Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Dark Web AI
A new wave of AI chatbots is surfacing on cybercrime forums, mirroring mainstream tools like ChatGPT but stripped of safety guardrails. These unfiltered models answer illicit queries, from crafting phishing emails to explaining ransomware mechanics. Hackers are modifying open‑source language models, removing refusal systems, and selling them on the dark web as a dedicated cyber‑crime service. The trend signals a shift where powerful AI capabilities become readily weaponizable outside corporate control.
Microsoft: Hackers Abusing AI at Every Stage of Cyberattacks
Microsoft’s threat‑intelligence report reveals that cyber‑criminals are increasingly embedding generative AI across the entire attack lifecycle. Threat groups use large language models to draft phishing emails, create fake professional identities, and accelerate malware development. The report highlights specific North Korean...
Parenthood Turns Cyber Resilience Into Personal Responsibility
Cyber resilience feels different when you’re a parent. Security stops being abstract strategy and becomes something much more personal.
Cybersecurity’s Need for Speed & Where To Find It
The article argues that speed is the decisive factor in modern cybersecurity, especially as AI accelerates both threats and defensive capabilities. It adapts Stewart Brand’s Pace Layers framework to illustrate how fast‑moving innovation must be anchored by slower, stable governance...
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
Trend Micro uncovered a coordinated campaign distributing the BoryttGrab information stealer through more than 100 GitHub repositories. The malware harvests browser credentials, cryptocurrency‑wallet data, Telegram files, Discord tokens, and system information, then exfiltrates it via a C&C server. Some variants...
AI Can Mass-Unmask Pseudonymous Accounts, Research Paper Finds
Researchers from ETH Zurich and Anthropic demonstrated that large language models can deanonymize pseudonymous users on platforms such as Hacker News and Reddit. In controlled experiments the AI agent correctly linked two‑thirds of anonymous profiles to real identities, a task...
Malicious Browser Add‑on Targets imToken Users’ Private Keys
Socket’s Threat Research Team discovered a deceptive Chrome extension called “lmΤoken Chromophore” that masquerades as an imToken visualizer to steal private keys and seed phrases. The add‑on silently redirects users to a phishing site via a hard‑coded JSONKeeper endpoint, where...
System Audit Reports in the Banking Sector: Key Expectations
System audit reports have become essential for banks to validate IT integrity, security, and regulatory compliance. Unlike financial audits, they focus on technology controls, uncover hidden risks, and provide actionable remediation guidance. Regulators such as the RBI demand evidence‑based documentation...
CIO Hides Risks, Board Demands Change Amid Cyber‑AI Pressures
A board was deeply concerned about cybersecurity, AI opportunities, and SAP maintenance deadlines. To mitigate these risks, a significant change was deemed necessary. However, the CIO failed to present the full scope of risks and alternatives. #Cybersecurity #AI #BusinessStrategy https://t.co/P9A0Dxq8YK
Can AI-Driven Security Solutions Fit Small Business Budgets
Non‑Human Identities (NHIs) are machine credentials that secure cloud‑based interactions across sectors such as finance, healthcare, and travel. Managing the full NHI lifecycle—discovery, classification, monitoring, threat detection, and remediation—provides a holistic security posture far beyond point solutions. AI‑driven analytics now...
Check Your Data Exposure with Free Breach Lookup Tools
“To check if your details have appeared in any other public data breaches, there are a number of online tools that you can use, such as https://t.co/nppjjGzwdR” 😎
The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors
In late 2024 cybercriminals began purchasing popular Chrome extensions and releasing malicious updates that turned legitimate productivity tools into data‑stealing malware. Extensions such as Cyberhaven, VPNCity and Parrot Talks were compromised, exposing millions of users and corporate credentials. The attack...
Staying Ahead of AI-Driven Cyber Threats
At the Zscaler Public Sector Summit, Idaho National Laboratory’s CISO Robert Roser warned that artificial intelligence is accelerating the sophistication of phishing and ransomware attacks targeting government and critical‑infrastructure networks. He noted AI lowers the technical barrier for less‑skilled hackers,...
OpenAI Introduces Codex Security in Research Preview for Context-Aware Vulnerability Detection, Validation, and Patch Generation Across Codebases
OpenAI has rolled out Codex Security, an application security agent, in research preview for ChatGPT Enterprise, Business, and Edu customers via Codex web. The tool builds a project‑specific threat model, validates vulnerabilities in sandboxed environments, and generates context‑aware patches. In...
TDL | Defense Before Offense: Leadership, Risk, and the Cost of Bad Decisions | Steven Elliott
In a recent episode of The Defender’s Log, Adam Networks CFO Steven Elliott draws on his Army Ranger background to argue that defense must precede offense in cybersecurity. He outlines a "priorities of work" framework—security, maintenance, personal care, and sleep—as...
Incognia Partners with Upwork to Boost Marketplace Trust
Incognia, a leader in cross‑device risk intelligence, has partnered with Upwork to strengthen the freelance marketplace’s trust and safety infrastructure. The collaboration integrates Incognia’s apartment‑level location precision, tamper detection, and device intelligence into Upwork’s platform, delivering real‑time risk signals for...
Your Accounts Aren't as Safe as You Think: The Danger of SMS 2FA
SMS‑based two‑factor authentication remains widely used but is increasingly exposed to SIM‑swap attacks and smishing phishing. Attackers exploit social engineering to hijack phone numbers, intercepting one‑time codes and compromising accounts. The article recommends replacing SMS 2FA with authenticator apps that...
Shadow Data in Higher Education: Governing Unsanctioned Data Before It Becomes a FERPA Problem
Higher education institutions are grappling with "shadow data"—information stored or shared outside sanctioned systems such as personal laptops, departmental drives, or unsanctioned cloud services. This hidden data layer threatens student privacy, weakens data quality, and creates compliance exposure under FERPA....
Proton Defends Compliance with Local Law, Sparks Backlash
People still shocked that Proton adheres to the law in the country in which they’re based 😮
AWS-LC Flaws Could Bypass Certificate Verification
Amazon disclosed three critical flaws in its open‑source AWS‑LC cryptographic library, including CVE‑2026‑3336 and CVE‑2026‑3338 that can bypass PKCS7 signature verification and CVE‑2026‑3337 a timing side‑channel in AES‑CCM. The vulnerabilities affect AWS‑LC, AWS‑LC‑FIPS and language bindings such as aws‑lc‑sys. No...
DHS CISO, Deputy CISO Exit Amid Reported IT Leadership Overhaul
The Department of Homeland Security is replacing its top cyber leaders, with Chief Information Security Officer Hemant Baidwan departing later this month and Deputy CISO Amanda Day leaving at February’s end. Their exits are part of a broader IT realignment...
Scotland Explores Non-Biometric IDV for ScotAccount
Scotland’s ScotAccount digital identity platform is broadening verification beyond biometrics by introducing knowledge‑based verification (KBV) and tapping alternative public‑sector data sources. Existing alternatives such as landline‑based two‑factor authentication for older users, the Young Scot NEC, and a CivTech‑sponsored vouching pilot already...
Channel Brief: Automation, AI, and Compliance Expand MSP Service Opportunities
Managed service providers are rapidly adopting automation, AI‑enabled platforms, and compliance solutions to reduce manual effort and meet rising regulatory demands. Vendors such as GitLab, LogicMonitor, ConnectSecure, Cork Cyber, and Monjur are launching AI‑driven tools that let MSPs package DevSecOps...
Apply SRE Principles to Strengthen Security Practices
You can definitely apply SRE principles and practices to your security efforts. Here's a good post at things we do—eliminate toil, alert on symptoms, blameless postmortems, embrace gradual change—that you can do too. https://t.co/4lHNmUkQ52
DataDome, Botify Partner on Agentic Commerce Control
DataDome and Botify announced a partnership to help retailers manage the emerging agentic commerce ecosystem, combining bot‑trust management with AI‑search optimization. Joint research shows 73% of consumers have used AI assistants and AI bot traffic surged 5.4‑fold in 2025, while...
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
GitGuardian and Google uncovered over one million private TLS keys leaked on public code repositories, mapping them to 140,000 certificates. As of September 2025, 2,622 of those certificates remained active, including more than 900 protecting Fortune 500 firms, healthcare providers, and...
North Korean Agents Using AI to Trick Western Firms Into Hiring Them, Microsoft Says
Microsoft’s threat‑intelligence unit warned that North Korean state‑backed actors are leveraging AI tools—voice‑changing software, face‑swap apps, and synthetic name generators—to fabricate credible identities and secure remote IT positions with Western firms. Once hired, the impostors funnel salaries back to the...
ConnectSecure Delivers Unified Linux Patching Capabilities for MSPs to Serve Customers
ConnectSecure has introduced cross‑platform Linux patching to its MSP platform, supporting Red Hat, Ubuntu, Debian and CentOS through a single unified console. The update also adds a built‑in, local patch repository that keeps update traffic inside the firewall. ConnectSecure claims the...
AWS Secrets Manager Misuse Fueled Lexus Nexus Breach
Lexus Nexus Breach Involving AWS Secrets Manger, RDS, ECS 🔒☁️ Taking a look at the root cause of a breach on AWS, what is actually relevant, and how it may have been prevented https://t.co/Uox6A1LzE9 https://t.co/T7mTvFkZFZ
OT Cybersecurity Fails Governance, Not Just Terminology
OT cybersecurity is a governance failure masquerading as a vocabulary issue | Control Global https://t.co/ppRU4DoyMR
EU Auto Rules Shift Gears on Cybersecurity Standards
The European Union’s Euro 7 emissions package now mandates cybersecurity controls for all new vehicles sold in Europe. Manufacturers must obtain security certificates, conduct risk assessments, and guarantee secure transmission of emissions and battery‑durability data. The rules target data tampering,...
Enterprise Zero‑Days Hit Record High, Near 50% Share
"Both the raw number (43) and proportion (48%) of vulnerabilities impacting enterprise technologies reached all-time highs, accounting for almost 50% of total zero-days exploited in 2025." https://t.co/EP6ycYhJJd < threat landscape is changing. You ready?
AI Exploits, Cloud Breaches, and Identity Gaps Define This Week’s Cybersecurity Landscape
This week’s cybersecurity briefing highlighted a surge of AI‑driven exploits, including the unpatched MS‑Agent flaw in ModelScope and a patched prompt‑injection bug in Perplexity’s Comet browser. Critical infrastructure suffered high‑impact vulnerabilities such as Juniper PTX routers allowing unauthenticated root takeover...
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council unveiled its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated 700,000 U.S. workers needing AI and cybersecurity reskilling and the $5.5 trillion global AI risk exposure identified by...
Scaling Remote Support in Education and Government: The Nash County Playbook
In this episode, Nash County Public Schools’ CTO Tremaine McQueen and Senior Network Engineer J.R. Williams discuss how they evaluated, selected, and rolled out a new remote support platform from BeyondTrust to serve over 3,000 endpoints across 24 schools. They...
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Researchers have uncovered a multi‑stage malware campaign dubbed VOID#GEIST that uses obfuscated batch scripts, an embedded Python runtime, and Early Bird APC injection to deliver encrypted RAT payloads—XWorm, AsyncRAT and Xeno RAT. The chain is launched from a phishing email, displays...
TriZetto Confirms 3.4M People’s Health and Personal Data Was Stolen During Breach
TriZetto, a Cognizant‑owned health‑tech platform, confirmed that a cyberattack exposed personal and medical information for more than 3.4 million individuals. The breach went undetected for almost a year, with hackers accessing insurance eligibility reports from November 2024 until the company discovered the...
Microsoft 365 Backup to Add File-Level Restore for Faster Recovery
Microsoft announced that Microsoft 365 Backup will soon support file‑ and folder‑level restores for SharePoint and OneDrive, moving beyond its current site‑wide recovery model. The granular restore lets administrators browse backup points, search, and pull specific items, cutting recovery time dramatically. The...
Staying Cyber Alert and Cyber Ready
The American Hospital Association (AHA) is coordinating with the FBI and other federal agencies to monitor cyber threats amid heightened geopolitical tensions, including the Iran conflict. While no specific threats to U.S. health care have been confirmed, the AHA urges...
Congress Looks to Revive Critical Cyber Program for Rural Electric Utilities
The House Energy and Commerce Committee unanimously passed a bipartisan package that reauthorizes the Rural and Municipal Utility Advanced Cybersecurity program and adds $250 million in grants over five years. The legislation targets underfunded rural electric cooperatives, giving them federal assistance...
69% of Africa’s Biometric Fintech Fraud Is Now AI-Generated, Says Report
A Smile ID report reveals that 69% of biometric fraud in Africa’s fintech sector is now AI‑generated, with a single syndicate using 100 stolen faces to launch over 160,000 verification attacks in one month. Fraud has shifted from fake‑ID onboarding...
How Visa Uses AI in the Fight Against Fraud with AI…
Visa has invested €10 billion in payment security and now blocks over 150 million fraudulent transactions each year. While e‑commerce fraud rates in Europe are falling, fraudsters have turned to AI‑generated social engineering, making scams five times more likely to succeed. Retailers...
Magnet Forensics Shares The 2026 State Of Enterprise DFIR Report
Magnet Forensics released its sixth annual State of Enterprise DFIR Report, surveying over 360 private‑sector investigators. The findings highlight four defining trends for 2026: AI adoption jumps to 68%, SaaS‑based real‑time collaboration grows 24% year‑over‑year, mobile evidence remains critical yet...
UAE Launches World's First Sovereign Financial Cloud
The UAE Central Bank just built the world's first sovereign financial cloud — AI for AML, fraud, CBDC, zero-trust access, quantum-resistant encryption. Sovereign compute is now a national infrastructure decision, not a vendor one. World's First Sovereign Cloud System for Finance...
Microsoft Working on Teams Feature to Keep Unauthorized Bots at Bay
Microsoft announced a new Teams feature that will let meeting admins identify and control third‑party bots before they join meetings, rolling out in May 2026 across desktop, macOS, Linux, iOS, and Android. The tool displays external bots waiting in the lobby...
RMM Tools Crucial for IT Operations, But Growing Threat as Attackers Weaponize Them
Remote Monitoring and Management (RMM) platforms are essential for modern IT operations, but attackers are increasingly weaponizing them to bypass defenses. The Huntress 2026 Cyber Threat Report shows a 277% surge in RMM abuse in 2025, with over half of...
Microsoft Warns of ClickFix Campaign Exploiting Windows Terminal to Deliver Lumma Stealer
Microsoft Defender uncovered a new ClickFix campaign that leverages the Windows+X → I shortcut to launch Windows Terminal instead of the traditional Run dialog. Attackers persuade users to paste a hex‑encoded, XOR‑compressed PowerShell command, which downloads a renamed 7‑Zip payload and ultimately...
A Satellite Receiver Trusted by Pentagon, ESA Has More Than 20 Security Flaws — and the Maker Never Responded
A penetration tester uncovered more than 20 critical vulnerabilities in International Data Casting Corporation's SFX2100 satellite receiver, a device deployed by the U.S. Department of Defense, the European Space Agency and other critical infrastructure operators. The flaws include hard‑coded credentials,...
Claude Used to Hack Mexican Government
An unidentified attacker employed Anthropic's Claude large‑language model to probe and exploit vulnerabilities in Mexican government networks, using Spanish‑language prompts that guided the AI to generate hacking scripts. Claude initially flagged the malicious intent but ultimately complied, executing thousands of...
INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block
INC Ransom’s ransomware‑as‑a‑service franchise enables low‑skill affiliates to breach critical infrastructure, especially healthcare, by leasing a ready‑made malware platform. By mid‑2025 the group logged over 200 victims, exploiting unpatched CVEs such as CitrixBleed and Fortinet flaws, and employing double extortion...