Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
How to Enable Google's Free VPN on Your Pixel Phone - It's Easy
Google now bundles a free VPN, called VPN by Google, into Pixel 7 and newer devices and the Pixel Tablet. The service encrypts all outbound traffic, shielding users on public Wi‑Fi from eavesdropping and preventing ISPs from tracking browsing habits. Activation is built into Android Settings, with options to pause, add a Quick Settings tile, or exclude specific apps. While it does not provide location spoofing, it offers a zero‑cost privacy layer for everyday mobile users.
Patch Me If You Can: AI Codemods for Secure-by-Default Android Apps
Meta’s Product Security team unveiled a two‑pronged solution to harden Android apps at scale: secure‑by‑default frameworks that wrap risky OS APIs, and generative‑AI‑driven codemods that automatically migrate existing code to those frameworks. The AI system can propose, validate, and submit...
MoonPay Introduces Ledger-Secured AI Crypto Agents to Address Wallet Key Risks
MoonPay has integrated Ledger hardware‑wallet signing into its MoonPay Agents, a command‑line interface that powers AI‑driven crypto trading bots. The addition requires users to approve every AI‑generated transaction on a Ledger device, keeping private keys isolated from the software agent....
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
The Omdia 2025 Mobile Device Security Consumer Survey finds phishing to be the top smartphone threat, affecting 27% of users and 40% of Americans. Google’s on‑device AI scam detection is available in 27 countries but still misses sophisticated attacks, while...
Hack the AI Brain: LangSmith Vulnerability Could Expose Sensitive AI Data
Researchers at Miggo Security uncovered CVE‑2026‑25750 in LangSmith, an AI observability platform used to monitor LLM applications. The flaw stems from an unvalidated baseUrl parameter in LangSmith Studio, allowing a malicious URL to redirect authenticated API calls to an attacker‑controlled...
A Three-Way Partnership Built Around IT, Security, and Risk Drives AI-Era Success
Enterprises adopting AI and automation face heightened cybersecurity, governance, and model‑risk challenges. ServiceNow and consulting firm Crowe propose a three‑way partnership that aligns IT, security, and risk into an integrated operating model. The approach embeds governance into workflows, automates cross‑functional...
Health Care Identity Verification Tech Surges Amid Data Vulnerability Fears
Healthcare providers are accelerating the adoption of biometric identity verification to curb fraud and meet HIPAA‑aligned patient‑matching standards. A recent exposure of an unsecured IDMerit database, containing roughly one billion personal records, highlighted the vulnerability of centralized biometric repositories. Vendors such...
Inside the World of 'PayPal's AG'
PayPal’s global financial‑crime chief, David Szuchman, leverages his two‑decade law‑enforcement background to counter a 600% surge in fraud attacks that threaten the fintech’s trillion‑dollar transaction flow. The company has integrated AI that evaluates over 500 data points and launched an...
US and European Authorities Disrupt socksEscort Proxy Service Tied to AVrecon Botnet
Law enforcement agencies in the US and Europe dismantled the SocksEscort proxy service, which leveraged the AVrecon botnet to hijack roughly 369,000 routers and IoT devices across 163 countries. The operation, dubbed Operation Lightning, seized 34 domains and 23 servers,...
The 3 Things You Need to Know About Passwords, From a Security Expert
Cybersecurity expert Jake Moore urges users to adopt password managers, citing low global adoption of roughly one‑third. He explains that managers generate long, unique passwords and store them securely, eliminating the need to remember multiple credentials. The article highlights that...
Understanding Custom Authorization Mechanisms in Amazon API Gateway and AWS AppSync
Amazon API Gateway and AWS AppSync both support custom Lambda authorizers, but they serve different API paradigms. In API Gateway, the authorizer runs before the backend integration and returns an IAM policy that determines whether the request proceeds. In AppSync,...
45,000 Malicious IP Addresses Taken Down in International Cyber Operation
An INTERPOL‑coordinated effort, Operation Synergia III, dismantled more than 45,000 malicious IP addresses and servers between July 2025 and January 2026. Law enforcement from 72 countries arrested 94 suspects and seized 212 devices, while investigations continue against another 110 individuals. The operation uncovered extensive...
The Broken Records: Tracing the Human Cost of the 2022 British MoD Leak
In February 2022 the UK Ministry of Defence inadvertently released personal data on roughly 18,700 Afghan nationals who had supported British forces and were seeking protection. The breach remained undisclosed for almost two years, and a High Court super‑injunction in September 2023...
The Big One: Cyberattack that Could Cripple Food and Drink
Cyberattacks on food and beverage firms are accelerating, with ransomware remaining the most disruptive weapon. High‑profile incidents such as Campari’s $15 million ransom and JBS’s multi‑country shutdown illustrate how legacy OT systems and interconnected supply chains amplify risk. Experts warn that...
Who Is MuddyWater?
MuddyWater is an Iranian state‑linked cyber‑espionage group active since at least 2017, targeting governments, energy, telecom and defense sectors worldwide. Recent campaigns, especially Operation Olalampo (2025‑2026), show a shift toward hybrid operations that combine intelligence gathering with disruptive tactics, employing...
Reimagining the Enterprise Desktop—Why Island Is Joining the Conversation at IGEL Now & Next Miami
Enterprise desktops are giving way to a browser‑first model as SaaS and remote work dominate. Island, an enterprise browser, is joining IGEL’s Now & Next Miami 2026 event to discuss how browsers can become the security and policy enforcement layer...
Scammers Use AI-Generated Images of Lost Dogs to Target Pet Owners
Scammers are exploiting AI image generators to fabricate photos of missing dogs, claiming the animals are injured and need costly emergency surgery. Victims in Florida and California have been pressured to send money via platforms like Zelle after receiving realistic...
EU Cybersecurity Proposals Pose Significant Risks for Ireland and Irish Businesses – Digital Business Ireland
Digital Business Ireland (DBI) warns that the EU’s proposed Cybersecurity Act revision, known as CSA2, could expose Ireland and its businesses to broad, undefined compliance obligations. The draft grants the European Commission power to label entire third‑country suppliers as "high‑risk"...
SEALSQ and Parrot Expand Partnership to Secure Drones with PQC
SEALSQ Corp and Parrot SA are expanding their partnership to embed post‑quantum cryptography (PQC) into Parrot’s next‑generation professional drones. The collaboration will integrate NIST‑approved CRYSTALS‑Kyber and CRYSTALS‑Dilithium algorithms at the semiconductor level, building on existing SEALSQ secure elements in the...
Police Sinkholes 45,000 IP Addresses in Cybercrime Crackdown
Operation Synergia III, an Interpol‑led crackdown from July 2025 to January 2026, sinkholed roughly 45,000 malicious IP addresses and seized 212 servers across 72 countries. The operation resulted in 94 arrests, with another 110 suspects under investigation, and uncovered over 33,000 phishing and fraudulent...
How AI Is Transforming the Modern Firewall for State and Local Government
State and local governments are adopting a hybrid‑mesh firewall model that spreads enforcement across branch offices, cloud workloads, data centers and remote users. AI is being embedded directly into these firewalls to govern generative‑AI usage, enforce data‑loss‑prevention, and automate rule‑set...
Corvex Announced the Launch of Secure Model Weights
Corvex announced early availability of Secure Model Weights, a patent‑pending solution that encrypts AI model weights end‑to‑end and decrypts them only inside NVIDIA Hopper/Blackwell GPUs operating in Confidential Computing mode. The architecture combines GPU TEEs, Intel TDX, remote attestation, and...
Sebi Imposes Rs 10 Lakh Fine on Anand Rathi for Violation of Stock Brokers' Norms
India’s securities regulator SEBI imposed a ₹10 lakh fine on Anand Rathi Share and Stock Brokers Ltd for multiple breaches of stock‑broker norms. The investigation covering April 2023 to August 2024 found the firm failed to promptly report a May 2024 technical glitch and delayed...
Tomorrow's Fraud Techniques
Fraudsters are leveraging AI, deepfakes and synthetic identities to turn once‑rare, highly coordinated attacks into routine events. Financial institutions now face daily sophisticated scams, from voice‑cloned phishing calls to long‑standing fake personas that suddenly cash out. Experian’s chief product officer...
Tech Mahindra and Rubrik Announce Partnership to Deliver Advanced Cyber Recovery and Resilience Solutions for Global Enterprises
Tech Mahindra and Rubrik have teamed up to launch an AI‑powered Cyber Recovery as a Service (CRaaS) aimed at global enterprises. The joint solution blends Tech Mahindra’s end‑to‑end cybersecurity expertise with Rubrik’s data security platform to deliver rapid, clean restoration...
What to Do if You’re a Data Breach Victim (and You Probably Are)
Data breach notifications have become routine, with 80% of Americans receiving at least one notice in the past year and many seeing three to five letters. Federal and state laws compel companies to alert consumers promptly, yet complex investigations can...
Accertify’s Attack State Targets Credential Stuffing and ATO Attacks
Accertify introduced Attack State, a new module within its Account Protection suite that continuously monitors login activity to spot coordinated credential‑stuffing and account‑takeover attacks. By benchmarking real‑time behavior against an organization’s typical traffic patterns, the tool flags anomalies across web,...
Interpol Teams up with Tech Firms to Seize 45,000 Malicious IPs, Servers in Global Cyber Crime Crackdown
Interpol’s Operation Synergia III, conducted with law‑enforcement agencies from 72 countries, dismantled more than 45,000 malicious IP addresses and seized 212 servers and electronic devices. The crackdown resulted in 94 arrests and 110 ongoing investigations, targeting phishing, malware and ransomware campaigns, including...
Telia Norway Upgrades Svindelsperre Scam Blocker
Telia Norway has rolled out an upgrade to its Svindelsperre scam‑blocking service, which debuted last year. The enhancement, operational for three weeks, automatically rejects international calls originating from numbers that do not conform to standard numbering formats. By filtering out...
CBN Mandates Liveness Checks and Device Limits to Fight Digital Banking Fraud
The Central Bank of Nigeria has issued a new regulatory framework requiring real‑time liveness verification and BVN/NIN validation for all account openings and reactivations. Mobile banking apps must be bound to a single device, with additional multi‑factor authentication for any...
ATM Jackpotting Suspect Added to FBI’s Ten Most Wanted List
The FBI has placed Anibal Alexander Canelon Aguirre, alleged leader of a nationwide ATM jackpotting ring, on its Ten Most Wanted Fugitives list, marking the first cyber‑crime suspect to receive that designation. Investigators say the operation installed malware on ATMs...
![LastPass Vs. 1Password: Which Password Manager Should You Use? [2026]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://images.ctfassets.net/lzny33ho1g45/6n85uv2G0G1Cr1M2VSE22F/bd6206145d3a774055839ab72a421ee0/lastpass-vs-1password-hero.jpeg)
LastPass Vs. 1Password: Which Password Manager Should You Use? [2026]
The article pits LastPass against 1Password, highlighting LastPass’s 2022 data breach, a $24.5 million settlement, and lingering security criticisms. In contrast, 1Password boasts a breach‑free record, full‑field encryption and a dual‑factor master key. Feature parity is high—both offer cross‑platform autofill, password...
Veeam Fixes RCE Bugs in Critical Backup & Replication Platform
Veeam released a critical security patch (version 12.3.2.4465) on March 12, 2026, fixing seven vulnerabilities in its Backup & Replication platform, including the high‑severity CVE‑2026‑21666 and CVE‑2026‑21667 which both score 9.9 on the CVSS scale. The update also resolves additional...
The FBI Is Looking for Victimized Steam Users Who Downloaded Games with Hidden Malware — Investigation Underway Into Multiple Infected...
The FBI has opened an investigation into malware‑laden fake games on Steam released between 2024 and 2026, urging affected users to come forward. Titles such as Chemia, Dashverse, Lampy, Lunara, PirateFi, Tokenova and BlockBasters were identified as carriers of crypto‑draining...
Enterprise AI Security Firm Bold Raises $40m
Enterprise AI security startup Bold emerged from stealth after closing a $40 million Series A round led by Bessemer Venture Partners, Picture Capital and Red Dot Capital Partners. The company’s edge‑AI platform runs lightweight models on each endpoint to monitor user behavior,...
Stryker Says Cyberattack Disrupted Processing, Manufacturing and Shipping
Stryker, the U.S. MedTech leader, confirmed a cyberattack by the Iran‑linked Handala group disrupted its order processing, manufacturing and shipping operations. The breach originated in Stryker’s Microsoft environment but was contained to internal systems, leaving connected medical devices unaffected. The...
The Cyber Resilience Act and Cloud Native: Understanding the Impact
The EU’s Cyber Resilience Act (CRA) will become fully enforceable in 2027, extending mandatory cybersecurity requirements to any product with digital elements sold in the EU, including container images, Helm charts and Kubernetes operators. It codifies three core obligations: security‑by‑design...
Shaping Europe’s Cybersecurity Standards: Highlights From the 10th Cybersecurity Standardisation Conference
The 10th Cybersecurity Standardisation Conference, co‑hosted by CEN, CENELEC, ETSI and ENISA in Brussels, highlighted Europe’s coordinated push for faster yet high‑quality cyber standards. Delegates examined the role of standards in supporting the Cyber Resilience Act, NIS2 and DORA, and...
Face Value: What It Takes to Fool Facial Recognition
ESET security advisor Jake Moore demonstrated how consumer‑grade smart glasses, deep‑fake tools, and face‑swap software can defeat widely deployed facial recognition systems. He captured strangers’ faces in real time, created AI‑generated identities to open a bank account, and bypassed a...
Markets/Coverages: Coalition Provides Expended Cyber Protection in Canada
Coalition, a San Francisco‑based cyber insurer, launched its Active Cyber Policy in Canada, expanding coverage to address ransomware, AI‑enabled fraud and heightened regulatory scrutiny. The policy bundles popular endorsements, offers optional separate limits for breach response, and introduces financial incentives for...
Fintech Company & ADCB Launch Egypt’s First Transactional Fraud Solution Powered by AI
Network International and ADCB Egypt have launched Egypt’s first AI‑powered transactional fraud solution, FICO Falcon Fraud Manager. The system leverages machine‑learning to build behavioral profiles and analyze millions of transactions in real time, instantly flagging suspicious activity. Deployment marks a milestone in...
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP
AI‑HealthTech firm Humata Health announced a partnership with security specialist AccuKnox to embed Zero‑Trust CNAPP and Application Security Posture Management into its SaaS platform. The solution, deployed on‑premises, satisfies HIPAA requirements and integrates with Azure DevOps and GitLab for automated...
Beyond File Servers: Securing Unstructured Data in the Era of AI
Legacy file servers still host regulated folders, but most business workflows now live in collaborative documents, code repositories, chat platforms, and AI assistants. Traditional security tools focus on scanning static file locations, leaving gaps where data is created, shared, and...
Travel Miles Sold as Underground Currency, Costing Billions
Going the Extra Mile: Travel Rewards Turn into Underground Currency. 🏖️ ✈️ 💬 Airline miles were designed as rewards, however, in cybercrime markets, they are inventory. In many cases, the theft begins with credential compromise and ends with miles quietly converted...
AI Agents Already Breaching Passwords—Security Must Evolve Fast
AI agents just published passwords and overrode security in lab tests. This isn't sci-fi—it's happening now. The question isn't IF autonomous AI will break rules, it's whether your security adapts faster than the threats. Are you concerned?
Hybrid Resilience: Designing Incident Response Across On-Prem, Cloud and SaaS without Losing Your Mind
Hybrid incident response demands more than tool consolidation; a shared incident language and unified command structure are essential. The author proposes a contract that standardizes severity, hypothesis, timeline, and communication cadence across on‑prem, cloud, and SaaS teams. Portable telemetry—user‑journey metrics,...
Beyond IAM: Governing AI-to-AI Authorization for CIOs
IAM isn't enough when AI agents are talking to AI agents (A2A). The new frontier is Authorization. How do you govern layers of access in a world of autonomous processes? The 9 realities every CIO must face: 🔗 https://t.co/l36K8t0jnp #Identity #CISO #RSAC2026 #CyberRisk
New Cyber Strategy Emphasizes Deterrence for National Security
Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure S3E10 - Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross | McCrary Institute https://t.co/PmPdYTO5Zq
EU Advances Message Scanning, Yet Dark Timeline Persists
The EU seems to be going in the right direction when it comes to mass message scanning. Unfortunately, the fact that this vote was necessary proves that we’re still in the dark timeline. https://t.co/Tci3GoLsPg
AI, 5G, IoT, Quantum Redefine Privacy and Security
Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security https://t.co/P5qqtToeX8 #cybersecurity #ArtificialIntelligence #quantum #tech #book