Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
CrowdStrike Falcon to Run on STACKIT Sovereign Cloud
CrowdStrike and Schwarz Digits have teamed up to launch the Falcon cybersecurity platform on STACKIT, the sovereign cloud operated by Schwarz Digits. The integration lets European enterprises run endpoint, cloud, identity and exposure protection while keeping all telemetry and detection data inside EU‑based data centers. By meeting GDPR, the EU Cyber Resilience Act and NIS2 requirements, the service targets highly regulated sectors that demand strict data residency. Falcon will be sold through the STACKIT marketplace, and Schwarz Group will consolidate its own security stack onto the platform.
Regular Drills Prevent Security Skill Decay
In winter survival training they call it 'dirt time'. You need to get hands-on and practice. Skills decay if you do not practice them. The same is true in security: Tabletop exercises, incident response drills, access reviews. If you only touch...
AWS Model Privacy: Risks of Insider Access and Data Leakage
Although I’m in 🩷 with Kiro CLI and like that AWS makes a copy of the model so your data doesn’t reach the model providers, I want to know more about AWS internal access to such things, customer segregation with...
ThreatLocker CEO On How Zero Trust Expansion Makes It ‘Much Harder’ To Get Hacked
ThreatLocker announced that its deny‑by‑default security model now covers cloud workloads and mobile devices, extending its zero‑trust network and cloud‑access offerings. The new solution binds SaaS access to both user identity and approved devices, eliminating the need for VPNs and...
OEMs Accelerate Design, Strengthen Security for New Vehicle Architectures
OEMs are driving faster design cycles and enhanced security amid evolving vehicle architectures and compliance requirements. https://t.co/h9d6HBTGMr #automotive #automotivesecurity
Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?
Software bill of materials (SBOM) are moving from best‑practice guidance to regulatory baseline worldwide. In the U.S., Executive Order 14028 and sector‑specific mandates such as the FDA’s medical‑device rule push SBOM adoption, while the White House’s recent shift to a...
Aave V4 Launches Continuous Bug Bounty via Sherlock
We propose launching the Aave V4 bug bounty program with Sherlock. Bug bounties have long been an important part of Aave’s security strategy, and the Sherlock team has demonstrated strong expertise in managing both security contests and bug bounty programs.
“If You Wanted to Have Civil Disobedience and Start the Process of Unraveling a Society, We're a Pretty Big Target”:...
National Gas, the operator of the UK’s critical gas transmission network, has partnered with Palo Alto Networks to secure its cloud‑first transformation. The collaboration delivers a full‑stack security stack covering network firewalls, Prisma Cloud, and emerging XDR capabilities while preserving...
Mobile Games Host Three Times More Malicious Ads than Other Apps Says AppHarbr
AppHarbr’s in‑app network quality index reveals that mobile games display malicious ads at a rate of 58 per 165 ads, nearly three times the frequency seen in non‑gaming apps. The report links weaker ad‑quality controls and formats such as rewarded...
Codenotary Trust Delivers Autonomous AI Security for Linux and Kubernetes
Codenotary unveiled Codenotary Trust, a SaaS platform that leverages artificial intelligence to detect, prioritize, and autonomously remediate security, configuration, and performance issues across Linux, containers, VMs, and applications. The solution is built for junior and mid‑level administrators, addressing the talent gap...
Fortanix Showcases Confidential AI Innovation at NVIDIA GTC 2026
Fortanix announced its participation at NVIDIA GTC 2026, where it will showcase the Confidential AI platform that protects AI models, prompts, and sensitive data throughout the training and inference lifecycle. The solution leverages encryption‑in‑use and hardware‑isolated trusted execution environments to...
Push Security Adds Malicious Browser Extension Detection to Block Threats in Employee Browsers
Push Security has introduced a malicious browser‑extension detection and blocking feature within its browser‑based security platform. The capability leverages a continuously updated intelligence database to automatically block known‑bad extensions and provide real‑time visibility into all extensions across employee browsers. Administrators...
HHS Launches Cybersecurity Module Within RISC 2.0 Toolkit
The Administration for Strategic Preparedness and Response (ASPR) has added a cybersecurity module to its Risk Identification and Site Criticality (RISC) 2.0 Toolkit, giving health systems a standardized way to assess cyber risk. The module uses a questionnaire scored against the...
Ending the "Silent Drop": How Dynamic Path MTU Discovery Makes the Cloudflare One Client More Resilient
Cloudflare One’s client now incorporates Dynamic Path MTU Discovery (PMTUD), allowing it to actively probe and adjust packet sizes instead of waiting for ICMP feedback. By testing packet sizes up to 1281 bytes and beyond, the client automatically selects the optimal...
ContextCrush Flaw Exposes AI Development Tools to Attacks
Security researchers at Noma Labs disclosed a critical flaw named ContextCrush affecting the Context7 MCP Server, a popular component that feeds documentation to AI coding assistants. The vulnerability stems from unsanitized custom‑rule entries, allowing attackers to embed malicious instructions that...
Quantum-Safe Security: What CISOs Need to Know Now (Before It’s Too Late)
Quantum computing threatens to break today’s asymmetric encryption, making current data protection obsolete. The most immediate risk is a “harvest now, decrypt later” attack, where adversaries steal data today and decrypt it once quantum capabilities mature. Experts estimate viable quantum...
LatAm Now Faces 2x More Cyberattacks Than US
Latin America is now the world’s most targeted region for cyber threats, with organizations confronting roughly 3,100 attacks per week—about twice the volume seen in the United States. Check Point’s March 2026 report shows ransomware, infostealers, banking malware and botnets...
State-Backed Hackers Ready for Undetectable OT Attacks
State-affiliated hackers set up for critical OT attacks that operators may not detect | CSO Online https://t.co/bvLvNOk8Fn
Exposure Is the New Currency of Risk: Why Cybersecurity Speaks the Language of Business
Cybersecurity is evolving from a patch‑centric practice to Exposure Management (EM), a framework that quantifies an organization’s attack surface in business terms. EM aggregates vulnerability, cloud, identity and attack‑surface data into exposure scores tied to revenue, compliance and brand reputation....
Manufacturers Spending More On Cybersecurity Yet Cyberattacks Only Account for 5% of Downtime, Research Reveals
Manufacturers are boosting cybersecurity budgets, yet a new Macrium‑Newton X study finds cyber incidents account for just 5% of production downtime. The bulk of costly outages stem from internal operational failures—mis‑planned maintenance, configuration errors, and network glitches—creating a widening "recovery gap."...
The Security Playbook Every Journalist Should Know
Journalists face escalating digital threats—from commercial spyware to FBI raids—making robust security protocols essential. A recent Nieman‑to‑Nieman seminar featured experts from the EFF, GIJN, and CISI who outlined practical steps such as threat modeling, device hardening, and emergency response planning....
Uptycs and SAP Team up to Bring Verifiable AI Analysts to Enterprise Cybersecurity Operations
Uptycs and SAP announced a strategic partnership to integrate Uptycs’ AI analyst platform, Juno, into enterprise cybersecurity operations. Juno functions as a virtual analyst, using a glass‑box approach that links AI‑generated insights to a unified telemetry set of roughly 150,000...
Irish-Founded Startup Evervault Raises €21 Million to Advance Encrypted Data Orchestration
Irish‑founded Evervault announced a €21 million Series B round, led by Ribbit Capital with Sequoia Capital and Index Ventures participating, bringing its total financing to €39 million. The developer‑first platform encrypts and orchestrates sensitive data, chiefly for card‑payment workflows, and now processes over...
Detego Global Launches Artefact_Compare For Rapid Device Integrity Verification
Detego Global introduced Artefact_Compare, a new feature within its Detego Analyse AI+ suite that automates device integrity verification before and after field deployment. The tool captures pre‑deployment snapshots, re‑captures post‑deployment data, and automatically flags added, removed or modified files across...
Nigerian Communication Commission Orders Telecoms to Report Cyber Threats Within 4 Hours
Nigeria’s Communications Commission (NCC) has issued a Cyber Resilience Framework requiring telecom operators to report any cyber‑attack to the regulator within four hours of detection. The rule, effective February 2027, applies to major providers such as MTN Nigeria, Airtel Nigeria, Globacom...
SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing
In this 7‑minute Stormcast episode, Johannes Ulrich and guest Xavier dissect a new XWorm sample, tracing its infection chain from a phishing email with a 7‑zip attachment through JavaScript, PowerShell, and a .NET DLL loader to the final payload. They...
Why Portfolio Companies Struggle with Third-Party Cyber Risk
Portfolio companies are grappling with third‑party cyber risk as digital ecosystems expand and vendor reliance grows. Traditional perimeter defenses have eroded, leaving sensitive data and operational resilience dependent on external partners. Lean security teams and rapid onboarding prioritize speed over...
Unanimous Vote Passed on SB 275, the State-Endorsed Digital Identity Program Amendments Bill
Utah’s Senate voted unanimously to pass SB 275 Sub 2, amending the State‑Endorsed Digital Identity Program. The legislation authorizes a wallet‑based digital ID that places data control and privacy in the hands of citizens. It builds on the SB 260...
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected North Korean‑linked threat actors launched a coordinated campaign against cryptocurrency firms, exploiting the critical React2Shell (CVE‑2025‑55182) remote code execution flaw in React Server Components and Next.js. After gaining initial web‑app access, they leveraged stolen AWS tokens to enumerate and...
AI Agents Need Logins Too: Identity, Security, and the Future of AI | Greg Keller, CTO, JumpCloud
In this episode, JumpCloud CTO Greg Keller explains the evolving role of a CTO and how JumpCloud reimagines identity and access management (IAM) for modern, heterogeneous IT environments, contrasting it with legacy solutions like Microsoft AD and Okta's SSO focus....
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Multi‑factor authentication (MFA) is effective for cloud and federated apps, but many Windows authentication paths—interactive logons, RDP, NTLM, Kerberos tickets, and service accounts—remain outside its protection. Attackers exploit these gaps using stolen passwords, pass‑the‑hash, or forged tickets, gaining lateral movement...
Arknights: Endfield Community Raises Alarm over Pull Tracker Tools After Reports of Hacked Computers
The Arknights: Endfield community is warning players against third‑party pull‑tracker sites after reports that uploaded game logs exposed session tokens, leading to compromised computers and stolen data. The most cited case involves streamer Fobm4ster, who had to reinstall Windows 11 following...
The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering
The article highlights a surge in DLL side‑loading attacks delivered through LinkedIn Messenger, where malicious PDFs bypass traditional endpoint defenses. It reveals that 66% of malware infections occur on devices already equipped with endpoint protection, exposing gaps in reactive security...
How to Build Trust Into Automation at Scale
Autonomous robots are moving from pilot projects to large‑scale deployments across warehouses, retail and healthcare, turning robotics‑as‑a‑service into a core managed‑service offering. As fleets grow, each additional machine widens the attack surface, blurring IT and OT responsibilities and exposing misconfigurations,...
A QUICker SASE Client: Re-Building Proxy Mode
Cloudflare has rebuilt the proxy mode of its Cloudflare One client, swapping the WireGuard‑based L3 tunnel for direct L4 proxying over QUIC. By leveraging HTTP/3 CONNECT and MASQUE, traffic remains at the transport layer, eliminating the smoltcp conversion step. Internal...
Trump’s CISA Nominee Said He Left Coast Guard to Address GOP Hold
President Trump’s nominee for CISA, Sean Plankey, resigned from his advisory role at the U.S. Coast Guard to allay concerns about his prior shipbuilding contracts that prompted Sen. Rick Scott’s hold. Plankey emphasized his focus on leading CISA and highlighted his turnaround of...
MCP Security: Implementing Robust Authentication and Authorization
The Model Context Protocol (MCP) is becoming a core interface for AI agents to invoke tools and access enterprise data. To mitigate rising security threats, the latest guidance recommends treating MCP servers as OAuth 2.1 resource servers and adopting modern authentication...
AI Accelerates Vulnerability Fixes, Sparking Dual Optimism
Being at UnpromptedAI conference in SF this week seeing extent of using AI for vulnerability discovery and for accelerating fixes has me want to make a slight correction to this post: 1. I am short term *very* pessimistic 2. I am *even...
Codific Highlights Five Key Cyber Risks to Power Grids
Codific’s new analysis outlines five recurring cyber‑attack pathways that threaten power‑grid operations, from spear‑phishing and credential theft to remote‑access exploitation, ransomware, and the misuse of legitimate industrial commands. The report stresses that most disruptive incidents follow familiar patterns rather than...
Russian Ransomware Administrator Pleads Guilty to Wire Fraud Conspiracy
Evgenii Ptitsyn, the administrator of the Phobos ransomware platform, pleaded guilty to wire‑fraud conspiracy in a Maryland federal court. Phobos ransomware was used by affiliates to compromise more than 1,000 public and private entities worldwide, extracting over $39 million in ransom...
Jumping the Shark (Cables)
The historic TAT-8 transatlantic fiber‑optic cable, installed in 1988, is being dismantled, marking the end of an era for the original global internet backbone. At the same time, the U.S. Pentagon deployed Anthropic’s Claude AI model to support a strike...
RSAC Attendance: Join ISMG Team to Discuss AI Security Trends
RSAC is coming up. I will be there with the ISMG team. If you are attending, let’s connect. Curious what themes you expect to dominate this year. AI security? Identity? Platform consolidation?
TikTok Denies “Controversial” Tech, Actually Uses End‑to‑end Encryption
TikTok announces that they’re not going to deploy “controversial privacy tech” that’s actually the same end-to-end encryption most other providers use to protect users’ DMs. https://t.co/INKzu9ku2z
Bitwarden Adds Support for Passkey Login on Windows 11
Bitwarden announced native support for Windows 11 passkey login, letting users authenticate with credentials stored in their encrypted vault. The feature works across all plans, including the free tier, and uses a QR‑code flow to confirm the passkey on a mobile...
How to Avoid Confidentiality Gaps in Early-Stage Startups
Early‑stage startups often sacrifice confidentiality for speed, leaving critical data exposed during pitches, hiring, and partnership talks. Two recurring gaps—lack of security protocols and delayed legal safeguards—lead to breaches that cost billions annually. A lightweight, repeatable NDA workflow—dual pitch decks,...
Mail2Shell Zero-Click Attack Lets Hackers Hijack FreeScout Mail Servers
Researchers at OX Security disclosed a maximum‑severity zero‑click vulnerability (CVE‑2026‑28289) in the open‑source FreeScout help‑desk platform. By embedding a zero‑width space before a malicious filename, attackers can bypass recent upload filters and achieve remote code execution through a single crafted...
Google’s AI‑Driven Playbook for Modern Security Threats
How Google approaches critical security topics, from fundamentals to AI https://t.co/4JCmvNxF8E < we're always learning things about new threats, new (and proven) techniques to respond with. @royalhansen takes a look here.
AWS Launches DDos Protection for Games Running on Amazon GameLift Servers
Amazon Web Services announced a new DDoS protection service tightly integrated with its GameLift managed server platform. The solution leverages AWS Shield to automatically detect and mitigate volumetric attacks targeting multiplayer titles. By embedding security directly into GameLift, developers can...
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
Researchers at Microsoft Defender uncovered a new phishing campaign that disguises malicious updates for Zoom, Microsoft Teams and Adobe Reader as legitimate meeting invites. The attackers leverage stolen Extended Validation certificates from TrustConnect Software to make the payloads appear trusted,...
Windows 10 KB5075039 Update Fixes Broken Recovery Environment
Microsoft released KB5075039, a Windows 10 update that restores the Windows Recovery Environment (WinRE) after the October 2025 KB5068164 patch broke it. WinRE is essential for offline system repair, malware removal, and OS restoration. The fix requires a hidden WinRE partition of...