Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape
This week’s cybersecurity briefing spotlights a Dell RecoverPoint zero‑day that’s actively delivering web shells in VMware environments, alongside critical Ivanti EPMM remote‑code‑execution flaws and an Apache NiFi RBAC bypass. Over 40% of OpenClaw AI skills were found vulnerable, highlighting supply‑chain exposure, while major data breaches at Substack (≈700,000 records) and Figure (≈967,000 records) underscore the persistent threat of mass data loss. Texas also sued TP‑Link over alleged security and supply‑chain deceptions, adding regulatory pressure to the landscape.
2026 Identity Fraud Targets Precise, Not Broad Attacks
This Week in Fraud (2/17) https://t.co/DeKt9G8P3d "2026 identity fraud is more sniper than shotgun" Great stuff from Nick. https://t.co/eNakT4O4Fd
Clark: Managing Third- and Fourth-Party Cyber Risk in Trucking Operations
Third‑party vendors are now a primary attack vector for trucking firms, with 35.5% of all data breaches in 2024 traced to external partners—a 6.5% rise year‑over‑year. The report also notes that 4.5% of breaches originated from fourth‑party suppliers, highlighting deep...
It Can Be Easier to Fall Victim to Fraud on Mobile than Desktop
Phishing emails that look authentic on a desktop become far harder to spot on mobile devices, increasing the chance of credential theft. The author received a Vanguard‑style phishing message where the sender’s email address was hidden and the link text...
Micrologic Partners with Cohesity to Become the Leading Sovereign Cloud Data Protection Solution in Canada
Micrologic, a Canadian sovereign‑cloud provider, has teamed with AI‑driven data‑security firm Cohesity to launch a fully Canadian‑jurisdictional data‑protection platform. The joint solution combines Micrologic’s Canada‑only cloud infrastructure with Cohesity’s backup, disaster‑recovery and isolated recovery environment technology. It promises recovery speeds...
Internet, Reinvented : Reticulum Networking Bridges Radios, Wi-Fi & Ethernet
Reticulum is an open‑source, decentralized networking protocol that operates without traditional internet infrastructure. It uses cryptographic identity‑based addressing and built‑in encryption to secure traffic across any medium, from LoRa radios to Wi‑Fi and Ethernet. Its hardware‑agnostic design lets users build...
DOJ Increasingly Wielding False Claims Act to Target Cybersecurity Misrepresentations | Law.com
The U.S. Department of Justice is intensifying its use of the False Claims Act to pursue cybersecurity misrepresentations, noting a “significant upward trajectory” in such cases. In the past year, the DOJ secured $52 million through nine FCA settlements involving cyber‑related...
How Exposed Endpoints Increase Risk Across LLM Infrastructure
Enterprises deploying private Large Language Models are rapidly adding inference APIs, model‑management dashboards, and tool‑calling endpoints. Each new endpoint widens the attack surface, especially when permissions are excessive and credentials remain static. Exposed endpoints let attackers hijack non‑human identities, enabling...
Labour MP Warns UK Exposed to Subsea Cable Threat
Labour MP Graeme Downie warned that the UK is dangerously exposed to disruption of its undersea cable network. He cited the Joint Committee on the National Security Strategy, noting that about 98% of internet traffic travels through these cables, making...
Ukraine Says Cyberattacks on Energy Grid Now Used to Guide Missile Strikes
Russian cyber actors targeting Ukraine’s energy grid have shifted from causing immediate outages to gathering intelligence that guides missile strikes. By mapping facilities, tracking repair crews, and monitoring recovery rates, they provide real‑time data that improves strike accuracy. The number...
Cybersecurity Is the New Food Safety: How Restaurants Can Protect Their Digital Kitchens
Restaurants are evolving into digital ecosystems, relying on cloud POS, loyalty apps, and third‑party delivery platforms. This shift creates a broader attack surface, making cybersecurity as vital as food safety for protecting brand trust. Leaders are adopting defense‑in‑depth strategies, unified...
Ransomware Gangs Advancing Moscow’s Geopolitical Aims, Romanian Cyber Chief Warns
Romanian officials say recent ransomware attacks on the country’s water agency, oil pipeline operator and coal‑based power producer were part of a coordinated Russian hybrid operation. Groups such as Qilin and Gentlemen, which speak Russian, claimed responsibility, linking the attacks...
UK Government-Backed Cyber Security Programme Alumni Raise £47.4m in Follow-On Investment
Innovate UK’s Cyber Security Academic Startup Accelerator (CyberASAP) alumni have attracted £47.4 million in post‑programme funding over the past nine years, with private capital accounting for 68% of that amount. The accelerator, funded by the Department for Science, Innovation and Technology,...
The EBA Publishes Follow-Up Report on ICT Risk Assessment Under the Supervisory Review and Evaluation Process
The European Banking Authority released a follow‑up to its 2022 peer‑review on ICT risk assessment under the Supervisory Review and Evaluation Process (SREP). The report finds that competent authorities have markedly strengthened ICT risk supervision, largely due to the Digital...
Attackers Exploit Ivanti EPMM Zero-Days to Seize Control of MDM Servers
Attackers are actively exploiting two critical Ivanti Endpoint Manager Mobile (EPMM) zero‑days (CVE‑2026‑1281 and CVE‑2026‑1340) that allow unauthenticated remote code execution. More than 4,400 EPMM instances are exposed on the public internet, giving threat actors full control of enterprise mobile...
EscalaX Reinforces Its Privacy & Compliance With BidSafe One
EscalaX announced a strategic partnership with privacy‑focused consultancy BidSafe One to strengthen its data‑protection and regulatory compliance posture. The collaboration will help EscalaX optimise consent management and align its operations with GDPR, CCPA/CPRA, IAB TCF and GPP standards. By integrating...
Simbian Launches Autonomous AI Pentest Agent
Simbian unveiled its AI Pentest Agent, the first autonomous penetration‑testing solution that embeds business context to prioritize real‑world risk. Developed with LRQA, the agent delivers on‑demand assessments in hours, replacing periodic manual tests and providing transparent reasoning traces. It operates...
Humanity Unveils Proof of Trust to Tackle AI Fraud
Humanity, a startup building an internet trust layer, announced a shift from its Proof of Humanity model to a broader Proof of Trust framework. The new system lets users verify attributes such as age, residency, and employment without exposing raw...
Google Bans Antigravity Users over OpenClaw Activity, Cites Surge in ‘Malicious Usage’
Google has disabled several Antigravity accounts, including paid Gemini Ultra subscribers, after detecting a sharp rise in malicious activity tied to the open‑source AI agent OpenClaw. The bans target only the Antigravity backend, leaving Gmail, Workspace and other Google services...
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Iranian APT group MuddyWater has launched Operation Olalampo, targeting organizations across the Middle East and North Africa. The campaign, first seen on Jan 26, 2026, deploys new malware families—GhostFetch, HTTP_VIP, the Rust backdoor CHAR, and the GhostBackDoor implant—delivered via macro‑laden Office...
Noted North Carolina Private Radiology Practice Experiences Data Breach
Triad Radiology Associates, a 50‑year‑old North Carolina imaging practice, disclosed a data breach affecting roughly 11,000 patients. The intrusion, detected in February, likely occurred between late July and September and exposed names, addresses, Social Security numbers and bank account details....
The Hidden Security Cost of Treating Labs Like Data Centers
In a Help Net Security interview, Rich Kellen, VP‑CISO of IFF, warns that treating operational technology (OT) labs like conventional IT data centers creates hidden security risks that can corrupt scientific results and endanger safety. He explains that OT environments...
Don’t Overlook Low-Tech Crime in Healthcare
Healthcare organizations focus on high‑tech defenses, yet physical and procedural gaps remain a major source of breaches. Low‑tech incidents such as tailgating, unattended devices, and badge sharing contributed to over 51 million compromised records in 2022. The article outlines practical controls—including...
WARNING: Manual ID Checks Leave Agents ‘Vulnerable to Scams’
Property agents are being warned that manual identity checks expose them to sophisticated scams. SmartSearch reports that 54% of verification checks remain manual, leaving gaps for AI‑generated IDs and deepfake documents. A recent survey of 1,000 decision‑makers shows fraud incidents...
Human-Related Security Risks Rose 90% in 2025
A KnowBe4 report reveals human‑related security incidents surged 90% in 2025, driven largely by social‑engineering attacks and employee error. Email‑based threats grew 57%, with 64% of organizations hit by external attacks exploiting staff inboxes. Human mistakes affected 90% of firms,...
41% of Organizations Have Hired a Fake Candidate
A GetReal Security survey reveals that 41 % of IT, cybersecurity, risk and fraud leaders admit their firms have hired and onboarded a fraudulent candidate, underscoring AI‑driven identity attacks’ real‑world impact. The same study shows 88 % of organizations encounter deep‑fake or...
SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing
In this episode, Johannes Ulrich highlights three emerging threats: Japanese-language phishing campaigns that bypass English‑centric defenses, AI agents that ignore security guardrails and inadvertently expose data or make unauthorized changes, and the Starkiller phishing framework which proxies real login pages...
Vitalik Buterin Floats Simulated Transactions to Enhance Crypto Security
Ethereum co‑founder Vitalik Buterin proposed using transaction simulations to boost wallet and smart‑contract security. He argues that showing users a preview of on‑chain consequences lets them confirm intent before execution. The approach pairs simulations with spending limits and multisig approvals...
Regtech HYPR Introduces Context-Based Attestation, Enhancing Identity Verification Beyond Traditional Checks
HYPR has launched a context‑based attestation framework to strengthen identity verification across hiring, onboarding, and account recovery. The method layers traditional document, location, and biometric checks with internal role data, workflow cues, calendar events, and peer validations. By continuously cross‑referencing...
Check Domain Creation Dates to Spot Emerging Fraud
This is an emerging fraud. Everything looks legit, until you realize that it isn’t. @garrett_makes you should add a domain creation born on date search to do domain verification.
AI & Data Security: Insights From IBM’s Chief Architect
IBM’s Chief Architect Devan Shah outlines how the company’s OnePipeline platform now supports over 450 developers by shifting from Travis CI to Tekton and Argo CD, trading longer build times for automated security scans. He details the internal AI coding assistant...
North Korea’s Crypto Theft Machine Shows No Signs of Slowing After ByBit Hack : Analysis
Elliptic reports North Korea stole a record $2 billion in cryptocurrency in 2025, pushing its total illicit haul past $6 billion and financing the regime’s weapons programs. The ByBit breach, which yielded $1.46 billion, saw more than $1 billion laundered within six months via...
What Can’t You Say on TikTok?
In this episode, host David Ruiz talks with Malwarebytes senior social media manager Zach Hinkle and content creator MinJi Pae about the sudden technical glitches on TikTok after its ownership transferred to American stewards, which many users interpreted as censorship of...
AI Can't Replace Enterprise-Scale Security Platforms Like CrowdStrike
Can AI replace security platforms? I asked Claude to build a CrowdStrike replacement. Claude: "I have to be straightforward: building a replacement for CrowdStrike isn't something I can do here. CrowdStrike is a massive platform built by thousands of engineers over...
Mississippi Healthcare System Shuts Down Clinics After Ransomware Attack
The University of Mississippi Medical Center (UMMC) suffered a ransomware attack on February 19 that crippled its Epic EHR, IT network, and phone systems, forcing the shutdown of nearly 30 clinics and a shift to paper‑based documentation. Vice Chancellor LouAnn...
AI Audits Could Accidentally Hack DeFi Platforms
Imagine waking up to find your AI agent has hacked Uniswap v3. 🤣 Kain explores potential mishaps that could arise from AI-driven crypto audits 👇 #artificialintelligence #crypto #openclaw
AI Security Tool Triggers Sharp Drop in US Cyber Stocks
‼️US Cybersecurity stocks are getting CRUSHED by AI fears: CrowdStrike fell -8.0% on Friday, Cloudflare -8.1%, Okta -9.2%, and SailPoint -9.4% after Anthropic unveiled a new Claude AI security tool that scans codebases for vulnerabilities and suggests patches. The Cybersecurity ETF, $BUG,...
Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data
A cache‑deception flaw was found in SvelteKit applications deployed on Vercel, where the `__pathname` query parameter can override request paths and cause private API responses to be cached as public assets. The vulnerability affects any route under `/_app/immutable/`, which Vercel...
Copilot Bypassed Labels, Accessed Confidential Emails Despite DLP
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one https://t.co/tVaHZLzT8E "For four weeks starting January 21, Microsoft's Copilot read and summarized confidential emails despite every sensitivity label and DLP policy telling it not...
Privacy Is a Year‑round Leadership Responsibility, Not a Weekly Event
RT Data Privacy Week is over. Lawsuits, breaches, and AI experiments don't pause the other 51 weeks of the year. Privacy is now a leadership accountability issue, not a back office task. #CIO #CMO #CISO #DataPrivacy @Star_CIO https://t.co/Naq82FuMWZ
NDSS 2025 – The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
The episode presents ChatDetector, a novel LLM‑empowered system for detecting misuse of resource‑management APIs (RM‑APIs) in open‑source software. By leveraging a ReAct‑inspired chain‑of‑thought prompting framework and cross‑validation techniques, ChatDetector overcomes LLM hallucinations to accurately extract allocation/release API pairs and constraints,...
AI Chatbots Spot Security Bugs, Not Write Safe Code
Finding Security Bugs in Code With AI Chatbots and Agents 🤖🦊 Although you can't trust code written by an AI chatbot or model you can use one to help you better secure your code https://t.co/mhQJgBlHPe https://t.co/VO48Wro7LJ
Top NATO Allies Believe Cyberattacks on Hospitals Are an Act of War. They’re Still Struggling to Fight Back.
A new POLITICO poll reveals that citizens in the United States, Canada and other key NATO allies overwhelmingly consider cyberattacks on hospitals to be acts of war. Despite this public sentiment, NATO’s official response remains measured, emphasizing diplomatic channels and...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
The Security Affairs Malware Newsletter Round 85 aggregates the latest research and incident reports on global malware threats. Highlights include new Android threats like Ninja Browser, Lumma Infostealer, PromptSpy and Phantom Trojans, a surge in ATM jackpotting across the U.S., and...
The Hospitality Sector Continues to Be Lucrative Targets
The hospitality sector faced three data breaches this week. Choice Hotels International disclosed a social‑engineering attack that accessed franchisee and applicant records, including names and Social Security numbers, despite multi‑factor authentication. Wynn Resorts is alleged to have had 800,000 employee...
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Security researchers at Veracode uncovered a malicious NPM package named buildrunner-dev that exploits a typosquatting trick to mimic the legitimate buildrunner tool. The package drops a massive batch script that conceals its true commands among random text and then downloads...
Is Your Travel Data Safe with Agentic AI
Agentic AI is rapidly entering the travel sector, automating itinerary management and personalizing experiences. However, its ability to process massive volumes of sensitive travel data introduces new security vulnerabilities. Experts stress encryption, strict access controls, continuous behavior monitoring, and compliance...
Secure AI: Blend Deterministic Controls with Trustworthy Insights
How can a company like @TIBCO win in the age of AI? Was just reading about their current market strategy and risk. I was involved with a TIBCO project while implementing a tax solution at a Fortune 1000 company. Focus...
Figure Technology Faces Major Data Breach Impacting Nearly One Million Customers
Figure Technology Solutions, the largest non‑bank home‑equity lender, disclosed a data breach affecting roughly 967,000 customer accounts. The breach resulted from a social‑engineering (vishing) attack on a single employee, allowing the ShinyHunters group to exfiltrate personal identifiers such as names,...
AI Polymorphic Threats Prompt Rethink of Cybersecurity
AI Polymorphic Threats Are Forcing A Rethink Of Cybersecurity by @ChuckDBrooks https://t.co/bLFH7errME #cybersecurity #ai #tech @Forbes