Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Cybersecurity firm Cofense uncovered a sophisticated phishing campaign that impersonates cryptocurrency broker Bitpanda. The fake site replicates Bitpanda’s login and adds a counterfeit multi‑factor authentication flow to harvest credentials, names, phone numbers, addresses, and birth dates. Attackers host the clone on a newly registered domain and redirect victims to the genuine Bitpanda portal after data capture. The scheme exploits growing crypto adoption and leverages urgent email prompts to trick users into disclosing sensitive personal information.
Mobile Credentials Provide Safer, More Seamless Security: HID
Mobile credentials are rapidly gaining traction in higher‑education campuses and commercial‑real‑estate portfolios, driven by seamless integration with smart‑building and HR systems. HID’s 2025 State of Security and Identity report shows that 69% of security leaders have deployed or plan to...
SMEs Urged by Government to “Lock the Door” Against Cybercriminals
The UK Government has launched a new campaign urging small‑ and medium‑size enterprises to adopt the Cyber Essentials framework after research showed that 50% of SMEs suffered a cyber attack in the past year. The study also revealed that cyber...
How to Use Cyber-Deception in Your Security Strategy
Cyber deception is gaining prominence as AI‑driven threats rise, prompting the UK NCSC to champion its wider use. The approach relies on high‑fidelity decoys—honeypots, fake credentials, and canary tokens—to generate early breach signals and expose lateral movement. While plug‑and‑play tools...
Enterprises Still Can't Get a Handle on Software Security Debt – and It’s only Going to Get Worse
Enterprises are wrestling with a surge in software security debt, with 82% reporting heightened vulnerability backlogs—a rise of 11% year‑over‑year. Critical flaws now account for 60% of that debt, and high‑risk, highly exploitable issues jumped 36% in the same period....
VMware Aria Operations Flaws Could Enable Remote Attacks
Broadcom released security updates fixing three critical flaws in VMware Aria Operations, including a remote command injection (CVE-2026-22719) with a CVSS score of 8.1, a stored cross‑site scripting issue (CVE-2026-22720) rated 8.0, and a privilege‑escalation bug (CVE-2026-22721) scored 6.2. The...
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Sendmarc has published a fireside chat with DMARCbis co‑editor Todd Herr, outlining the draft’s progress toward Proposed Standard status. The discussion details upcoming tag revisions, clearer reporting expectations, and a DNS tree‑walk method for receiver‑side domain discovery. Herr emphasizes that...
How to Maximize DDoS Readiness with Proactive Protection Strategies
Cyber Security Intelligence reports a surge in DDoS attacks in 2025, with assaults escalating from gigabyte to terabyte volumes. The article outlines proactive protection steps, starting with comprehensive risk assessments that inventory public‑facing assets and establish traffic baselines. It then...
How to Use Intune App Protection without MDM Enrollment
Microsoft Intune now lets organizations protect corporate data on BYOD devices without enrolling them in a full MDM solution. By applying app‑protection policies to apps that embed the Intune SDK, IT can enforce PINs, data‑sharing restrictions, and multi‑identity separation. Conditional...
How Camunda’s Skyflow Connector Helps Regulated Organizations Orchestrate Sensitive Data Safely
Camunda introduced a Skyflow connector that tokenizes and de‑identifies PII/PHI within BPMN workflows. The connector forwards selected fields to Skyflow’s vault, replaces them with tokens, and permits controlled re‑identification only at approved steps. This approach shrinks the cleartext data footprint...
Hackers Threaten to Leak 8 Million People’s Stolen Data if Dutch Telecom Odido Won’t Pay Ransom
Dutch telecom operator Odido confirmed a breach by the Shinyhunters cyber‑criminal group, which claims to have exfiltrated data on up to eight million customers. The attackers are demanding more than one million euros in ransom and have issued a final...
Ukraine Pushes Tighter Telegram Regulation, Citing Russian Recruitment of Locals
Ukrainian officials are urging tighter regulation of Telegram after Russian intelligence allegedly used the app to recruit saboteurs for attacks, including a deadly Lviv strike that killed a police officer. Interior Minister Ihor Klymenko and SBU deputy head Ivan Rudnytskyi...
Peru Begins Campaign to Block Further 100K 'High-Risk' Handsets
Peruvian telecom regulator Osiptel announced a new phase of its anti‑fraud campaign, blocking an additional 100,000 handsets deemed high‑risk. The devices are not listed in the official Renteseg database and are associated with repeated use of invalid or cloned IMEIs....
Slotegrator Introduces an AI-Powered Anti-Fraud Assistant
Slotegrator has launched an AI‑powered anti‑fraud assistant for iGaming operators, turning existing dashboard metrics into concise, structured insights. The tool does not create new data or make autonomous blocking decisions, instead offering analytical recommendations for human review. It targets new...
Some Patients Listed as “Charlie Kirk” Or Dead After Major NZ Health App MediMap Hacked
New Zealand health‑tech firm MediMap was forced offline after an unauthorized intrusion altered patient records, including changing names to “Charlie Kirk” and marking individuals as deceased. The breach affected dozens of providers in aged‑care, disability, hospice and community settings, prompting the...
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
Windows 11: A Guide to the Updates
Microsoft’s Windows 11 25H2 update consolidates a year’s worth of incremental features and security patches, delivering enhancements such as AI‑driven File Explorer actions, Quick Machine Recovery, and enterprise‑grade Wi‑Fi 7 support. Recent out‑of‑band builds address critical bugs, from Remote Desktop sign‑in...
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
Enterprise Risk Management and Cybersecurity: Closing the Gap in Risk Governance
APQC’s new research highlights the critical gap between cybersecurity and enterprise risk management, revealing that only 41 % of organizations have integrated cyber risk into their ERM processes. The study introduces the Cyber‑ERM Integration Index, which measures governance alignment, risk quantification,...
Identity Prioritization Isn't a Backlog Problem - It's a Risk Math Problem
Identity programs still rank remediation like IT tickets, ignoring context. The article argues that true prioritization must treat identity risk as a function of controls posture, hygiene, business impact, and user intent, not just checklist completion. When these factors align,...
Windows 365 for Agents Brings Managed Cloud PCs to Autonomous Workflows
Microsoft introduced Windows 365 for Agents, a cloud platform that lets AI agents securely access managed cloud PCs without handling underlying infrastructure. Built on Azure virtual machines, the service leverages Microsoft Intune and Entra ID for device management and identity, offering shared PC...
North Korean Lazarus Group Linked to Medusa Ransomware Attacks
North Korean state‑backed Lazarus group has been linked to recent Medusa ransomware attacks targeting U.S. healthcare providers. Symantec’s report identifies a Lazarus sub‑unit, possibly Andariel/Stonefly, using the Medusa RaaS platform, which has affected more than 380 organizations since its 2021...
.webp?ssl=1)
Malicious NuGet Packages Target ASP.NET Developers to Steal Login Credentials
A coordinated supply‑chain campaign published four malicious NuGet packages between August 2024, amassing over 4,500 downloads before removal. The lead package, NCryptYo, typosquats the legitimate NCrypto library and installs JIT hooks that drop a hidden payload establishing a localhost proxy....
International Operation Dismantles Fraud Network, €400,000 Seized
An Eurojust‑backed international operation dismantled a fraudulent call centre operating from three offices in Dnipro, arresting 11 suspects and seizing more than €400,000 in cash along with electronic equipment. Victims in Latvia and Lithuania reported losses exceeding €160,000 after being...
CrowdStrike Says AI Is Officially Supercharging Cyber Attacks: Average Breakout Times Hit Just 29 Minutes in 2025, 65% Faster than...
CrowdStrike’s 2026 Global Threat Report reveals AI‑enabled cyber attacks surged 89% year‑over‑year, making AI systems a prime target for criminals. Prompt‑injection techniques are now being used to subvert AI‑driven security tools, while threat actors exploit vulnerabilities in AI development platforms....
Top Threat Modeling Tools, Plus Features to Look For
Automated threat‑modeling tools streamline the identification of risks and generate remediation recommendations, reducing the manual effort traditionally required. The article outlines a selection framework that blends business objectives, SDLC alignment, and functional criteria such as data‑ingestion ease, threat‑intel integration, and...
Microsoft Sovereign Cloud Adds Governance, Productivity, and Support for Large AI Models Securely Running Even when Completely Disconnected
Microsoft announced that its Sovereign Cloud now includes Azure Local disconnected operations, Microsoft 365 Local, and Foundry Local with large‑model support. The new services let enterprises run core infrastructure, productivity suites, and multimodal AI models entirely offline while preserving Azure‑consistent...
CISA on Life Support
The Cybersecurity and Infrastructure Security Agency (CISA) has seen its workforce shrink from roughly 3,400 to under 2,400, with fewer than 1,000 staff actively working amid the current DHS shutdown. Political turmoil—most notably the firing of director Chris Krebs and...
Druva Launches Deep Analysis Agents to Cut Forensic Investigations From Days to Minutes
Druva unveiled Deep Analysis Agents as an extension of its DruAI platform, promising to shrink forensic and compliance investigations from days to minutes. The agents leverage the Dru MetaGraph, a graph‑powered data map, to automatically correlate telemetry, logs, identity data, and...
AI-Generated Image-Based Harm Is Becoming a Security Issue — Organizations Must Prepare
AI‑generated image‑based harm is emerging as a fast‑moving security threat that targets students, employees and the public, causing immediate reputational and emotional damage. Existing moderation tools and legal frameworks struggle to keep pace with synthetic imagery that can be created...
How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL?
The article walks through configuring DigiCert KeyLocker and the Signing Manager Command‑Line Tool (SMCTL) on Windows, detailing required prerequisites such as the DigiCert ONE API key, client certificate, and administrative rights. It compares four credential‑storage methods—Windows Credential Manager, properties file, temporary and...
Building Secure SaaS Architecture: Why Identity Must Be Designed From Day One
SaaS founders must embed identity architecture from day one to avoid the most common breach vectors. A 2025 ReliaQuest study found 44% of cloud workload breaches stem from compromised credentials, underscoring the risk of retrofitting authentication later. Early design choices—separating...
A Digital Omnibus: Identifying Interlinks and Possible Overlaps Between Different Legal Acts in the Field of Digital Legislation to Streamline...
The European Parliament commissioned a study to dissect the European Commission’s Digital Omnibus package released on 19 November 2025. The report separates administrative simplification from substantive changes to safeguards in data protection, privacy, cybersecurity and artificial intelligence. It flags three hot‑button issues...
Operation MacroMaze: APT28 Exploits Webhooks for Covert Data Exfiltration
Operation MacroMaze, a Russia‑linked APT28 campaign, targeted Western and Central European organizations from September 2025 to January 2026. The attackers embedded an INCLUDEPICTURE field in Word documents that fetched a JPG from webhook.site, creating a covert tracking pixel and confirming document opening....
How Discord Can Expose Corporate Data
Discord has become a popular channel for corporate collaboration, supporting everything from developer communities to customer‑support servers. Its fast APIs and webhook integrations let teams create functional workspaces in minutes, but the platform also stores years of code snippets, credentials,...
5G Security: Everything You Should Know for a Secure Network
5G introduces a service‑based, cloud‑native architecture that replaces 4G's hardware‑centric design, bringing modular network functions and edge computing. The standard embeds stronger 256‑bit encryption, privacy‑preserving identifiers, and a new authentication protocol to protect user data and device identities. Additional features...
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT, a Malware‑as‑a‑Service kit, now targets both Android and iOS devices, merging real‑time surveillance with direct financial theft through a browser‑based control panel. The service is marketed on Telegram, with subscriptions ranging from $250 per day to $3,500 per month,...
Center for Critical Infrastructure Security Awarded Maryland Cyber & AI Clinic Grant
Maryland’s Department of Labor awarded the Center for Critical Infrastructure Security a Cyber & AI Clinic Grant, part of Gov. Wes Moore’s $4 million AI workforce initiative. The grant funds the launch of the Think Like a CISO Academy, a statewide...
Deserialization Flaw in Ruby Workers That Could Enable Full Compromise
A critical remote code execution vulnerability has been discovered in RubitMQ job workers due to unsafe JSON deserialization with the Ruby Oj library. The flaw allows attackers to craft malicious JSON that triggers object injection, instantiating a Node class whose...
New Partnership Targets Software Supply Chain Vulnerabilities in South Africa
Obsidian Systems has signed an exclusive reseller and implementation agreement with California‑based BlueFlag Security to bring the latter’s identity‑first SDLC protection platform to South African enterprises and the public sector. The partnership targets developer and machine identities, CI/CD pipelines, and...
CrowdStrike Says Attackers Are Moving Through Networks in Under 30 Minutes
CrowdStrike’s 2025 Global Threat Report reveals that attacker breakout time fell to an average of 29 minutes, a 65% acceleration from the previous year. The speed of initial intrusion to lateral movement is now measured in seconds for the fastest...
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers have disclosed CVE‑2026‑0714, a high‑severity flaw in Moxa’s UC‑1222A Secure Edition industrial computer. The vulnerability allows an attacker with physical access to the SPI bus to sniff the TPM2_NV_Read command and capture the LUKS full‑disk encryption key in...
Master Your Passwordless Future: Introducing Thales Authenticator Lifecycle Manager
Thales has launched the Authenticator Lifecycle Manager, a SaaS solution that centralizes enrollment, replacement, and revocation of FIDO2 security keys across enterprises. The platform offers a single‑pane‑of‑glass dashboard, on‑behalf key registration, granular policy controls, and comprehensive audit logging. By automating...
AI Content Generation Systems Face Global Pressure Over Privacy and Deepfake Risks
Data protection authorities from 61 countries issued a joint warning that AI content generation systems, especially those creating realistic images and videos, pose serious privacy and deep‑fake risks. The statement cites recent incidents, such as Grok’s non‑consensual “nudified” images, and...
The Growing Risk of Malicious Apps in a Mobile-First Workplace
Enterprises adopting a mobile‑first workstyle expose a new attack surface through the apps employees use daily. Traditional signature‑based defenses lag behind the rapid proliferation of malicious or poorly coded apps in official and third‑party stores. Behavior‑based mobile threat defense and...
Secure‑by‑Design Strategies Against Weaponized AI Attacks
Do you have a forward-thinking security strategy to combat weaponized AI? I’m hosting @mikeriemer830, Field CISO at @GoIvanti for a live webinar tomorrow February 24. We’ll cover: ✅ Real-world AI-driven attack patterns ✅ Why kernel-level security matters more than ever ✅ Practical steps to...
FT Blamed AI; It Was User Misconfiguration Error
We want to address the inaccuracies in the Financial Times' reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims. https://t.co/0ApCIDNsJT
Binding Operational Directive 26-02 Sets Deadlines for Edge Device Replacement
CISA’s Binding Operational Directive 26‑02 obliges all federal agencies to inventory, report, decommission, and replace unsupported edge devices such as firewalls, routers, switches, load balancers, and wireless access points. Agencies have three months to identify vulnerable equipment and twelve to eighteen...
Cyber Supply Chain Security Is Essential for National Resilience
Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security. Read the full piece: The Cybersecurity Challenges of the Supply Chain by @ChuckDBrooks https://t.co/THnR3VKAJx #cybersecurity #technology #supplychain
What Is Claude Code Security? The New Anthropic AI Tool that Wiped Billions Off Cybersecurity Stocks
Anthropic unveiled Claude Code Security, an AI‑driven tool that scans codebases for vulnerabilities and proposes patches. The system leverages the Claude Opus 4.6 model to reason about data flows and business‑logic errors, reducing false positives through multi‑stage verification. Its launch triggered...