Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
LeakNet Boosts Ransomware with ClickFix Lures, Stealthy Deno Loader
LeakNet is expanding its ransomware campaign by deploying mass‑market ClickFix lures on compromised legitimate websites and coupling them with a stealthy Deno‑based loader that runs malicious code almost entirely in memory. The ClickFix technique tricks users into executing an msiexec command, while the Deno binary decodes a base64 payload without writing files to disk. Post‑compromise actions remain consistent, featuring DLL sideloading, PsExec‑based lateral movement, and S3‑backed staging. These innovations lower acquisition costs and broaden the victim pool beyond broker‑sourced footholds.
Cayosoft Debuts Agentic AI Identity Change Controls, IR Offering at RSA 2026
Cayosoft unveiled Guardian 7.2, adding change monitoring and automated rollback for AI‑agent identities across Microsoft Entra and hybrid AD environments. The update embeds non‑human identities into existing ITDR workflows without a new dashboard. Simultaneously, the company launched an Identity Forensics...
Malwarebytes Survey Finds 90% of People Don’t Trust AI with Their Data
Malwarebytes’ latest pulse survey of 1,235 respondents shows that 90% of people fear AI systems will use their personal data without consent, while 91% back national legislation to regulate data use. The study also reveals a sharp drop in confidence,...
Blog 109a. Cybersecurity Crisis in Healthcare: When AI and Ransomware Shut Down Patient Care.
In 2026 healthcare cyberattacks escalated from IT nuisances to clinical emergencies, with ransomware and system intrusions forcing hospitals to cancel procedures and revert to manual processes. The convergence of AI-driven tools and sophisticated ransomware amplified attack vectors, making recovery slower...
Acalvio Launches 360 Deception to Break AI Attack Automation
Acalvio unveiled 360 Deception, a next‑generation cyber‑deception platform designed to break AI‑driven attack automation. The solution creates a high‑uncertainty environment by dynamically orchestrating decoys and making real assets appear deceptive, forcing attackers to reveal intent early. In a U.S. Navy...
NetLib Security Launches Winter 2026 Release with AI Enhancements
NetLib Security released Encryptionizer Winter 2026, adding support for Microsoft SQL Server 2025 and Windows Server 2025 while retaining legacy OS compatibility. The update introduces an Azure Key Vault integration via a new Key Delivery Plugin and upgrades the Encryptionizer...
How a Ukrainian Vishing Ring Stole €2M From EU Citizens — and Nearly Got Away
Latvian and Ukrainian police dismantled a vishing ring that stole about €2 million from EU citizens. The scheme used Ukrainian call‑center operators who impersonated police and bank staff, coerced victims into installing AnyDesk, and moved funds through over 170 money mules...
Hearing Targets Risks to U.S. Infrastructure From Chinese AI and Robotics Systems
On March 17, the House Subcommittee on Cybersecurity and Infrastructure Protection held a hearing to assess national‑security threats posed by Chinese artificial‑intelligence, robotics and autonomous‑sensing technologies. Lawmakers focused on firms such as DeepSeek and Unitree Robotics, warning that their systems...
NicSRS Launches sslTrus CaaS – A Powerful SSL Automation Tool for SMBs
NicSRS unveiled sslTrus CaaS, a Certificate‑as‑a‑Service platform that automates SSL lifecycle for SMBs. The service handles application, issuance, deployment, renewal and revocation for 1‑10 certificates, with optional cloud push or on‑premise clmBot agent. It includes three‑tier monitoring (CT log, OCSP,...
Exclusive: AI Cybersecurity Startup RunSybil, Founded by OpenAI’s First Security Hire, Raises $40 Million Led by Khosla Ventures
RunSybil, an AI‑driven cybersecurity startup founded by OpenAI’s first security hire, closed a $40 million funding round led by Khosla Ventures, with participation from Anthropic’s Anthology Fund, Menlo Ventures and notable angels. Its flagship AI agent, Sybil, conducts continuous autonomous penetration...
Object First to Showcase Absolutely Immutable Backup Storage at RSAC Conference 2026
Object First announced its participation at RSAC Conference 2026, where it will demonstrate its absolutely immutable on‑premises backup storage designed for Veeam environments. The solution promises lightning‑fast backups, instant recovery, and zero‑trust data resilience aimed at SMBs, ROBO sites, and...
Can You Prove the Person on the Other Side Is Real?
The article warns that by 2026 synthetic identities and deepfake technology will outpace traditional AI automation in the estate‑and‑identity space. Generative models can create fully fabricated personas that pass routine checks, allowing fraudsters to hijack legacy or deceased accounts and...
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner warns that custom‑built AI applications will consume at least half of enterprise incident‑response resources by 2028 unless security teams are involved early. The analyst urges a “shift‑left” approach to embed controls from the start and highlights a surge in...
Six Critical 5G Security Challenges as Connectivity Expands
5G’s rollout introduces unprecedented bandwidth and low latency, enabling applications from autonomous vehicles to remote surgery, but also expands the cyber attack surface dramatically. The architecture’s reliance on software‑defined networking, network slicing, and edge computing creates new vectors such as...
Artificial Insecurity: How AI Tools Compromise Confidentiality
Access Now’s March 2026 report warns that AI tools built on large language models suffer glaring security flaws that jeopardize data confidentiality, integrity and availability. Recent breaches – from DeepSeek’s exposed chat database to OpenAI’s leak of user metadata – illustrate how...
Researchers Expose Hack that Could Hand Attackers Full Control of Ship’s Engine, Navigation and Power
Maritime researchers uncovered four critical flaws in the SmartShipWeb IoT platform that let a remote attacker commandeer a vessel's propulsion, navigation, power, ballast, steering and fire safety systems directly from a web browser. The attack chain starts with a client‑side...
Apple Releases Its First-Ever Background Security Improvements Update: What Is It, How to Download and More
Apple has launched its first Background Security Improvement (BSI) update, a lightweight patching system for the latest iOS, iPadOS, and macOS releases. The initial rollout on March 17 addressed a critical WebKit vulnerability (CVE‑2026‑20643) affecting Safari’s navigation API. BSI updates...
LLMs Can Unintentionally Expose API SQL Injection Vulnerabilities
Q: When is an SQLi bug just a sparkling API? A: When you ask an LLM to grab a bunch of data from a website, and it realizes that one is there. imho, this is one of those "don't hate the finder,...
Check for “Lzcdrtfxyqiplpd” To Spot GlassWorm Malware
Step Security advises developers who install Python packages directly from GitHub or run cloned repositories to check for signs of compromise by searching their codebase for the marker variable “lzcdrtfxyqiplpd,” an indicator of the GlassWorm malware. Also init.json, i.js
INTERPOL Dismantles 45,000 Cybercrime Servers, Names Nigeria Top Ransomware Target
On Jan. 31 2026, INTERPOL concluded Operation Synergia III, a coordinated crackdown that disabled more than 45,000 malicious IPs and servers across 72 countries. The effort, which began on July 18 2025, led to 94 arrests, 212 seized devices and highlighted Nigeria as Africa’s third‑most targeted...
Autonomous AI Demands Stronger Data, Cybersecurity Governance
The State of AI in the Enterprise - 2026 AI report @deloitte Autonomous systems “heighten needs for data and cybersecurity governance. Organizations need to define where humans should remain in control, how automated decisions are audited, and which records of system...
UBS Trading Platform Hit by Brief Cyber Incident, Systems Near Restoration
UBS Group, a leading global bank, reported a brief cyber incident on Tuesday, March 17, 2026, that disrupted portions of its trading business. The bank’s global technology systems were nearly restored later that day, according to a source familiar with...
Pro‑Iran 313 Team Claims Microsoft 365 Outage, Vows New U.S. Attacks
On March 18, 2026, the Iran‑aligned hacking collective Islamic Cyber Resistance in Iraq – 313 Team claimed responsibility for a five‑hour outage of Microsoft 365 services. The group posted the claim on its Telegram channel, posted screenshots of DownDetector reports...
Poland’s National Nuclear Research Centre Thwarts Cyberattack, Keeps Reactor Safe
On March 12, 2026 Poland’s National Centre for Nuclear Research (NCBJ) confirmed that its IT infrastructure was targeted in a cyberattack that was detected and neutralized before any operational impact. The incident, coordinated with NASK‑PIB and ministries, left the MARIA...
Stryker Hit by Massive Wiper Attack Linked to Pro‑Iran Hackers, Thousands of Devices Erased
On March 11, 2026, Stryker Corporation disclosed a coordinated wiper attack that remotely erased tens of thousands of employee laptops, phones and servers worldwide. The pro‑Iran hacktivist group Handala claimed responsibility, saying the operation was retaliation for a U.S. strike...
Apple Pushes First Background Security Improvements Update to Fix WebKit Flaw
Apple has rolled out its first Background Security Improvements update to address WebKit vulnerability CVE‑2026‑20643 across iPhone, iPad, and Mac devices. The flaw allowed malicious web content to bypass the Same Origin Policy via the Navigation API, and was patched...
Cloud Storage Security Best Practices
The article outlines best‑practice controls for securing cloud storage, emphasizing enterprise‑wide identity governance, centralized telemetry, and hardened backup domains. It recommends federated authentication, automated credential rotation, and least‑privilege role mapping across providers. It also advises consolidating logs into SIEM/XDR platforms,...
Vietnam: Cybersecurity Enforcement Plan Enhances Digital Security
Vietnam's Prime Minister issued an action plan to enforce the country's Cybersecurity Law, outlining tasks, deadlines, and responsibilities for ministries and local authorities. The plan mandates a nationwide awareness campaign, specialized training for officials, and the creation of detailed guiding...
OT‑IT Divide Shrinks as Threats Demand Collaboration
Great to be in Houston last week at CS4CA. One thing that stood out immediately: the OT and IT worlds are still very different cultures. But the gap is closing quickly because the threat landscape is forcing it. The conversations here are...
AI Platforms Launch with Security, Yet Trust Gaps Remain
Five vendors. Five governance layers. Zero of them closed the agent-to-agent trust gap. New @VentureBeat: the first major AI platform to ship security at launch — and where the holes still are. https://t.co/vZmQSxSEdD #AgenticAI #AIGovernance #CyberSecurity #NVIDIAGTC #CISO #AIAgents
Top UEBA Use Cases in Enterprise Cybersecurity
User and Entity Behavior Analytics (UEBA) leverages machine‑learning to model normal activity across users, devices and applications, then flags deviations that indicate threats. By ingesting logs, configuration files and network telemetry, UEBA can spot lateral movement, compromised credentials, insider abuse,...
'Cybersecurity Vulnerability' Spurs FDA Recall of GE HealthCare Image Viewers
GE HealthCare has initiated a Class 2 FDA recall of its Centricity Universal Viewer after discovering a cybersecurity flaw that could expose user login credentials on local workstations. The vulnerability threatens system availability and data integrity, prompting an Urgent Medical Device...
/file/attachments/orphans/BMGPcyberbreach_929706.jpg)
CYBERSECURITY: Gauteng Was Lucky with Latest 3.8TB Data Breach, but the Luck Will Run Out
A ransomware‑as‑a‑service group called XP95 exfiltrated roughly 3.8 TB of data from the Gauteng Provincial Government, exposing over 3.6 million files of IDs, passports and résumés. The breach originated from an unsecured, internet‑facing scanner server rather than a phishing error. More than...
CBA Builds Two AI Agents to Boost Cyber Defences
Commonwealth Bank of Australia has deployed two custom AI agents to augment its cyber‑defence operations. The threat‑hunt agent automates up to 70% of routine investigations, shrinking a multi‑day analysis to roughly 30 minutes and even launching hunts overnight. A second...
Chainguard Thinks Most DevOps Teams Are Solving Container Security the Hard Way
Chainguard unveiled OS Packages, a beta service that lets DevOps teams assemble custom container images from zero‑CVE, source‑built packages. The offering leverages Chainguard’s Factory 2.0 pipeline to continuously rebuild over 30,000 enterprise‑grade packages and generate SBOMs automatically. Teams can use...
Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot
Researchers at Permiso discovered that attacker‑controlled text embedded in emails can manipulate Microsoft Copilot’s summarization features through cross‑prompt injection attacks. The technique can inject deceptive security alerts or malicious prompts directly into the AI‑generated summary UI, especially in Teams and...
McClellanOsc’s X Account Hacked—Exercise Posting Caution
FYI - Just heard from @McClellanOsc . His X account has been hacked. Please be careful with what may be posted until he gets it back under control. Thanks.
Is Your Clients’ Data Safe This Tax Season? Here’s What CPAs Need to Know
Tax season floods CPA firms with sensitive W‑2s, SSNs, and bank details, making it a prime target for cybercriminals. AI‑generated phishing emails now convincingly impersonate the IRS and tax‑software providers, raising the risk of credential theft and refund‑diversion scams. OpenText...
Fortify with Trenches, Reduce Attack Surface
Digging more trenches to minimize attack surfaces. Tryna be a big weiner without any exposed flanks. https://t.co/cOC49oIcJN
Uncontrolled Personal AI Agents Threaten Enterprise Security
Shadow IT just got a major upgrade. Employees are deploying "Personal Agents" with zero oversight, handing over enterprise credentials to unverified 3rd-party plugins. Are you ready for the fallout? Full story here: https://t.co/KfaNBOyWmm #CIO #CISO #AI #Agentic #Cybersecurity #RSAC2026
OpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot
OpenClaw, an open‑source AI agent that runs locally without admin rights, has become the fastest‑adopted software ever, surpassing Linux’s three‑decade adoption curve in just three weeks and becoming GitHub’s most downloaded project. The agent integrates with email, Slack, Teams, calendars,...
First Internet Worm Redefined Cybersecurity Forever
In 1988, two men sit in a room. One of them is cryptographer Bob Morris, the father of Robert Morris, who had just released the first Internet worm. "A line had been crossed and the world we inhabited had changed." (@johnmccumber, Assessing&Managing...
Surf Raises $57M to Automate Security With AI Agents
Surf, a New York‑based cybersecurity startup, announced a $57 million Series A round led by Accel to develop AI‑driven security agents. The funding underscores growing investor confidence in “agentic AI” that can autonomously detect and remediate threats. Surf’s platform continuously monitors cloud...
Ransomware’s Opening Play: Target Identity First
Ransomware groups are shifting focus from encrypting files to compromising identity infrastructure such as Active Directory, Entra ID, and Okta. Semperis research shows 83% of ransomware attacks involve identity compromise, and 56% of attacks succeed, causing widespread operational disruption. By...
Identity Is Quietly Becoming Enterprise IT's Control Plane
Enterprise IT is shifting from network‑centric security to identity‑centric governance. As employees access resources from personal devices, cloud apps, and AI tools, identity systems and policies now define the perimeter. Microsoft Intune’s app‑protection without enrollment shows how application access can...
Vulnerability Exploitability eXchange: Smarter Patching for State and Local IT Teams
The Vulnerability Exploitability eXchange (VEX) is a machine‑readable format that lets software vendors declare whether a CVE actually affects a product. By delivering exploitability data—affected, not affected, fixed, or under investigation—VEX enables state and local government IT teams to filter...
ICO Must Investigate Reform ‘Competition’ for Data Protection Breaches
Reform UK launched a competition offering a year’s energy bills to participants who disclose their past and intended voting preferences. The Open Rights Group argues the scheme breaches UK data protection law by collecting special category data without a clear...
Surfshark vs NordVPN (2026): Which VPN Wins? Full Breakdown
The 2026 guide pits Surfshark against NordVPN, breaking down pricing, server coverage, connection limits, speed, and security tools. Surfshark’s One plan starts at $2.49 per month, offers unlimited simultaneous devices, and covers 3,200+ servers in 100 countries. NordVPN begins at $3.39 per...
Datadobi Announces Early Access Program for Data Access Review
Datadobi has launched an Early Access Program for Data Access Review, a new permissions‑intelligence capability for its StorageMAP platform. The feature adds visibility into who can access unstructured data, helping organizations spot excessive, outdated, or inappropriate rights. Selected current StorageMAP...
Android OS-Level Attack Bypasses Mobile Payment Security
CloudSEK researchers uncovered an Android attack that leverages the LSPosed framework to manipulate the runtime environment rather than tampering with app code. By injecting malicious modules at the OS level, the technique hijacks legitimate payment applications while preserving their signatures,...