Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Meriden, Connecticut Shuts Down City Internet After Disruption Attempt
Meriden, Connecticut, temporarily shut down its municipal internet and public Wi‑Fi after detecting an attempted cyber disruption. The city’s IT department isolated the network within minutes, limiting impact to non‑essential municipal operations while emergency services remained functional. Police have opened an investigation into the source of the attack. Officials disclosed the incident on Feb. 17, emphasizing rapid response protocols.
NSA Issues Guidelines on Zero Trust Architecture
The National Security Agency has issued a two‑phase Zero Trust Implementation Guidelines to help organizations adopt zero‑trust architecture in line with Department of Defense standards. The guidance details specific activities and requirements, acknowledging that implementation can be resource‑intensive and costly....
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
Dark Reading reported that the npm package for Cline version 2.3.0 was compromised, causing it to silently download the OpenClaw tool during an eight‑hour window. The breach stemmed from a prompt‑injection flaw that allowed an attacker to steal release tokens and...
FBI Says ATM ‘Jackpotting’ Attacks Are on the Rise, and Netting Hackers Millions in Stolen Cash
ATM jackpotting has shifted from a security demo to a lucrative crime, with hackers now pulling millions from cash dispensers. The FBI reports over 700 attacks in 2025 alone, netting at least $20 million in stolen cash. The primary tool, Ploutus...
4 Reasons Cybersecurity Stocks Are Primed for a Breakout
Cybersecurity stocks have lagged behind the broader software sector this year, with the Amplify Cybersecurity ETF down 4.8% while the S&P 500 barely rose. Jefferies analyst Joseph Gallo argues the sell‑off is overstated, pointing to rising AI‑driven threat vectors and strong...
How Mycroft Scaled to over 100 Customers without a Playbook
Mycroft, a Canadian AI‑driven cybersecurity startup, has surpassed 100 B2B customers and is approaching $2 million CAD in ARR after a $3.5 million USD seed round. Founder Mike Kim built the platform as a virtual CISO, using AI agents to automate policy...
US Dominance of Agentic AI at the Heart of New NIST Initiative
The U.S. National Institute of Standards and Technology (NIST) has launched the AI Agent Standards Initiative under the Center for AI Standards and Innovation (CAISI) to develop industry‑led standards for autonomous AI agents. The effort aims to cement U.S. leadership,...
Google’s Tensor G6 Rumored to Be Paired with New Titan M3 Security Coprocessor
Google is reportedly developing a third‑generation Titan M security coprocessor, dubbed Titan M3, for its upcoming Tensor G6 chipset, internally codenamed “Google Epic.” Leaked internal listings reference firmware named “longjing,” suggesting the chip is in early development. The move appears aimed at narrowing...
Auto Draft
Veteran CISOs are urged to abandon technical dashboards and become business risk leaders who speak the board’s language. By translating security concepts into revenue‑impact terms, aligning initiatives with corporate growth plans, and quantifying cyber risk in monetary values, they secure...
We’re Not the only Ones Saying It: Windows 11 Desperately Needs a Single Privacy Toggle
Windows 11’s privacy controls are dispersed across multiple menus, forcing users to hunt through dozens of toggles to limit data collection. The operating system still enables telemetry by default, and many settings only reduce—not eliminate—Microsoft’s tracking. Users and tech writers are...
Cyber Responses Will Be ‘Linked to Adversary Actions,’ Involve Industry: White House
The White House announced that future U.S. cyber responses will be directly linked to specific adversary actions and will involve close coordination with state and local governments as well as private‑sector operators of critical infrastructure. The approach will be codified...
HHS Burrows Into Identifying Risks to Health Sector From Third-Party Vendors
HHS is intensifying its focus on third‑party vendor security after the 2024 Change Healthcare ransomware attack, which exploited a remote‑access portal lacking multifactor authentication and exposed the data of about 190 million individuals. The breach threatened the liquidity of the entire...
ONCD Official Says Trump Administration Aims to Bolster AI Use for Defense without Increasing Risk
The Office of the National Cyber Director announced that the Trump administration will accelerate the deployment of AI-driven cyber defensive tools while safeguarding against expanded attack surfaces. Principal Deputy Assistant Cyber Director Alexandra Seymour said the effort will be coordinated...
Automating Unix Security Across Hybrid Clouds
The article introduces a “Patching as Code” framework that automates Unix security updates across hybrid‑cloud environments by containerizing the patching toolchain and driving it through a CI/CD pipeline. A CSV‑based schedule stored in Git triggers a Python controller that launches...
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
INTERPOL’s Operation Red Card 2.0, conducted from Dec 8 2025 to Jan 30 2026, resulted in 651 arrests across 16 African nations and the seizure of more than $4.3 million. The eight‑week crackdown exposed scams responsible for roughly $45 million in losses and identified 1,247 victims worldwide....
Better-Auth Flaw Allows Unauthenticated API Key Creation
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
When Air Gaps Are Not Enough—Managing File and Media Risk in Nuclear Facilities
Urenco, a global uranium enrichment firm, faced fragmented, manual controls for removable media and file transfers across its air‑gapped nuclear facilities. To achieve consistent security, it deployed OPSWAT’s MetaDefender platform, routing all devices through centralized, zero‑trust inspection checkpoints. The solution...
Flaw in Grandstream VoIP Phones Allows Stealthy Eavesdropping
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
MSP Next Dimension Consolidates Security Stack on Todyl Platform
Next Dimension has entered a strategic partnership with Todyl to migrate its managed security services onto Todyl’s cloud‑native platform, unifying SIEM, EDR and MXDR under a single console. The integration replaces fragmented toolsets with AI‑driven, contextual case management, cutting investigation...
Google Blocked over 1.75 Million Play Store App Submissions in 2025
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
Saving Banks From Technical Debt: How Atruvia Built Secure, Self-Service Infrastructure
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
Chinese Telecom Hackers Likely Holding Stolen Data ‘in Perpetuity’ for Later Attempts, FBI Official Says
The FBI disclosed that the Chinese state‑backed group Salt Typhoon infiltrated dozens of telecom operators worldwide, exfiltrating data from over a million Americans. The hackers accessed U.S. lawful‑intercept systems, targeting communications of senior officials in a campaign that began at least...
How to Create a Mobile Device Management Policy for Your Org
Mobile device management (MDM) policies are now a core governance tool for protecting data across corporate, BYOD, and hybrid workforces. The guide outlines five essential steps—defining purpose, engaging stakeholders, drafting usage rules, setting enforcement, and ongoing review—to build a robust...
CarGurus Purportedly Breached by ShinyHunters
CarGurus disclosed that approximately 1.7 million corporate files were taken by the ShinyHunters hacking group after a voice‑phishing attack compromised its single‑sign‑on credentials on Feb 13. The attackers threatened to publish the data unless negotiations were reached by Feb 20. ShinyHunters has previously...
Federal AI Series: Security Priorities
Federal agencies are rapidly integrating artificial intelligence, prompting heightened focus on securing the underlying data and systems. Zscaler’s Federal Field CTO Chad Tetreault outlined the evolving AI threat landscape, highlighting supply‑chain vulnerabilities, data‑poisoning, prompt‑injection, and emerging agentic AI risks. He...
Remcos RAT Expands Real-Time Surveillance Capabilities
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
Palo Alto Networks CEO Sees AI as Demand Driver, Not a Threat
Palo Alto Networks CEO Nikesh Arora told investors AI will drive, not diminish, cybersecurity demand. He argued AI expands attack surfaces, creating new risk categories that require robust security solutions. The company posted 15% year‑over‑year revenue growth to $2.6 billion and...
Analysis: Palo Alto Networks Vs. Everyone
Palo Alto Networks marked the two‑year anniversary of its platformization strategy, a move that initially sank its stock but has since become an industry standard. CEO Nikesh Arora highlighted a “flywheel” effect as new customers consolidate tools onto Palo Alto’s...
ICO Wins Appeal over Data Protection Obligations in Currys Cyber Attack
The UK Court of Appeal upheld the Information Commissioner’s Office decision to fine Currys Group Ltd (formerly DSG Retail) £500,000 for failing to protect personal data after a 2017‑18 cyber‑attack. The ruling confirms that organisations must safeguard all personal data,...
The New Geography of Enterprise Risk
Enterprises are seeing risk migrate from downstream system failures to upstream decision‑making as software adoption cycles shrink. Identity and access management, once a gatekeeper for core systems, now sits at the top of the IT stack, shaping workflows, roles, and...
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
University of Mississippi Medical Center Closes All Clinics in Wake of Cyberattack
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
Best Western Nordic Hit By Data Breach: Cybercriminals Targeting Guests Via WhatsApp & SMS
Best Western hotels in Sweden, Denmark and Norway suffered a data breach that exposed guest names, check‑in dates, email addresses and phone numbers. Cybercriminals are now using the stolen details to launch phishing attacks via WhatsApp and SMS, directing victims...
Connected and Compromised: When IoT Devices Turn Into Threats
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
Markel Expands Cybersecurity Support for Policyholders Through Upfort Partnership
Markel announced a partnership with cyber‑security firm Upfort to extend AI‑driven protection tools to eligible U.S. cyber‑insurance policyholders. The collaboration introduces the Upfort Shield platform and an endpoint detection and response (EDR) solution with behavioural analytics. Markel says the offering...
Adronite Secures $5M Series A to Scale AI Code Platform
Adronite announced a $5 million Series A round led by Gatemore Capital Management, appointing Gatemore’s Liad Meidar as board chair. The funding will accelerate development of its AI‑powered platform that scans entire software codebases across more than 20 languages, delivering deterministic, explainable...
Criminals Outpacing Banks as Firms Struggle with AI Defence, Report Warns
A new State of Financial Crime 2026 report from ComplyAdvantage reveals that financial institutions are falling behind AI‑enabled criminal networks. Over 600 senior compliance leaders reported 99% detection weaknesses, with only 33% employing AI for core AML functions and manual...
How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
Google's Air Gapped Cloud Gets "Public-Like" Networking
Google Cloud has unveiled a new networking layer that gives its air‑gapped, confidential computing environments public‑like connectivity. The feature leverages zero‑trust VPC Service Controls to keep workloads isolated while allowing them to communicate with external services as if they were...
Product-Market Fit: From Edtech Vitamin to $100M Painkiller
In this episode, Adam Markowitz recounts his transition from a decade‑long edtech venture to building Drata, a compliance automation platform that quickly proved its product‑market fit as a painkiller rather than a vitamin. He explains how rigorous validation—dog‑fooding the product...
Industrial Control System Vulnerabilities Hit Record Highs
Forescout’s 2026 report shows industrial control system (ICS) advisories surpassed 500 in 2025, the highest level since tracking began. The 2,155 CVEs tied to those advisories pushed average CVSS scores above 8.0, reflecting increasingly critical flaws. Manufacturing and energy assets...
Belkasoft Advances AI-Assisted DFIR With Major Update To Belkasoft X And BelkaGPT
Belkasoft released a major update to its DFIR platform Belkasoft X and the offline AI assistant BelkaGPT. The upgrade adds context‑aware conversational Q&A, expands relevance scoring to up to ten artifacts, and introduces a GPU‑enabled BelkaGPT Hub for media processing. It...
How This Cybersecurity Firm’s Graph Database Investment Is Paying Off
Darktrace, fresh from its $5.3 billion Thoma Bravo acquisition, migrated its security platform to Amazon Neptune, a managed graph database, to map threats across complex cloud environments in real time. The shift enables multi‑hop relationship queries that relational databases struggle with at...
Data Protection Failures on Moldovan Portals Leave Citizens at Risk
Moldovan job‑seeker portal cariere.gov.md exposed 7,758 applicant dossiers, including personal IDs, medical forms and criminal records, due to a lack of authentication. The data were accessible simply by altering a URL parameter, revealing nearly 19,000 JSON files. After a researcher...
How MSPs Can Ensure Regulatory Compliance and Secure Sensitive Data
Managed Service Providers (MSPs) serving healthcare, finance and legal sectors must embed regulatory expertise into every service layer to meet HIPAA, SEC, FINRA and related compliance mandates. The article outlines how MSPs can implement encryption, MFA, role‑based access, documentation and...
Fractional CISO: Full Accountability, 24/7 Availability
Fractional CISO does not mean fractional accountability. Every client I work with has my cell phone. Security incidents do not respect office hours, and advisory only works if there is shared ownership.
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new phishing kit called Starkiller has emerged on the dark web as a commercial‑grade, subscription‑based service. It proxies live login pages through attacker‑controlled infrastructure, eliminating static HTML templates and allowing real‑time credential capture. By routing authentication traffic through the...
CISA Alerts to Critical Auth Bypass CVE-2026-1670 in Honeywell CCTVs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for a critical authentication‑bypass vulnerability (CVE‑2026‑1670) in several Honeywell CCTV models, receiving a CVSS score of 9.8. The flaw lets unauthenticated attackers change the recovery email address, enabling...
Stephen Chapman Praises UK Passport System, Calls for International Standards to Support National Systems
Stephen Chapman, a veteran UK passport official, lauded the country's end‑to‑end passport issuance system for its efficiency, security, and alignment with ICAO standards. He warned that rising fraud and border‑security threats are driving the adoption of advanced features such as...
Québec Has a New Digital Sovereignty Plan. Will It Work?
Quebec announced a $1.4 billion digital sovereignty plan to shift data hosting and procurement to local providers, aiming to reduce reliance on US tech giants. The policy emphasizes sovereign cloud services, hydro‑powered data centres, and free‑software development. However, recent cost‑overrun scandals...