Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Why Security Validation Is Becoming Agentic
Traditional security validation relies on disconnected tools like BAS platforms, periodic penetration tests, and vulnerability scanners, creating blind spots as attackers chain identity, cloud, and vulnerability exploits. This fragmentation forces manual data stitching, delaying insight and remediation. Emerging agentic exposure validation uses autonomous AI agents to coordinate continuous, context‑aware testing across adversarial, defensive, and risk perspectives. Success depends on a unified security data fabric that aggregates asset, exposure, and control intelligence into a live, contextual model.
Fingerprint’s MCP Server Turns Device Intelligence Into Real-Time AI-Powered Fraud Insights
Fingerprint has launched an open‑source Model Context Protocol (MCP) Server that lets any AI assistant or chatbot query its device‑intelligence platform in real time. The server uses the open MCP standard, enabling fraud analysts to ask natural‑language questions—such as device...
AI Impersonation Is Here: How Industry Leaders Are Preparing for the Deepfake Fraud Era
The Deepfake Summit in Houston warned that AI‑driven impersonation, deepfakes and synthetic identities are outpacing traditional fraud defenses. Speakers highlighted how injection attacks and autonomous AI systems are accelerating fraud across banking, payments and government services. The event called for...
How to Defend Against Recruitment as the Attack Surface
Recruitment of software engineers is emerging as a critical attack surface, with nation‑state actors—most notably North Korea—exploiting new hires to infiltrate vulnerable systems. These insiders often receive deep privileges, allowing rapid lateral movement and data exfiltration. The article outlines a...
Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services
Google announced Android 17, featuring Android Advanced Protection Mode (AAPM) to harden mobile security for high‑risk users. AAPM blocks app sideloading, disables USB data signaling, restricts non‑accessibility services, and enforces always‑on Play Protect. The release also adds a privacy‑focused Contact Picker...
Microsoft Edge 146 Adds IP Privacy and Local Network Access Controls
Microsoft released Edge 146 stable on March 13, 2026, adding tracking protection changes, IP privacy via Private IP routing, and new enterprise network security policies. InPrivate windows now inherit the standard tracking prevention level, removing the separate setting. The update...
The Best Dark Web Monitoring Services and Bundles
Data breaches surged in 2025, with over 12,000 incidents recorded, prompting heightened demand for breach‑monitoring solutions. Dark web monitoring services scan both hidden forums and publicly accessible hacker sites to flag compromised personal data. Free tools such as Have I...
The Ransomware Economy Is Shifting Toward Straight-Up Data Extortion
Google Threat Intelligence Group reports a clear shift in cybercrime, with data‑theft extortion now accounting for more than 15% of financially motivated incidents in 2025, up from just 2% in 2020. Traditional ransomware deployments have fallen to roughly 31% of...
Possible New Result in Quantum Factorization
A new preprint claims a theoretical speedup for quantum factoring of large integers. Bruce Schneier, noting his lack of expertise, expresses skepticism about the result’s validity. If the claim holds, it would represent an improvement over Shor’s algorithm. The announcement...
Singapore’s Malware Spike Reveals an Overlooked Cyber Risk: USB Drives
Kaspersky reported 3,888,967 on‑device threats blocked in Singapore during 2025, a 16.2% increase from the previous year. The majority were worms and file‑viruses spread via USB drives and other removable media. Unlike cloud‑based attacks, these infections require no user click,...
KEEQuant Advances Chip-Scale QKD for Telecom, Data Centers, and Critical Infrastructure
KEEQuant unveiled a commercial chip‑scale quantum key distribution (QKD) system that replaces traditional bulk optics with photonic integrated circuits. The miniaturized solution lowers hardware costs and simplifies deployment, making quantum‑safe key exchange viable for telecom operators, data‑center providers, and critical‑infrastructure...
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
The DRILLAPP backdoor, discovered by security researchers, is actively targeting Ukrainian entities, including government agencies and critical infrastructure. It exploits Microsoft Edge's remote debugging interface to execute malicious JavaScript, achieving fileless persistence while evading traditional antivirus solutions. The malware establishes...
.webp?ssl=1)
Fake FileZilla Downloads Spread RAT via Stealthy Multi-Stage Loader
Cybercriminals are distributing a counterfeit FileZilla installer that bundles a malicious DLL, turning the popular FTP client into a delivery vehicle for a sophisticated Remote Access Trojan. The DLL leverages Windows DLL search order to sideload, then launches a multi‑stage,...
Models Are Applying to Be the Face of AI Scams
A growing underground industry in Cambodia and surrounding Southeast Asian hubs is hiring young women as "AI face models" to conduct deep‑fake video calls for cryptocurrency and romance scams. Recruiters post the roles on Telegram, demanding long hours, high call...
The Mounting Cost of Voice Fraud: Revenue Loss, Broken Trust and Operational Strain
A Modulate and Retail Dive survey finds voice fraud now one of retail’s fastest‑growing threats, with eight‑in‑ten leaders experiencing moderate to highly sophisticated attacks in the past year. AI‑generated voice clones can be purchased for as little as $20, enabling...
Top 5 Security Mistakes Startups Make and How to Avoid Them
Startups often prioritize growth over security, leaving them vulnerable to increasingly sophisticated cyber threats. Recent data shows 59 % of SMBs faced attacks in the past year, with financial motives driving 99 % of breaches targeting small firms. Common mistakes include insufficient...
45,000 Malicious IP Addresses Taken Down, 94 Suspects Arrested
Operation Synergia III, an INTERPOL‑led international effort running from July 2025 to January 2026, dismantled more than 45,000 malicious IP addresses and servers used for phishing, malware, and ransomware. The crackdown resulted in 94 arrests, with another 110 suspects under investigation, and the seizure...
JSOC IT’s AUTOPSY Platform Puts Security Stacks Under Live API Verification
JSOC IT launched AUTOPSY, a security verification platform that uses live API integrations to assess an organization’s security stack before a breach occurs. Its flagship product, READY, replaces self‑reported questionnaires with telemetry‑based scores across more than 24 security tools, revealing...
Bliss Breaks Xbox One Security with a Hardware-Level Glitch Attack
At RE//verse 2026, security researcher Markus “Doom” Gaasedelen unveiled "Bliss," a double‑voltage‑glitch exploit that compromises the original Xbox One at the hardware level. The technique injects precise voltage faults into the CPU power rail during early boot, bypassing ARM Cortex memory...
AI Legal Risks: Lisa Fitzgerald on Why Businesses Must Vet AI Use Cases
AI adoption is accelerating, but businesses often overlook legal risks tied to generative tools. Lisa Fitzgerald, partner at Norton Rose Fulbright, warns that feeding confidential or personal data into public AI platforms can trigger cross‑border data transfers, privacy breaches, and...
What the Recent PayPal Breach Says About Modern Web Risk
In February 2026 PayPal disclosed that a coding flaw in its Working Capital loan app unintentionally exposed names, emails, phone numbers, addresses, dates of birth and some Social Security numbers for nearly six months, from July to December 2025. The...
What Are Your DDoS Testing Options in 2026?
Enterprises must validate DDoS defenses through simulated attacks, and three primary testing models exist in 2026: fully managed services, self‑service tools, and automated cloud‑based solutions. Managed testing offers the highest realism and expert reporting with low internal workload but requires...
China Demands Proof After Costa Rica Blames UNC2814 for ICE Cyberattack
Costa Rica’s state electricity and telecom provider ICE suffered a cyberespionage breach that extracted roughly nine gigabytes of internal email data, which officials linked to the China‑affiliated group UNC2814. The attribution, based on intelligence from Google’s Mandiant unit, follows a...
Beyond the Menu of Options: A Taxonomy for Information Security Strategies
The paper introduces a three‑tier taxonomy for information security, categorizing approaches as reactive defensive, proactive defensive, and offensive measures. It argues that current counter‑disinformation efforts lack a coherent framework, hindering strategic evaluation and resource allocation. Case studies of Taiwan, Finland,...
Reimagine Resilience: AI‑Driven Data Protection for Enterprises
The #AI Imperative: Resilience Reimagined-Protecting the Agentic Enterprise & #Data - today's organisations demand more than just incremental improvements to existing data protection strategies; it calls for a wholesale reimagining of resilience itself. https://t.co/TWAXIQbUE0
Hong Kong Watchdog Warns 24-Hour Gym Users of Hidden Costs, Data Privacy Risks
Hong Kong’s Consumer Council has flagged hidden fees and privacy risks at 24‑hour gyms after surveying 11 operators. Nearly half of the gyms impose non‑refundable surcharges that can double the cost for short‑term members. Monthly rates already vary widely, and...
Cyberattacks on Connected Factories Are Putting the Auto Industry Under Immense Pressure
The Center of Automotive Management and Cisco report finds cyber‑attacks on connected factories have surged, now costing the global automotive sector over $20 billion—roughly twenty times the 2022 figure. Attackers concentrate on suppliers, which account for 57% of incidents, followed by...
Reliance Industries’ Durga Prasad Dube Outlines ‘10 Laws of Cyber Defence’ Inspired by Sun Tzu
Durga Prasad Dube, EVP & CISO of Reliance Industries, presented a "10 laws of cyber defence" at ETCISO Secufest 2026, framing modern security through Sun Tzu’s *Art of War*. He stressed that most breaches stem from visibility gaps rather than sophisticated attackers and...
OneDrive’s Personal Vault Offers Biometric Secure Storage
Microsoft OneDrive cloud storage is a cornerstone of the modern Windows experience, but did you know it includes a biometric secure storage area? Welcome to your Personal Vault... https://t.co/cee7hX8yzl #onedrive #privacy #security https://t.co/dHxaRToKrS
When Insider Risk Is a Wellbeing Issue, Not Just a Disciplinary One
The article argues that insider risk should be viewed primarily as a wellbeing issue rather than a purely disciplinary or compliance problem. It highlights that most insider incidents develop gradually from stress, fatigue, disengagement, or external coercion, and are often...
Worth Reading 031526
The Worth Reading roundup highlights several pressing internet‑security and technology trends, from the persistent threat of malicious domains and India’s controversial \"lock and suspend\" DNS enforcement model to the rare leap‑second adjustment in 2016. It also marks Docker’s ten‑year milestone,...
Red Hat and NVIDIA Collaborate for a More Secure Foundation for the Agent-Ready Workforce
Red Hat announced a deeper partnership with NVIDIA to embed the open‑source NVIDIA OpenShell runtime and AI‑Q Blueprint into its Red Hat AI platform. The integration adds sandboxed, deny‑by‑default agent execution within Kubernetes, enabling secure, production‑grade autonomous agents. By coupling OpenShell with...
Malaysia: New Risk Policy Ensures Digital Payment Resilience
Bank Negara Malaysia has issued a new Technology Risk Management Policy for payment service providers, consolidating existing tech‑related requirements into a single framework. The policy introduces a tiered, proportional approach that aligns security and resilience obligations with the size and...
Why Must Businesses Be Certain About AI-Driven Operational Decisions
The article argues that effective management of Non‑Human Identities (machine identities) is essential for secure, AI‑driven operational decisions in cloud environments. It outlines how NHIs—comprising secrets and permissions—reduce breach risk, improve compliance, and cut costs through automation and lifecycle governance....
Venus Protocol Exploited for $3.7M Through Supply Cap Manipulation: On-Chain Analysis
Venus Protocol on BNB Chain suffered a $3.7 million exploit that manipulated its supply‑cap controls. The attacker leveraged Thena (THE) tokens to bypass maximum supply limits and borrow multiple assets, likely using flash‑loan or price‑manipulation techniques. In response, Venus paused borrowing...
How To Verify Digital Content In The Age Of Generative AI (GenAI)
The OSINT Jobs team introduced a verification framework for digital content as AI‑generated media becomes increasingly convincing. The post cites AI Forensics' updated guide on detecting AI imagery and emphasizes returning to basic verification steps. It also recaps the OSMOSIS...
I Dug Through WhatsApp's Settings and Found some Surprisingly Useful Privacy Options
WhatsApp now offers several hidden privacy settings that can dramatically improve user security. On both iPhone and Android, users can enable block unknown account messages, protect IP addresses during calls, and disable link previews through the Advanced menu. Android adds...
Don't Panic over New Linux Exploits: How to Check if Your PC Is Affected in Under 5 Minutes
The article guides Linux users on quickly confirming whether a newly reported CVE affects their system. It outlines step‑by‑step checks for Debian, Ubuntu, and RHEL, including package version comparison and kernel verification. The author emphasizes that most distro teams release...
Bay Area Cyber Leaders: Secure Enterprise AI at Scale
Preparing for another round of cybersecurity roundtables next week. One of my favorite parts of the job is hearing how different organizations approach the same problem. Next stop is San Jose for Securing the Enterprise AI Factory at Scale. If you’re a...
Free 600+ Structured Cybersecurity Skills for AI Agents
A developer just built a GitHub repo that lets you learn 611+ cybersecurity skills for free. All structured and ready for AI agents. It's called Anthropic Cybersecurity Skills. A database of real, organized security skills that any AI agent can plug into and...
Betterleaks, a New Open-Source Secrets Scanner to Replace Gitleaks
Betterleaks, an open‑source secrets scanner created by the original Gitleaks author, aims to supersede Gitleaks with a faster, more accurate engine. It scans directories, files, and Git repositories using customizable CEL rules and BPE tokenization, achieving 98.6% recall on the...
Typeless AI Guarantees HIPAA & GDPR Privacy by Design
Typeless is now officially HIPAA and GDPR compliant, and that is a bigger deal than it sounds. Most AI tools can't say that. HIPAA protects your health data in the US. GDPR protects everything in the EU. Passing both means your data...
Windows 11 Security Update Fails—Temporary Fixes Available
Stuck with a Security Update that's failing every time you try to install it on your Windows 11 PC? It's a widespread problem for PC owners. Here's what's going on and how to keep your PC safe in the meantime......
The CISO as a Business Leader: Moving From the Server Room to the Boardroom
The article argues that the modern CISO must become a business leader, not just a technical specialist. It stresses translating technical risk into revenue‑impact language for the board. Key skills include aligning security initiatives with business outcomes, building executive relationships,...
Secure IoT: Segment, Encrypt, Monitor to Reduce Exposure
IoT devices extend the attack surface deep into operations, connecting sensors and industrial assets to critical data flows. Weak passwords & unpatched firmware create systemic exposure, so segmentation, encryption, and monitoring become structural controls Microblog @antgrasso https://t.co/YHrFUmPna8
2025 Mobile Threats Surge: 815k Malware Packages, 255 Banking Trojans
Mobile virology – 2025: over 815,000 malicious installation packages, including 255 mobile banking trojans. Other figures and details for the year: https://t.co/zuY7JdjtRJ https://t.co/CFqnA4s0QA
Business Bosses Told to Check Details After Companies House Glitch
A technical fault in the UK Companies House web‑filing platform on Friday let users navigate back and edit or view other firms' records, exposing personal details of directors for up to five million companies. The glitch prompted an immediate suspension...
TOTP Authentication – Open Source and Between Devices
Two-factor authentication via SMS or email presents latency and vendor lock‑in risks, prompting a shift toward standardized, open‑source TOTP solutions. The author discovered that KeePassDX on Android can act as a local TOTP generator by scanning QR codes and storing...
Resecurity Unveils Latest Threat Intelligence Solutions at CyberBay Summit 2026 (Tampa, FL)
Resecurity showcased its newest threat‑intelligence solutions at the CyberBay Summit 2026 in Tampa, engaging government, defense, academia, and private‑sector leaders. The company highlighted AI‑driven risk‑management tools and insights on malicious activity tied to the Iran conflict. It also warned of heightened...
‘DM Your Details’: Travellers Warned of Scam Airline Accounts as Iran War Disrupts Flights
Travelers seeking updates on flight delays caused by the Iran war are being targeted by scammers posing as airline support accounts on X. Fraudsters request direct messages, asking for personal or payment details and then use bogus refund links to...