Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Storm-2561 Targets Enterprise VPN Users with SEO Poisoning, Fake Clients
Microsoft warned that the cyber‑crime group Storm‑2561 is hijacking search‑engine results to distribute trojanized VPN clients, stealing corporate credentials and covering its tracks. The campaign uses SEO poisoning to push spoofed download pages for popular VPN solutions, delivering digitally signed malware hosted on GitHub. The payload drops a fake Pulse Secure client, side‑loads a Hyrax‑based infostealer, and persists via the RunOnce registry key before redirecting victims to the legitimate client. The operation has been active since May 2025 and leverages a valid certificate to evade detection.
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
Law enforcement agencies in the United States and Europe have dismantled SocksEscort, a malicious proxy service powered by the AVrecon botnet that leveraged compromised routers and IoT devices. The operation uncovered roughly 363,000 IP addresses across 163 countries and about...
Starbucks Discloses Data Breach Affecting Hundreds of Employees
Starbucks announced a data breach that compromised 889 of its Partner Central employee accounts, exposing names, Social Security numbers, dates of birth, and banking details. The intrusion, traced to credential theft via spoofed login sites, occurred between Jan 19 and Feb 11,...
Red Access Firewall-Native SSE Adds GenAI Security and Browser Protection to Existing Firewalls
Red Access unveiled a firewall‑native Security Service Edge (SSE) that sits atop any existing firewall without agents, instantly delivering GenAI‑driven security, data loss prevention, CASB, and browser isolation. The solution is vendor‑agnostic, supporting Palo Alto Networks, Fortinet, Cisco and Check...
The Cyber Perimeter Was Never Dead. We Just Abandoned It.
The article argues that the network perimeter is not dead, but has been neglected as organizations focus on cloud‑native identities. Federal actions—FBI’s Winter SHIELD operation and CISA’s BOD 26‑02 directive—force a hard look at weak authentication, excessive privileges, and unsupported edge...
Google Fixes Two New Chrome Zero-Days Exploited in Attacks
Google issued emergency updates on March 13 2026 to fix two high‑severity Chrome zero‑day flaws—CVE‑2026‑3909 in the Skia graphics library and CVE‑2026‑3910 in the V8 JavaScript/WebAssembly engine. Both vulnerabilities were confirmed to be exploited in the wild, prompting rapid patches for the...
AI Coding Agents Keep Repeating Decade-Old Security Mistakes
Researchers evaluated three leading AI coding agents—Claude Code, OpenAI Codex, and Google Gemini—by tasking them with building two real‑world applications from scratch. Across 30 pull requests and 38 security scans, 143 vulnerabilities were found, with 87 % of PRs containing at...
Passwords, MFA, and Why neither Is Enough
The article argues that traditional passwords and even multi‑factor authentication (MFA) no longer provide sufficient protection against modern credential attacks. It highlights how SMS codes can be intercepted via SIM swapping, authenticator apps are prone to replay and push‑bombing attacks,...
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
International law‑enforcement agencies dismantled the SocksEscort proxy botnet, which compromised roughly 369,000 residential routers in 163 countries. The operation, dubbed Operation Lightning, seized 34 domains, 23 servers and froze $3.5 million in cryptocurrency. SocksEscort sold proxy access to criminals, enabling fraud...
Ransomware Data Breaches Soar in the U.S., Affecting K12 and Higher Ed Privacy
Ransomware attacks on educational institutions reached 251 incidents in 2025, with the United States accounting for 130 of those events. American schools and universities suffered 3.89 million compromised records, representing over 98% of all stolen data in the sector, while global...
From Legacy Architecture to Cloudflare One
Cloudflare and CDW have teamed up to simplify Zero Trust migrations for large enterprises, offering a structured, risk‑aware pathway from fragmented VPNs to the Cloudflare One SASE platform. Their tiered methodology categorizes applications by complexity, moving simple SaaS first and...
Stryker's Operations Disrupted by Iran-Linked Cyberattack
Stryker $SYK said a cyberattack related to the Iranian conflict is still disrupting its operations, including order processing, manufacturing and shipping - WSJ
AI Vulnerable to Social Engineering‑Style Deception Tactics
New on the not-a-newsletter... The Problem is Steve from Accounts ($$$) https://t.co/omSd1tEjla Traditional social engineering preys on trust, fear, and urgency. AI lacks psychology, at least as far as I know, but it can and will be exploited through analogous deceptions. https://t.co/y7CZrIEs8R
Ubuntu's AppArmor Hit By Several Security Issues - Can Yield Local Privilege Escalation
Canonical’s AppArmor security module for Ubuntu was found to contain several critical vulnerabilities, collectively dubbed “CrackArmor.” The flaws can cause kernel memory denial‑of‑service, information leaks, and, when combined with a sudo issue, enable local privilege escalation. Ubuntu has issued patches...
Apple’s Platform Security Guide Adds a Brief Note on the MacBook Neo’s On-Screen Camera Indicator
Apple’s Platform Security Guide now highlights a new privacy safeguard on the MacBook Neo, which integrates the A18 Pro silicon and dedicated camera‑security hardware. The design guarantees that any camera activation— even by software with root or kernel privileges—must trigger...
Elon Musk's DOGE Goon Gets Busted Stealing Social Security Data of over 500 Million Citizens
Elon Musk’s Department of Government Efficiency placed a former engineer inside the Social Security Administration, where a whistleblower alleges the individual stole a massive trove of personal data. The complaint has triggered investigations by federal watchdogs into a potential breach...
Indirect Prompt Injection with Cross-Document Data Exfiltration
Researchers have uncovered a high‑severity Indirect Prompt Injection (IPI) vulnerability affecting four Google AI surfaces—Gemini Advanced, Gemini in Google Drive, NotebookLM chat, and NotebookLM Studio. By embedding a Base64‑obfuscated directive in a Drive document, an attacker can force the model...
Formidable Forms Flaw Lets Attackers Pay Less For Expensive Purchases via @Sejournal, @Martinibuster
A critical vulnerability (CVE‑2026‑2890) in the Formidable Forms WordPress plugin allows unauthenticated attackers to bypass Stripe payment verification. The flaw, present in all versions up to 6.28, lets a low‑value PaymentIntent be reused to mark a higher‑value purchase as paid....
Canadian Retail Giant Loblaw Notifies Customers of Data Breach
Lobster Companies Limited, Canada’s largest food and pharmacy retailer, disclosed a breach affecting a non‑critical segment of its IT network. Hackers accessed basic customer information, including names, phone numbers and email addresses, but no financial, health, or password data appears...
Japan Warns Companies Considering Ukraine Support on Potential Leaks by Huawei
Japan’s government cautioned domestic firms that aid Ukraine’s reconstruction about the risk of technology and sensitive data leaks via Huawei‑supplied 5G networks. The warning follows a Ukrainian telecom operator’s 5G trials with Huawei and a failed bid by Japan’s Rakuten...
Data Breach at NYC Health + Hospitals Partner Exposes Info of 5,086 Patients
A data breach at NADAP, a care‑management partner of NYC Health + Hospitals, exposed protected health information for 5,086 patients. The unauthorized access occurred around Nov. 26, 2025 and was discovered on Jan. 10, 2026, with the health system notified...
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iran’s Ministry of Intelligence and Security (MOIS) is now openly partnering with cyber‑criminal groups, embedding tools like the Rhadamanthys infostealer into its APT operations. The strategy, highlighted by Check Point research, shows MOIS‑run groups such as Void Manticore and MuddyWater buying...
Third‑Party Code Now Top Cloud Threat; AI Offers Remedy
Unfortunately for the vibrancy and velocity of modern developer ecosystems (something I’ve been bullish on for two decades), third-party software has now become the #1 initial access vector in cloud intrusions, jumping from under 3% to 44.5% of cases in...
Commercial Spyware Opponents Fear US Policy Shifting
Recent U.S. actions have raised alarms among spyware opponents, as ICE reactivated a contract with Paragon Solutions and the Treasury lifted sanctions on Intellexa executives. Meanwhile, major spyware firms Paragon and NSO Group were sold to U.S. investors, signaling potential...
Medical Technology Company Stryker Disrupted Globally by Cyberattack
Stryker, a leading medical‑technology supplier, announced a cyberattack on March 11 that compromised its Microsoft environment, though no ransomware or malware was detected. The breach disrupted the company’s global operations and prompted immediate containment efforts. Stryker is coordinating with hospital networks...
Onyx Security Launches With $40M
Onyx Security has launched its secure AI control plane, raising $40 million from investors Conviction and Cyberstarts. The platform consolidates security, governance, and infrastructure functions to monitor AI agents across enterprises. Powered by proprietary models, it promises compliance, risk mitigation, and...
UK Fraud Strategy Considers Business Digital Identity and IDV
The UK Home Office released the Fraud Strategy 2026‑2029, committing £250 million to combat fraud and cyber‑crime, with a focus on digital identity and biometric verification. The plan introduces a £30 million Online Crime Centre, tighter KYC for company directors, and a...
DOD Is Finally Leaning Into CMMC 2.0 Requirements for CUI
The Department of Defense has accelerated enforcement of CMMC 2.0 for contracts handling Controlled Unclassified Information, a shift driven by recent White House contracting reforms. Since January, more DoD solicitations explicitly require specific CMMC levels, prompting contractors to prove their data‑security...
AutoCAD Users May Have a Ransomware Problem – Here's What They Can Do
Cybercriminals are now disguising ransomware as AutoCAD file types, a tactic uncovered by Veeam’s security team. With AutoCAD commanding roughly 40% of the CAD market, attackers exploit the trusted .dwg and .dwt extensions to bypass naïve file‑type filters. The deception...
Study Finds That AI Is Organizations’ Top Cybersecurity Fear
More than half of surveyed organizations now rank generative AI as their top cybersecurity threat, overtaking stolen credentials. AI‑driven attacks such as deepfakes and hyper‑personalized phishing are proliferating, with phishing emails appearing every 19 seconds in 2025. Nearly 40% of...
Deepfakes Force Enterprises to Rethink Cybersecurity
Enterprises face rising deepfake threats as generative AI matures, prompting a shift from simple detection tools to layered security strategies. Current detection systems achieve only about 80% accuracy and lack explainability, limiting legal and public trust. Vendors such as GetReal...
Edit AI Photos Safely: Faces Hidden, Realism Preserved
A new privacy-focused system enables users to edit and share photos with generative AI tools while keeping sensitive identity features, such as faces, hidden from external platforms, maintaining both photorealism and data security. privacybydesign
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Brazilian security firm ZenoX has uncovered VENON, a Rust‑based banking trojan that targets 33 banks and digital‑asset platforms. The malware uses DLL side‑loading, shortcut hijacking, and nine evasion techniques before delivering credential‑stealing overlays. Distribution relies on a PowerShell‑driven ZIP chain,...
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Security researchers have uncovered a new phishing technique that leverages Cloudflare's Turnstile human‑verification widget to conceal fraudulent Microsoft 365 login pages. The malicious sites present a Turnstile challenge, then use the visitor's IP to identify security professionals or bots and serve...
Active Directory Flaw Enables SYSTEM Privilege Escalation
Microsoft disclosed CVE-2026-25177, an Active Directory Domain Services flaw with an 8.8 CVSS rating that lets attackers manipulate Service Principal Names using hidden Unicode characters. The vulnerability enables privilege escalation to SYSTEM level across the domain, even with minimal initial...
Telus Digital Confirms Breach After ShinyHunters Claims 1 Petabyte Data Theft
Canadian BPO provider Telus Digital has confirmed a security incident after the hacker group ShinyHunters alleged stealing nearly one petabyte of data in a breach that spanned several months. The claim, made public in early March 2026, follows a prolonged...
Iran’s Digital Arsenal: When Invisible Fences Rise in the Conflict
On 28 February 2026, coordinated cyber operations drove Iran’s internet traffic to just 1‑4 % of normal levels, coinciding with US‑Israeli air strikes that killed the Supreme Leader. Analysts attribute the blackout to a hybrid mix of regime‑imposed whitelisting, large‑scale DDoS attacks,...
BioCatch’s DeviceIQ Brings Pre-Login Mobile Device Intelligence to Digital Banking
BioCatch introduced DeviceIQ, a pre‑login device identification platform for digital banking that evaluates device trustworthiness before users reach authentication screens. The solution tackles sophisticated fraud tactics such as emulators, spoofed devices, cloaked browsers, and jailbroken handsets, while maintaining a persistent...
AuthID and Section 2 Tie Biometric Authentication to Financial Crime Intelligence Workflows
authID has partnered with Section 2 to embed biometric verification and its Mandate AI governance framework into Section 2’s TENet and TRACC financial crime intelligence platforms. The integration creates an auditable chain of custody, linking every AML or threat‑finance output to a...
How KiloClaw Is Built to Be Secure
KiloClaw is a managed compute platform for OpenClaw AI agents that places security at its core. Each customer runs on a dedicated Firecracker microVM, providing hardware‑level isolation, while five independent layers—identity routing, dedicated app environments, network isolation, VM boundaries, and...
Cyberattack on Stryker Highlights Geopolitical Tensions and Security Risks
On March 11, Stryker reported a global outage that wiped devices for its 5,500 employees across Ireland, the US, Australia and India. The breach displayed an Iran‑affiliated logo and was claimed by the hacktivist group Handala, though no ransomware was...
OCR Director Defends HIPAA Updates: "The Cost of Doing Nothing Is Very High"
OCR director Paula Stannard told HIMSS attendees that the HHS Office for Civil Rights is still reviewing 4,700 public comments on the Biden‑era HIPAA Security Rule proposal, which would impose stricter controls and longer implementation timelines. She warned that the...
Operating Lightning Takes Down SocksEscort Proxy Network Blamed for Tens of Millions in Fraud
Operation Lightning, a coordinated effort by the FBI and law‑enforcement agencies in Austria, France, the Netherlands and six other nations, dismantled the SocksEscort residential proxy network. The operation seized 23 servers, 34 domains across seven countries and froze roughly $3.5 million...
HHS Launches New Cyber Assessment Tool to Secure Health Systems
The U.S. Department of Health and Human Services has added a cybersecurity assessment module to its Risk Identification and Site Criticality (RISC) toolkit, responding to more than 2,200 cyber incidents reported in 2025. The free, online tool guides hospitals, health...
Secure Your Code: Guardrails for AI Assistants
If your developers are using Copilot or Claude Cowork heavily, how are you handling the security side? Code context Internal repos Sensitive data exposure Feels like a lot of organizations adopted these tools before really thinking through the guardrails. What are you doing to protect...
AI Is Essential to Counter AI-Driven Cyberattacks
You can’t defend against AI-driven cyberattacks without AI. Attackers move faster and automate everything. Humans alone can’t keep up. AI agents speed up detection, pattern analysis, and reporting—so CISOs focus on decisions, not dashboards. Learn More: https://bit.ly/4s2Is77 #ElasticPartner #Elastic #ArtificialIntelligence #CyberSecurity #Security #DigitalTransformation
Responsible AI Starts with Zero‑Trust Data Governance
RT You can't have responsible AI without responsible data. Classify AI data, extend zero trust, encrypt in use, and spell out non-negotiable governance policies from day one. #AISecurity #DataGovernance @Star_CIO https://t.co/aiB5P99ido
Threat Actors Now Favor Third‑party Software Flaws over Credentials
"For the first time since we began publishing the CTHR in 2021, we observed a tactical pivot by threat actors. They’re now targeting third-party software vulnerabilities more than weak or missing credentials as the primary initial access vector." https://t.co/wSC5lPPGAZ
Cybercrime Costs Could Reach $10.5 T by 2025
Cybercrime isn’t slowing. Costs could hit $10.5T by 2025, driven by nation-states, gangs, and a growing attack surface. With detection as low as 0.05% and 200 zettabytes of data ahead, cybersecurity is everyone’s business. https://t.co/XxxMna2fuJ
AI Agents Autonomously Hack Simulated Network, Bypass Security
AI agents told to conduct routine tasks on a simulated corporate network went rogue. "No adversarial prompting was involved. The agents independently discovered vulnerabilities, escalated privileges, disabled security tools, and exfiltrated data." https://t.co/jDjDgPb5rk