Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Figure Technology Faces Major Data Breach Impacting Nearly One Million Customers
Figure Technology Solutions, the largest non‑bank home‑equity lender, disclosed a data breach affecting roughly 967,000 customer accounts. The breach resulted from a social‑engineering (vishing) attack on a single employee, allowing the ShinyHunters group to exfiltrate personal identifiers such as names, addresses and emails, but not financial or SSN data. Figure has engaged forensic investigators, begun notifying affected users, and is providing free credit‑monitoring services while accelerating employee security training. The incident comes as the company prepares a secondary stock offering, intensifying scrutiny of its cybersecurity posture.
Secure AI: Blend Deterministic Controls with Trustworthy Insights
How can a company like @TIBCO win in the age of AI? Was just reading about their current market strategy and risk. I was involved with a TIBCO project while implementing a tax solution at a Fortune 1000 company. Focus...
HTTPS Is Non‑optional: Encrypt Everything by Default
Most people see the 🔒 in the browser, but few think about the engineering behind it. Here’s the real difference: HTTP (Port 80) The postcard Data travels as plain text Anyone on the same network can read credentials or session tokens Okay for local testing. Dangerous in...
Predator Spyware Hooks iOS SpringBoard to Hide Mic, Camera Activity
Intellexa’s Predator spyware can silently record iPhone camera and microphone feeds by hijacking iOS 14’s SpringBoard UI layer. Using a kernel‑level hook called HiddenDot::setupHook, the malware nullifies the SBSensorActivityDataProvider, preventing the green and orange privacy dots from ever lighting up. Jamf’s...
Speed Is Defender’s Ultimate Weapon Against AI Threats
Things Are Getting Wild: Re-Tool Everything for Speed The compounding set of changes we are experiencing in cybersecurity is deeply concerning. But this is a transition point. We should be short term pessimistic about the risks we face. At the same...
Things Are Getting Wild: Re-Tool Everything for Speed
The author warns that AI is reshaping cybersecurity, creating a tidal wave of new software‑generated vulnerabilities while simultaneously giving attackers tools to industrialize exploits. Simultaneously, AI‑generated content erodes trust, making authenticity a critical challenge. Enterprises must build a robust agentic...
NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Researchers at EPFL and KIT introduced DUMPLING, a fine‑grained differential fuzzer that instruments JavaScript engines rather than the input code. By extracting detailed execution state dumps from both interpreted and JIT‑compiled paths, DUMPLING can spot subtle divergences that traditional fuzzers...
Smart Glasses: Emerging Privacy Threat?
Smart glasses and covert filming. Are they a real privacy concern? https://t.co/TehOK0XVKI via @YouTube #smartglasses #glass #AR #privacy #CyberSecurity #CyberSec @sonu_monika @enilev @Jagersbergknut @TysonLester @chidambara09 @labordeolivier @BetaMoroney @tlloydjones @Nicochan33 @jeancayeux @RLDI_Lamy @pierrepinna @pierrecappelli @pchamard @JeromeMONANGE @thierry_pires @MaiaGabunia @amalmerzouk @NewsNeus @mary_gambara @PawlowskiMario...
Oracle Hack Triggers $1M Payout; Vitalik Profits $70K
The Polymarket oracle issue highlighted by Vitalik Buterin Oracle disaster: Russia-Ukraine market bet on city control. Oracle = ISW's X account maps. Account got hacked, fake map showed Russian control of train station, triggered $1.3M in payouts at 33,000% returns. One...
Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports,...
AI Polymorphic Threats Prompt Rethink of Cybersecurity
AI Polymorphic Threats Are Forcing A Rethink Of Cybersecurity by @ChuckDBrooks https://t.co/bLFH7errME #cybersecurity #ai #tech @Forbes
This Is How You Do It: Dentist Speaks Out After Practice Hit by Cyber Attack
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
Discord’s Age Verification Data Has a Frontend Leak — Now What?
Discord’s new age‑verification system, powered by identity vendor Persona, has a critical frontend exposure. Security researchers discovered that verification components are reachable on the public web, potentially revealing users’ age‑related data. The flaw adds urgency to Discord’s 2026 compliance roadmap,...
IoTeX Confirms ‘Suspicious Activity’ Involving Token Safe, Says Losses Contained
Decentralized identity platform IoTeX confirmed a breach of one of its token safes, with on‑chain analyst Specter estimating losses around $4.3 million across USDC, USDT, IOTX and WBTC. The project’s team is working with major exchanges and security partners to trace...
Can Microsoft Teams Chat Be Monitored?
Microsoft Teams chat can be monitored using native Microsoft 365 compliance features and third‑party solutions. Monitoring requires an E5 license or an E3 plan with the E5 Compliance add‑on, after which admins enable communication‑compliance, assign roles, and create policies. Tools such...
U.S. CISA Adds RoundCube Webmail Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws—CVE-2025-49113, a deserialization bug with a 9.9 CVSS score, and CVE-2025-68461, an SVG‑based XSS issue scoring 7.2—target...
Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase
Anthropic launched Claude Code Security, an AI‑driven tool that scans entire codebases for vulnerabilities and suggests patches. Powered by Claude Opus 4.6, it uses frontier reasoning to map data flows and identify complex bugs that traditional SAST tools miss. Internal tests...
Best Cyber Security Consulting Companies
The explosion of IoT and IIoT devices—projected at 200 billion—has dramatically widened the cyber‑attack surface, prompting organizations to treat security as a core priority. A recent Gartner study shows cybersecurity now eclipses AI and cloud as the top CIO spend, fueling...
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council announced its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated $5.5 trillion global AI risk exposure and a U.S. reskilling gap of 700,000 workers. It aligns with recent...
WordPress, AI, Plugins, Future of Software Engineering
The post outlines how AI is reshaping the WordPress ecosystem, from a flood of AI‑generated plugins that introduce new security risks to the need for large‑scale audit infrastructure. It advises agencies to pivot from billable hours to outcome‑based pricing, leveraging...
Update: rtfdump.py Version 0.0.15
Didier Stevens announced on 21 February 2026 the release of rtfdump.py version 0.0.15. The update specifically fixes a bug in the –yarastrings option, restoring reliable extraction of YARA strings from RTF files. The release package is available for download and...
When the Cloud Fails: Protecting Insureds in a Third-Party Outage Crisis
The episode examines how recent large‑scale cloud outages are forcing insurers and risk managers to rethink cyber policy language around third‑party vendor failures. Experts discuss coverage gaps, underwriting hurdles, and new claims handling approaches to avoid disputes and ensure clients...
Resource: Privacy Law Directory — Codamail
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence...
The White House Scrapped SBOMs in Favor of Agency-Managed Cyber Risk. Flexibility, Meet Accountability.
The Office of Management and Budget has withdrawn the mandatory software bill of materials (SBOM) requirement, replacing it with a risk‑based menu of options for federal agencies. This shift moves compliance from a prescriptive checklist to agency‑driven risk assessment, granting...
Texas Sues Temu for Allegedly Functioning as Chinese Spyware
Texas Attorney General Ken Paxton sued Temu, alleging the discount marketplace operates as Chinese Communist spyware that harvests user data for the Chinese government. The lawsuit targets PDD Holdings, accusing it of deceptive marketing and seeking substantial civil penalties. It...
AI Apps On The Google Play Store Are Leaking Customer Data And Photos
AdGuard is offering its Family Plan as a lifetime subscription for $15.97 through February 22, covering up to nine devices. The deal bundles enterprise‑grade ad blocking, tracker suppression, malware and phishing protection, and built‑in parental controls. Users receive continuous updates without...
HID Reports Delicate Opportunity for Biometrics Adoption in Shaky Trust Environment
HID’s 2026 State of Security and Identity Report, based on a survey of over 1,500 security and IT leaders, shows digital identity management is a top priority for 73% of respondents. Three‑quarters of organizations have already deployed or are evaluating...
Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Department
A 45‑year‑old Romanian national, Catalin Dragomir, pleaded guilty to breaching Oregon’s Department of Emergency Management in June 2021 and selling the compromised access for roughly $3,000 in Bitcoin. The hacker also infiltrated ten additional U.S. companies, generating at least $250,000...
Media Authentication an Emerging Front in Battle Against Deepfakes: Microsoft Report
Microsoft released a report on media integrity and authentication (MIA), detailing techniques such as C2PA provenance, imperceptible watermarking, and soft‑hash fingerprinting to verify digital content origins. The study concludes that no single method can stop deepfakes, urging a layered approach...
5 Things To Know On Anthropic’s Claude Code Security
Anthropic announced that its Claude Code platform will now include Claude Code Security, an AI‑driven vulnerability‑scanning feature that reads and reasons about code like a human researcher. The tool, launched in a limited research preview, aims to uncover complex issues...
Apache Tomcat Vulnerability Circumvents Access Rules
Apache Tomcat’s CVE‑2026‑24733 vulnerability allows attackers to bypass security constraints that permit HEAD but deny GET requests by sending a malformed HEAD request using the obsolete HTTP/0.9 protocol. The flaw stems from Tomcat’s legacy handling of HTTP/0.9, which does not...
Des Moines ANGB to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Des Moines Air National Guard Base in Iowa as the preferred site to convert reassigned manpower into Air National Guard cyber operations. The 2025 defense budget eliminated half of the ANG Tactical...
Fort Gordon to Gain ANG Cyber Operations Squadrons
The Department of the Air Force has chosen Fort Gordon, Georgia, as the preferred site for two new Air National Guard cyber operations squadrons. The 117th Air Control Squadron will be inactivated at Hunter Army Airfield, releasing manpower that will...
Check Point Software Earns Leader & Fast Mover Position in GigaOm Radar for Cloud Network Security
Check Point Software has been named a Leader and Fast Mover in the GigaOm Radar for Cloud Network Security 2025, marking its third consecutive year at the top. GigaOm highlighted the company’s prevention‑first Infinity architecture, unified cloud security platform, and...
Fusaka Upgrade Fuels Record Address Poisoning on Ethereum
The recent Fusaka upgrade slashed Ethereum gas fees by sixfold, creating record‑low transaction costs. This price drop sparked a dramatic rise in address‑poisoning attacks, with daily dust transactions jumping from roughly 30,000 to 167,000 and peaking at 510,000. In just...
Microsoft: ‘Summarize With AI’ Buttons Used To Poison AI Recommendations via @Sejournal, @MattGSouthern
Microsoft’s Defender Security Research team unveiled a new threat called “AI Recommendation Poisoning,” where website buttons labeled “Summarize with AI” embed hidden prompt‑injection instructions. Clicking these buttons feeds AI assistants a URL‑encoded command that tells the model to remember the...
AI Empowers Cyber Criminals. Could It Also Help Schools Fight Them?
School districts are experimenting with generative and agentic AI to bolster cybersecurity, but results are mixed. While vendor‑built AI features provide more reliable insights than generic models, many districts still rely on traditional tools due to staffing and budget constraints....
One Billion Identity Records Exposed in Unsecured ID Verification Database
A cloud‑based identity verification database tied to IDMerit was found exposed without password protection or encryption, leaking roughly one billion personal records across at least 26 countries. The trove, estimated at one terabyte, contained names, dates of birth, addresses, phone...
Q&A: Organisations Are Spending Millions on Cybersecurity and Still Getting It Wrong
Organizations are pouring billions into cybersecurity yet continue to suffer breaches because they treat security as a purely technical issue. Senior cyber leader Purvi Kay argues that weak governance, poor communication, and unclear accountability are the primary failures. She emphasizes...
Your Own Voice Could Be Your Biggest Privacy Threat. How Can We Stop AI Technologies Exploiting It?
Researchers at Aalto University warn that AI-driven voice analysis can extract sensitive personal data—from political views to health conditions—simply from speech patterns. Their study, published in IEEE Proceedings, highlights risks such as price‑gouging, discriminatory profiling, and stalking if corporations or...
Microsoft: Critical Security Issue Found in Windows Notepad
Microsoft patched a high‑severity vulnerability (CVE‑2026‑20841) in the modern Windows Notepad app that adds Markdown support. The flaw allows remote code execution when a user opens a malicious .md file and clicks a crafted link. The issue affects only the...
Cynet’s MacKenzie Brown: ‘MSPs Don’t Need Drama. They Need Clarity And Process.’
Cynet has hired MacKenzie Brown as Vice President of Threat Intelligence Strategy to turn the vendor’s global telemetry into a practical, operational threat‑intelligence system for managed service providers (MSPs). Brown emphasizes moving beyond generic monthly reports toward actionable, tactical intel...
The 25 Most Vulnerable Passwords of 2026
Plasma’s 2026 study identified the 25 most vulnerable passwords based on global search volume and common‑password lists. “password” led the list with over 10 million searches, followed by “admin”, “qwerty”, and other simple sequences. The research also highlighted ten insecure password...
Collaboration & Agility Drive Cyber‑resilient Innovation Ecosystems
As the digital domain presents challenges of extraordinary scale and complexity from a constantly evolving threat landscape, it is clear that empowering cyber-resilient innovation ecosystems requires a fundamental reimagining of how we synergize across modalities. The convergence of public-private partnership...
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST announced a chip that reliably generates a single photon on demand using quantum‑dot technology. The device achieves near‑perfect efficiency and, when paired with superconducting nanowire single‑photon detectors, can transmit photons up to 600 miles. Mass‑production of the chip is...
MFA: Simple, High-Leverage Security for SMBs
Multi factor authentication is still one of the highest leverage security controls for SMBs. It is not flashy, but it closes real doors. Simple controls done consistently still win. https://buff.ly/jk1Ucgh
Bitcoin Community Condemns BIP110 Centralization Attack
Finally more public Bitcoiners are willing to speak out on #BIP110's Attack to Centralize the Network... 👏 @MartyBent , starts at 9 min for 25 min: https://t.co/abwVenvoqo
BIP-110: A Misguided Attack on Bitcoin’s Core
BIP-110 is an attack on Bitcoin. An attack run by those who espouse the same ideals as bcashers, are intellectually dishonest, and fundamentally misunderstand how Bitcoin works. Bitcoin’s most retarded enemy so far 😂
GraySwanAI Launches Real-World AI Safeguards Challenge
AI safeguards shouldn’t just sound good, they should hold up under pressure. @GraySwanAI is putting them to the test with the Safeguards Challenge: real prompts, real attacks, real failures. Think you can break them (or prove they work)? We will be playing...
Turn Cybersecurity Into Competitive Advantage with Proactive Leadership
Cybersecurity leadership today goes beyond defense. We need to turn security from a barrier into a business advantage. We do this by building teams and systems that anticipate threats before they disrupt operations.