Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Arctic Wolf Snaps up Sevco Security to Bolster Exposure Management
Arctic Wolf announced the acquisition of Texas‑based Sevco Security, a cloud‑native exposure assessment specialist, for an undisclosed amount. Sevco’s platform, recognized as a Gartner Visionary in 2025, will be folded into Arctic Wolf’s Aurora platform to unify asset intelligence, vulnerability context, and control coverage. The integration aims to give managed‑service providers and enterprise customers real‑time visibility and prioritized remediation across hybrid environments. This deal follows Arctic Wolf’s 2025 purchases of Cylance and UpSight, reinforcing its broader consolidation strategy.
AI Agents Now in 80% of Fortune 500; Governance Crucial
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier @Microsoft has released its latest Cyber Pulse report, offering practical insights into emerging cybersecurity risks as AI agents become embedded in everyday business operations. https://t.co/nYODu6iNVB...
Chinese Group’s ChatGPT Use Reveals Worldwide Harassment Campaign Against Critics
OpenAI’s latest threat report reveals a Chinese law‑enforcement unit using ChatGPT to edit internal briefings and draft a propaganda push against Japan’s prime minister. The single account uploaded dozens of operation reports, exposing a coordinated effort involving mass posting, bogus...
$10,000 Bounty Offered if You Can Hack Ring Cameras to Stop Them Sharing Your Data with Amazon
Ring’s new “Search Party” AI feature sparked privacy outrage after a Super Bowl ad, prompting a backlash against the company’s data‑sharing practices. In response, the nonprofit Fulu Foundation announced a $10,000 bounty for anyone who can modify Ring doorbells to...
EnforceAuth Free Version Gives Enterprises AI-Native Auth for AI Agents, Machine Identities & Non-Human Workloads
EnforceAuth announced a free tier of its AI Security Fabric, giving enterprises a vendor‑neutral platform to govern AI agents, automated workflows, and machine identities. The solution shifts from traditional access control to decision‑centric authorization, evaluating each action with full context...
The Missing Link Moves Into Infosys’ North Sydney Office
Cyber‑security specialist The Missing Link, acquired by Infosys in May 2025, has moved from Artarmon to Infosys’ North Sydney office. The relocation creates an upgraded Global Security Operations Centre offering 24/7 monitoring and services aligned with the Australian Signals Directorate’s Essential Eight....
Boards Don’t Need Cyber Metrics — They Need Risk Signals
Security teams flood boards with counts of attacks, patches, and alerts, but executives need signals that translate those numbers into business risk. Experts argue that time‑based metrics like detection and containment speed, and financial exposure indicators, better reveal whether risk...
U.S. Sanctions Russian Broker Over Zero-Day Exploits Theft
The United States has sanctioned Russian cyber‑exploit broker Operation Zero, its director Sergey Zelenyuk, and a UAE‑based front company for stealing eight zero‑day vulnerabilities from a U.S. defense contractor. Australian insider Peter Williams allegedly sold the exploits for roughly $1.3 million...
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors leveraged the critical Apache ActiveMQ flaw CVE‑2023‑46604 to achieve remote code execution, download a Metasploit stager via CertUtil, and gain SYSTEM privileges on a Windows host. After dumping LSASS credentials, they moved laterally using a harvested domain‑admin account,...
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
Security researchers have identified a new OAuth consent attack vector in Microsoft Entra ID where a legitimate service principal such as ChatGPT is granted high‑risk Graph permissions like Mail.Read. By tricking users into approving a consent screen, attackers obtain persistent...
Secfix Raises $12M Series A to Build End-to-End Security Compliance Platform
Munich‑based Secfix closed an oversubscribed $12 million Series A round led by Alstin Capital, with Bayern Kapital and existing backer neosfer participating. The funding will accelerate Secfix’s European expansion and the development of its AI‑native automation and CISO‑as‑a‑Service capabilities. Secfix’s platform automates...
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft Defender has identified a coordinated campaign that weaponizes seemingly legitimate Next.js repositories to compromise developers. The malicious projects, often presented as interview assessments, exploit Visual Studio Code workspace automation, build‑time scripts, and server startup routines to fetch and execute...
From the Outside In: A Smarter Approach to Vendor Access
Security teams increasingly view vendors and contractors as the most vulnerable entry points, exposing gaps in traditional employee‑centric access controls. Boon Edam advocates an “outside‑in” strategy that places layered verification at the perimeter, limiting tailgating and ad‑hoc credential use. By shifting...
Beware: Fake Apple Newsroom Headlines Manipulating Markets
You’re going to see a lot of fake Apple Newsroom headlines here that look like this (below), and it may even influence folks/markets until they realize they are all fake tomorrow. Don’t fall for these. It’s a simple manipulation of...
Risky Business #826 -- A Week of AI Mishaps and Skulduggery
In this episode of Risky Business, host Patrick Gray and panelists James Wilson and Adam Wallow dissect a wave of AI-driven cyber incidents, from a threat actor leveraging AI to mass‑compromise Fortinet devices to Chinese labs attempting large‑scale model distillation...
Towards an Industry Best Practice for DNSSEC Automation
DNSSEC adoption remains modest, with only 36 % of resolvers validating and 7 % of domains securely delegated in 2025, hampered by complex enrollment and manual key‑rollovers. Automation using authenticated CDS/CDNSKEY records can eliminate these hurdles, and several European ccTLDs have already...
Fake Zoom Meeting Silently Installs Surveillance Software, Says Malwarebytes
Malwarebytes uncovered a new fake‑Zoom meeting scam that silently installs a covert build of the Teramind employee‑monitoring tool on Windows workstations. Victims are lured by a realistic Zoom waiting room, then an automatic “Update Available” countdown triggers a silent download...
SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; Telnetd Issues
In this episode, Johannes Ulrich discusses a surge in scans targeting open redirects, explaining how these vulnerabilities can be exploited in OAuth 2 flows and phishing attacks, and notes that many originate from a bullet‑proof hosting IP. He then introduces...
Ransomware Is the Invoice for Compounding Technical Debt
Ransomware attacks are increasingly being framed as the overdue invoice for years of accumulated technical debt. Experts highlight that identity sprawl, inconsistent patching, and legacy backup systems create fertile ground for ransomware to cripple organisations. A Rubrik survey found 95%...
Beyond the Queue: Smarter Security Will Ultimately Shape the Future of Global Air Travel
Airports in 2026 face a rapidly evolving threat matrix that blends physical, digital and human risks, from sophisticated stowaways and drone incursions to a 600% surge in cyber‑attacks. Balancing passenger convenience with robust security is no longer optional—it defines the...
Sektor Signs up Concentric AI to A/NZ Distie Portfolio
Sektor has entered a distribution agreement with AI and data‑security‑governance vendor Concentric AI to serve the Australian and New Zealand market. As an authorised distributor, Sektor will equip its channel partners with enablement, go‑to‑market support and local expertise, positioning Concentric AI’s platform for...
Planning Cloud Security Assessments with Third-Party Tools in Azure Government Cloud
Organizations using Azure Government Cloud struggle to balance automated security assessments with the nuanced architectural requirements of regulated environments. Third‑party compliance tools can scan thousands of resources against NIST, FedRAMP, and CIS benchmarks, delivering speed and broad visibility. However, these...
Phishing Campaign Targets Freight and Logistics Orgs in the US, Europe
A financially motivated group called Diesel Vortex has been running a phishing campaign against freight and logistics operators in the U.S. and Europe since September 2025. Using 52 domains and Cyrillic homoglyph tricks, the actors stole 1,649 unique credentials from...
What Does Business Email Compromise Look Like?
Business email compromise (BEC) continues to surge, costing $2.7 billion in 2022—a 12.5% increase over the prior year. Attackers masquerade as CEOs, HR staff, or trusted vendors, using deep reconnaissance, AI‑generated voice cloning, fake invoices, QR codes, and conversation hijacking to...
What Are the Types of Ransomware Attacks?
Ransomware has evolved into a multi‑strain ecosystem, ranging from classic crypto ransomware that encrypts data to double‑extortion variants that also threaten public leaks. Newer models such as encryption‑less, locker, scareware, and Ransomware‑as‑a‑Service (RaaS) broaden the attack surface and lower the...
Q&A: Palo Alto’s Eric Trexler Urges Identity-First, AI-Secure, Platformized Cyberdefenses
Eric Trexler, senior VP for the public sector at Palo Alto Networks, highlighted the federal government’s massive, fragmented cyber‑attack surface and the $27 billion FY 2025 cybersecurity budget, of which roughly $1.8 billion targets identity management. He noted that while agencies have made...
US Imposes Cyber-Related Sanctions on Russian, UAE Individuals and Entities
The U.S. Treasury announced cyber‑related sanctions on four individuals and three entities, including parties in Russia and the United Arab Emirates. The measures target those involved in acquiring and distributing malicious cyber tools that threaten U.S. national security. The sanctions...
1Password’s Annual Subscription Plans Are Getting a Price Hike Next Month
1Password announced a price increase for its annual plans effective March 27 2026. Individual subscriptions will rise to $47.88 per month and family plans to $71.88 per month, representing a $12 yearly bump. The company attributes the hike to added value and...
AI Integration Threatens SaaS Moats, Wipes Out Security Stocks
A security feature launch tweet by Claude wiped out $15B in cybersecurity stocks. AI is eating SaaS. Here’s what this means for the future of SaaS: Cybersecurity names like CrowdStrike, Palo Alto Networks, and Zscaler fell after Anthropic showed Claude...
Lift Cybersecurity, Warns Report
Australian government agencies are urged to upgrade cybersecurity after Cisco and the University of Canberra released the "Securing the Nation" report. The study highlights that 59% of federal agencies view legacy, end‑of‑life technology as a top security challenge and warns...
SolarWinds Patches Four Critical Serv-U Flaws Enabling Root Access
SolarWinds has issued patches for four critical Serv‑U vulnerabilities (CVE‑2025‑40538, 40539, 40540, 40541), each scoring 9.1 on the CVSS scale. The flaws—broken access control, two type‑confusion bugs, and an IDOR issue—enable remote code execution that can grant attackers full root...
Unifying Federal Data Management and Security with Hitachi VSP One
In this episode, Hitachi Vantara Federal’s Guy Garwich and Todd Hansen explain how the Virtual Storage Platform One (VSP1) unifies block, file, object, and mainframe storage into a single data plane with a unified control plane, delivering high‑performance file services,...
Discord Is Delaying Its Controversial Age Verification Methods Due to Backlash: ‘We’ve Made Mistakes’
Discord announced a global age‑verification rollout featuring facial scans and ID uploads, but user backlash forced a delay. CTO Stanislav Vishnevskiy admitted the company failed to explain the process clearly, especially after a 2024 breach that exposed 1.5 TB of verification...
DISA's $201M Browser Contract Shows Resellers Still Have a Role to Play
DISA has issued a $201 million solicitation for cloud‑based internet isolation (CBII), requiring authorized Menlo Security resellers to deliver a managed service. Menlo Security supplies the underlying remote‑browser platform, while resellers will operate, integrate, and support the solution within DISA’s security...
ADVP Expects Digital Identity Consultation to Play by Rules of Data Act, DIATF
The Association of Digital Verification Professionals (ADVP) has urged the UK government to shape its upcoming digital‑identity consultation around the Data (Use and Access) Act 2025, warning that a single, government‑only wallet would lock out the private sector. ADVP argues...
AI Drafts SOC2 Auth Service, Leaves 35 Issues
Asked Opus 4.6 to design an SOC2‑compliant auth service from zero. It came back with 35 issues. Pilot’s job now is to deliver them. Estimated cost: ~$4. Estimated time: ~1 hour + ~10 minutes of cleanup. --- Devs only have jobs until I get better...
Blumira Lands in Pax8 Marketplace, MSPs Get a Scalable Path to Managed SIEM
Blumira has entered the Pax8 Marketplace, allowing managed service providers (MSPs) to purchase, provision, and bill a full‑stack security operations platform through the same portal they use for cloud services. The integration eliminates separate sales and onboarding steps, enabling MSPs...
‘It’s Not over’: Cyber Info-Sharing Center Begins ‘Next Chapters’ After Losing Federal Funding
The Multi-State Information Sharing and Analysis Center (MS-ISAC) lost its federal grant in September 2025 and transitioned to a dues‑paying model. Sixteen states and territories are now full members, while eight additional states have purchased services for all their agencies....
Accelerating Federal Cloud Modernization
Federal agencies are accelerating cloud modernization, but must first close gaps in data readiness, cybersecurity, and legacy infrastructure. Officials from the Centers for Medicare & Medicaid Services, the Department of Energy, and NinjaOne discussed prerequisites for hybrid and multi‑cloud success....
Cost of Insider Incidents Surges 20% to Nearly $20m
The DTEX Cost of Insider Risks 2026 report, based on 8,750 security practitioners, finds average insider‑related losses of $19.5 million per organization, with employee negligence—largely driven by shadow AI—accounting for 53% of that cost. Negligence losses rose 17% year‑on‑year, pushing total...
Google Patches Three High-Severity Chrome Flaws
Google released a Chrome security update that fixes three high‑severity vulnerabilities (CVE‑2026‑3061, CVE‑2026‑3062, CVE‑2026‑3063). Two of the flaws involve out‑of‑bounds memory reads, while the third adds out‑of‑bounds writes in the WebGPU shader compiler. The bugs affect Chrome’s media stack, the...
EF Calls for Deeper, Purpose‑Driven Innovation in DeFi
Defi is a central part of the value that Ethereum provides. Financial empowerment is a central part of what it means to have agency and freedom in our current world. Finance is far from the only thing that Ethereum is...
Marquis Sues Firewall Provider SonicWall, Alleges Security Failings with Its Firewall Backup Led to Ransomware Attack
Fintech firm Marquis has filed a lawsuit against firewall vendor SonicWall, alleging that a 2025 breach of SonicWall’s cloud backup service exposed critical firewall configuration data. The compromised backup files allegedly gave threat actors the keys to bypass SonicWall defenses,...
NYC Cyber Leaders: Private Dinner on Dataverse Protection
If you’re a cybersecurity leader in NYC, join me this Thursday for a roundtable dinner focusing on New Strategies to Protect Your Expanding Dataverse. Private dinner, peer conversation, no vendor pitch. These are the discussions where the real issues come...
Secure AI‑Driven DevOps via Signal‑Powered SideChannel
Introducing a new tool called "SideChannel". A secure alternative to OpenClaw. Utilizes signal for communication and has Claude integration. I built SideChannel, an open-source Signal bot that connects Claude AI to your entire development workflow. End-to-end encrypted. From your pocket. The real...
Ex‑Trenchant Exec Gets 7‑year Sentence
Peter Williams, the former Trenchant exec who stole zero-day exploits from his employer and sold them to a Russian exploit buyer, was sentenced today to 7 years and 3 months in a hearing that was partially closed to the public...
Boards Demand Business Impact Over Technical Threat Metrics
📈 The Board is over "Red, Yellow, Green" charts. They want financial risk quantification. Moving from technical metrics to business risk is the #1 theme for CIOs at RSA this year. Stop reporting on "threats" and start reporting on "impact."...
US Government Fails to Push Firms Toward Supply‑Chain Security
Great story in the New York Times highlighting the difficulties that the US government has faced in getting the world's most profitable companies to take supply chain security seriously, and reduce their exposure to a crisis in the Taiwan straights 1/...
AI Accelerates Threat Groups' Attack Speed
Threat groups move at record speeds, as AI helps scale attacks | Cybersecurity Dive https://t.co/frfbUAXzlI
Proof, Not Promises, Drives Trust in Security
So @markowitzadam was selling a product built on proving things with evidence. But when a university asked him to prove his security posture, he couldn’t. That contradiction became the seed for @DrataHQ ($100M+ ARR). Trust isn’t what you say. It’s what you prove....