Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Vulnerability Exploitability eXchange: Smarter Patching for State and Local IT Teams
The Vulnerability Exploitability eXchange (VEX) is a machine‑readable format that lets software vendors declare whether a CVE actually affects a product. By delivering exploitability data—affected, not affected, fixed, or under investigation—VEX enables state and local government IT teams to filter out irrelevant alerts. Integrated with SBOMs and automated scanners, VEX reduces false positives and shifts patching from reactive to risk‑based. Adoption steps include requesting VEX from suppliers, ensuring scanner compatibility, and leveraging centralized discovery protocols.
ICO Must Investigate Reform ‘Competition’ for Data Protection Breaches
Reform UK launched a competition offering a year’s energy bills to participants who disclose their past and intended voting preferences. The Open Rights Group argues the scheme breaches UK data protection law by collecting special category data without a clear...
Surfshark vs NordVPN (2026): Which VPN Wins? Full Breakdown
The 2026 guide pits Surfshark against NordVPN, breaking down pricing, server coverage, connection limits, speed, and security tools. Surfshark’s One plan starts at $2.49 per month, offers unlimited simultaneous devices, and covers 3,200+ servers in 100 countries. NordVPN begins at $3.39 per...
Datadobi Announces Early Access Program for Data Access Review
Datadobi has launched an Early Access Program for Data Access Review, a new permissions‑intelligence capability for its StorageMAP platform. The feature adds visibility into who can access unstructured data, helping organizations spot excessive, outdated, or inappropriate rights. Selected current StorageMAP...
Android OS-Level Attack Bypasses Mobile Payment Security
CloudSEK researchers uncovered an Android attack that leverages the LSPosed framework to manipulate the runtime environment rather than tampering with app code. By injecting malicious modules at the OS level, the technique hijacks legitimate payment applications while preserving their signatures,...
Our Latest Investment in Open Source Security for the AI Era
Google announced a $12.5 million pledge, alongside Amazon, Anthropic, Microsoft/GitHub and OpenAI, to the Linux Foundation’s Alpha‑Omega Project aimed at bolstering open‑source security in the AI era. The funding, managed by Alpha‑Omega and OpenSSF, will equip maintainers with AI‑driven tools to...
Stryker Says It’s Restoring Systems After Pro-Iran Hackers Wiped Thousands of Employee Devices
Stryker is restoring its computers and internal network after a March 11 cyberattack that allowed pro‑Iranian hackers to remotely wipe tens of thousands of employee devices. The breach exploited a compromised Microsoft Intune administrator account, giving the attackers near‑unlimited control over...
_Tithi_Luadthong_alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Warlock Ransomware Group Augments Post-Exploitation Activities
Warlock ransomware group is expanding its post‑exploitation tactics, leveraging a bring‑your‑own‑vulnerable‑driver (BYOVD) exploit against Microsoft SharePoint servers and deploying tools such as TightVNC and the Yuze reverse‑proxy. The group now uses the NSecKrnl.sys driver to disable security products at the...
4 KVM Vendors, 9 Vulns – Including an Unfixed CVSS 9.8
Researchers at Eclypsium uncovered nine security flaws across consumer‑grade IP KVM devices from four vendors, including two critical vulnerabilities rated CVSS 9.8 and 8.8 that remain unpatched. The affected products range from single‑port, $30 units popular with homelab enthusiasts to...
'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
Proofpoint researchers identified a new attack called CursorJack that abuses Model Context Protocol (MCP) deeplinks in the Cursor AI‑focused IDE. By crafting a malicious link, an attacker can trick a developer into clicking it and approving an installation, causing the...
Advanced Phishing Intrusion Against Security Firm Exec Detailed
Outpost24 disclosed a sophisticated phishing campaign that targeted a C‑suite executive using the newly emerged Kratos phishing‑as‑a‑service kit. The attackers sent a spoofed JP Morgan email containing a “review document” link that first redirected through Cisco Secure Web and Nylas, then...
KakaoTalk Weaponized in Konni Spear-Phishing Campaign
North Korean APT group Konni weaponized South Korea's KakaoTalk in a sophisticated spear‑phishing campaign. The group sent emails posing as a lecturer on North Korean human‑rights issues, tricking recipients into running a malicious shortcut that installed remote‑access malware. After compromising...
SecurityInfoWatch and SecureXperts Launch CSfC Certification Program
SecurityInfoWatch and SecureXperts have unveiled Cybersecure, a training initiative that launches with an NSA‑backed Commercial Solutions for Classified (CSfC) Trusted Integrator Workshop at ISC West. The program targets the chronic shortage of qualified integrators capable of designing CSfC‑compliant architectures for federal...
Top 5 Things CISOs Need to Do Today to Secure AI Agents
Agentic AI is reshaping enterprises by giving autonomous software agents the ability to write code, move data, and execute transactions without human oversight. Traditional AI security relies on prompt filtering and output monitoring, which only constrain behavior after access is...
AI Deepfakes Threaten Hiring: Detecting Candidate Fraud
Interviewing a Ghost: When AI, Deepfakes, and Fake Identities Enter the Hiring Process AI is transforming hiring—but it’s also enabling a new wave of candidate fraud. In this episode of The Jim Stroud Podcast, Jim speaks with Maryam Mahdaviani, founder...
Keeping the Lights on for Open Source
In this episode, host Ryan Donovan talks with Dan Lurink, CEO of ChainGuard, about the sustainability challenges facing open‑source projects, especially maintainer burnout and funding gaps. Lurink explains ChainGuard’s “Keeping the Lights On” program, which adopts archived or “done” repositories,...
How Forensic Investigation Techniques Help Solve Cybercrime Cases
The article outlines how digital forensics transforms fragmented cyber‑crime traces into courtroom‑ready evidence. It walks through the four‑stage workflow—preserve, acquire, analyze, report—and highlights the pitfalls of mishandling volatile data or losing cloud logs. Core techniques such as timeline reconstruction, artifact...
Email Remains Organizations' Most Serious Cybersecurity Threat
AI is accelerating the frequency of cyber incidents, yet email and multi‑factor authentication (MFA) remain the dominant entry points for ransomware. Cybersecurity veteran Robert Herjavec notes that 85% of ransomware attacks originate from phishing emails or compromised MFA credentials. The...
Huntress Launches Two New Security Posture Tools as Cyber Threats Surge
Huntress announced Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM), expanding its platform beyond reactive detection. The tools address a 277% surge in RMM abuse and rising identity‑based threats by proactively hardening endpoints and Microsoft...
AI Changes the Calculus for the Cybersecurity Arms Race, Says Shark Tank Star
Robert Herjavec, the Shark Tank investor and security tech founder, argues that artificial intelligence is reshaping the cybersecurity arms race. He believes AI‑driven tools can identify and neutralize attacks as quickly as they are launched, turning the speed advantage toward...
ZK‑STARKs Survive Quantum Attacks; Most Crypto Won’t
Reminder: ZK-STARKs are post-quantum secure. But not all cryptography is quantum resistant. Here is a simplified explanation on how quantum computers, when they arrive, will be able to break certain types of cryptography: (note: I am not a quantum computing expert) In quantum...
Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents
Orchid Security has been named a Representative Vendor in Gartner’s inaugural Market Guide for Guardian Agents, which focuses on managing identities and access for AI agents with zero‑trust policies. The guide warns that AI agents expand “identity dark matter,” creating...
Nvidia's Agentic AI Stack Is the First Major Platform to Ship with Security at Launch, but Governance Gaps Remain
Nvidia unveiled its agentic AI stack at GTC, marking the first major AI platform to ship with security baked in rather than added later. Five security vendors—CrowdStrike, Palo Alto Networks, JFrog, Cisco, and World Wide Technology—each cover a distinct layer...
Press Release: S&P: Insurance Brief Says Middle East War Is Fuelling Cyber Risk
S&P Global Ratings warns that the ongoing Middle East war is amplifying cyber‑threat activity, with threat actors launching more DDoS attacks, phishing campaigns and network intrusions. While no large insured cyber losses have been reported yet, the situation remains fluid...
Why Sorority Video Recruitment Risks Members’ Digital Identities
Sorority recruitment has shifted toward self‑submitted videos, a trend amplified by platforms like RushTok. These polished clips capture voice, facial features and personal details, creating biometric datasets that AI firms and malicious actors can exploit. In the era of generative...
GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
GitGuardian’s 2026 State of Secrets Sprawl report reveals an 81% year‑over‑year surge in AI‑service credential leaks, pushing total exposed secrets on public GitHub to roughly 29 million. AI‑assisted coding, exemplified by Claude Code, shows a 3.2% leak rate—about twice the platform...
Phishing Emails Target AI Defenses with Unique Obfuscation
Cybercriminals are deploying a new email obfuscation method to bypass NLP‑based phishing filters. The tactic inserts hundreds of line breaks and large blocks of benign graymail or random text after the malicious payload, diluting the malicious signal and inflating email...
Vienna Becomes Russian Hub Targeting NATO Communications
“It’s one of our main concerns about Russian activity here. We know they have been targeting Nato government and military communications with what they’ve got,” said one senior European diplomat based in Vienna. “Vienna has really taken on a lot...
Cooper University Health Care’s Curran Says Cross-Functional Collaboration Was the Key to Securing More Than 10,000 Edge Devices
Cooper University Health Care completed an 18‑month program that lifted device visibility from 25 percent to 100 percent across more than 10,000 IoT and medical devices. The effort relied on passive network‑monitoring tools, rigorous network segmentation, and a new security‑by‑procurement framework. A...
New York-Presbyterian’s Linsangan Says Live Simulations Expose What Tabletop Exercises Miss
New York‑Presbyterian launched live downtime simulations across its ten hospitals after a cyberattack at a peer institution highlighted systemic vulnerabilities. The exercises, run during peak daytime hours on real patient scenarios, revealed that many clinicians lacked paper‑charting experience, struggled with medication...
Beyond Integration Theatre: Building Stronger Cyber Platforms
Chief information security officers are confronting a threat landscape where the integration layer—APIs, OAuth tokens, and automation workflows—has become the new enterprise perimeter. While unified platforms promise simplicity, attackers exploit weakly governed connections, turning integrations into single points of failure....
New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
Cybersecurity firm Acronis TRU uncovered a large‑scale campaign distributing the Vidar 2.0 infostealer through fake game‑cheat files hosted on GitHub and promoted on Reddit and Discord. The malware, rewritten in C for greater speed and stealth, is sold as Malware‑as‑a‑Service for $130‑$750...
Average Number of Daily API Attacks Up 113% Annually
Akamai’s 2025 State of the Internet report shows API attacks more than doubled, rising 113% to an average of 258 incidents per organization. Unauthorized workflows now account for 61% of attacks, indicating a shift toward behavior‑based exploits. The most common...
Hackers Turned a Compromised Npm Package Into Full AWS Admin Access in 72 Hours
Security researchers reported that a maliciously altered npm package was used to obtain full AWS administrative privileges within just 72 hours. The attackers leveraged the compromised library to enumerate S3 buckets, terminate production EC2 and RDS instances, and decrypt application...
UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch
The UK Cyber Monitoring Centre (CMC), launched in February 2025, quantifies the economic impact of major cyber incidents using a proprietary 0‑to‑5 scale. In its first year it assessed two high‑profile breaches: a Category 2 attack on Marks & Spencer and the Co‑op...
EU Sanctions Chinese, Iranian Hacking Groups for Device Breaches and Olympic Cyberattacks
On March 16, the European Union Council imposed new cyber sanctions on three entities and two individuals linked to China and Iran. The measures target Integrity Technology Group for compromising over 65,000 devices across six EU states, Anxun Information Technology...
South Korean Police Accidentally Post Cryptocurrency Wallet Password
South Korea’s National Tax Service inadvertently disclosed the mnemonic recovery phrase of a seized Ledger hardware wallet in a press release. The wallet held roughly $5.6 million in crypto assets seized from 124 high‑value tax evaders. Within minutes, thieves moved about...
It’s Time to Get Serious About Post-Quantum Security. Here’s Where to Start.
Quantum computers are nearing practical use, threatening current encryption like RSA and ECC, with a potential "Q‑Day" as early as 2029. The economic fallout of a successful quantum attack could exceed $3 trillion, prompting CISOs and CTOs to prioritize post‑quantum cryptography...
Do Banking Apps Really Need All These Permissions?
Banking apps frequently request broad device permissions such as SMS, contacts, and phone access, raising privacy concerns. The author argues that these demands conflict with the Principle of Least Privilege, which advocates minimal access for security. Zerodha’s Kite trading app...
From Windows to macOS: ClickFix Attacks Shift Tactics with ChatGPT-Based Lures
ClickFix social‑engineering campaigns, once Windows‑focused, have pivoted to macOS by using ChatGPT‑related lures. Early November 2025 attacks tricked users into copying obfuscated Terminal commands that installed the MacSync infostealer. By December, attackers masqueraded as legitimate ChatGPT conversations and fake GitHub...
Vox and Nymbis Cloud Solutions Partner to Deliver a Unified Cloud, Connectivity & Security Solution
Vox announced a strategic partnership with Nymbis Cloud Solutions to embed advanced cloud, connectivity and security services into its portfolio. The initial offering focuses on managed backup, with plans to roll out cloud computing and colocation services within six months....
SMB Cybersecurity in 2026: From Reactive Defense to Strategic Partnership
Small and medium‑size enterprises in the UK are confronting a rapidly evolving cyber threat environment, with 67% lacking fully actionable security strategies. Daily, Kaspersky flags roughly 500,000 malicious files—a 7% year‑over‑year rise—while password‑stealer detections surge 59%. SMB leaders are moving...
MANRS for Enterprise Customers
The MANRS initiative, aimed at securing Internet routing, has few participants in Croatia, Slovenia and Austria, leaving enterprises in those markets without verified ISP compliance. The author highlights the difficulty of locating MANRS‑certified providers and points to a new MANRS...
Inside HIBP's Core Architecture: Weekly Update
Weekly update is up! Behind the scenes of some of Have I Been Pwned’s most important architectural components https://www.troyhunt.com/weekly-update-495/
Over 40k OpenClaw Servers Exposed, 12k at Risk
40,000+ openclaw servers just got exposed to the internet. hackers can easily steal api keys and personal data from over 12,000 of them. if you self-host, your machine might be wide open. i compared the security of every hosted provider to save...
Document Protection: Why Hybrid Storage Is the Future of Security
Companies are increasingly leveraging AI, which boosts productivity but also escalates sophisticated cyber threats. Digital document storage provides speed and collaboration, yet its exposure to breaches forces a security rethink. Experts recommend a hybrid model that keeps regularly accessed files...
What to Do in the First 24 Hours of a Breach
Help Net Security released a video featuring CYGNVS CEO Arvind Parthasarathi outlining a ten‑step framework for handling a cyber breach. The first five steps focus on preparation, including establishing an out‑of‑band communication channel, mapping internal stakeholders, engaging external legal and...
The Security Priorities APAC And EMEA Leaders Doubled Down On — And Deprioritized — In H2 2025
In H2 2025 APAC and EMEA security leaders shifted priorities, placing GRC at the top, focusing on AI agentic risk, and boosting API/software supply‑chain security. AI adoption moved to securing autonomous systems, while application security resurfaced. Quantum security and human...
Human Oversight Essential: AI Can’t Fully Guard Cybersecurity
Why We Can’t Let #AI Take the Wheel of Cyber Defense by Steve Durbin @SecurityWeek Learn more: https://t.co/m9sL8PCrDB #CyberSecurity #Infosec #IT #Technology https://t.co/6ilbLLMPGh
Marcel’s Visa Campaign Turns Online Fraudsters’ AI Tactics Against Them
Visa’s Europe‑wide "The Feathered Lamb" campaign, created by Marcel, deployed AI‑generated images and videos to bait social‑media users and then reveal the deception. When commenters fell for the fake posts, a personalized video disclosed the trick and directed them to...