Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
How Reassured Can We Be with Our Current Cloud Security Strategies
Enterprises are increasingly turning to Non‑Human Identities (NHIs) to close gaps in cloud security. NHIs pair encrypted secrets with permission sets, offering a machine‑focused layer that traditional point tools lack. Integrated NHI platforms deliver end‑to‑end visibility, automated rotation, and decommissioning across hybrid environments. By embedding NHI lifecycle management, organizations boost risk mitigation, compliance, and operational efficiency.
Pete Recommends – Weekly Highlights on Cyber Security Issues, March 14, 2026
The weekly roundup highlights a surge in retirement‑fraud victims facing six‑figure tax bills after illegal IRA withdrawals, while new privacy tech like Deveillance’s Spectre I aims to block AI‑driven microphone eavesdropping. Major tech firms are grappling with AI policy tensions: Microsoft,...
This DHS Official Oversees the Security of Federal Elections. He Wants to Ban Voting Machines.
David Harvilicz, the DHS assistant secretary for cyber, infrastructure, risk and resilience policy, oversees federal election security while publicly calling for a ban on voting machines. He co‑founded Tranquility AI with James Penrose, a figure linked to debunked 2020 election...
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
China’s CNCERT has warned that OpenClaw, an open‑source autonomous AI agent, suffers from weak default security configurations that can be exploited for prompt‑injection attacks. Researchers demonstrated that indirect prompt injection via link previews can exfiltrate confidential data without user interaction....
Deepfake Worries Hit a New High as One in Four Americans Say They Have Received a Deepfake Voice Call in...
A recent Hiya survey of over 12,000 consumers across six countries found that one in four Americans received a deep‑fake voice call in the past year, with many struggling to tell real from synthetic speech. Respondents reported an average of...
AI Agents Can Breach Chatbots, Heralding AI‑vs‑AI Warfare
An AI agent reportedly hacked a chatbot and gained full read-write access in just two hours. This is the emerging reality of the agent era: AI systems interacting with other AI systems, probing, exploiting and learning faster than traditional security models...
How to Detect and Avoid Voicemail Phishing Scams
Just got an email saying you have a voicemail message from an unknown person. Odds are good the message is part of a scam. Here's how it works, how to spot it, and how to avoid being duped by similar...
AppsFlyer Web SDK Hijacked to Spread Crypto-Stealing JavaScript Code
This week the AppsFlyer Web SDK was temporarily hijacked, delivering obfuscated JavaScript that intercepted cryptocurrency wallet addresses entered on client sites and swapped them for attacker‑controlled wallets. The malicious payload was served from the official domain between March 9 22:45 UTC and March 11,...
Invisible Malicious Code Attacks 151 GitHub Repos and VS Code — Glassworm Attack Uses Blockchain to Steal Tokens, Credentials, and...
Researchers at Aikido Security uncovered a campaign by the Glassworm threat actor that infected at least 151 GitHub repositories between March 3 and March 9. The malware hides in Unicode Private Use Area characters that appear as zero‑width spaces, allowing a decoder...
The $41 Billion Telecom Fraud Secret
Global telecom operators reported $41.82 billion in fraud losses, a rise from the previous year, while consumer losses from spoofed calls remain largely hidden. Spoofed caller ID enables large‑scale authorized push payment scams, accounting for up to half of voice‑channel attacks....
Q&A: Are Chromebooks Safer than Windows Laptops?
The article answers a common enterprise question: are Chromebooks safer than Windows laptops. It explains Chrome OS’s built‑in security layers—verified boot, automatic updates, sandboxed web apps, and tight integration with Google’s cloud services—versus Windows’ broader attack surface and reliance on...
Bain & Company and IBM Address Emerging Cybersecurity Risks for Clients
Bain & Company and IBM have formed a strategic alliance to help private‑equity and corporate clients prepare for the post‑quantum cryptography (PQC) era. The partnership blends IBM Consulting’s quantum‑safe transformation expertise with Bain’s due‑diligence capabilities to assess and remediate emerging...
Identity Theft Protection Services: Do You Actually Need One?
Identity theft reports hit a record 6.47 million in 2024, with median losses near $500. Services marketed as identity‑theft protection are essentially insurance policies that reimburse victims after a breach, not prevent theft. Coverage varies widely; providers like NordProtect promise up...
Why Backup Is The Foundation Of Data Protection, Not The Finish Line
The article argues that traditional backup and recovery, while still essential, are merely the foundation of data protection in a SaaS‑first environment. It highlights the steep cost of downtime—about $9,000 per minute—and cites research showing that 69% of enterprises need...
Reddit 2026: AI Threats Eclipse Classic Phishing Concerns
From Phishing to AI Chaos: What My Analysis of All Reddit CyberSecurity Discussions So Far in 2026 Revealed. By late January 2026, the threads already buzzing with upvotes and sharp commentary were not chasing sci-fi nightmares or unproven breakthroughs. https://t.co/LF7w9E3mMR
How to Migrate From Legacy VPNs to Entra Private Access (Real Strategies From a Veteran)
In this episode, veteran enterprise consultant Richard Hicks walks through the evolution from legacy Microsoft remote access solutions—DirectAccess and Always On VPN—to Microsoft Entra Private Access, a zero‑trust, identity‑centric alternative. He explains how DirectAccess introduced seamless, machine‑level connectivity but was...
Confidential Health Records From UK BioBank Project Exposed Online
The Guardian uncovered that UK Biobank’s confidential health records have been posted online dozens of times, often through researchers accidentally uploading datasets to GitHub. The leaked files, while lacking names and addresses, contain diagnoses, dates, sex and birth month/year for...
Maruti Suzuki’s Dr Tapan Sahoo Calls for Re-Engineering Trust in the Digital Mobility Era
Dr Tapan Sahoo, Executive Officer‑Digital Enterprise at Maruti Suzuki India, urged the automotive industry to re‑engineer trust as mobility becomes a data‑driven, connected ecosystem. Speaking at ETCISO Secufest 2026, he highlighted that cyber risk grows exponentially with the rise of connected, autonomous, shared, and...
Viasat’s HaloNet: The Innovation of Reprogrammable Space Crypto
Viasat unveiled a reprogrammable, space‑qualified cryptographic engine for its HaloNet network, allowing post‑launch updates of algorithms, including quantum‑resistant protections. The module secures telemetry, TT&C, TRANSEC and mission data across S‑, L‑, Ka‑ and optical links, while remaining network‑agnostic and low‑SWaP....
Shor, QLDPC Codes, and the Compression of RSA Resource Estimates (Part II)
The latest "Pinnacle Architecture" analysis shows that factoring RSA keys may require only about 100,000 physical qubits, dramatically lowering the hardware threshold for a cryptographically relevant quantum computer. While the quantum breakthrough narrows the theoretical gap, many critical‑infrastructure systems still...
Quantum Computing Inc. And Ciena Partner for Quantum-Secured Optical Networking at OFC 2026
Quantum Computing Inc. and Ciena unveiled a live demonstration at OFC 2026 of a quantum‑secured optical networking architecture that combines Quantum Key Distribution, Quantum Identity Authentication, and NIST‑certified post‑quantum cryptography. The system runs on Ciena’s Waveserver platform, delivering up to 1.6 Tb/s...
Instagram Should Default to Encryption, Not Cancel It
Instagram should’ve made end-to-end encryption the default for everyone, not shut it down because “very few people were opting in.” https://t.co/dc2xX4WNbt https://t.co/HLmKFqGLOD
Zombie Phishing: Email Threats Returning From the Dead In Your Inbox
Zombie phishing revives compromised email threads, letting attackers slip malicious links or attachments through trusted conversations. By hijacking legitimate accounts, often lacking multi‑factor authentication, criminals bypass many security filters and target employees across all levels. The technique disproportionately affects SMBs,...
D3 Morpheus for Your Microsoft Security Environment
D3 Morpheus plugs the investigation gap in Microsoft‑centric SOCs by autonomously processing every Sentinel alert. It pulls telemetry from Defender, Entra, Intune and DLP, builds a forensic timeline, and delivers a completed investigation in under two minutes. In head‑to‑head tests, Morpheus...
I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites
Security researcher Ben Zimmermann uncovered 39 Algolia admin API keys embedded in open‑source documentation sites that use Algolia’s free DocSearch service. The keys, found through large‑scale frontend scraping and GitHub code searches, grant full write, delete and settings permissions on...
Microsoft: Windows 11 Users Can't Access C: Drive on some Samsung PCs
Microsoft is investigating a Windows 11 issue on Samsung laptops after the February 2026 security updates, where users lose access to the C:\ drive and cannot launch key applications. The error, “C:\ is not accessible – Access denied,” affects Galaxy Book 4 and...
How Is Agentic AI Innovating Financial Sector Practices
Financial institutions are increasingly adopting Non‑Human Identity (NHI) management to secure machine credentials as they migrate to cloud‑based operations. Integrated NHI platforms provide automated secrets rotation, centralized visibility, and context‑aware controls that bridge security and development teams. The emergence of...
How Relieved Are Teams with Managed Machine Identities
Enterprises are increasingly confronting the hidden risk of non‑human identities (NHIs) that power cloud‑native workloads. A shift toward holistic NHI management platforms is enabling continuous discovery, classification, and automated secret rotation across the identity lifecycle. Organizations that adopt these solutions...
Debauit Announced As Debian Source Package Auditor
Debaudit, a new suite of verification tools, was announced to audit Debian source packages. It includes upstream2orig, git2dsc, and git2orig, each checking different stages of the source‑to‑binary pipeline. The tools confirm that upstream tarballs, Git repositories, and generated originals match...
March Patches for Azure DevOps Server
Microsoft has released Patch 2 for Azure DevOps Server on March 13 2026, addressing a defect that could deactivate group memberships. The update applies to on‑premises installations that were deployed before the re‑published release and completes remediation for customers who previously ran the...
How to Spot 'Living Off the Land' Computer Attacks
Living‑off‑the‑land (LOTL) attacks exploit built‑in system utilities such as PowerShell, WMI, and trusted applications instead of dropping traditional malware. Threat actors hijack these native tools to execute code, elevate privileges, and move laterally while evading most antivirus signatures. A recent...
AiLock Ransomware Claims England Hockey Data Breach
England Hockey confirmed a ransomware investigation after the AiLock gang claimed to have stolen roughly 129 GB of internal data and threatened public release. The group, known for its double‑extortion tactics, encrypts files using ChaCha20 and a post‑quantum NTRUEncrypt algorithm. England...
What to Expect During Chainguard Assemble: Join theCUBE on March 19
Chainguard Assemble, livestreamed by theCUBE on March 19, will focus on embedding trust into modern software delivery as supply‑chain risk climbs to a boardroom priority. Research from theCUBE shows 72% of enterprise application teams now rank software supply‑chain risk among...
Re: Palantir: Coalition Urges NHS Organisations to Refuse to Use Controversial Tech Giant’s Software
A coalition of patients, clinicians and civil groups is urging NHS organisations to reject Palantir Technologies' £1 billion Federated Data Platform, which aggregates sensitive patient information across the service. Over 50,000 patients have formally objected, and the British Medical Association has...
The FBI Is Looking Into Steam Games Loaded with Malware—And One Is Still up on the Store
The FBI’s Seattle Division has opened an investigation into multiple Steam games that contain malicious code, targeting users between May 2024 and January 2026. Games such as BlockBlasters, PirateFi, Tokenova and others have been identified, with several removed from the platform after...
UK Government to Build Its Own National Digital ID App
The UK government announced it will develop a national digital identity app using internal resources rather than outsourcing. The app will employ a federated architecture, keeping personal data within the originating department instead of a central repository. Officials project tens...
Intuitive Surgical Hit by Cybersecurity Phishing Incident
Intuitive Surgical disclosed a phishing breach that accessed employee and customer data via a compromised internal administrative network. The company promptly activated its incident‑response plan, secured affected applications, and confirmed that its da Vinci, Ion, and digital platforms remained untouched....
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
Cisco disclosed six new SD‑WAN Manager vulnerabilities, with CVE‑2026‑20127 receiving a perfect 10‑score and confirmed zero‑day exploitation for three years. Researchers warn that the focus on this high‑profile bug has eclipsed CVE‑2026‑20133, a 7.5‑score information‑disclosure flaw that can expose admin...
Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly
Praetorian’s open‑source credential scanner Brutus now ships native RDP support and automated sticky‑keys backdoor detection. The team embedded the Rust‑based IronRDP library as a WebAssembly module, eliminating CGO dependencies and keeping the binary pure‑Go. Detection combines pixel‑difference heuristics with an...
USENIX Security ’25 (Enigma Track) – Securing Packages In Npm, Homebrew, PyPI, Maven Central, And RubyGems
At USENIX Security ’25’s Enigma Track, GitHub engineer Zach Steindler presented a deep dive into securing software packages across major ecosystems—including npm, Homebrew, PyPI, Maven Central, and RubyGems. The talk highlighted recent supply‑chain breaches, demonstrated how metadata verification, cryptographic signing,...
Meta Strips End-to-End Encryption From Instagram DMs
A terrible step back for privacy and it's crazy that Meta announced this by updating a support page https://www.androidpolice.com/instagram-is-getting-rid-of-end-to-end-encryption-for-dms/
AI Purchasing Agents Spark New Regulatory and Fraud Risks
AI agents controlling purchasing decisions? This opens doors to new regulatory and fraud challenges. Just like with humans, granting too much authority without checks can lead to significant risks. #AIFraud #Cybersecurity https://t.co/MRMusydajg
Meta Is Killing End-to-End Encryption for Instagram DMs Soon
Meta announced that Instagram will discontinue end‑to‑end encryption for direct messages on May 8 2026. Users will see an in‑app notice and can download affected chats before the feature is removed. The company cited low opt‑in rates as the reason, directing users...
Meta Drops Instagram DM End‑to‑end Encryption
Meta appears to be reversing its strong stance on encryption. The first obvious casualty is that they’re abandoning and disabling end-to-end encryption in Instagram DMs.
Linux Community Deems New CA Law Ridiculous, Unenforceable
As I read and listen to responses to the new CA law, a theme emerged: the Linux community thinks this is ridiculous and is unlikely to comply (and compliance would be next to impossible to enforce...) https://t.co/hiQJkTfESN
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Unit 42 has identified a China‑backed espionage campaign, designated CL‑STA‑1087, that has been infiltrating Southeast Asian military organizations since at least 2020. The operation deploys two custom backdoors, AppleChris and MemFun, alongside a credential‑harvesting tool called Getpass, using techniques such...
Android 17 Beta 2 Cracks Down on Accessibility Misuse
Advanced Protection Mode in Android 17 Beta 2 starts clamping down on apps that misuse accessibility services But these could include your favorite automation tools, launchers, or customization apps. ✅ Details - https://t.co/UQzdvkVExT https://t.co/MkNBVjjIfa
Cyberattackers Don't Care About Good Causes
A Dark Reading roundtable highlighted that nonprofit organizations, despite being critical infrastructure, are increasingly targeted by cybercriminals because they store sensitive personal and operational data while operating with limited security budgets. Panelists including Wendy Nather of 1Password and Sightline Security’s...
Poland's Nuclear Research Centre Targeted by Cyberattack
Poland’s National Centre for Nuclear Research (NCBJ) detected and blocked a cyberattack on its IT infrastructure before any damage occurred. The institute’s security systems and rapid response prevented compromise of the MARIA research reactor, which continued operating at full power....
Mapping the Unknown: Introducing Pius for Organizational Asset Discovery
Praetorian has released Pius, an open‑source Go binary that consolidates asset discovery across five Regional Internet Registries, Certificate Transparency logs, and more than 20 intelligence sources. The tool normalizes data, assigns confidence scores, and outputs results in formats ready for...