Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
How DataDome Stopped Millions of Ticket Scalping Bots Targeting a Global Sports Organization
Between Jan 8‑13 2026 a global sports organization faced a coordinated ticket‑scalping attack that generated over 16 million malicious requests from 3.9 million unique IPs. DataDome’s Galileo Threat Research team identified the threat in real time and deployed AI‑driven detection that blocked every request while keeping the checkout fully functional. The attack peaked at 133.63 requests per second and leveraged major datacenter ASNs and CAPTCHA‑solving services. As a result, no legitimate tickets were lost and fan experience remained uninterrupted.
Microsoft: January Update Shutdown Bug Affects More Windows PCs
Microsoft confirmed that a shutdown bug introduced by the January 15 cumulative update affects Windows 11 23H2 devices with System Guard Secure Launch and extends to Windows 10 22H2, Enterprise LTSC 2021 and 2019 when Virtual Secure Mode (VSM) is enabled. Emergency...
Outtake Closes $40M Series B Led by ICONIQ to Build the Unified Platform for Digital Trust in the AI Era
Outtake announced a $40 million Series B round led by ICONIQ, with participation from CRV, S32 and a slate of high‑profile tech executives. The funding will accelerate its unified digital‑trust platform that protects enterprises from AI‑driven impersonation and identity abuse. Outtake reported...
Please Don’t Feed the Scattered Lapsus ShinyHunters
The Scattered Lapsus ShinyHunters (SLSH) extortion gang blends data theft with aggressive personal harassment, including swatting, DDoS attacks, and media pressure. Operating through chaotic Telegram channels linked to The Com cyber‑crime network, they target executives via phone‑based phishing and MFA...
EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents
In this episode, Dennis Chow, Director of Detection Engineering at UKG, discusses the shift from static LLM chatbots to autonomous AI agents within a modern SOC, outlining a three‑tier model that treats agents as application‑level logic requiring robust identity, authorization,...
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
CTM360’s new report reveals a sharp global rise in fraudulent high‑yield investment programs, or HYIPs, promising unrealistic returns such as 40 % in 72 hours. Over 4,200 scam sites were cataloged in the past year, with December 2025 alone seeing 485 incidents—about 15...
Ransomware Attack Compromised 377,000 People’s Social Security and Driver’s License Numbers From Texas Gas Station and Convenience Store Chain
A ransomware group infiltrated Gulshan Management Services, the operator of about 150 Handi Plus and Handi Stop gas stations across Texas, exposing personal data of 377,082 individuals. The attackers accessed the network through a phishing email and remained undetected for several days,...
Crypto Crime Is Getting Violent: ‘Wrench Attacks’ Jumped 75% in 2026
Crypto‑related “wrench attacks” surged 75 % in 2026, reaching 72 confirmed incidents worldwide, while physical assaults tied to cryptocurrency theft rose 250 %. Europe now accounts for over 40 % of these violent crimes, with France leading at 19 reported cases—more than double...
Malwarebytes in ChatGPT Delivers AI-Powered Protection Against Scams
Malwarebytes has launched Malwarebytes in ChatGPT, embedding its threat‑intelligence engine into OpenAI’s chatbot to let users instantly assess scams, phishing links, and suspicious domains. The service draws on a continuously updated database that protects millions of devices, offering point‑by‑point analysis...
Panera Bread Breach Impacts 5.1 Million Accounts, Not 14 Million Customers
A recent data breach at Panera Bread compromised roughly 5.1 million unique user accounts, far fewer than the 14 million records initially reported. The breach was carried out by the ShinyHunters extortion gang, which accessed Panera's systems through a Microsoft Entra single...
Blockchain Security Firm CertiK Remains Focused on Enhancing Web3 Infrastructure
CertiK, a blockchain security leader valued at over $2 billion, is positioning itself as the trust backbone for the rapidly maturing Web3 ecosystem. Highlighted at the 2026 World Economic Forum, the firm is adopting public‑company practices to boost accountability and durability....
2025 - The Year of Quantum
Quantum computing is moving from theoretical research to commercial opportunity, with startups already delivering products in cybersecurity, networking, middleware, and sensing. Andy Leaver of Notion Capital argues that waiting for fault‑tolerant, cryptography‑breaking machines is unnecessary; viable markets exist today. He...
Commvault Pitches Geo Shield for Sovereign Data Protection
Commvault has launched Geo Shield, a sovereign‑data protection suite that lets enterprises dictate where data resides, who controls access, and who holds encryption keys. The offering spans four deployment models—from local hyperscaler SaaS to private sovereign clouds—supporting both BYOK and HYOK...
Iconics SCADA Vulnerability Can Render Systems Unbootable
A newly disclosed flaw (CVE‑2025‑0921) in Iconics Suite’s Pager Agent lets a non‑admin attacker manipulate file‑system permissions to overwrite critical Windows driver files. By redirecting log output via symbolic links, the exploit can corrupt the cng.sys driver, causing the system...
Chrome Ad Blocker Caught Hijacking Amazon Affiliate Links
A Chrome extension called Amazon Ads Blocker, marketed as an ad‑hider, was found to silently replace creator affiliate tags on Amazon product links with its own identifier (10xprofit‑20). Socket researchers discovered the extension injects the tag on page load and...
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russian‑linked group Fancy Bear leveraged the high‑severity CVE‑2026‑21509 Office flaw days after Microsoft disclosed it, targeting Ukrainian ministries and EU bodies. The malicious Word document triggered a WebDAV call that installed a DLL via COM hijacking, ultimately launching the Covenant...
Span Cyber Security Arena 2026: Only 10 Days Left to Secure Early Bird Tickets
Span Cyber Security Arena 2026 will be held May 20‑22 in Poreč, Croatia, at the five‑star Pical Resort. The event features three days of conference sessions plus two pre‑conference masterclasses on May 18‑19 for engineers, architects, and consultants. Keynote speakers include...
This Stealthy Windows RAT Holds Live Conversations with Its Operators
Point Wild researchers uncovered a new Windows campaign deploying the Pulsar RAT, a .NET‑based remote access trojan that lives entirely in memory. The infection chain starts with a per‑user Registry Run key that launches a PowerShell loader, which decodes Donut‑generated...
Shift Left Is Dead for Cloud PAM
In this episode, Cole Horsman, Field CTO at Sonrai Security, recounts his three‑year journey trying to apply shift‑left and just‑in‑time (JIT) models to cloud identity, ultimately concluding that both approaches failed because they target the wrong layer. He explains how...
Threats: Results of a Pilot Survey on Threats, and a New Category on DataBreaches.net
A pilot survey of 112 security researchers and journalists was conducted from December 20 2025 to January 18 2026 to gauge legal and criminal threats they face. The study reveals that many respondents encounter litigation warnings, criminal investigations, and intimidation from cyber‑criminals. Findings are...
Securing the Mid-Market Across the Complete Threat Lifecycle
Mid‑market firms face tight budgets and lean security teams, making traditional, siloed tools costly and inefficient. The article advocates a full‑lifecycle approach—prevention, protection, detection, and response—delivered through integrated platforms such as Bitdefender GravityZone. By unifying endpoint, cloud, identity, and network...
Microsoft Fixes Bug Causing Password Sign-In Option to Disappear
Microsoft has resolved a lock‑screen bug that hid the password sign‑in icon after Windows 11 updates released since August 2025. The issue primarily affected users with multiple authentication methods and was linked to the KB5064081 preview update and subsequent 24H2/25H2 builds. Microsoft...
Is Data Center Colocation Secure? What CIOs and CISOs Need to Know
Colocation is emerging as a pragmatic alternative to building private data centers, offering enterprises robust physical safeguards while offloading power and cooling overhead. Providers secure the facility with layered access controls, surveillance, and environmental protections, but customers retain responsibility for...
Britain and Japan Join Forces on Cybersecurity and Strategic Minerals
Britain and Japan announced a new cyber strategic partnership during Prime Minister Keir Starmer's Tokyo visit, following his stop in Beijing. The agreement pairs cybersecurity cooperation with joint efforts to secure critical mineral supply chains essential for advanced manufacturing and...
NationStates Confirms Data Breach, Shuts Down Game Site
NationStates, a browser‑based government simulation game, confirmed a data breach after a player exploited a critical Remote Code Execution flaw in its new Dispatch Search feature. The attacker accessed production servers, copying email addresses, MD5‑hashed passwords, IP logs, and possibly...
A Slippery Slope: Beware of Winter Olympics Scams and Other Cyberthreats
Cybercriminals are gearing up for the Milano‑Cortina 2026 Winter Olympics, exploiting the event’s global visibility with a surge of phishing, fake ticket sites, malicious streaming platforms, and counterfeit apps. Past Games have seen state‑aligned actors deploy wiper malware and hacktivists...
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
The episode examines the recent breach of the BreachForums marketplace, which exposed the real identities, emails, IPs, and registration data of roughly 324,000 cyber‑criminals. Experts from Keeper Security, ColorTokens, and Fenix24 explain how the leak provides a rare intelligence goldmine,...
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
The episode examines a critical vulnerability in Broadcom Wi‑Fi chipsets that lets an attacker disrupt 5 GHz networks with a single unauthenticated frame, forcing a router reboot and potentially enabling evil‑twin phishing attacks. Experts from Black Duck, BeyondTrust, Qualys, and Cequence...
ACTFORE Secures Patent for Template Identification and Matching Technology
ACTFORE announced the USPTO has granted its second patent for a Template Identification and Matching technology that fingerprints documents at the pixel level. The solution converts each page into image‑based signatures, enabling detection of structural similarities across massive, unstructured breach...
Use Dedicated Secure Devices for Source Protection
Jumping onboard the OPSEC train: Don't rely on cute tricks to stop security forces from accessing important data. Have a better system architecture that is secure against basic coercion. If you are a journalist working with someone who is committing treason,...
Chinese Actors Hijack Notepad++ Updates, Infect Select Users
Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. https://t.co/w5kp0kyy5z https://t.co/rug70afvgL
StrongestLayer: Top ‘Trusted’ Platforms Are Key Attack Surfaces
In this episode Adrian Bridgwater discusses StrongestLayer’s new threat‑intelligence report, which analyzed 2,042 advanced email attacks that slipped past Microsoft Defender E3/E5 and leading secure email gateways. The findings reveal a shift toward attackers exploiting trusted platforms such as DocuSign,...
Boosted Security with HSM and Docker on WSL
After all the hacks, I massively improved the operational and environmental security of Logan the exit liquidity lobster to include an HSM key management system and a two container docker system running on WSL https://t.co/UX8XmZJQfo https://t.co/L4icr9zsqJ
When Responsible Disclosure Becomes Unpaid Labor
Responsible disclosure is increasingly failing as organizations delay acknowledgment, dispute severity, and provide little compensation, turning ethical research into unpaid labor. The recent React2Shell (CVE-2025-55182) case shows coordinated response can work, yet exploitation still spread quickly. In contrast, unbacked open‑source...
Google’s Mandiant Deploy
Mandiant Google’s shiny hunters scattered lapsus okta internal sso phishing blog. Imagine trying to parse that sentence in twenty years ago. Mandiant’s acquisition Google used their shiny hunters to scatter the Lapsus Okta internal sso phishing blog.
Open-Source AI Pentesting Tools Are Getting Uncomfortably Good
Open‑source AI pentesting tools are reaching production‑grade performance, with BugTrace‑AI, Shannon, and the Cybersecurity AI Framework (CAI) each demonstrating distinct strengths in a lab test. BugTrace‑AI acts as a low‑noise reconnaissance assistant, flagging likely flaws without launching exploits. Shannon takes...
Where NSA Zero Trust Guidance Aligns with Enterprise Reality
The NSA released Phase One and Phase Two of its Zero Trust Implementation Guidelines, outlining 36 and 41 activities respectively to achieve 30 and 34 distinct capabilities. The guidance builds on earlier Primer and Discovery Phase documents and aligns with...
Combine Naabu and Nmap for Depth, Simplicity, Speed
Port scanners ranked after 15+ years: Nmap → depth Naabu → simplicity RustScan → speed Pro tip: naabu -nmap-cli gives you best of both 🔗 https://t.co/8qHOyCzgAg | https://t.co/LFDCFb3Rgg | https://t.co/d56KN90GG9 https://t.co/WGqy7g65sd
Pompelmi: Open-Source Secure File Upload Scanning for Node.js
Pompelmi is an open‑source toolkit that adds inline malware scanning to Node.js file‑upload handlers. It inspects files in memory, applying configurable policies on extensions, size, MIME types, and archive contents before any data reaches storage. The library offers pluggable scanning...
Crypto Stolen Hit $370M in January, Quadrupling Year on Year: CertiK
Crypto theft surged to $370.3 million in January 2026, a near‑four‑fold rise from a year earlier, according to security firm CertiK. A single phishing scam accounted for $284 million of the loss, while phishing overall stole $311.3 million. The month’s biggest individual hacks...
What Boards Need to Hear About Cyber Risk, and What They Don’t
Entrust CIO Rishi Kaushal explains how security leaders should brief corporate boards on cyber risk, linking cryptography, certificates, and authentication to tangible business outcomes such as revenue loss, outages, fraud, and regulatory exposure. He demystifies the digital‑trust layer, arguing that...
Online Safety and Fraud Prevention: Protecting Yourself in the Digital Finance Era
Digital finance’s rapid expansion has amplified convenience while exposing users to sophisticated online scams. Fraudsters now deploy phishing, fake investment sites, and cloned e‑commerce stores that closely resemble legitimate brands. Verifying a website before any financial transaction—checking domain age, security...
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Researchers uncovered a supply‑chain breach of the Open VSX Registry where a legitimate developer’s credentials were hijacked to publish malicious updates of four popular extensions. The poisoned versions, released on Jan 30 2026, embedded the GlassWorm loader and were downloaded over 22,000...
AI Is Flooding IAM Systems with New Identities
The Cloud Security Alliance reports that AI‑generated identities are being treated like traditional non‑human accounts, exposing them to the same IAM weaknesses such as credential sprawl and unclear ownership. AI systems create and retire identities at unprecedented speed, overwhelming legacy...
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
In this episode, Alex Gaynor and Paul Kehrer discuss the Python cryptography library’s decision to move away from OpenSSL as its primary backend, citing long‑standing maintenance headaches and architectural constraints. They explain the technical challenges they faced with OpenSSL’s API...
Tech Dependencies Undermine UK National Security
The UK’s push to curb illegal deep‑fake content on X exposed a broader vulnerability: dependence on US‑based platforms for national‑security enforcement. Recent clashes with Elon Musk and a fine against Cloudflare illustrate how American firms can resist or complicate European...
Crypto Protocol CrossCurve Under Attack, $3M Reportedly Exploited
CrossCurve, a cross‑chain bridge protocol, confirmed a security breach that resulted in roughly $3 million being stolen across several blockchain networks. The exploit targeted a smart‑contract vulnerability that allowed attackers to spoof cross‑chain messages and unlock tokens without proper validation. CrossCurve...
Are Cloud Secrets Safe with Automatic Rotation Systems
Enterprises are increasingly relying on automated rotation systems to protect cloud secrets tied to Non‑Human Identities (NHIs). By continuously updating credentials, these solutions shrink the window of exposure for machine‑identity attacks, a threat that 68% of organizations have already faced....
What New Technologies Are Boosting Agentic AI Capabilities
Non‑Human Identities (NHIs), also called machine identities, are becoming essential for securing cloud‑based environments as organizations scale. Effective NHI management couples encrypted secrets with granular permissions, providing a passport‑visa model for automated services. Integrating Agentic AI enables autonomous secret rotation,...
Can Agentic AI Handle Complex Cloud-Native Security Tasks
The article explains that non‑human identities (NHIs)—machine credentials such as passwords, tokens and keys—are critical for securing cloud‑native environments. It argues that comprehensive NHI management platforms provide visibility, automated secret rotation, and threat detection across the identity lifecycle, delivering cost...