Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
KT, LG Uplus Face Lingering Fallout over Hacking Incidents
Korea's telecom giants KT and LG Uplus are still dealing with the repercussions of recent hacking incidents. KT has extended the deadline for customers to claim early‑termination‑fee refunds to June 30 after many missed the Jan. 31 cutoff. LG Uplus is under investigation for allegedly wiping server logs and obstructing a forensic review after a breach that exposed server details and employee names. Both companies face mounting regulatory pressure and customer attrition as the fallout continues.
Former Nuance Employee Admits Breaching More than 1.2M Geisinger Patient Records
Max Vance, a former Nuance Communications employee, admitted to illegally extracting protected health information from Geisinger Health System, affecting over 1.2 million patients. The breach continued after his termination, indicating he retained access to the provider’s network. Vance pleaded guilty in...
50+ Expert Forecasts on AI Governance and Security
RT Digital transformation is hitting a new phase. These 50+ expert predictions on agentic AI, governance, and security outline what leaders must prioritize now. #DigitalTransformation #AI #CISO @Star_CIO https://t.co/zhlbEwiusI
University of Mississippi Medical Center to Resume Clinic Operations After Cyberattack
University of Mississippi Medical Center announced that its outpatient clinics will resume normal operations statewide on March 2, following a cyberattack that shut down its IT systems on Feb. 21. The center has regained access to patient records and will...
How Do Leaders Ensure AI System Safety and Compliance
Leaders are urged to prioritize Non‑Human Identities (NHIs) – machine identities such as tokens, keys and certificates – as a core component of AI system safety and regulatory compliance. The article outlines how inadequate discovery, classification and secret rotation create...
What Is the Role of AI in Driving Cybersecurity Innovation
Non-Human Identities (NHIs) are becoming central to cybersecurity as organizations accelerate digital transformation. By managing machine identities, tokens and keys throughout their lifecycle, companies can reduce breach risk, improve compliance, and automate secret rotation. AI‑driven platforms add context‑aware detection, enabling...
Securing Commercial Satellite Networks: A National Security Imperative
Bipartisan senators have reintroduced the Satellite Cybersecurity Act to address growing cyber and electronic‑warfare threats against commercial satellite constellations. Low‑cost systems such as Starlink now underpin military command, intelligence, logistics and civilian services, making them attractive targets. The article highlights...
Cybersecurity and AI in the Era of Home-Based Care Logistics
Kenco’s vice‑president of life sciences, Tim McClatchy, detailed how the firm is hardening cybersecurity across its manufacturer‑to‑home delivery network while deploying AI to streamline labor planning and route optimization. He explained the specific encryption and verification steps used at each...
How to Do Email Analysis ? Complete Guide
Email remains the top vector for cyber‑crime, with attackers increasingly bypassing gateways by exploiting trusted domains and crafting seemingly routine messages. The guide outlines a seven‑step, evidence‑driven process—collecting full headers, parsing authentication results, and analyzing content and attachments—to differentiate legitimate...
Enterprise MCP Adoption Surpasses Security Controls, Need Defense‑in‑depth
Shot: Enterprise MCP adoption is outpacing security controls https://t.co/B4FpJ7maqr Chaser: Securing AI Agents When Using Google Managed MCP Servers: A Defense-in-Depth Guide https://t.co/HBAXx8caUE
Cyberattacks on Hospitals Cost Lives. Here’s How to Fight Back at Machine Speed.
Morpheus is an AI‑driven platform that ingests alerts from a hospital’s existing security stack—SIEM, EDR, firewalls, NDR, email security, DLP and identity tools—and stitches them into a single ransomware kill‑chain view. By correlating these signals, it can surface an attack...
FreeBSD Jail Escape Flaw Breaks Filesystem Isolation
A critical vulnerability identified as CVE-2025-15576 compromises FreeBSD 13.5 and 14.3 by allowing a jailed process to escape its chroot through a nullfs‑shared directory and Unix domain socket. The flaw bypasses kernel‑enforced filesystem boundaries, granting full host‑filesystem access to an...
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
The recent episode of HBO’s drama "The Pitt" portrayed a hospital’s IT systems being shut down by ransomware, forcing clinicians to revert to paper‑based processes. Hours later, the University of Mississippi Medical Center confirmed a real ransomware breach that crippled...
Air Guard Cuts Tactical Air Control Units, Adds Cyber Operators
The Air National Guard will deactivate the 177th Air Control Squadron in Georgia and cut 83 positions across Georgia and Iowa, converting those roles to cyber operations. New cyber squadrons will be established at Fort Gordon, Ga., and the 132nd...
Microsoft Testing Windows 11 Batch File Security Improvements
Microsoft released Windows 11 Insider Preview builds that add a new batch‑file security mode, letting administrators lock batch files in use via the LockBatchFilesInUse registry key or the LockBatchFilesWhenInUse manifest control. The change reduces the need for per‑statement signature validation, boosting script...
NDSS 2025 – CASPR: Context-Aware Security Policy Recommendation
The paper presented at NDSS 2025 introduces CASPR, a context‑aware system that automatically recommends and refines SELinux security policy rules. By aggregating policy rules, file locations, audit logs, and attribute data, CASPR extracts features, clusters types with K‑means, and generates...
Cloud Providers Can’t Certify TEE Key Secrecy
I heard an interesting anecdote about TEEs from some fintech people. They were trying to convince regulators that TEEs aren’t just “computers under their control”, so they asked cloud providers to certify that they’d never hand over the keys. Providers...
7MS #711: How to Secure Your Community
In this inaugural episode of the "How to Secure Your Community" series, host Brian Johnson recounts his personal experience with Operation Metro Surge, a massive federal ICE deployment in the Twin Cities that began in December 2025. He describes the...
Google's Android 17 Automates SIM PIN Unlocks
🔓 Android 17 wants to solve the biggest headache with using SIM PIN locks Google is building a new system for letting the phone automatically handle SIM PIN unlocks. ✅ Details - https://t.co/lGbIxYTndW
Google Publishes New Google Ads Passkey Help Doc
Google has released a new help document that explains how passkeys work within Google Ads, offering a password‑less, phishing‑resistant login method. The guide details when passkeys are mandatory, such as for user‑access changes and account‑linking updates, and outlines device requirements...
Following Markup Investigation, Congress Finds Data Brokers Cost Consumers Tens of Billions of Dollars
A Congressional Joint Economic Committee report estimates that data‑broker breaches have cost American consumers roughly $20.8 billion. The analysis, sparked by investigations from The Markup and CalMatters, links the loss to four major breaches that exposed over 650 million records in the...
Pentagon Shifts to Data-Centric Security to Boost Resilience
The Pentagon is moving from network‑centric to data‑centric security, embedding zero‑trust principles across the Navy and Marine Corps. Initiatives such as Project Dynamis and the Operation Cattle Drive effort aim to accelerate secure data sharing, reduce technical debt, and modernize...
SEALSQ Expands Japan Presence to Support 2035 Quantum Security Mandate
SEALSQ Corp is expanding its footprint in Japan by showcasing its production‑ready QS7001 secure System‑on‑Chip and QVault Trusted Platform Module at two March 2026 industry events. The move backs Japan’s National Cyber Command Office mandate to transition all government and critical‑infrastructure...
Momentum Cyber Hosts AIxCYBER on $119B Security Bet
Momentum Cyber announced AIxCYBER, a high‑profile panel in Austin on March 12, 2026, to dissect the forces reshaping cybersecurity. The event highlights a $119 billion investment surge in 2026, driven by record M&A activity and financing across 1,222 transactions. Panelists will...
The Case for Why Better Breach Transparency Matters
Cybersecurity experts Adam Shostack and Adrian Sanabria argue for greater breach transparency at RSA Conference. They highlight that current practices treat incidents as legal liabilities, limiting shared learning. The speakers propose structured feedback loops similar to aviation and medicine. Without...
CISA Warns that RESURGE Malware Can Be Dormant on Ivanti Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has detailed how the RESURGE implant silently resides on Ivanti Connect Secure appliances, exploiting the zero‑day CVE‑2025‑0282. The 32‑bit Linux shared object libdsupgrade.so remains dormant until it detects a specific inbound TLS...
What Secure Digital Work Looks Like Next: Omnissa CEO Takes the Stage at IGEL Now & Next Miami 2026
Omnissa CEO Shankar Iyer will headline IGEL Now & Next Miami 2026, showcasing the company’s AI‑driven digital work platform that merges endpoint management, virtual desktops and security into a single control plane. The platform is positioned as a frictionless, adaptive...
Rethinking How State and Local Cyber Teams Are Built and Supported
State and local governments are confronting a wave of cyberattacks, with 86% of incidents causing operational disruption that impacts schools, hospitals and public services. Tight budgets, legacy systems and a fierce cyber‑talent shortage hinder effective response. Experts argue the focus...
South Korean Authorities Accidentally Hand Hackers $4.8M in Crypto
South Korea's National Tax Service mistakenly published a photo containing the mnemonic recovery phrase of a seized cryptocurrency wallet. Hackers used the exposed phrase to transfer approximately $4.8 million worth of digital assets to their own accounts. The blunder underscores a...
Under 1% of Flaws Exploited, yet Weaponization Accelerates Dramatically
"Less than 1% of software vulnerabilities were exploited in the wild over the past year, but those flaws are being weaponized faster and on a larger scale than ever before" https://t.co/MJeKsYSj9R https://t.co/pvetZNrUmq
The Compliance Illusion: Why Passing an Audit Doesn’t Mean You’re Secure
PayPal’s Working Capital loan system exposed personal data for six months despite holding PCI‑DSS, SOC 2, and ISO 27001 certifications. The breach underscores that passing audits confirms controls at a point in time, not continuous security resilience. Author Dharmesh Acharya argues compliance...
FDB Vela Integrates With Photon Health Digital Prescription Marketplace
First Databank’s cloud‑native ePrescribing network, FDB Vela, has integrated with Photon Health’s digital prescription marketplace. The partnership combines FDB Vela’s HITRUST‑certified, redundant cloud infrastructure with Photon’s consumer‑focused platform that lets patients compare pharmacy options by price, location and availability before...
Security Must Account for All Human Actors
The farmers and the mercenaries: Rethinking the 'human layer' in security | CSO Online https://t.co/W4BglrjoFn
XRPL Validators Stop Critical Batch Flaw After AI Alert
BIG: 🚨 XRPL validators blocked a critical Batch amendment flaw that could have enabled unauthorized transactions after AI-assisted researchers flagged the bug before mainnet activation
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
North Korean APT ScarCruft launched the Ruby Jumper campaign, employing a chain of malware that includes RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE and BLUELIGHT. The first‑stage payload uses a malicious LNK file to execute PowerShell, which carves and runs additional components....
Weekly Wrap: Resilience Is the New Spectrum Policy Buzzword
The EU’s Digital Networks Act (DNA) is being positioned as a cornerstone for simplifying telecom regulations and reducing market fragmentation across member states. At the Future Connectivity Summit, regulators emphasized the Act’s role in fostering spectrum coherence while also highlighting...
Ukrainian Man Pleads Guilty to Running AI-Powered Fake ID Site
Ukrainian national Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI‑powered subscription service that sold more than 10,000 counterfeit passports, driver’s licenses and Social Security cards to customers worldwide. The site accepted only cryptocurrency, allowed customization of documents, and marketed...
UK Court of Appeal Rules on the Concept of Personal Data in the Context of Data Security
On 19 February 2026 the UK Court of Appeal decided DSG Retail Ltd v The Information Commissioner, holding that a controller’s data‑security duty covers all information it treats as personal, even if an attacker cannot identify individuals. The ruling, based...
NL: Hackers Had Access to Prison Staff Data for Five Months
Hackers infiltrated the Dutch prisons agency DJI and accessed staff data for at least five months, according to a radio investigation by Argos. The compromised information includes employee email addresses, phone numbers and security certificates. The breach was uncovered after...
Cloud Calling Data Sovereignty Secures Business Operations
BT has launched Sovereign Voice, a cloud‑calling solution that guarantees all voice traffic remains within the United Kingdom’s borders. The service runs on domestic data centres, is managed by local staff, and incorporates Cisco’s secure‑calling platform. It targets heavily regulated...
Phishing Attacks Against People Seeking Programming Jobs
A wave of phishing campaigns is targeting individuals searching for programming jobs, using fabricated job listings to harvest credentials. At the same time, North Korean APT37 has released new tools that weaponize removable media, raising concerns about air‑gap breaches. The...
Android 17 Second Beta Expands Privacy Controls for Contacts, SMS and Local Networks
Google’s Android 17 second beta adds system‑level privacy tools, including a Contacts Picker that grants apps access only to user‑selected contacts and an EyeDropper API that reads screen colors without screen‑capture permission. A new ACCESS_LOCAL_NETWORK runtime permission controls LAN device...
Verification Checks Claim, Recognition Finds Identity
🔍 Face Recognition vs Face Verification 🔑 Face Verification → Confirms if someone is who they claim to be (Yes ✅ / No ❌). 🧑🤝🧑 Face Recognition → Identifies who the person is by comparing against many faces 👥. #FaceRecognition #FaceVerification #AI...
Why Application Security Must Start at the Load Balancer
Application security should begin at the load balancer, not deeper in the stack. Organizations often treat load balancers solely as performance devices, leaving encryption, protocol hygiene, and abuse controls to downstream tools. This architectural gap lets attackers exploit weak TLS...
Vibhor Kumar: Open Source, Open Nerves
At last year’s CIO Summit in Mumbai, senior leaders from banking, fintech, telecom and manufacturing debated the growing risk profile of open‑source databases, with PostgreSQL emerging as the focal point. The conversation has moved from pure performance to trust, encompassing...
Illumio Insights Brings Agentless Visibility and Breach Containment to Hybrid Environments
Illumio announced Illumio Insights, an agent‑less solution that ingests real‑time telemetry from Check Point and Fortinet firewalls to create live traffic maps across data‑center and cloud environments. The platform converts existing firewall data into visibility without installing software agents, extending...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are distributing trojanized gaming utilities through browsers and chat platforms to install a Java‑based remote‑access trojan (RAT). The downloader stages a portable Java runtime, executes a malicious JAR via PowerShell and cmstp.exe, then deletes itself and configures Microsoft...
National Cyber Security Bill and NIS2: Senior Management’s Compliance Guide
The EU’s NIS2 Directive now obligates senior management to approve, oversee, and assume responsibility for cybersecurity risk, a shift echoed by Ireland’s forthcoming National Cyber Security Bill. The draft legislation mirrors NIS2’s Article 20, imposing personal liability, temporary bans, and fines...
Vulnerability Management Core Capabilities Every Platform Should Have
Vulnerability management platforms must evolve beyond basic scanning to address today’s complex attack surface. Core capabilities now include automated asset discovery, continuous scanning with real‑time risk scoring, integrated remediation workflows, threat‑intelligence enrichment, and compliance‑aligned reporting. These functions enable security teams...
Mobile App Permissions (Still) Matter More than You May Think
Mobile app permissions remain a critical security vector, with both iOS and Android prompting users for dangerous permissions at runtime. Excessive or unnecessary permissions—such as background location, accessibility services, or SMS access—can enable data theft, credential harvesting, and device surveillance....