Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Zero Trust Instead of VPN: Why Identity-Based Access Is Replacing Traditional Network Architecture
Traditional VPNs are losing relevance as enterprises adopt cloud, hybrid, and mobile workforces. VPNs grant broad network access, creating an attack surface and becoming frequent cyber‑attack targets. Zero Trust replaces perimeter‑based security with identity‑ and context‑driven, granular access controls. Companies are gradually shifting to integrated platforms that combine identity management, device health checks, and continuous verification.
.png)
AI Assistants for Kubernetes: Secure Cluster Operations with MCP and Rafay ZTKA
The Model Context Protocol (MCP) lets AI assistants run Kubernetes commands through a local server while Rafay’s Zero Trust Kubectl Access (ZTKA) supplies a secure, token‑less kubeconfig. This architecture places the MCP server on the admin workstation, routes traffic via...
MeitY Awaiting Industry Inputs on Plans to Slash Timeline for Data Protection Compliance: S Krishnan
The Ministry of Electronics and Information Technology (MeitY) is considering shortening the Digital Personal Data Protection (DPDP) compliance window for significant data fiduciaries from 18 months to 12 months. The proposal is still under review, with the government awaiting detailed...
New GSA Guidance on Protecting CUI in Contractor Systems, Plus a Look Ahead at Pending FAR Changes
The General Services Administration issued a five‑phase procedural guide to protect Controlled Unclassified Information (CUI) in contractor‑owned systems, outlining concrete deliverables from preparation through continuous monitoring. A parallel FAR Council proposal would embed a standardized CUI clause, a new form,...
Chrome Extension Becomes Malicious After Ownership Transfer
Roses are red. Violets are blue. Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
TikTok Gets Green Light to Stay in Canada, Reversing Earlier Ban
Canada has overturned its 2024 order to wind down TikTok’s Canadian subsidiary, allowing the platform to continue operating nationwide. The decision follows a fresh security review and new legally binding commitments requiring TikTok to install security gateways, privacy‑enhancing technologies, and...
Eros Innovation and enQase Launch Sovereign Quantum-Safe Trust Layer
Eros Innovation and enQase have launched a strategic joint venture to build the Eros Sovereign Trust Layer, a quantum‑safe security architecture for cultural data, digital identity, and AI assets. The platform merges enQase’s full‑stack quantum‑resilient hardware and software with Eros’s...
AI Quickstart: Protecting Inference with F5 Distributed Cloud and Red Hat AI
F5 Distributed Cloud and Red Hat AI have released a joint AI quickstart that secures LLM inference endpoints. The modular blueprint integrates F5’s API security services with Red Hat’s AI platform and can be deployed in under 90 minutes. It adds schema...
Insider Threats: Malicious and Negligent Incidents on the Rise
Recent research highlighted by Tech Radar shows insider threats are climbing sharply. A Mimecast survey of 2,500 IT leaders found 42% of firms reported more malicious insider incidents, matching the same rise in negligent events. Companies now endure an average...
Ericsson US Unit Reports Data Breach Tied To Third-Party Service Provider
Ericsson’s U.S. subsidiary reported a data breach that originated from an unnamed third‑party service provider, affecting a limited set of employee and customer files between April 17‑22 2025. The compromised data includes names, addresses, Social Security numbers, driver’s licenses, financial and medical...
Trump Administration Will Test Infrastructure Cybersecurity Approaches in Pilot Program
The Trump administration announced a pilot program to test cybersecurity technologies with specific critical‑infrastructure sectors, including Texas water utilities, South Dakota beef processors, and rural hospitals. National Cyber Director Sean Cairncross emphasized rapid deployment and the rejection of a universal,...
AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams
A zero‑click command injection flaw (CVE‑2026‑29058) was found in the open‑source AVideo streaming platform’s objects/getImage.php endpoint. The vulnerability decodes a Base64‑encoded parameter and injects it directly into an ffmpeg shell command, allowing unauthenticated attackers to execute arbitrary code. Exploitation can...
Are We Ready for Auto Remediation With Agentic AI?
Organizations are rapidly adopting AI‑driven auto remediation, with 88% using some form of AI and 44% deploying it for most exposure types. The most common automated actions target cloud configuration, network access controls, identity permissions, patch deployment, and infrastructure‑as‑code changes....
IRS Never Requests Personal Info via Social Media
History meets modern security. Remember: the IRS will never contact you by social media or text to request personal or financial information.
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A counterfeit CleanMyMac website (cleanmymacos.org) lures macOS users into pasting a malicious Terminal command, which installs the SHub Stealer infostealer. The script bypasses Gatekeeper, notarization and XProtect by executing directly in the user’s shell. Once installed, the loader checks for...
ShinyHunters Claims More High-Profile Victims in Latest Salesforce Customers Data Heist
ShinyHunters claims to have exfiltrated data from roughly 100 high‑profile companies in a new Salesforce Experience Cloud breach, including Salesforce itself, Snowflake, Okta, LastPass, Sony and AMD. The group leveraged a modified version of Mandiant’s open‑source AuraInspector tool to scan...
CISA Delays Cyber Incident Reporting Town Halls Due to Shutdown
The Cybersecurity and Infrastructure Security Agency (CISA) has postponed its scheduled town‑hall meetings on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) because the Department of Homeland Security remains shut down. The agency also warned that the shutdown will...
Configure Org-Wide MFA with Zoho Directory + OneAuth
Zoho Directory now lets administrators enforce multi‑factor authentication across an entire organization. The platform supports a range of factors—including biometrics, security keys, authenticator apps, and password‑less OneAuth Smart Sign‑In—while allowing conditional policies by role, location, or device. According to CISA,...
Even Elaborate Spam Texts Are Still Scams
Got this spam text last night claiming I had a hearing for “toll evasion” and at first I thought wow, this feels like they put more effort than the standard phishing text but then I looked more closely and 😂
PQShield Releases 5KB RAM Post-Quantum Cryptography Implementation
PQShield unveiled its PQMicroLib‑Core library, delivering post‑quantum cryptography within a sub‑5 KB RAM footprint suitable for embedded devices. The implementation supports NIST‑standard ML‑KEM and ML‑DSA, integrates side‑channel countermeasures, and offers a drop‑in TLS solution via the PSA Crypto API. Targeting the...
How EU CRA and IEC 62443 Impact CANopen Device Manufacturers
The EU Cyber Resilience Act (CRA) now mandates that all non‑exempt CAN‑connectable products meet cybersecurity requirements by December 11 2027. Because CAN protocols lack built‑in security, manufacturers must perform system‑level risk assessments and adopt IEC 62443 security levels, ranging from physical‑access controls for...
HSCC, Health-ISAC Launch National Cyber Exercise to Test Healthcare Incident Response
Operation Vital Signs, a national cyber‑security stress test, will be co‑hosted by the Health Sector Coordinating Council’s Cybersecurity Working Group and Health‑ISAC on July 21‑22. The virtual two‑day exercise simulates a cyber incident that threatens critical functions and patient safety across...
EV Charger Biz ELECQ Zapped by Ransomware Crooks, Customer Contact Data Stolen
ELECQ, a maker of smart EV chargers, disclosed a ransomware attack on its AWS cloud platform on March 7 that encrypted and exfiltrated customer contact data. The breach exposed names, email addresses, phone numbers and home addresses, but no payment information...
AI Accelerates Data Flow, Making Sensitive Data Identification Harder
Great to host the cybersecurity roundtable in NYC with Cyera. Key takeaway: data security is getting dramatically harder. AI systems dramatically increase how fast data moves across systems and teams. Identifying truly sensitive data is becoming the real challenge.
From Alerts to Action: Making Public–Private Threat Intel Actually Useful - Ian Washburn - CSP #222
In the March 9 2026 CSP #222 episode, Deputy CISO Ian Washburn critiques the flood of generic threat alerts from public‑sector feeds such as CISA, MS‑ISAC and CIS. He argues that funding realignments and revised distribution models could transform raw alerts into timely,...
Ubuntu 26.04 LTS Officially Supporting Cloud-Based Authentication With Authd
Canonical’s Authd authentication daemon is now part of the official Ubuntu 26.04 LTS archive, ending the need for PPAs or manual builds. Authd lets Ubuntu servers authenticate users against cloud‑based identity providers via OpenID Connect. The initial release supports Microsoft...
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data
Researchers at Huntress uncovered a campaign where a threat actor exploited vulnerabilities in enterprise software, including SolarWinds Web Help Desk, to harvest system data and funnel it into a free‑trial Elastic Cloud SIEM instance. The attacker used an encoded PowerShell...
I've Used Tor Browser for Years, but Now I'm Using It on My Android Phone - Here's Why
Elyse Betters Picaro reports that she now uses Tor Browser as her default web browser on Android, highlighting its strong privacy and anonymity features. The app is freely available from the Google Play Store and connects users to the Tor...
FBI Warns of Phishing Attacks Impersonating US City, County Officials
The FBI has issued a public service announcement warning that cybercriminals are impersonating city and county planning and zoning officials to defraud businesses and individuals applying for land‑use permits. Attackers harvest publicly available permit data, craft emails from non‑government domains,...
GAO: Panel Highlights Overlapping Cyber Regulations and Need for Harmonization
The Government Accountability Office released a second report highlighting how overlapping federal cybersecurity regulations are creating redundant work for owners of critical infrastructure. Industry participants cited duplicated requirements, conflicting definitions, and inconsistent incident‑reporting mandates as major pain points. While agencies...
Gone (Almost) Phishin’
A sophisticated phishing campaign targeted an Apple user by triggering legitimate password‑reset prompts across an iPhone, Mac and Apple Watch. The attackers then opened a real Apple Support case, receiving authentic Apple‑signed emails that bypassed all filters. They followed up...
AI-Driven Workflows Boost Cyber Risk; Security Platforms Poised for Growth
As AI agents begin operating across enterprise systems, cybersecurity becomes even more critical. Autonomous workflows increase API calls, expand attack surfaces, and accelerate the speed of cyber threats. Security platforms that combine AI detection, real-time telemetry, and integrated infrastructure are becoming...
Telefonica Germany Extends Online Protection Package to O2, Blau Prepaid Customers
Telefonica Germany announced that its online personal‑data‑protection package will now be offered to O2 and Blau prepaid customers. Users can test the service free for 28 days, after which a flexible month‑to‑month option is priced at €2.49 per billing cycle....
Security Risk Advisors Releases “The Purple Perspective 2026” Report
Security Risk Advisors (SRA) unveiled its inaugural “Purple Perspective 2026” report, drawing on more than 160 purple‑team exercises that tested over 8,300 MITRE ATT&CK techniques. The study reveals that organizations conducting two to four exercises annually achieve markedly better detection and...
Shopify's Growth Fuels a Surge in Scams
Shopify's ecosystem is now mature enough to have more bad actors than any of us can stop. - Shopify app store: people clone your app. - Shopify agencies: people impersonate you. - Shopify merchants: people clone your store or use it to test...
Legacy Breach Drives Board to Prioritize S/4HANA Upgrade
A company faced a cybersecurity breach through legacy systems, raising concerns about their current ECC software. The board was pushed towards an S/4HANA upgrade, thinking it was crucial for survival against maintenance sunsets. #SAP #Cybersecurity #DigitalTransformation https://t.co/nH8L4PewV9
'No Major Vulnerabilities' — Mullvad’s WireGuard Implementation Gets Thumbs up From Independent Security Audit
Mullvad VPN’s Rust‑based WireGuard client, GotaTun, has cleared an independent security audit with no major vulnerabilities identified. The audit, performed by Assured Security Consultants, confirmed the implementation’s correctness while noting two low‑severity issues that Mullvad fixed before the review concluded....
Protect Processes, Not Just Data, to Avoid Agentic Sprawl
Everyone is talking about Agentic AI, but who is talking about Agentic Sprawl? If you aren't protecting the process as much as the data, your automation is a ticking time bomb. 💣 Get the reality check before #RSAC2026: 🔗 https://t.co/6PIC4o7OmO #CIO #CISO #AgenticAI...
Prompt Injection Hacks Land Interview Phone Screens
lol I’ve seen these resume prompt injections work multiple times to get to phone screen
Apono Integration for Grafana: Enabling Just-in-Time Access for Data Sources
Apono has launched an integration with Grafana that provides Just-in-Time, policy-driven access to the platform’s underlying data sources. The solution continuously discovers data sources such as Elasticsearch, PostgreSQL, and CloudWatch, and grants engineers short-lived permissions based on predefined policies, on-call...
Signal Users Phished, Not Hacked: Officials' Accounts Compromised
Signal says "government officials and journalists" have had their accounts compromised via social engineering attacks (rather than any hack of its own system).
AI Era Elevates Need for Personal Data Protection
#AI-Powered Future: Why Protecting Personal #Data Online Matters More Than Ever by @SecurityTrybe #CyberSecurity #InfoSec #IT #Tech #Technology https://t.co/3qU68xpFLJ
IBM and Cobalt Iron Are Introducing Secure Automated Backup with Compass
IBM and Cobalt Iron have launched Secure Automated Backup with Compass, a Backup‑as‑a‑Service (BaaS) solution for IBM Cloud customers. The offering extends the proven protection model from IBM Power Virtual Server to a broader set of workloads across hybrid and...
Threat Actor Leverages Elastic Cloud SIEM for Stolen Data
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data https://t.co/JvGh3E1LjL https://t.co/YFBi1wO3Bx
Detect Reverse Shells with Process‑Network Monitoring Script
A Script To Monitor Application Network Connections 🔒 How would you spot a reverse shell such as was used in Lexus Nexus breach? I vibe coded this script to see parent and child processes with application paths, process names, IPs,...
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source
The UK Home Office and National Crime Agency announced the creation of an Online Crime Centre, set to begin operations in April. The unit will pool expertise from police, intelligence, banks, mobile networks and major tech firms to identify and...
This Week's Top Exploits: Qualcomm, iOS, AirSnitch, Vibe Malware
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware https://t.co/fIYq27CN68 https://t.co/fsqh6jPvJv
Fixing Request Smuggling Vulnerabilities in Pingora OSS Deployments
In December 2025 Cloudflare was alerted to three HTTP/1.x request smuggling flaws (CVE‑2026‑2833, ‑2835, ‑2836) in the open‑source Pingora framework when used as an ingress proxy. The issues allowed attackers to bypass proxy security, desynchronize request handling, and poison caches...
Australia, NZ, Tonga Alert Surge in Pacific Ransomware Attacks
Australia, New Zealand, Tonga, Warn of Rising INC Ransom Attacks Targeting Pacific Networks https://t.co/7RXek7etJs https://t.co/ceSfRJQxvy
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity
The article argues that AI security is becoming the fourth pillar of cybersecurity, driven by the rise of autonomous agents that operate primarily through APIs. Traditional pillars—endpoint, network, and cloud—were built for earlier computing shifts and lack the controls needed...