patient medical records under false pretenses, claiming treatment needs while actually selling the data to law firms. The lawsuit, supported by Epic and Health Gorilla, alleges the use of sham providers to request records from...
AI Drives Cybersecurity Consolidation Around Data‑Rich Platforms
AI is forcing a shift in cybersecurity - here’s who benefits 👇 AI accelerates attacks and expands the surface area. At the same time, it’s forcing consolidation around platforms with data, scale, and automation. Investing
Hire Experienced Tech Auditor for Healthcare Apps, HIPAA Compliance Critical
If you are vibe-coding apps for the healthcare sector I beg you - pay a deeply experienced technologist to audit it before anyone uses it. hipaa laws are no joke. I’ve personally been through the compliance audits, defending our encryption...
Marquis Says over 672,000 People Had Personal and Financial Data Stolen in Ransomware Attack
Fintech firm Marquis disclosed that a ransomware attack in August 2025 exposed personal and financial data of 672,075 individuals, the most comprehensive figure released to date. The stolen information includes names, dates of birth, addresses, Social Security numbers, and bank,...
Cursor AI Offers Reusable Security Templates, Sparks Trust Debate
A new release from @cursor_ai turns its internal security agents into reusable templates teams can deploy themselves. For developers, that could mean continuous security checks — but it raises questions about trusting AI to review code. 🔗Story here: https://t.co/yp2DZC9LrL https://t.co/ugKk1HaKki
Most Firms Ignore AI Tool Security, Risking Breaches
66% of orgs see AI’s impact on cyber, but only 37% check tool security before deployment. Personal agents like OpenClaw are brilliant productivity boosters—and a CISO’s worst nightmare. Don't be a statistic: https://t.co/KfaNBOyWmm #CIO #CISO #AI #Agentic #Cybersecurity #RSAC2026
Dropzone AI Releases Autonomous Threat Hunting Agent for Continuous SOC Detection
Dropzone AI unveiled its AI Threat Hunter, an autonomous agent that conducts continuous threat‑hunting across an organization’s security stack. The tool offers one‑click access to 250+ pre‑built hunt packs or custom objectives, completing federated searches in 60‑90 minutes that would...
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
Okta Threat Intelligence dismantled the ShieldGuard browser extension, a fraudulent crypto‑security tool that harvested user data. The extension collected wallet addresses, transaction histories, and browsing activity from platforms like Binance, Coinbase, and MetaMask, and executed remote code via a command‑and‑control...
Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", Yet Approved It
Federal reviewers harshly criticized Microsoft’s Government Community Cloud High (GCC High), calling it a “pile of shit” due to missing security documentation and unclear encryption practices. Despite these concerns, the FedRAMP program granted the cloud suite an authorization, effectively giving it...
Commvault Extends Enterprise Resilience to Structured and AI Data with Real-Time Governance Controls
Commvault announced an expansion of its Cloud platform to include data security posture management for structured data and real‑time access governance, leveraging its recent acquisition of Satori. The new features automatically classify sensitive information, monitor usage of structured and vector...
‘75M Salesforce Records Exposed’ in Loblaw Breach: Hacker’s Deadline Approaches
Canada's largest grocer, Loblaw, disclosed a data breach affecting an estimated 75.1 million Salesforce records, 19.3 million Oracle IDCS identities, and additional datasets. The breach, discovered on a non‑critical network segment, exposed names, phone numbers and email addresses but no...
Adaptiva Introduces Aida, an Enterprise-Safe AI Advisor for Autonomous Endpoint Management
Adaptiva unveiled Aida, an enterprise‑safe AI advisor that lets IT and security teams query endpoint data in plain English and receive instant dashboards, charts, and risk insights. Designed for environments with hundreds of thousands of devices, Aida leverages Adaptiva’s autonomous...
Backslash Adds Cross-Product Support to Secure AI Skills in Developer Environments
Backslash Security announced cross‑product support for agentic AI Skills, giving organizations the ability to discover, assess, and govern Skills across AI‑native development environments. The new capability adds centralized visibility of Skills, Model Context Protocol servers, plug‑ins and prompt rules, allowing...
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
Refund fraud has morphed into a structured underground market where actors sell step‑by‑step tutorials and services for exploiting retailer return and payment dispute processes. Flare researchers analyzed 3,686 posts, uncovering a commercial ecosystem pricing guides between $50 and $300 and...
Menlo Security Delivers Unified Governance and Threat Prevention for AI Agents and Humans
Menlo Security introduced a Browser Security Platform designed to protect both human users and autonomous AI agents that operate within the browser, now treated as the enterprise operating system. The solution embeds a unified control plane that enforces machine‑speed governance,...
Second iOS Exploit Kit Now in Use by Suspected Russian Hackers
Researchers have identified a second mass‑scale iOS exploit kit, DarkSword, linked to suspected Russian actors. The kit targets devices running iOS 18 or earlier, potentially affecting up to 270 million iPhones, and can steal passwords, crypto wallets, and messages. It exploits Apple’s...
Nordstrom's Email System Abused to Send Crypto Scams to Customers
Nordstrom customers received fraudulent emails appearing to come from the retailer’s official address, promoting a St. Patrick’s Day cryptocurrency “double‑your‑deposit” scheme. The messages were sent through Salesforce Marketing Cloud after an Okta‑SSO compromise and promised a 200% return within two hours,...
Graylog Advances Explainable AI and Automated Workflows for Faster Threat Detection
Graylog announced AI‑driven security automation at RSA, introducing explainable AI threat prioritization, agentic workflows via its open MCP Server, and a Spring 2026 release that auto‑launches investigations when asset risk exceeds thresholds. The threat prioritization engine aggregates alerts using entity context,...
America Is Digitally Fragile — and Our Adversaries Know It
The opinion piece warns that America’s critical infrastructure has become digitally fragile, with adversaries like China embedding persistent footholds in water, energy, telecom and port systems. U.S. cyber strategy remains episodic and reactive, allowing hostile actors to pre‑position capabilities before...
7 Tech Companies Worth Trillions Pledge $12.5m to Open Source Security
Seven trillion‑valued tech giants—including Google, Microsoft, Amazon, Meta, Apple, IBM, and Oracle—have jointly pledged $12.5 million to bolster open‑source security. The grant program will fund projects that help maintainers filter out low‑quality, AI‑generated bug reports and prioritize genuine vulnerabilities. By creating...
Firefox Is Getting a Free Built-In VPN
Mozilla announced that Firefox 149, releasing on March 24, will embed a free built‑in VPN. The service will route browser traffic through a proxy, masking users' IP addresses, and initially provides 50 GB of data per month to users in the United States,...
SpecterOps Adds Okta, GitHub and Mac Coverage to BloodHound Enterprise Platform
SpecterOps announced that its BloodHound Enterprise platform now includes coverage for Okta, GitHub and Mac (Jamf) environments, adding OpenGraph extensions to map identity‑based attack paths across hybrid systems. The release introduces privilege‑zone analysis for multi‑tier least‑privilege enforcement, bring‑your‑own‑key encryption support,...
Torq Unveils Agentic Builder to Automate Security Workflows From Natural Language Intent
Torq Ltd. introduced Agentic Builder, an AI‑driven add‑on to its SOC platform that converts plain‑language security intents into fully tested, production‑ready workflows and custom AI agents. The system leverages the Torq Socrates engine for validation and continuous performance monitoring, enabling...
Manifold Raises $8M to Secure Autonomous AI Agents on Enterprise Endpoints
Manifold, an AI detection and response startup, announced an $8 million seed round led by Costanoa Ventures to develop its endpoint security platform for autonomous AI agents. The solution monitors agent behavior on employee devices, capturing API calls, file access, and...
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Researchers from Jscrambler allege that Meta and TikTok advertising pixels harvest extensive personal and financial data from users who click ads, even when users explicitly opt out. The pixels collect PII, credit‑card details, and granular shopping‑flow information, running before consent...
SideWinder Espionage Campaign Expands Across Southeast Asia
The India‑linked SideWinder APT group has broadened its espionage campaign into Southeast Asia, adding Indonesia and Thailand to its target list. Researchers note the group continues to use low‑complexity intrusion methods—government‑audit phishing, stolen credentials, and DLL hijacking—while rotating domains and...
The Fate of Agentic Commerce Hinges on an Elusive Resource: Trust
In this episode, Rima Katz and experts from FinScan and Javelin Strategy discuss how trust in payments is shifting from post‑transaction reassurance to real‑time verification, especially as agentic AI begins to act on behalf of consumers. They explore the technical...
This Free Privacy Tool Makes It Super Easy to See Which Sites Are Selling Your Data
Global Privacy Control (GPC) is a free, browser‑based signal that lets users automatically opt out of companies selling their personal data. Major browsers such as Brave, DuckDuckGo, and the Firefox Nightly build now include GPC natively, while extensions like OptMeowt...
The 350 Million Problem: Securing the Businesses No One Else Will
In this episode of the Resilient Cyber Show, Sophos CEO Joe Levi discusses the massive gap in cybersecurity leadership, noting that only about 32,000 CISOs exist for roughly 359 million global businesses. He explains how Sophos addresses the underserved SMB market...
Corelight’s Agentic Triage Turns SOC Alerts Into Evidence-Backed Investigations
Corelight unveiled Agentic AI capabilities for security operations centers, highlighted by Agentic Triage—a GenAI‑driven workflow that consolidates alerts into entity‑centric investigations and delivers evidence‑backed verdicts up to ten times faster. The solution exposes every playbook step, query, and data point,...
TrojAI Unveils New Capabilities to Secure Agentic AI Beyond the Prompt Layer
TrojAI introduced three major capabilities to protect enterprise‑grade agentic AI, extending security beyond the prompt layer. The new Agent‑Led AI Red Teaming automates multi‑turn attacks using coordinated autonomous agents and maps findings to OWASP, MITRE and NIST frameworks. Agent Runtime...
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
A critical vulnerability (CVE‑2026‑32746) in GNU InetUtils telnetd allows unauthenticated remote attackers to achieve root‑level code execution via a buffer overflow in the SLC sub‑option handler. The flaw affects all telnetd versions up to 2.7 and carries a CVSS score...
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
Researchers at Howler Cell have identified a new .NET Ahead‑of‑Time (AOT) compiled malware that strips metadata, turning the malicious binary into a black‑box that evades traditional security scanners. The infection chain begins with a phishing ZIP, delivering a downloader that...
Polygraf AI Launches Desktop Overlay for Real-Time AI Behavior Control in Enterprise Operations
Polygraf AI unveiled Desktop Overlay, a real‑time compliance assistant that monitors user input at the desktop level. The edge‑deployed overlay flags sensitive information within 100 ms using on‑premise small language models, requiring only modest CPU and memory resources. Pilot results showed...
5 Common Signs of Email Fraud
The post outlines five tell‑tale signs that an email is likely fraudulent, including urgent language, mismatched sender addresses, unexpected attachments or links, poor spelling and grammar, and requests for personal or financial information. It emphasizes that these cues are common...
MDR Uncovers Horabot: Multi‑tool Banking Trojan Targeting Mexico
Here’s a report about a campaign targeting Mexico that our MDR team hunted down. It features Horabot – a bundle of a banking Trojan, email spreader, and complex attack-chain: https://t.co/9WytZpXEHB https://t.co/a5S98XvupC
Fear of Surveillance Leads to Increased VPN Use
A new PasswordManager survey shows that 36% of U.S. adults now use virtual private networks, making VPNs mainstream. Privacy concerns dominate, with 35% of users seeking to hide activity from the government and 65% aiming to block advertiser tracking. A...
Reco Targets AI Agent Blind Spots with New Security Capability
Reco has launched a new capability called “Reco AI Agent Security” to give enterprises visibility and control over autonomous AI agents across their SaaS stack. The tool, available from March 18, expands Reco’s existing platform to cover agents such as Microsoft...
Mondoo Announced the Launch of Agentic Managed Vulnerability Service
Mondoo unveiled its Agentic Managed Vulnerability Service, pairing AI‑driven analytics with expert security teams to deliver a 60% reduction in vulnerabilities and a mean‑time‑to‑remediation (MTTR) under 16 days. The offering includes an optional Automated Remediation Setup Service that configures instant,...
£5 Million Innovate UK Funding Competition Seeks to Drive Growth of Secure and Resilient Software Supply Chains
Innovate UK has launched a £5 million competition to accelerate secure and resilient software supply chains through the government’s Software Security Code of Practice (SSCoP). Eligible projects must request between £250,000 and £750,000, begin by August 2026 and run for 12‑18 months,...