Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Trump Cyber Plan Leaves Identity Gap Unresolved
The White House released a seven‑page cyber strategy that prioritizes offensive capabilities, zero‑trust architecture, AI security, blockchain protection, and deregulation, but it stops short of outlining a national digital identity framework. The plan frames cyberspace as a geopolitical battleground and pledges to streamline regulations while safeguarding privacy. Industry leaders, such as Socure, argue that the omission leaves a critical trust gap, as identity fraud underpins many cyber threats. Treasury’s recent crypto playbook signals that digital identity is becoming central to broader policy, highlighting the strategy’s inconsistency.
Telus, Fortanix Partner to Bring Confidential AI Solution to Regulated Organizations in Canada
Telus and Fortanix have unveiled a Confidential AI solution built on NVIDIA infrastructure, enabling Canadian regulated firms to train and deploy AI while keeping data encrypted within Canada. The platform leverages Telus’s Sovereign AI Factory in Rimouski and uses cryptographic...
South Korea Urged to Review Biometric Mandate for Mobile Phone Numbers
South Korea’s National Human Rights Commission has asked the Ministry of Science and ICT to reconsider its plan to mandate facial‑recognition authentication for all new mobile phone numbers, set to launch on March 23. The watchdog recommends three fixes: a...
Consultation Questions, Companies House Incident Highlight UK IDV Industry’s Fears
The UK government’s consultation on a national digital identity system omits private Digital Verification Service (DVS) providers, prompting the Association of Digital Verification Professionals (ADVP) to warn of data‑ownership and market‑distortion concerns. Simultaneously, a security breach at Companies House exposed...
Zero Lessons Learned: Convicted Scammer Allegedly Ran Another Athlete-Focused Phishing Scam From Federal Prison
Kwamaine Jerell Ford, a 34‑year‑old Georgia man, allegedly operated a new phishing operation against NBA and NFL athletes while incarcerated for a prior cyber‑fraud scheme. Posing as an adult‑film star, he tricked victims into revealing iCloud login credentials and MFA...
U.S. CISA Adds a Flaw in Wing FTP Server to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Wing FTP Server flaw CVE‑2025‑47813 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, rated 4.3 on the CVSS scale, discloses the full local installation path when an oversized...
Zoom Expands Pindrop Deepfake Detection to Customer Service
Zoom is extending its partnership with voice‑biometrics firm Pindrop by embedding Pindrop Passport authentication and Pindrop Protect risk analysis into its Zoom Contact Center. The move adds real‑time deepfake detection, previously offered via Pulse for Meetings, to the platform’s customer‑service...
AWS IP Dump Misclassifies Services, Hindering Precise Monitoring
Took a while but modified this script to display all the IP ranges that match in the AWS json IP file for each IP. That way I can monitor which regions and services my system is connecting to. The problem...
Virtual Event to Focus on Cyber Incident Response and Recovery
A virtual event will convene cybersecurity leaders to discuss incident response and recovery strategies, drawing lessons from recent high‑profile breaches such as Stryker’s global ransomware attack. The agenda incorporates new government initiatives, including the White House’s executive order on state‑sponsored...
Fictional Threats Reveal GridEx’s Real-World Utility Defense
What can a fictional scenario teach us about real-world grid security? Explore how GridEx is shaping the future of utility protection. https://spectrum.ieee.org/power-grid-attack-gridex-drone?share_id=9258752
Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back
Augustus v0.0.9 adds a unified engine for multi‑turn LLM attacks, offering four distinct strategies—Crescendo, GOAT, Hydra, and Mischievous User. The tool demonstrates that conversational context can bypass modern guardrails, extracting step‑by‑step instructions from GPT‑4o‑mini in as few as two turns. Hydra’s back‑tracking...
AI Hackers Nearing Proficiency; Defense Requires Collective AI
AI models are getting better at hacking. Surprisingly (to me) they're still not world class hackers. But on this pace they could be within a year or two. As I've said recently, the way to defend against this is at...
Lawyers and Cybersecurity: Talk to An Experts. Before It’s Too Late
At Legalweek, Michel Sahyoun of NopalCyber warned that law firms are dangerously complacent about cybersecurity in the era of generative AI. Breaches are exploited in an average of 29 minutes, and AI tools can scan for vulnerabilities at scale. The...
Checkmarx Unveils AppSec Platform for the Age of Agentic Development
Checkmarx introduced Checkmarx One, an application security platform designed for the era of AI‑driven, or “agentic,” development. The solution embeds autonomous AI agents that provide real‑time vulnerability triage, automated remediation, and governance of AI assets across the software supply chain....
Zenarmor Launches SASE Partner Program for MSPs and Channel Providers
Zenarmor has launched an industry‑first, architecture‑driven SASE Channel Partner Program targeting MSPs, MSSPs, ISPs and VARs. The program offers a structured framework, go‑to‑market positioning, enablement resources and tiered margins, enabling partners to deploy, manage and sell SASE without relying on...
New Texas Cyber Command Looks to ‘Bind the State Together’
Gov. Greg Abbott signed legislation creating Texas Cyber Command, which officially launched in September 2025 and is housed at the University of Texas at San Antonio. Led by Ret. Admiral TJ White, the command is legally required to build an...
Chrome Image
The extension would load affiliate codes, essentially stealing commissions from the original link that was clicked -> Your favorite image-saving Chrome extension was scraping your data for cash "The save image extension reportedly injected its own affiliate links from 578 sites,...
Rise with SAP Security Risk Is Increasingly Shaped by Timing, Data, Assurance
RISE with SAP customers are rapidly moving SAP S/4HANA Cloud Private Edition into production, exposing security risks tied to migration timing, data movement, and assurance. Smaller firms lead the migration curve, while larger enterprises remain in planning, creating uneven risk...
Cyberattack Disrupts Parking Payments in Russian City
The Russian city of Perm restored its automated parking payment system after a large‑scale distributed denial‑of‑service (DDoS) attack knocked the service offline, temporarily making parking free from March 10 to March 13. Authorities confirmed the system is fully operational and all payment...
9 Mobile Device Management Best Practices for Businesses
Mobile device management (MDM) is essential for securing smartphones, tablets, and laptops in modern enterprises, especially as BYOD expands. The article outlines nine best‑practice steps, from establishing comprehensive MDM policies and enforcing PIN/MFA to integrating DLP, remote wipe, automated OS...
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
The Cl0p ransomware group claims a massive Oracle E‑Business Suite breach that exploited zero‑day flaws, affecting over 100 organizations. Among the victims, Broadcom, Bechtel, Estée Lauder and Abbott have not issued any public comment despite leaks of 2 TB, 870 GB and other...
Stryker Attack Raises Concerns About Role of Device Management Tool
Stryker, a leading medical‑device maker, suffered a wiper attack that used Microsoft Intune to remotely erase data on thousands of phones and workstations. The Iran‑linked Handala group claimed responsibility, alleging the theft of 50 TB of data and the destruction of...
IWD Online Event Sabotaged as Organisers Urge Vigilance
A legal‑industry International Women’s Day Zoom event on March 13 was hijacked by a Zoom‑bombing attack that displayed explicit images, forcing the session’s cancellation. The disruption affected roughly 100 participants and led hosts Helen Burness and Noo Jones to publicly...
Tailscale Adds Extra Barrier, Requiring Two Rare Breaches
If your Tailscale is hacked The hacker now has direct access to your server But now he still needs to get into your SSH with an SSH key So to get in two extremely rare things have to happen: 1) Tailscale is hacked 2) There's...
EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty
In this episode, Tim Peacock and Anton Chuvakian interview SIEM veteran Raffy Marty about the evolving landscape of security information and event management (SIEM) versus emerging AI‑SOC solutions. Marty argues that traditional SIEMs aren’t dead but are under pressure to...
Stellar Cyber 6.4.0 Reduces Alert Noise and Speeds Investigations with Autonomous SOC Capabilities
Stellar Cyber has released version 6.4.0, adding autonomous SOC capabilities that automate alert triage and generate AI‑driven case summaries. The platform promises 60‑80% analyst time savings and up to 70% reduction in alert noise through its Agentic AI and Verdict...
Secure SSH with Tailscale, Not Public Internet Exposure
False Many examples of SSH access 0-days and hacks SSH should never be exposed to the entire internet SSH is like your front door, even if you are the only one with the key, your lock might have a production defect (very rare...
Businesses Unprepared for Upcoming AI-Powered Cyberattack Surge
Are Businesses Ready for the Next Wave of #AI-Powered Cyberattacks? by @rehackmagazine @UniteAi Learn more: https://t.co/K9XWhqCPWK #CyberSecurity #InfoSec #IT #Technology https://t.co/UNRR1REKGG
You're Doing Vulnerability Management Backwards: Here's the Fix
The article argues that vulnerability management should start with asset importance rather than CVSS scores. It proposes an asset‑first framework that classifies systems into business‑impact tiers and adds exploit likelihood to prioritize remediation. For MSPs handling many client environments, this...
Your AI Agents Could Launch Internal DDoS Attacks
Think you have control over your data? Think again. Personal AI agents are acting on your behalf, using your credentials to access things you didn't even know you had access to. It’s a DDoS attack from the inside. Read why: https://t.co/KfaNBOyWmm #CIO...
Enable WhatsApp Two‑Step Verification: Simple Yet Essential
Whether you just joined @WhatsApp or have been using it for years, it's a smart idea to enable two-step verification. Here's how, step by step, and why it's not as good as 2-factor authentication, but better than nothing... https://t.co/KDT8J6yR9L #whatsapp...
Lawyers and Cybersecurity: Talk to An Experts. Before It’s Too Late
At Legalweek, Michel Sahyoun of NopalCyber warned that law firms are overlooking cybersecurity as generative AI becomes mainstream. He highlighted that the average time to exploit a breach is just 29 minutes, and AI tools can continuously scan for weaknesses....
NightBeacon Slashes SOC Alert Fatigue, Boosts True Positives
New blog post I just wrote: How NightBeacon Cuts SOC Alert Fatigue Without Replacing Analysts Blown away at how fast it's learning, not only false positive reduction, but the quality of interpreting true positives, enriching data, going in and pulling additional...
Okta AI Agents Secure Enterprise Blueprint, GA April 30
Great joining @BrianSozzi at @YahooFinance to discuss the blueprint for the secure agentic enterprise and how Okta for AI Agents, which will be generally available April 30, helps organizations put that blueprint into practice. https://t.co/OKEqoWLxUW
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
Researchers at Cofense have uncovered a new phishing campaign that hijacks the LiveChat SaaS support platform to steal sensitive data. The attackers impersonate Amazon or PayPal, using email lures that direct victims to a LiveChat‑hosted page where a human‑operated operator...
Personal AI Agents: The Inbox Trojan Horse Threatening CIOs
The Trojan Horse in Your Inbox: Why Personal AI Agents are a CIO’s Newest Nightmare #CIO #AI #Agentic #PersonalAgents #Cybersecurity https://t.co/5poCN8b0U2
Open SSH Port as Fallback when T
Why would Tailscale not work? I have Tailscale on my iPhone In case Tailscale would go down, I'd just go into Hetzner firewall and add 22 inbound open for my own IP
Kingston Debuts XTS-AES 256-Bit Secure Hardware USB Drive
Kingston Digital has launched the IronKey Locker+ 50 G2, a next‑generation hardware‑encrypted USB flash drive. The device features FIPS 197‑certified XTS‑AES‑256‑bit encryption, digitally signed firmware to block BadUSB attacks, and brute‑force password protection that locks out users after ten failed attempts. It supports both...
Orca Strengthens Fraud Detection for Africa’s Digital Payments
Orca, a fraud‑detection platform focused on Africa’s burgeoning digital payments market, has closed a new funding round to accelerate product development and regional expansion. The company’s real‑time analytics layer scans transaction streams across banks, fintechs, and payment providers, flagging suspicious...
Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks
Handala Hack, an Iranian state‑linked group known as Void Manticore, has been conducting coordinated wiper attacks using compromised RDP sessions and the legitimate mesh‑networking tool NetBird. The actors gain initial access via stolen VPN credentials, dwell for months, harvest domain admin...
Orca Security Advances AI-First Cloud Defense with Autonomous Agents and Runtime AI Threat Detection
Orca Security unveiled a suite of AI‑first capabilities ahead of RSAC 2026, adding autonomous Threat Investigation and AppSec Triage agents, real‑time Runtime AI Threat Detection, Orca Missions, and Code Reachability Analysis. The enhancements aim to cut through alert overload, prioritize...
Escalated.io Releases Next Generation Software Update for Its Invalid Traffic Filtration Service
Escalated.io announced a next‑generation update to its invalid traffic filtration service, extending its JavaScript pixel and pre‑bid solutions. The upgrade accelerates detection, allowing many fraud types to be identified on the first impression rather than after accumulating data. Real‑time blocking...
Russia-Linked Espionage Campaign Targeting Ukraine Using Starlink and Charity Lures
A Russia‑linked hacker group known as Laundry Bear launched a new espionage campaign against Ukrainian entities in February, distributing a backdoor called DrillApp hidden in documents about Starlink terminals and the Come Back Alive charity. The malware activates through Microsoft...
Elisa Praises Placing Cybersecurity at Heart of Operations
Elisa, Finland's incumbent telco, consolidated its cybersecurity and service operations into a hybrid cSOC in 2011, merging monitoring and response functions. The integrated centre now watches services from the customer perspective, automatically rectifying deviations and involving engineers only when needed....
NinjaOne Launches AI-Driven Vulnerability Management to Speed Detection and Remediation
NinjaOne unveiled an AI‑driven Vulnerability Management module built directly into its unified endpoint platform. The service delivers real‑time vulnerability assessment, patch confidence scoring and autonomous remediation, aiming to slash mean time to remediate. By operating server‑side, it avoids endpoint performance...
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
Security researchers at Phantom Labs demonstrated a DNS‑based data exfiltration technique targeting AWS Bedrock AgentCore Code Interpreter. By embedding malicious instructions in a CSV file, attackers can force the interpreter to issue DNS queries that act as a covert command‑and‑control...
CamelClone Uses Public File-Sharing Sites in Government Cyberattacks
Operation CamelClone targets government, defense, diplomatic and energy agencies in Algeria, Mongolia, Ukraine and Kuwait, using spear‑phishing ZIP archives that contain LNK shortcuts to launch PowerShell commands. The shortcuts download a JavaScript loader, HOPPINGANT, from the public file‑sharing site filebulldogs.com,...
U.S., UK, Canada Start Operation Atlantic to Disrupt Crypto Approval-Phishing Scams
Operation Atlantic, a joint U.S., U.K. and Canadian initiative, was launched to dismantle crypto approval‑phishing scams that trick users into granting wallet permissions. These schemes helped generate $14 billion in on‑chain fraud in 2025, with projections near $17 billion for 2026. The...
Why Security Validation Is Becoming Agentic
Traditional security validation relies on disconnected tools like BAS platforms, periodic penetration tests, and vulnerability scanners, creating blind spots as attackers chain identity, cloud, and vulnerability exploits. This fragmentation forces manual data stitching, delaying insight and remediation. Emerging agentic exposure...
Fingerprint’s MCP Server Turns Device Intelligence Into Real-Time AI-Powered Fraud Insights
Fingerprint has launched an open‑source Model Context Protocol (MCP) Server that lets any AI assistant or chatbot query its device‑intelligence platform in real time. The server uses the open MCP standard, enabling fraud analysts to ask natural‑language questions—such as device...