Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
WSO2 Joins MOSIP and IIIT-Bangalore to Refresh eSignet Authentication for National IDs
WSO2 has partnered with IIIT‑Bangalore and the MOSIP project to overhaul eSignet, the open‑source authentication layer used in national digital ID systems. The effort focuses on boosting scalability, OpenID Connect‑style flows, and offline QR support for low‑connectivity environments. By integrating WSO2’s middleware and API‑management expertise, the modernized eSignet will enable consent‑driven data sharing and single sign‑on across government services. The collaboration aligns with MOSIP’s broader push for modular, interoperable identity infrastructure in emerging markets such as Zambia.
Energy Department ‘Center of Excellence’ Delves Into OT Cybersecurity
The U.S. Department of Energy has established a Center of Excellence to tackle operational technology (OT) cybersecurity across its labs and agencies. Sponsored by the Office of Science and the National Nuclear Security Administration, the effort unites cyber experts to...
Bluefin and Basis Theory Offer Unified Token Strategy Across Digital and In-Person Payments
Bluefin and Basis Theory have formed a strategic partnership to deliver a unified token strategy that bridges digital and in‑person payment channels. By integrating Bluefin’s PointConex platform with Basis Theory’s API‑driven tokenization and vaulting, merchants can capture, tokenize, and reuse...
CAN Networks Can Meet EU CRA Requirements, but Security Levels Matter
The CAN in Automation (CiA) group warns that all CAN‑based products sold in the EU now fall under the European Union Cyber Resilience Act (EU CRA) unless covered by sector‑specific rules. Compliance hinges on achieving the appropriate IEC 62443 security level (SL),...
Deep Dive Into Weaponized Malicious SVG Files
Good read and research on malicious SVG file analysis and how it's weaponized by Adam Paulina @Binary_Defense https://t.co/65gf6f2XNn #BinaryDefense
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
In this episode, CredShields announces the release of the OWASP Smart Contract Top 10 2026, a risk prioritization framework built from a structured analysis of 2025 smart contract incidents that caused hundreds of millions in losses. The discussion highlights that governance and...
UL Solutions Develops New Certification Program for Solar Inverter Cybersecurity
UL Solutions has introduced a new certification program that establishes the first industry‑wide cybersecurity baseline for distributed energy resources (DER) and inverter‑based devices. The program follows UL 2941, a standard covering access management, cryptography, and data handling, and complements the existing...
What 5 Million Apps Revealed About Secrets in JavaScript
Intruder scanned five million JavaScript bundles and uncovered more than 42,000 exposed secrets, including active GitHub, GitLab, and SaaS API tokens. The research revealed 688 repository tokens that granted full access to private code and CI/CD pipelines. Traditional static and...
Palo Alto Networks To Acquire ‘Agentic Endpoint’ Security Startup Koi
Palo Alto Networks announced it will acquire AI‑agent security startup Koi, a move aimed at strengthening visibility and protection for AI‑driven workloads on endpoint devices. While the purchase price was not disclosed, a prior report suggested a $400 million valuation. Koi’s...
New Keenadu Backdoor Found in Android Firmware, Google Play Apps
Kaspersky has uncovered a sophisticated Android backdoor named Keenadu, embedded in firmware of multiple device brands and distributed through compromised OTA updates, system apps, and even Google Play applications. The malware can infiltrate every installed app, grant attackers unrestricted control,...
Cybersecurity Excellence Awards Reveal Nomination Shift From AI Hype to Governance Execution
Cybersecurity Insiders' 2026 Excellence Awards reveal a notable shift in vendor nominations from AI hype toward concrete governance, identity, and data security solutions. While agentic AI categories are growing rapidly, nominations now emphasize oversight mechanisms, ISO‑42001‑aligned frameworks, and human‑in‑the‑loop controls....
The Signal: The Real "Payment Meets Fraud" Journey with Brian Rust at Worldpay | Episode 467
In this episode, Brian Rust, SVP and Deputy CISO at Worldpay, explains how fraudsters now target SaaS platforms and ISVs by exploiting weak onboarding, transaction logic, and refund processes. He outlines the fraud kill‑chain—from synthetic business creation and card‑testing spikes...
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
Zero‑day Chrome Exploit, Chinese Telco Breach, AI‑crafted Malware
DHOM SitRep #002 just dropped. Chrome's first zero-day of 2026 is being exploited NOW. Chinese hackers owned ALL 4 Singapore telcos. And AI just built its first malware framework. Your weekly cybersecurity briefing — subscribe to Don't Hack On Me. https://t.co/eOI2j9M68A
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport’s 2026 State of AI in Enterprise Infrastructure Security report reveals that AI workloads with excessive access rights suffer a 4.5‑times higher incident rate than those governed by least‑privilege controls. Seventy percent of surveyed security leaders say AI systems enjoy...
Poorly Crafted Phishing Campaign Leverages Bogus Security Incident Report
A phishing campaign leveraged a fake PDF security incident report hosted on Amazon S3 to intimidate MetaMask users into enabling two‑factor authentication. The PDF, created with ReportLab, contains no malicious code but mimics an official security alert. Researchers noted the...
SMEs Must Expect Cyber Attacks, NCSC Warns
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine https://t.co/DjHx7581nV
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Researchers have uncovered a new SmartLoader campaign that distributes a trojanized Oura Health Model Context Protocol (MCP) server to install the StealC infostealer. The malicious server is hosted in fabricated GitHub repositories and submitted to the MCP Market registry, exploiting...
Side-Channel Attacks Against LLMs
Recent research uncovers multiple side‑channel attacks that exploit timing, packet‑size, and speculative decoding characteristics of large language model (LLM) services. By monitoring encrypted network traffic, attackers can infer conversation topics with over 90 % precision, fingerprint specific prompts with up to...
Checkmarx Enhances IDE-Native Agentic Application Security in Kiro
Checkmarx announced that its AI‑driven Developer Assist tool is now embedded directly within the AWS Kiro integrated development environment. The integration scans source code and dependencies in real time, surfacing security findings inside the IDE and synchronizing them with the...
Sovereignty-First ITSM: How Geopolitical Risk Is Reshaping Service Management in 2026
In 2026 enterprises are treating data location as a strategic risk rather than a compliance checkbox, prompting a shift toward sovereignty‑first IT service management (ITSM). Traditional cloud‑based ITSM platforms that store data in foreign jurisdictions expose organizations to sudden geopolitical...
Poland Arrests Suspect Linked to Phobos Ransomware Operation
Polish authorities detained a 47‑year‑old man suspected of collaborating with the Phobos ransomware group during a joint operation in the Małopolska region. The arrest, part of Europol‑coordinated Operation Aether, yielded computers and phones loaded with stolen credentials, credit‑card data, and server‑access...
How to Securely Edit and Redact Sensitive PDFs: A Cybersecurity Guide
PDFs remain the go‑to format for confidential data, yet hidden metadata, annotations, and embedded objects often leak information despite password protection. In 2023, over 400 breach incidents were traced to incomplete redactions or metadata exposure. The guide outlines a six‑step...
Encrypted RCS Messaging Support Lands in Apple’s iOS 26.4 Developer Build
Apple introduced end‑to‑end encrypted Rich Communication Services (RCS) messaging in the iOS 26.4 developer beta, extending the feature to iPadOS, macOS and watchOS in future updates. The encryption is currently limited to iPhone‑to‑iPhone conversations and depends on carrier support, with a...
Cloud On Demand & StorVault Announce Partnership to Strengthen Local Data Protection
Cloud On Demand and South African backup specialist StorVault have announced a partnership that combines scalable cloud delivery with locally‑grounded, immutable data protection. The joint offering targets ransomware, hardware failures and endpoint vulnerabilities that threaten hybrid workforces, while delivering point‑in‑time...
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
Unit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse
Unit 42’s annual incident‑response report reveals identity abuse now initiates roughly two‑thirds of network intrusions, with social engineering responsible for one‑third of the 750 incidents examined. Compromised credentials, brute‑force attacks and permissive identity policies further fuel the trend, while identity‑related...
Citizen Lab Links Cellebrite to the Hacking of a Kenyan Presidential Candidate’s Phone
Citizen Lab’s forensic analysis uncovered Cellebrite’s phone‑cracking software on Kenyan activist Boniface Mwangi’s device, indicating that state authorities used the tool after his arrest. The evidence shows the phone was unlocked without a password, exposing personal photos, messages, and his...
Magnet Virtual Summit 2026 Kicks Off February 23!
The Magnet Virtual Summit 2026 runs February 23‑26, featuring over 50 leading experts who will discuss AI, mobile forensics, cloud investigations, deepfakes, eDiscovery, and incident response. The event spotlights the new Magnet One platform, promising faster, AI‑enhanced case building, and...
The Copilot Problem: Why Internal AI Assistants Are Becoming Accidental Data Breach Engines
Internal AI copilots are being deployed across enterprises as search and decision‑aid layers, inheriting every permission granted to users. Their ability to index, retrieve, and combine data from email, file shares, and SaaS tools exposes vast amounts of previously hidden...
Harnessing AI to Secure the Future of Identity
Artificial intelligence is reshaping identity management, with machine and AI agents now surpassing human users in many environments. This surge creates a broader attack surface, as each automated identity demands governance yet often appears outside IT‑approved systems. Channel partners are...
![Security Service Edge (SSE) (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Security Service Edge (SSE) (Noun) [Word Notes]
In this brief episode, host Rick Howard defines Security Service Edge (SSE) as a cloud‑centric security architecture that blends the shared responsibility model, vendor‑provided security stacks, and direct network peering with major content providers and their fiber networks. He highlights...
India’s Cybersecurity Cost Equation
India’s enterprises are boosting cybersecurity spend as multi‑cloud, API‑led ecosystems expand, yet Security Operations Centre (SOC) capacity lags behind. The average data‑breach cost has climbed to ₹22 crore (≈US$2.6 million), highlighting the financial stakes. Tool proliferation generates more alerts, but analyst throughput...
Netrio Named to CRN’s MSP 500 List For 2026
Netrio has been named to CRN’s 2026 Managed Service Provider (MSP) 500 list in the Elite 150 category, highlighting its role as a leading AI‑driven managed IT and cybersecurity provider for mid‑market enterprises. The Elite 150 spot recognizes Netrio’s end‑to‑end...
Malicious Fork of Legitimate Triton App Discovered on GitHub, Exposing New Malware Threat
A malicious fork of the legitimate Triton macOS client was posted on GitHub, masquerading as an official release while embedding a Windows‑only malware payload. The attacker, operating under the account “JaoAureliano,” used a deceptive README and raw asset links to...
How to Choose a Password Manager for Your Business
Choosing a password manager is now a strategic security decision, not just a convenience tool. While consumer‑focused apps handle basic storage, enterprise‑grade solutions add centralized provisioning, role‑based access, and detailed audit trails. Decision‑makers must evaluate encryption models, zero‑knowledge architecture, MFA...
Resilience’s Long: 2026 Cyberthreat Landscape Poses New Challenges for Insurers
The episode examines the evolving cyber‑threat landscape of 2026 and its implications for insurance carriers, focusing on rising ransomware, supply‑chain attacks, and AI‑driven exploits. It highlights how insurers must adapt underwriting criteria, pricing models, and claims handling to address more...
DSS Files Charges Against El-Rufai Over Alleged NSA Phone Interception
The Department of State Services has filed a three‑count criminal charge against former Kaduna governor Nasir El‑Rufai for allegedly intercepting the telephone communications of National Security Adviser Nuhu Ribadu. Prosecutors say El‑Rufai admitted the illegal interception during a televised interview on 13 February 2026,...
CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
A critical remote code execution flaw, CVE‑2026‑1357, has been discovered in the WPvivid Backup & Migration WordPress plugin, affecting over 900,000 active sites. The vulnerability lets unauthenticated attackers upload and run arbitrary PHP files via the plugin’s backup‑receive endpoint, granting...
How SSO Simplifies Identity Management for Deskless and Frontline Workforces
Frontline and deskless workers comprise roughly 80% of the global labor force, yet traditional identity systems struggle with shared devices, shift changes, and high turnover. Single Sign‑On (SSO) consolidates credentials, cutting password‑reset tickets and speeding up access at shift handovers....
REMnux V8 Brings AI Integration to the Linux Malware Analysis Toolkit
REMnux released version 8, rebuilt on Ubuntu 24.04 LTS, and introduces a new Cast‑based installer that handles fresh deployments, upgrades, and container installs. The highlight is the REMnux MCP server, which implements the Model Context Protocol to connect AI agents with the...
How Red Teaming Reduces Breach Risk?
Red Teaming, also known as adversary simulation, pits authorized security experts against an organization’s defenses to expose real‑world attack gaps. By mimicking the full cyber kill chain—from OSINT‑driven reconnaissance to covert data exfiltration—teams reveal weaknesses that traditional scans miss. The...
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X‑labs uncovered a new phishing campaign that spoofs the US Social Security Administration to deliver a malicious .cmd script. The script auto‑elevates, disables Windows SmartScreen and Mark‑of‑Web, and leverages Alternate Data Streams to hide before silently installing a compromised...
Montana Hospital Restores Phones as Cyber-Related Network Disruptions Persist
Livingston HealthCare in Montana announced that its phone system has been fully restored after a recent cybersecurity incident forced the hospital to shut down communications and other network services. The disruption, first reported on Feb. 13, stemmed from a potential...
FOI Is Arming Cyberattackers – Here Is How to Fix It
Freedom of Information (FOI) requests on cybersecurity governance are exposing a stark inconsistency in public‑sector disclosures. Large NHS trusts and other big bodies tend to refuse or invoke national‑security exemptions, while smaller organisations often provide granular details. This uneven approach...
U.S. Unready for Potential GPS Attack, Warns Former NSA Chief
"America is dangerously unprepared for a GPS attack," Adm. Michael Rogers, U.S. Navy (ret.), former commander of the U.S. Cyber Command and director of the National Security Agency. https://t.co/hYWXOZoxEZ
Introducing Red Hat Build of Podman Desktop: Enterprise-Ready Local Container Development Environments
Red Hat has announced the general availability of its own build of Podman Desktop, delivering an enterprise‑grade, secure‑by‑design local container development environment. The offering bridges the long‑standing gap between developers’ laptops and hardened OpenShift clusters, leveraging the same trusted RHEL components....
Marietta Also Affected by BridgePay Ransomware Attack.
The BridgePay Network Solutions ransomware attack disrupted the City of Marietta’s online credit‑card processing, halting business‑license payments on February 6, 2026. BridgePay’s forensic review found no payment‑card data was compromised, and the ransomware group remains unidentified. The city is deploying a temporary,...
The Rise of Credential Stuffing Attacks
Credential stuffing attacks are surging as attackers exploit reused passwords harvested from past breaches. The technique is cheap, highly automated, and blends into normal traffic, making detection difficult. Small‑to‑mid‑size businesses, SaaS platforms, and customer‑facing portals are prime targets because they...
Washington Hotel in Japan Discloses Ransomware Infection Incident
Washington Hotel, a Japanese hospitality chain with 30 properties and 11,000 rooms, disclosed a ransomware breach on February 13, 2026 that compromised business data on its servers. The hotel immediately isolated the affected systems, formed an internal task force and enlisted police,...