Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
As Market Pivots Toward Identity Resilience, iProov Surpasses 1M Daily Transactions
iProov, the leading science‑based biometric verification provider, announced it processed over one million daily transactions in 2025, marking a milestone in high‑assurance identity checks. The surge coincides with a Gartner‑reported 62% of organizations suffering deep‑fake attacks, prompting a market shift toward identity resilience. iProov’s Security Operations Center released threat intelligence showing a 2,665% rise in virtual‑camera attacks and identified the “Grey Nickel” synthetic‑identity group. Partnerships with U.S. Customs, the UK Home Office, and major banks illustrate its expanding enterprise footprint.
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group uncovered a powerful iOS exploit kit called Coruna, covering iOS 13.0 through 17.2.1 with five full exploit chains and 23 vulnerabilities that use non‑public techniques. The kit first appeared in targeted surveillance operations, then in Ukrainian‑focused...
Manipulating AI Summarization Features
Microsoft disclosed that dozens of companies are embedding hidden instructions in “Summarize with AI” buttons, using URL prompt parameters to bias AI assistants toward their products. Over 50 unique prompts were identified across 31 firms in 14 industries, demonstrating a...
How CIOs Can Build an Evolving Crisis Strategy
CIOs must treat crisis strategies as living documents, revisiting them at least quarterly as new services, integrations, and threat vectors emerge. Experts from Pynest, Tufin, and Euristiq stress defining clear decision‑making roles, integrating automation, and simplifying language to ensure rapid...
LastPass Issues Alert as Customers Face Second Major Phishing Campaign of 2026
LastPass warned customers of a new phishing wave that mimics internal email threads and uses display‑name spoofing to appear legitimate. The messages, sent from unrelated domains, direct recipients to a fake verify‑lastpass.com site and its numbered variants to harvest credentials....
VoidLink Malware Framework Targets Kubernetes and AI Workloads in New Cyber Attack Wave
VoidLink is a new Linux‑based malware framework that specifically targets Kubernetes clusters and AI workloads, using fileless, in‑memory techniques to remain invisible. The framework fingerprints cloud environments, harvests credentials and metadata, and can compile payloads on demand for AI‑enabled attacks....
Defusing the MCP Ticking Time Bomb
The AI Accelerator Institute highlighted a looming security crisis in Model Context Protocol (MCP) deployments after analyzing 281 MCP servers and finding that ten of them carry a 92% security risk. The report warns that vulnerabilities such as prompt injection,...
Njordium Vendor Management System Eliminates Duplicate Third-Party Assessments
Njordium Cyber Group unveiled its Vendor Management System (VMS), a platform that consolidates third‑party risk assessments to satisfy Europe’s overlapping regulations in a single run. The solution claims to replace up to five parallel assessments with one, automatically generating outputs...
New RFP Template for AI Usage Control and AI Governance
Enterprises are finally allocating budgets for AI security, but many lack clear requirements. A new RFP template reframes AI protection as an interaction‑level problem rather than an app‑cataloging exercise, enabling tool‑agnostic control. It exposes the blind spots of legacy CASB/SSE...
Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows
The OpenID Foundation released a report urging the creation of a global digital‑estate framework to protect deceased users’ online accounts. It warns that the absence of consistent standards leaves devices, social media, email and cryptocurrency vulnerable to fraud, especially as...
Protecting Education: How MDR Can Tip the Balance in Favor of Schools
The education sector faces escalating cyber threats from ransomware gangs, nation‑state actors, and AI‑enabled attackers, putting student data and learning continuity at risk. In the first half of 2025 ransomware incidents rose 23 % year‑over‑year, while infostealer‑as‑a‑service lowers entry barriers for...
The Most Important Google Setting You Aren't Using
Google’s free "Results About You" tool lets users request removal of personal details—such as name, address, phone number—from Google Search results. The service automatically scans the web, notifies users when new data appears, and allows both automated and manual removal...
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers discovered three malicious Laravel packages on Packagist—nhattuanbl/lara-helper, simple-queue, and lara-swagger—that install a cross‑platform remote access trojan (RAT) on Windows, macOS, and Linux. The RAT connects to a C2 server at helper.leuleu.net, gathers system data, and executes commands via...
Anthropic AI Ultimatums and IP Theft: The Unspoken Risk
Anthropic’s Claude AI is caught between a massive Chinese extraction campaign and a U.S. government ban that forces the model out of federal systems. China‑based firms generated over 16 million interactions to map Claude’s reasoning, tool use and coding abilities, while...
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware groups are weaponizing Microsoft’s Azure data‑transfer tool AzCopy to steal large volumes of data before encrypting victims’ systems. By leveraging valid Azure credentials and Shared Access Signature tokens, attackers can silently upload files to attacker‑controlled Blob storage using standard...
How I Got a Performance-Driven Team to Care About Security
A performance engineering leader transformed a siloed security approach by embedding security checks directly into performance testing pipelines. By reframing security as a driver of resilient performance, the team integrated TLS validation, authentication, and attack‑simulation scripts into CI/CD workflows. Cultural...
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A critical privilege‑escalation flaw was found in IPVanish VPN for macOS, allowing any local, unprivileged user to execute arbitrary code as root. The vulnerability resides in the helper tool "com.ipvanish.osx.vpnhelper," which accepts unauthenticated XPC connections and skips code‑signature verification for...
Future Drive Success Demands Broader, Deeper Technical Knowledge
Drives are becoming more complex. And knowledge is turning into a key success factor. 🚀 Today we had an intensive exchange at GROLLMUS with Danfoss about training and future skill requirements. Marco de Jong and Mieslinger Christian joined us to...
Security Duties Persist; Breach Itself Is Violation
A UK court just ruled: security duties don't disappear even if hackers can't read what they stole. The breach itself is the violation. Meanwhile, GDPR surged 220% in a single day. Privacy isn't a checkbox anymore. It's becoming infrastructure. https://t.co/uNnssaoO6P
ArmorCode AI Exposure Management Identifies, Governs, and Reduces Shadow AI Risk
ArmorCode introduced AI Exposure Management (AIEM) on its Agentic AI Platform, expanding its unified exposure management suite. AIEM continuously ingests AI usage signals from security tools, creating a centralized inventory and assigning ownership to mitigate shadow AI. The solution offers...
Arkose Device ID Uses AI to Recognize Devices Across Changing Fingerprints
Arkose Labs unveiled the latest version of Arkose Device ID within its Arkose Titan platform, adding AI‑driven similarity analysis to traditional exact‑match identification. The enhancement allows persistent device recognition even as fingerprints evolve, reducing fraud from identity‑fragmentation attacks while keeping...
Thales Validates Post-Quantum Cryptography on Live Networks, Enabling Ongoing Protection
Thales demonstrated live‑network post‑quantum cryptography for 5G, remotely updating SIM and eSIM cards with quantum‑safe algorithms. The "crypto agility" approach eliminates the need for massive hardware swaps, enabling instant security upgrades across existing devices. The trial underscores Thales’ role in...
Extra #3 - The Prompt Injection Defense Playbook
The post outlines a premium playbook for defending Large Language Models against prompt injection, a semantic attack that tricks AI into violating its own constraints. It categorizes three primary attack vectors—role‑playing jailbreaks, hidden‑text payloads, and direct overrides—and proposes a multi‑layered...
Kaspersky Enhances Its Security Awareness Platform with SCORM & PDF Support
Kaspersky has upgraded its Automated Security Awareness Platform (ASAP) to include native support for SCORM and PDF content. The addition lets organizations upload, track, and manage custom e‑learning modules and PDF training materials alongside Kaspersky’s expert‑driven scenarios. This flexibility helps...
Three or More Parties Now Securely Share Encryption Keys Via Quantum Links
Researchers from the University of York propose a holistic framework for multiparty quantum key agreement (MQKA) that classifies protocols along three axes—network architecture, quantum resources, and security model. By mapping existing schemes onto this design space, they demonstrate error‑rate reductions...
How to Know You’re a Real-Deal CSO — and Whether that Job Opening Truly Seeks One
Recruiters struggle to find genuine Chief Security Officers (CSOs) because the role now demands deep technical expertise, business acumen, and executive communication. Title inflation leads firms to hire or promote candidates who excel in architecture but lack governance, risk‑prioritization, and...
HungerRushRMS Breach Leads to Phishing Emails, Aussie Traffic Blocked
Looks like @HungerRushRMS got pwned and the bad guys are emailing customers. Now they’re blocking website traffic (at least they are for Aussie traffic). https://t.co/lKe74m0OTc
Would You Trust an AI Pentester to Work Solo?
Security leaders face mounting pressure to outpace threats while accelerating AI adoption, yet only 36% are satisfied with current pentesting providers. AI‑powered pentesting promises unprecedented speed and scale, scanning massive codebases in minutes, but it falls short on contextual judgment,...
Moving From License Plates to Badges: The Gateway Authorization Proxy
Cloudflare unveiled the Gateway Authorization Proxy, a client‑less solution that shifts identity verification from the endpoint to the network. By integrating Cloudflare Access login and signed JWT cookies, the proxy can authenticate users on any device that reaches the Internet,...
GDS Sets Out the Principles for Secure Personal Data
The UK Government Digital Service (GDS) released the “Principles for Securing Personal Data in Government Services,” a ten‑point framework to help departments share personal data securely and comply with the Data Protection Act 2018 and UK GDPR. Developed by the Office of...
Defeating the Deepfake: Stopping Laptop Farms and Insider Threats
Cloudflare announced a partnership with Nametag to embed workforce identity verification into its Cloudflare One SASE platform, targeting the emerging "remote IT worker" fraud that leverages AI‑generated deepfake IDs and laptop farms. The integration uses OpenID Connect to require a...
Agentic AI Forces Unified ITOps‑SecOps for Resilience
Most orgs still treat ITOps and SecOps as separate universes, but incidents don't care about org charts. Agentic AI gives leaders a reason to redesign workflows around end-to-end resilience. #CIO #CISO #AI https://t.co/e3w3lXkvfc
SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse
In this 5‑minute Stormcast, Johannes Ulrich covers three security topics: a credential‑guessing campaign targeting CrushFTP admin accounts using default usernames and passwords, the latest Android Patch Tuesday which includes a critical Qualcomm display driver flaw already being exploited, and a...
CrowdStrike ‘Turbo Charging’ Security Platform Growth With Falcon Flex: CEO George Kurtz
CrowdStrike’s Falcon Flex subscription model propelled its ARR related to Flex deals 120% year‑over‑year to $1.69 billion, contributing to a total ARR of $5.25 billion for fiscal 2026. The company’s managed‑service‑provider (MSSP) channel surged past $1.3 billion, up from under $100 million three years earlier....
Microsoft: Securing AI Agents and Human Teams Crucial for Success
Microsoft’s inaugural Cyber Pulse AI Security Report reveals that over 80% of Fortune 500 firms already deploy low‑code AI agents, and the company forecasts 1.3 billion autonomous agents operating by 2028. Financial services account for roughly 11% of global agent activity, underscoring...
MFA Remains the Easiest High‑ROI Security Win
Just about every small and mid sized business I talk to is still behind on MFA. It is still the highest ROI security control available. If you have not enforced MFA everywhere, that is the easiest win you have this quarter. Read more...
1,700 Dutch Police Officers Get Reminder Not to Access Files without Legitimate Purpose
The Dutch National Police identified roughly 1,700 officers who accessed internal systems without a clear operational need and will receive reminder letters. The audit was sparked by a query into the violent death of 17‑year‑old Lisa from Abcoude, which appeared...
Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure
India‑linked APT group Sloppy Lemming has accelerated its campaign, expanding its command‑and‑control infrastructure to over 112 Cloudflare‑hosted domains and deploying custom Rust‑based tools. The group now targets nuclear regulators, defense contractors, and critical infrastructure in Pakistan and Bangladesh, using phishing...
Eaton Bolsters Hospital Defenses as Healthcare Cybersecurity Act Arrives
Eaton announced a suite of infrastructure‑focused cybersecurity solutions to help hospitals comply with the Healthcare Cybersecurity Act of 2025. The portfolio includes network‑managed UPS systems, a gigabit Network M3 Card with secure boot and traffic filtering, and the Brightlayer digital power‑management...
National Guard Member’s Invention Allows Cyber Warfare Training on the Go
Senior Master Sgt. Taylor Gow unveiled the Agile Cyber Training Environment (ACTE), a backpack‑sized system that lets Massachusetts Air National Guard airmen conduct cyber‑warfare training anywhere. The invention, accepted into the Air Force’s Spark Tank 2026 competition, processes drone imagery...
Channel Partners Are Flying Blind on Network Risk as AI Traffic Surges
AI-driven workloads are reshaping enterprise traffic, creating sudden, high‑volume data bursts that bypass traditional monitoring points. As hybrid, multi‑cloud and edge environments proliferate, channel partners lose end‑to‑end visibility, exposing them to hidden performance and security risks. Legacy network tools, built...
FBI Reminds of Potentially Malicious Activity by Iranian Cyber Actors
The FBI has issued a reminder to critical‑infrastructure operators to adopt mitigations outlined in a June 2025 fact sheet targeting Iranian‑affiliated cyber actors. These actors, motivated by ongoing geopolitical tensions, frequently exploit unpatched software, default passwords, and internet‑exposed operational technology (OT)...
From Legacy to Leadership: Achieving Zero Trust Cybersecurity in Government with AI
Government agencies face mounting cyber threats as legacy systems impede Zero Trust adoption, with 66% citing outdated infrastructure as the biggest barrier. AI‑enhanced Zero Trust offers a pragmatic layer that integrates with existing environments, enabling adaptive authentication, real‑time monitoring, and...
CISA Report Updates Findings on RESURGE Malware Attacks
CISA issued an updated analysis of RESURGE malware on February 26, expanding the agency’s 2024 findings about the threat targeting Ivanti Connect Secure devices. The report reveals that RESURGE can persist silently on compromised VPN appliances and stay dormant until...
Federal Leaders Confront the Next Wave of AI Security Risks
Federal leaders highlighted escalating AI security risks at Zscaler’s Public Sector Summit, noting that over 70% of AI‑generated code goes unchecked and 90% of AI systems were compromised within 90 minutes in a recent red‑team test. The discussion emphasized the...
South Korea, Australia, Portugal Top OECD Digital Government Index for 2025
The OECD’s 2025 Digital Government Index (DGI) places South Korea at the top with a 0.95 composite score, followed by Australia (0.88) and Portugal (0.86). Korea is the only nation to break the 0.9 threshold across all six assessment categories,...
Cisco: AI Is a Double-Edged Sword in Industrial Networks
Cisco’s 2026 State of Industrial AI Report reveals AI is a double‑edged sword for industrial networking teams, simultaneously creating security challenges and offering defensive benefits. While 40% of surveyed professionals cite cybersecurity as a major barrier and 48% list it...
Preview of UK DVS Trust Framework 1.0 Shows What ‘Good Digital Identity Looks Like’
The UK government has released a pre‑release of Digital Verification Services (DVS) Trust Framework 1.0, superseding the Digital Identity and Attributes Trust Framework for business readiness. The new framework aligns formally with the Data (Use and Access) Act 2025 and...
Swiss E-ID Delayed to December, Renewed Focus on Security and Trustworthiness
Switzerland’s e‑ID programme, which barely passed a referendum with 50.39 % support, has been postponed to December 2026 to address security and trust concerns. The delay follows criticism over encryption gaps and data‑privacy safeguards, prompting new requirements such as a public register...
Newly Uncovered Open Server Exposes 676 Million US Identity Records Including SSNs
Cybersecurity firm SOCRadar discovered an unsecured Elasticsearch server hosting roughly 676 million U.S. identity records, including full Social Security Numbers, names, dates of birth, addresses, and phone numbers. The 91.72 GB dataset was publicly accessible without authentication, exposing more records than the...