Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Are Cloud Secrets Safe with Automatic Rotation Systems
Enterprises are increasingly relying on automated rotation systems to protect cloud secrets tied to Non‑Human Identities (NHIs). By continuously updating credentials, these solutions shrink the window of exposure for machine‑identity attacks, a threat that 68% of organizations have already faced. Comprehensive NHI management adds visibility, compliance enforcement, and cost efficiencies beyond simple secret scanners. The article argues that integrating automation with cross‑team collaboration and robust policies is essential for a resilient cloud security posture.
How Powerful Is AI in Managing Non-Human Identities
Non‑human identities (machine identities) now account for roughly 68% of IT security incidents, making their management a top priority for organizations undergoing digital transformation. A lifecycle‑focused NHI management platform offers discovery, classification, monitoring, and remediation, surpassing point solutions like secret...
Can Agentic AI Handle Complex Cloud-Native Security Tasks
The article explains that non‑human identities (NHIs)—machine credentials such as passwords, tokens and keys—are critical for securing cloud‑native environments. It argues that comprehensive NHI management platforms provide visibility, automated secret rotation, and threat detection across the identity lifecycle, delivering cost...
Shock Report Claims Android Apps Have Leaked over 730TB of User Data and Google Secrets - Here Are some of...
A recent security study uncovered that Android AI applications have collectively leaked nearly 730 terabytes of user data, alongside hard‑coded secrets that expose cloud infrastructure and payment systems. The research examined dozens of popular AI‑driven apps on Google Play, finding API...
GPT-4’s Function Calling Sparked VM Escape, Enabling Clawdbot
given that gpt-4 (June 2023) had function calling and tried to escape its own VM by hacking it i'd guess that's when something like clawdbot would've been possible to release by the labs
NDSS 2025 – Alba: The Dawn Of Scalable Bridges For Blockchains
Researchers at TU Wien and Princeton introduced Alba, a Pay2Chain bridge that leverages off‑chain payment channels to trigger conditional payments on target blockchains. Unlike traditional light‑client or zk‑based bridges, Alba avoids costly on‑chain inclusion proofs, cutting communication overhead and on‑chain...
Overview of Content Published in January
Didier Stevens published a concise January roundup highlighting two Python tool updates—zipdump.py 0.0.33 and hash.py 0.0.14—and three SANS Internet Storm Center diary entries covering a basic geography quiz, the release of Wireshark 4.6.3, and YARA‑X 1.11.0’s new hash function warnings....
Netbird a German Tailscale Alternative (P2P WireGuard-Based Overlay Network)
NetBird is a German open‑source zero‑trust networking platform that uses WireGuard to create a peer‑to‑peer overlay, positioning itself as a Tailscale‑style alternative to legacy VPNs. It delivers instant deployment, SSO/MFA integration, dynamic posture checks, and centralized policy management across Linux,...
Global Trustnet Strengthens Client Intake and Review Framework to Support Secure Platform Operations
Global Trustnet announced enhancements to its client intake and internal case review frameworks, emphasizing security, verification discipline, and structured governance. The new standardized onboarding workflow aims to improve data accuracy, traceability, and consistency as digital‑asset trading volumes rise. Parallel upgrades...
Ondas’ American Robotics Optimus Drone Approved for Rapid Federal Procurement via DCMA Blue UAS Cleared List
Ondas Inc.’s Optimus drone, built by American Robotics, has earned Blue List status from the Defense Contract Management Agency, placing it on the Department of War’s approved UAS directory. The designation confirms compliance with stringent cybersecurity, supply‑chain and operational standards,...
Beware: Malicious External Contract Interaction Echo
Yes, this is giving "interaction with [malicious] external smart contract" vibes a la The DAO 😬
Blockchain Penetration Testing: Definition, Process, and Tools
Blockchain penetration testing simulates real‑world attacks on decentralized ledgers to expose flaws in smart contracts, consensus mechanisms, nodes, and wallets before they can be exploited. Recent incidents such as the $2.17 billion crypto thefts in 2025 and the 17‑hour Solana outage...
AI-Powered Penetration Testing: Definition, Tools and Process
AI‑powered penetration testing combines machine‑learning models, autonomous agents, and traditional security tools to simulate real‑world attacks faster and more comprehensively than manual testing. Recent research shows AI agents achieved 82 % precision and outperformed nine out of ten human testers in...
IoT Penetration Testing: Definition, Process, Tools, and Benefits
IoT penetration testing evaluates the entire IoT ecosystem—from hardware and firmware to cloud services—by simulating multi‑stage attacks. The practice uncovered critical flaws in high‑profile incidents, such as Southern Water’s water‑monitoring hack and an NHS Trust breach, both caused by outdated...
Access Controls Matter More Than Tools in Secure Tip Lines
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. https://t.co/bXZ9qmWkqy
RINA Accountants & Advisors Is Creating $400K Settlement Fund to Settle Lawsuit over 2022 Data Breach
RINA Accountants & Advisors, a U.S. accounting firm, has agreed to establish a $400,000 settlement fund to resolve a class‑action lawsuit stemming from a 2022 data breach. The breach exposed client‑sensitive information, prompting legal action from affected parties. The settlement...
Show HN: Minimal – Open-Source Community Driven Hardened Container Images
The Minimal project publishes a suite of open‑source, production‑ready container images built daily with Chainguard’s apko and Wolfi packages. By including only essential components, the images achieve near‑zero CVEs and are typically patched within 24‑48 hours of disclosure. Each image is...
Comcast Agrees to $117.5 Million Settlement to Resolve Lawsuits over 2023 Citrix Bleed Data Breach
Comcast has reached a $117.5 million settlement to resolve 24 class‑action lawsuits stemming from the 2023 Citrix Bleed data breach, which potentially exposed personal information of more than 30 million current and former customers. A federal judge in the Eastern District...
StopICE Hacked: Names And Locations of Over 100k Users Were Sent to the FBI, ICE and HSI
The anti‑ICE activist platform StopICE suffered a massive data breach, exposing personal details of over 100,000 registered users. Hackers accessed names, login credentials, phone numbers and precise GPS locations, then transmitted the information to the FBI, ICE and Homeland Security...
Solana DeFi Platform Step Finance Hit by $27 Million Treasury Hack as Token Price Craters
Step Finance, a Solana‑based DeFi portfolio tracker, disclosed a treasury breach that saw 261,854 SOL—about $27 million—unstaked and transferred. The hack triggered an over‑80% plunge in its governance token STEP within 24 hours. The platform has engaged cybersecurity firms but has not...
FBI Record Shows Reporter’s Devices Secured, Signals Disappearing
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages....
Crypto Hardware Wallet Maker Ledger Strengthens Wallet Security with New BIP32 Derivation Rules
Ledger announced new BIP32 derivation rules that require hardened prefixes for its Bitcoin, Dogecoin and Bitcoin Cash applications. The change isolates each app’s key subtree, preventing cross‑application key exposure even if a single app is compromised. Enforcement begins on February 26...
When the GDPR Is Weaponized to Shut Journalists up, Don’t Go Silently Into that Dark Night
Journalists across the US and Europe face escalating legal attacks, from arrests to super‑injunctions, aimed at silencing critical reporting. A new EU SLAPP report shows 167 lawsuits filed in 2024, with Italy, Germany and Serbia leading, and two‑thirds initiated by...
Crypto Heist Sparks Call for U.S. Bitcoin Reserve
Alleged crypto theft by son of government contractor raises a critical question: Is the U.S. ready for a strategic reserve? @kkirkbos says we may need a Bitcoin Fort Knox 👇 https://t.co/tti17Z1eKJ
NDSS 2025 – PropertyGPT
PropertyGPT leverages large language models to automatically generate formal verification properties for smart contracts, using a retrieval‑augmented pipeline that pulls similar human‑written properties from a vector database. The system iteratively refines generated properties with compilation and static‑analysis feedback to ensure...
BD: 14,000 Journos’ Personal Data Leaked Online
Bangladesh Election Commission’s online accreditation portal inadvertently displayed the personal data of roughly 14,000 journalists. The leak included National ID numbers, mobile numbers, and full application documents submitted for election accreditation and vehicle stickers. The flaw surfaced on Saturday afternoon...
Researcher Reveals Evidence of Private Instagram Profiles Leaking Photos
Security researcher Jatin Banga uncovered that Instagram’s private‑profile pages sometimes embed direct CDN links to private photos in the HTML response, exposing them to unauthenticated visitors. His testing showed about 28% of the private accounts he examined leaked such links....
When Agentic AI Systems Fall Into the Wrong Hands
Agentic AI systems—software that can make decisions and act independently—are increasingly embedded in consumer devices, enterprise tools, and critical infrastructure. Their growing autonomy promises efficiency gains but also introduces privacy breaches, security vulnerabilities, and ethical dilemmas when actions exceed human...
Advances Quantum-Memory-Free QSDC with Privacy Amplification of Coded Sequences
Researchers from Georgia Tech and collaborators introduced a quantum‑memory‑free Quantum Secure Direct Communication (QSDC) protocol that relies on universal hashing and privacy amplification of coded sequences. The information‑theoretic analysis proves security against collective attacks without requiring quantum storage or complex...
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Mandiant reports a surge in ShinyHunters‑style vishing campaigns that harvest SSO credentials and MFA codes to infiltrate SaaS environments. The attacks, attributed to UNC6661, UNC6671, and UNC6240, impersonate IT staff and use fake credential‑harvesting sites to enroll attackers’ devices for...
Informant Told FBI that Jeffrey Epstein Had a ‘Personal Hacker’
A confidential informant told the FBI in 2017 that Jeffrey Epstein hired a personal hacker, described as an Italian from Calabria with expertise in iOS, BlackBerry and Firefox vulnerabilities. The informant claimed the hacker created zero‑day exploits and sold them...
CLI‑enabled Agents Risk Identity‑changing Prompt Injections
With autonomous agents who have access to the command line, like Claude code and Open Claw, you don't only have to worry about prompt injection that executes commands and operations, but you also have to worry about prompt injection that...
Moltbook Is a Human-Free Reddit Clone Where AI Agents Discuss Cybersecurity and Philosophy
Moltbook is a Reddit‑style forum populated entirely by AI agents, with over 35,000 bots generating content without human input. The platform runs on OpenClaw, an open‑source harness that lets these models control a host computer’s messengers, email, and web browsers....
Startup Amutable Plotting Linux Security Overhaul to Counter Hacking Threats
Berlin‑based startup Amutable, founded by former Red Hat and Microsoft engineers including systemd creator Lennart Poettering, announced a mission to bring determinism and verifiable integrity to Linux systems. The company plans to replace heuristic security with cryptographic verification of boot processes and...
NDSS 2025 – Silence False Alarms
Researchers at NDSS 2025 introduced AutoAR, a system that automatically recognizes anti‑reentrancy patterns in Ethereum smart contracts. By leveraging a novel RentPDG graph representation and a graph auto‑encoder with clustering, AutoAR can detect twelve common protective patterns with 89% accuracy....
Regtech Prove Shares Insights on Combatting Fraudulent Activities on Gaming Platforms During Super Bowl
Regtech firm Prove warns that the Super Bowl’s evolution into a months‑long betting marathon is amplifying fraud risks for gaming platforms. The surge in sign‑ups, logins and transactions on game day attracts credential‑theft attacks, with multi‑factor authentication being evaded in...
AI Proliferation Shallowens Bugs, Boosts Top‑tier Fixes
Have we reached the stage of “many AIs make all bugs shallow”? Great writeup on AI, open source, & bug bounties by @stanislavfort cofounder of AISLE “Mass adoption collapsed the median quality (“slop” killed bug bounty..) but.. raised the ceiling” https://t.co/iDvdiDy41J
Over 175,000 Publicly Exposed Ollama AI Servers Discovered Worldwide - so Fix Now
Security researchers uncovered roughly 175,000 Ollama AI servers worldwide that are publicly reachable because they are bound to all network interfaces instead of localhost. These misconfigured instances lack authentication, allowing attackers to perform "LLMjacking"—hijacking the models to generate spam, malware,...
Microsoft to Disable NTLM by Default in Future Windows Releases
Microsoft announced that NTLM authentication will be disabled by default in future Windows Server and client releases. The change follows a three‑phase transition—auditing tools in Windows 11 24H2 and Server 2025, introduction of IAKerb and a Local KDC in late 2026, and final...
AI Agents Favor Bitcoin for Open‑source Bug Bounty Payments
This is mind blowing. 🤯 Ai agents discussing the best form of payment for finding security holes in open source "skill" repos. Bitcoin at the top of the list.... Turns out humans don't need to convince grandma to use/hold Bitcoin, the...
Russian Hackers Breached Polish Power Grid Thanks to Bad Security, Report Says
Poland’s Computer Emergency Response Team confirmed that Russian state‑linked hackers infiltrated wind, solar and a heat‑and‑power plant by exploiting default passwords and the absence of multi‑factor authentication. The attackers deployed wiper malware that disabled monitoring systems at renewable sites, though...
Operation Switch Off Dismantles Major Pirate TV Streaming Services
Operation Switch Off, a joint effort by Europol, Eurojust and Interpol led by Italy’s Catania prosecutor and State Police, seized three industrial‑scale illegal IPTV services—IPTVItalia, migliorIPTV and DarkTV—across 14 countries. The crackdown dismantled servers in Romania and Africa, identified 31...
WISeKey Advances Post-Quantum Space Security with 2026 Satellite PoCs
WISeKey International announced proof‑of‑concept testing of post‑quantum cryptography on satellites in late 2025, with a fully operational quantum‑resistant satellite slated for launch in the second quarter of 2026. The initiative combines hybrid Triple Key Encapsulation Mechanisms that blend PQC algorithms with...
NDSS 2025 – Provably Unlearnable Data Examples
The NDSS 2025 paper tackles the lack of provable guarantees in machine‑unlearning by introducing a certification framework for (q, η)-learnability. It proposes Provably Unlearnable Examples (PUEs) that tighten certification bounds and resist simple weight‑recovery attacks. Experiments show PUEs cut certified learnability...
Labyrinth Chollima Evolves Into Three North Korean Hacking Groups
Labyrinth Chollima has split into three distinct North Korean hacking groups—Labyrinth Chollima, Golden Chollima, and Pressure Chollima—according to CrowdStrike. While Labyrinth Chollima continues espionage against defense, manufacturing and critical‑infrastructure firms, the new Golden and Pressure factions focus on cryptocurrency theft. Each group employs a unique...
Investigation Into Data Breach Involving Blue Cross Blue Shield Members Could Head to Court
Blue Cross Blue Shield of Montana disclosed a cyber incident that may have exposed the protected health information of up to 462,000 members through its third‑party vendor Conduent. The breach was discovered on July 1, 2025, investigated internally, and reported to the...
Norwegian Police Probe Italian Firm over FLIR Camera Installation
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. https://t.co/6wbZBfOLzj
Is Renewing CISA Enough to Restore Confidence for Cyber Threat Reporters?
Lawmakers introduced a minibus package that adds $20 million to expand the Cybersecurity and Infrastructure Security Agency (CISA) and extends the Cybersecurity Information Sharing Act through September 30. Experts warn that the stop‑and‑go extensions erode confidence in real‑time threat reporting, creating...
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Researchers at Zimperium’s zLabs have uncovered Arsink, an Android remote‑access trojan that masquerades as over 50 popular apps, including WhatsApp and TikTok. The campaign has infected roughly 45,000 devices in 143 countries, using Telegram, Discord and MediaFire links to distribute...
Nvidia GPU Driver Flaws Enable Privilege Escalation Across Platforms
Nvidia has released a security update addressing four high‑severity GPU driver vulnerabilities that affect Windows, Linux, virtual GPU, and cloud‑gaming platforms. The flaws—CVE‑2025‑33217 through CVE‑2025‑33220—are use‑after‑free and integer‑overflow bugs with a CVSS rating of 7.8, enabling arbitrary code execution and...