Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Newly Uncovered Open Server Exposes 676 Million US Identity Records Including SSNs
Cybersecurity firm SOCRadar discovered an unsecured Elasticsearch server hosting roughly 676 million U.S. identity records, including full Social Security Numbers, names, dates of birth, addresses, and phone numbers. The 91.72 GB dataset was publicly accessible without authentication, exposing more records than the U.S. population and indicating aggregated historical data with duplicates. SOCRadar confirmed authenticity of samples and noted that portions of the data have already appeared on criminal forums. The breach underscores a pattern of misconfigured Elasticsearch instances that leave port 9200 exposed.
Announcing Docker Hardened System Packages
Docker announced Docker Hardened System Packages, extending its Docker Hardened Images (DHI) security model to individual OS packages. The offering adds more than 8,000 hardened Alpine packages with Debian support slated soon, and maintains Docker’s SLSA Level 3 build pipeline and...
GenAI Augments Security Stack; AI Firms Target Specific Markets
Anthropic entering secure code has everyone predicting the collapse of security vendors. I think that framing is too binary. GenAI will augment nearly every layer of the security stack. That does not mean the stack disappears. The better question is: which markets do...
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
Google disclosed a sophisticated iPhone‑hacking toolkit called Coruna that exploits 23 iOS vulnerabilities across versions 13 to 17.2.1. The code first appeared in a Russian‑linked espionage campaign against Ukrainian sites, then resurfaced in a criminal operation stealing cryptocurrency from Chinese‑language...
Mouser's Autonomous Vehicle Online Resource Center Addresses Real-World Deployment Challenges
Mouser Electronics has expanded its Autonomous Vehicle (AV) Online Resource Center to help engineers tackle real‑world deployment hurdles. The hub consolidates technical articles, eBooks and product data covering perception, deterministic networking, functional safety, cybersecurity and ethical decision‑making. It emphasizes software‑defined,...
Alabama Sextortion Case Involved Hundreds of Victims
A 22‑year‑old Alabama man, Jamarcus Mosley, pleaded guilty to federal charges for hijacking the Snapchat and Instagram accounts of hundreds of young women between 2022 and 2025. He used impersonation to obtain recovery codes, seized control of accounts, and extorted...
Venza Enters a New Chapter in Hospitality Cybersecurity
Venza unveiled the Venza System™ platform, a fully automated cybersecurity management solution tailored for the hospitality sector, alongside a refreshed brand identity and tagline, “Know your risks. Defend your data.” The new platform centralizes risk visibility, streamlines compliance reporting, and...
Exposed API Keys Cost Startup $2.5K in Fees
Claude Code reached LinkedIn We're COOKED 😱 This guy literally exposed his API keys on the front end, got exploited, charged 175 customers $500 each by mistake.. .. then burned $2.5K in Stripe fees before fixing it 😅 https://t.co/WPDCXipLSF
AI‑Cybersecurity Convergence Must Be Administration’s Top Priority
Why the convergence of AI and cybersecurity must be a top priority for the administration https://t.co/TbGhk0BYOE https://t.co/EiVI3kNYsI
Stop Payment Fraud Before It Starts
Automated bank account verification protects AP departments from payment fraud. Fraudsters now use AI‑generated emails and deep‑fake audio to hijack bank‑change requests, leading to costly losses. Real‑time verification confirms account ownership, status, and matches supplier data while creating an immutable...
Joining Code Armor Board to Accelerate Cybersecurity Innovation
Very pleased to be joining the Board at @code_armor . I’ve worked with them for a long time. What they have built and are building is a vital part of the need for speed in any modern cybersecurity program. https://t.co/v8SGWVKobB
Speakeasies to Shadow AI: Banning AI Browsers Will Fail
Enterprises are grappling with a Gartner recommendation to ban AI‑enabled browsers, citing data leakage, unknown third‑party connections, and prompt‑injection threats. Yet LayerX research shows roughly 20% of corporate users already run GenAI extensions, and AI browsers now power about 85%...
GenAI Enables Unified Multicloud Config Standardization
Standardizing multicloud configs from a single set of requirements is finally viable. Think: genAI translating an AWS IAM role -> Azure Role Definition or a CloudFormation template -> Google Deployment Manager config. #IAM #CISO #Cloud https://t.co/vBzM21vM14
St. Lucia Launches Authentication Framework to Ease Access to Digital Public Services
St. Lucia has unveiled the National Authentication Framework (NAF), a centralized digital identity system that provides a single sign‑on experience for accessing public services through the DigiGov portal and a forthcoming mobile app. The first phase targets citizens and legal...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat actors masquerading as IT support used a spam‑email and phone‑call campaign to deliver the Havoc command‑and‑control framework across five organizations. By tricking users into remote‑access sessions, they sideloaded malicious DLLs that deployed Havoc Demon payloads and legitimate RMM tools...
Isolate Each Kiro CLI Agent in Secure Sandboxes
Securing Kiro CLI Custom AI Agents 🤖 Configuring multiple agents to work with Kiro CLI in individual sandboxes https://t.co/Bt0CxhDK5j https://t.co/Z4WJtwDoms
Future Network Will Verify Truth, Not Trade Data
The internet never solved trust. Web2 monetised attention. Web3 monetised ownership. AI now monetises imitation. Bots everywhere. Fake identities. Zero certainty who’s real. The next trillion-dollar network won’t trade data. It’ll verify truth. That’s the layer @Humanityprot is building.
$5M Microsoft Activation Key Fraud Ends in Prison Term
Florida court sentenced Heidi Richards, operator of Trinity Software Distribution, to 22 months in federal prison and a $50,000 fine for a multi‑year scheme that trafficked Microsoft Certificate of Authenticity (COA) labels. The operation wired over $5.1 million to a Texas...
OAuth Redirect Abuse Fuels Phishing and Malware
OAuth redirection abuse enables phishing and malware delivery | Microsoft Security Blog I just wrote about this type of attack and what you should be asking about authentication processes. Modifying scopes is an authorization issue but it’s related. https://t.co/TucGqHuinb
Identity Security Blind Spots Fuel Modern Attacks
Permiso’s 2026 State of Identity Security report reveals that organizations are vastly overconfident about identity controls as identity becomes the dominant attack vector in cloud environments. The study finds that 92% of firms run AI agents that create identities without...
Cybersecurity without Overengineering
Industrial cybersecurity must prioritize data integrity and deterministic operation over blanket confidentiality. Regulations such as the EU Cyber Resilience Act and IEC 62443 mandate risk‑based, proportionate measures, warning against costly overengineering. EtherCAT’s hardware‑centric design—operating at the Ethernet layer without IP—naturally limits...
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App
CloudSEK has uncovered a sophisticated Android espionage campaign dubbed RedAlert, which distributes a trojanized version of Israel’s official Red Alert rocket‑warning app via SMS phishing. The fake app mimics the legitimate interface, delivers real alerts, and silently requests high‑risk permissions...
One Foothold, 25 Million Victims: The Risk Inside Modern Breaches
Recent cyber incidents highlight how a single foothold can expose tens of millions of records. The Conduent Business Services breach grew to over 25 million victims, with attackers retaining access for nearly three months and exfiltrating 8.5 TB of data. Parallel attacks...
The Hidden Price Tag: Uncovering Hidden Costs in Cloud Architectures with the AWS Well-Architected Framework
Organizations adopting AWS often overlook hidden costs tied to security breaches, downtime, and over‑provisioned resources. The AWS Well‑Architected Framework, together with the Cloud Adoption Framework, offers a structured set of best practices across six pillars to identify and remediate high‑risk...
APTs and Industrial Cybersecurity in the Wake of the Attack on Iran
Advanced Persistent Threat (APT) groups, often backed by nation‑states, are intensifying attacks on industrial control systems worldwide. Dragos reports that only about 10 % of critical infrastructure facilities have continuous monitoring, leaving most OT environments exposed. Iranian‑backed actors such as IRGC‑affiliated...
CHERI: Hardware-Enforced Capability Architecture for Systematic Memory Safety
CHERI (Capability Hardware Enhanced RISC Instructions) introduces a hardware‑enforced capability architecture that replaces raw pointers with bounded, unforgeable references, making out‑of‑bounds memory accesses architecturally impossible. The design adds only about 4‑5% processor area and incurs minimal performance loss, while allowing...
NDSS 2025 – Be Careful Of What You Embed: Demystifying OLE Vulnerabilities
Researchers from Huazhong University, Waterloo and Sangfor presented a paper at NDSS 2025 exposing critical weaknesses in Microsoft Office’s Object Linking & Embedding (OLE) framework. Their tool, OLExplore, performed dynamic analysis of historic OLE flaws and uncovered 26 confirmed vulnerabilities,...
The Top Exposure Assessment Platforms (EAPs) to Watch in 2026
Exposure management is overtaking traditional scan‑and‑patch models, emphasizing unified visibility, context, and remediation across IT, cloud, identity, and OT. The article reviews six leading Exposure Assessment Platforms (EAPs) for 2026, highlighting Tenable One as the market leader, with challengers such...
Oracle EBS 2025 Campaign Impacts Madison Square Garden, Sensitive Data Leaked
Madison Square Garden confirmed a data breach tied to the 2025 Oracle E‑Business Suite hacking campaign. The Cl0p ransomware group exploited a zero‑day vulnerability (CVE‑2025‑61882) to steal over 210 GB of archived files, including employee payroll and Social Security numbers. MSG...
LexisNexis Confirms Data Breach as Hackers Leak Stolen Files
LexisNexis Legal & Professional confirmed a breach after hackers exploited an unpatched React frontend, using the React2Shell vulnerability to access its AWS environment. The threat actor FulcrumSec leaked over 2 GB of data, including 21,042 customer accounts, 45 attorney password hashes,...
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
Security researcher Gjoko Krstic disclosed a high‑risk flaw in Honeywell's IQ4 building‑management controller, claiming the web‑based HMI is unauthenticated by default and can be exploited to create admin accounts. He identified roughly 7,500 internet‑exposed devices, with about 20% lacking authentication,...
Zero Trust Implementation Roadmap: 5 Stages From Legacy to Modern Security
The article outlines a five‑stage roadmap for Zero Trust adoption, beginning with a thorough identity assessment and progressing through identity foundation, device trust, application access modernization, network segmentation, and continuous validation. Each stage includes concrete milestones such as 100% MFA enforcement,...
Western Allies Form 6G Security Coalition Amid Tech Rivalry with China
Western and Indo‑Pacific allies launched the Global Coalition on Telecoms (GCOT) at Mobile World Congress, uniting the United States, United Kingdom, Canada, Japan, Australia, Sweden and Finland. The coalition released a set of voluntary security and resilience principles designed to...
Geekery: Bookending the COROS Security Debacle of 2025
Last summer, COROS disclosed a series of severe Bluetooth security vulnerabilities affecting every model in its smartwatch lineup. Initially downplayed, the company pivoted quickly, implementing extensive firmware patches and architectural overhauls across all devices. Security researcher Moritz Abrell documented the...
GVisor Isolates MCP Sessions, Preventing File Deletion Attacks
"How do you prevent the agent from accidentally (or maliciously) deleting files, uploading sensitive information to untrusted services, or consuming infinite compute?" @vladkol built an open source project that uses gVisor to isolate your MCP sessions. https://t.co/yMsHQbFWRb https://t.co/j5aEAxdrJi
Josys Centralizes Identity Data to Replace Manual IT Oversight with Automated Governance
Josys has evolved into an autonomous identity governance platform that centralizes identity data from any source into a single AI‑driven system. The solution automates access reviews, lifecycle updates, and over‑permissioned user remediation, eliminating manual IT oversight. Its AI Integration Builder...
Tonic Structural vs Informatica: Which Is Better for Test Data Management?
The article compares Tonic Structural and Informatica for test data management, highlighting that both generate privacy‑safe data but differ in deployment models and feature focus. Informatica is shifting to a cloud‑first strategy after its Salesforce acquisition, limiting on‑premises options, while...
CertSIGN and Lissi Partner to Accelerate EUDI Wallet Rollout in Romania
Romanian qualified trust services provider certSIGN has partnered with German digital‑identity specialist Lissi to bring the European Digital Identity (EUDI) Wallet to Romania. The deal combines certSIGN’s PKI‑based trust services with Lissi’s EUDI Wallet Connector API, offering eIDAS‑compliant integration for...
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
A leaked database from Iranian exchange Ariomex shows the platform may have facilitated sanctions evasion and large capital transfers between 2022 and 2025. The data, analyzed by Resecurity, identified 27 users with potential sanctions matches and revealed that 70% of...
DeepKeep Launches AI Agent Attack Surface Scanner to Map Enterprise Risk
DeepKeep Ltd. unveiled its AI Agent Scanner, a tool that maps the attack surface of generative AI agents within enterprise workflows. The solution provides instant visibility into agents' tool and data access, visual risk maps, and identifies potential vulnerabilities. It...
Secure by Design: Building Security in at the Beginning
Secure by Design is a holistic methodology that embeds security from the earliest stages of system and software conception, shifting protection from a reactive afterthought to a proactive design principle. CIS and SAFECode collaborate to provide measurable guidance, translating standards...
Archipelo and Checkmarx Announce Partnership Connecting AppSec Detection with DevSPM
Archipelo and Checkmarx announced a technical partnership that links application vulnerability findings with development‑origin context. The integration combines Archipelo’s Developer Security Posture Management (DevSPM) with Checkmarx’s Application Security Posture Management (ASPM) to surface who, how, and whether AI tools contributed...
'The Attack Requires No Exploit, No User Clicks, and No Explicit Request Forsensitive Actions': Experts Say Perplexity's AI Comet Browser...
Security researchers at Zenity have disclosed a zero‑click prompt‑injection vulnerability, dubbed “PleaseFix,” in Perplexity AI’s Comet browser. The flaw lets attackers embed malicious prompts in seemingly benign calendar invites, causing the AI to read local files and exfiltrate passwords without...
Evolving Cloudflare’s Threat Intelligence Platform: Actionable, Scalable, and ETL-Less
Cloudflare has launched a cloud‑first Threat Intelligence Platform (TIP) that eliminates traditional ETL pipelines using a sharded, SQLite‑backed architecture running on the edge. Threat events are distributed across thousands of Durable Objects, delivering sub‑second GraphQL queries and real‑time visualizations. The...
DataDome Launches Enhanced Partner Program Built for Depth
DataDome unveiled an enhanced Partner Program that unites resellers, technology alliances, and cloud partners to deliver comprehensive bot‑mitigation solutions. The program introduces three reseller tiers—Authorized, Growth, and Strategic—each with specific margins, enablement milestones, and co‑selling benefits, plus a new partner...
Finally, CTEM and MITRE INFORM Without the Jargon
The new "CTEM + MITRE INFORM Guide for Dummies" offers a jargon‑light introduction to Continuous Threat Exposure Management (CTEM) and its integration with MITRE’s INFORM maturity model. It explains how CTEM shifts security from point‑in‑time assessments to continuous validation of...
Intel Adapting Linux's LAM In Preparing For ChkTag
Intel engineers are revising the Linux Linear Address Masking (LAM) interface to align with the upcoming ChkTag memory‑tagging extension announced by the x86 Ecosystem Advisory Group. The new patches standardize LAM’s tag width to 4 bits—matching Arm’s MTE and the expected...
FIU Develops Encryption to Thwart Future Quantum Computer Hacks
Florida International University researchers unveiled a quantum‑safe encryption system that merges quantum cryptography with secure internet transmission, creating a digital lockbox that only authorized users can unlock. Laboratory tests show the FIU method outperforms comparable advanced encryption techniques by 10‑15...
Huawei Launches Xinghe Solution for Cost-Effective, Quantum-Secure WANs
Huawei unveiled the Xinghe Intelligent Traffic‑Encryption Integration Solution at MWC Barcelona 2026, embedding a built‑in Quantum Key Distribution (QKD) board into its NetEngine 8000E router series. The technology uses a high‑precision noise‑reduction algorithm to allow quantum, negotiation and data channels to...
Cato Networks Unveils Dynamic Prevention to Stop Stealthy, Long-Running Cyberattacks
Cato Networks has introduced Dynamic Prevention, an auto‑adaptive threat prevention engine built into its SASE platform. The service continuously correlates months of networking and security sensor data to spot low‑signal malicious behavior that blends with legitimate activity. When a threat...