Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Abstract Security Partners with Netskope to Bring Real-Time Detection Into Security Data Streams
Abstract Security announced a partnership with cloud‑security leader Netskope to embed real‑time detection directly into Netskope One telemetry streams. The integration streams high‑fidelity Secure Service Edge data into Abstract’s adaptive pipeline, allowing on‑the‑fly enrichment, filtering and routing to SIEMs, data lakes or analytics platforms. By eliminating traditional log indexing delays, joint customers gain faster threat visibility, reduced false positives and lower storage costs. The deal underscores Abstract’s venture‑backed growth, highlighted by its $23.5 million funding round.
Apiiro Introduces Guardian Agent to Secure AI-Driven Software Development
Apiiro Ltd. launched Guardian Agent, an AI‑driven application security agent that prevents vulnerable and non‑compliant code generation. The solution continuously monitors software architecture, attack surface, runtime exposure, and policy compliance, rewriting prompts to secure AI coding assistants in real time....
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
Point Wild’s Lat61 Threat Intelligence team has identified the GoTo Resolve remote‑administration tool, specifically the HEURRemoteAdmin.GoToResolve.gen component, as a Potentially Unwanted Application that can install silently and maintain a hidden, persistent presence on Windows machines. The tool bundles a hidden “32000~”...
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open‑source scheduling platform, patched critical broken‑access‑control vulnerabilities that allowed attackers to hijack accounts and expose booking data. The flaws included an authentication bypass in the organization signup flow that let attackers take over any user by using an...
Hackers Hijack Exposed LLM Endpoints in Bizarre Bazaar Operation
Researchers at Pillar Security uncovered a large‑scale cyber‑crime operation dubbed “Bizarre Bazaar” that hijacks exposed LLM endpoints. Over 40 days they logged 35,000 attack sessions, showing attackers exploit misconfigured AI APIs to mine cryptocurrency, resell access, exfiltrate data, and pivot...
ESkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
Source Defense’s year‑long study of 550 e‑commerce sites shows e‑skimming remains a chronic problem, with 18 % of sites still infected after twelve months. Over half of the persistent infections (57 %) have evolved into new script variants, indicating attackers adapt once...
Slovakian Man Pleads Guilty to Operating Darknet Marketplace
A Slovakian national, Alan Bill, pleaded guilty to operating the Kingdom Market darknet platform, which sold drugs, forged IDs, stolen data and cyber‑crime tools from March 2021 to December 2023. The marketplace listed about 42,000 illicit items and processed payments in privacy‑focused cryptocurrencies....
SKADI and HelloGard Robotics Partner to Embed Autonomous Cybersecurity in Robotics
SKADI Cyber Defense and HelloGard Robotics announced a strategic partnership to embed autonomous cybersecurity directly into AI‑powered robots and connected automation systems. The collaboration will co‑develop cross‑platform security solutions for Windows, Android and Linux that protect robotic operating systems, AI...
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
IDIS Cloud Manager’s Windows viewer contains a critical flaw (CVE‑2025‑12556) that lets attackers trigger remote code execution with a single click. The vulnerability stems from CWGService.exe accepting unsanitized command‑line arguments via a local WebSocket, which are passed to the Chromium...
Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign
Researchers at Symantec and Carbon Black have uncovered a PureRAT trojan campaign that is being authored with artificial‑intelligence tools. The malware is distributed through phishing emails masquerading as job offers and contains code comments and emojis typical of AI‑generated scripts....
Rein Security Launches with a Focus on Real-Time Production Application Security
Rein Security launched a platform that delivers real‑time production visibility for applications, targeting blind spots in API, AI‑generated code, and Model Context Protocol security. The solution uses an agentless architecture to capture runtime behavior, validate vulnerabilities, and enforce protections without...
The Future of Hardware and Software Integration - Rand Hindi | ATC #596
In this episode, Stephen Sargeant interviews Rand Hindi, CEO of Zama, about the company's work on Fully Homomorphic Encryption (FHE) for Web3. They explore how FHE enables confidential transactions on public blockchains such as Ethereum and Solana without sacrificing security...
From Triage to Threat Hunts: How AI Accelerates SecOps
AI‑driven SOC agents are moving from hype to practical augmentation, handling every alert with human‑level accuracy. By automatically correlating telemetry from EDR, identity, cloud and network sources, they eliminate the triage bottleneck and achieve near‑zero dwell time. The continuous investigation...
AI Security Threats Loom as Enterprise Usage Jumps 91%
Zscaler’s ThreatLabz 2026 AI Security Report reveals a 91% surge in enterprise AI usage, encompassing 989.3 billion transactions across more than 3,400 applications in 2025. Despite this rapid adoption, every AI system examined harbored critical vulnerabilities, with 90% compromised within 90...
Sicarii Ransomware Locks Your Data and Throws Away the Keys
Sicarii ransomware generates a fresh RSA key pair on each victim system and discards the private key, making encrypted data unrecoverable even after ransom payment. This defect breaks the standard ransomware‑as‑a‑service model that relies on attacker‑held private keys for decryption....
Best IT Managed Services for Large Enterprises
Large enterprises are shifting IT from a support function to a strategic growth engine, and the article outlines the criteria that define the best managed services for this scale. It highlights five enterprise‑tier attributes—strategic partnership, transparent governance, proactive operations, comprehensive...
MIND Launches DLP for Agentic AI to Secure Data Used by Autonomous Systems
Data security firm MIND Security launched DLP for Agentic AI, a data‑centric solution that safeguards sensitive information used by autonomous AI agents across enterprise applications. The service provides visibility into active AI agents, real‑time risk detection, and automated remediation, shifting...
Researchers Uncover 454,000+ Malicious Open Source Packages
Security vendor Sonatype reported that developers downloaded 9.8 trillion open‑source components in 2025, yet 454,648 of the packages were newly identified as malicious. The report describes a shift from opportunistic spam to industrialized, often state‑sponsored campaigns that use typosquatting, namespace confusion,...
Almost 9 in 10 Firms Remain Vulnerable to Cyber Risks
KYND’s analysis of over 2,000 firms—including FTSE 350 and S&P 500 companies—found that 88 % of organizations with identified cyber‑risk exposures remain vulnerable for six months or longer. While 11 % of the sample faced actively exploited vulnerabilities, remote code execution (RCE)...
Data Protection Day 2026: Addressing Common Challenges
The Data Protection Day 2026 blog highlights six persistent GDPR challenges—stale ROPAs, weak retention schedules, overlooked paper records, unprepared DSAR processes, outdated accountability documentation, and insufficient vendor risk controls. It explains how each issue creates hidden exposure and offers concrete...
N8n Adds Chat Hub to Centralize AI Access Inside Automation Workflows
n8n launched Chat Hub, a built‑in chat interface that lets users query large language models and trigger workflow agents without exposing workflow logic or credentials. The feature introduces a dedicated Chat role, centralizes model and credential management, and supports both...
Cybercriminals Exploit Canadians’ Dependence on Digital Services in Widespread Attacks
Canadian cybercriminals are running a large‑scale phishing campaign that impersonates government agencies, Air Canada and Canada Post, using the PayTool phishing‑as‑a‑service platform. The operation distributes SMS alerts and malicious ads that direct victims to spoofed portals hosted on shared IP...
Why “Platform Consolidation” Often Increases Risk Instead of Reducing It
Enterprises chase security‑stack consolidation to cut costs and simplify management, but most vendor‑driven platforms are built from acquired point solutions rather than unified architectures. This commercial consolidation delivers single contracts yet leaves fragmented data stores, disparate analytics, and multiple agents,...
Love? Actually: Fake Dating App Used as Lure in Targeted Spyware Campaign in Pakistan
ESET has uncovered a sophisticated Android spyware campaign that uses a fake dating app, GhostChat, to lure Pakistani users through romance‑scam tactics. The app presents locked female profiles with hard‑coded unlock codes, creating an illusion of exclusive access before installing...
AHA Releases New Guides to Strengthen Hospital Emergency and Cyber Preparedness
The American Hospital Association unveiled two new guides—Strategies for Medical Surge Management During Public Emergencies and Strategies for Cyber Preparedness in Health Care—to help hospitals navigate both public health crises and cyber threats. Both resources adopt the “four S’s” framework—staffing,...
Chinese National Sentenced to 46 Months for Laundering Millions Stolen From U.S. Investors
A Chinese national, Jingliang Su, received a 46‑month federal prison sentence for laundering roughly $36.9 million stolen from U.S. investors in a cryptocurrency fraud scheme run from Cambodia. The court ordered him to pay nearly $27 million in restitution and highlighted a...
Wallet Linked to Alleged US Seizure Theft Launches Memecoin, Crashes 97%
A Solana‑based memecoin called John Daghita (LICK) was launched on the Pump.fun launchpad by a wallet investigators link to an alleged theft of US government‑controlled crypto. Within its first day the token lost roughly 97% of its value, dropping from...
McAfee Upgrades Scam Detector to Spot QR Code Scams and Suspicious Messages
McAfee has upgraded its Scam Detector tool to include instant QR‑code safety checks and enhanced detection of suspicious direct messages, even when they contain no links. The update comes as QR‑code scams affect 68 % of recent scanners, with 18 % encountering...
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Researchers uncovered two malicious PyPI packages, spellcheckerpy and spellcheckpy, that pretended to be spell‑checking tools but delivered a Python‑based remote‑access trojan. The packages were downloaded just over 1,000 times before being removed, with version 1.2.0 adding an execution trigger that runs...
Always-On Privileged Access Is Pervasive — and Fraught with Risks
Enterprises are plagued by pervasive always‑on privileged access, with 91 % of users remaining logged in at their highest privilege level. Legacy governance, mergers, cloud migrations and rapid fixes have left dormant privileged accounts embedded in critical workflows, creating a massive...
Cloudbrink Adds AI Innovations to Its Platform to Protect Agents, Apps, and Data
Cloudbrink announced new AI‑focused security features that extend its secure connectivity platform to protect AI agents, browser‑based AI services, and custom large language models. The enhancements include a Safe AI BrinkAgent that detects data leaks, a continuously updated definitions database...
Open‑weight AI + Obsidian + Crypto Enables Personal Private Programmable Stack
PERSONAL PRIVATE PROGRAMMABLE I’ve been thinking more about the intersection of Claude Code and Obsidian. There is an upcoming tech stack here that I’m calling personal private programmable. Here’s a sketch of the idea. First, if you squint ahead a few months, we...
Fortinet Expands FortiCNAPP with Network, Data, and Runtime-Aware Risk Prioritization
Fortinet has upgraded its FortiCNAPP platform to incorporate network enforcement, data security posture management, and runtime validation into a single risk‑prioritization workflow. The enhancements enable network‑aware risk scoring, in‑place data sensitivity analysis, and runtime‑informed prioritization, reducing alert fatigue and focusing...
Yubico Extends Hardware Passkey Deployment Options
Yubico has broadened its YubiKey as a Service offering by adding self‑service ordering and a revamped Customer Portal. The new workflow lets employees and partners select YubiKey models, enter shipping details, and receive keys directly in the U.S., Canada or...
Volante’s Multi-Cloud Resiliency Service Keeps Payments Running During Cloud Outages
Volante Technologies has introduced a Multi‑cloud Resiliency Service designed to keep payment processing operational when a primary cloud provider experiences an outage. The solution offers rapid, zero‑data‑loss failover to a secondary cloud environment, eliminating single‑provider dependency for banks and other...
Digital Element Announces NAT Detector — Industry’s New Standard for Accurate IP Geolocation and Risk Intelligence
Digital Element launched NAT Detector, a new feature in its NetAcuity IP intelligence platform that identifies Network Address Translation (NAT) and Carrier‑Grade NAT connections. The tool flags shared‑IP environments, helping advertisers, security teams, DRM providers, and fintech firms interpret IP...
Pondurance RansomSnare Blocks File Encryption and Data Exfiltration
Pondurance has added RansomSnare, a new module to its Managed Detection and Response (MDR) service that halts ransomware the moment it tries to encrypt a file. The capability terminates the malicious process instantly, blocking both encryption and data exfiltration without...
Pallma AI Closes $1.6M Pre-Seed Round for AI Agent Security
London‑based Pallma AI announced a $1.6 million pre‑seed round led by Marathon Venture Capital, with participation from tech leaders at AWS, Meta, and Google. The startup offers an AI‑native security platform that monitors, detects, and mitigates risks such as prompt injection...
SelfAudit Launches Partner Program to Speed CMMC Readiness
SelfAudit AI introduced a Partner Program aimed at MSPs, MSSPs, and compliance professionals to accelerate Cybersecurity Maturity Model Certification (CMMC) readiness. The initiative offers a standardized, AI‑driven workflow that streamlines gap analysis, remediation, and audit‑ready documentation. By integrating partners into...
Delegation Is a Risk Decision Every Leader Makes, Not an Ops Choice
Leaders increasingly delegate decision‑making authority to software, turning routine operational choices into enterprise‑level risk decisions. When systems automatically issue credits, payments, or pricing adjustments, the underlying authority often lacks explicit ownership, exposing organizations to financial, legal, and reputational fallout. Security...
US Charges 87 in Major ATM Jackpotting Scheme Linked to Tren De Aragua
A Nebraska federal grand jury has indicted a total of 87 defendants in a sprawling ATM jackpotting conspiracy tied to the Venezuelan gang Tren de Aragua. The scheme used a variant of the Ploutus malware to hack ATMs nationwide, stealing...
Opportify Gains Early Adoption for Email Insights to Stop Sign-Up Fraud
Opportify has launched its Email Insights solution, a risk‑based intelligence platform designed to stop fraudulent sign‑ups at the point of entry. Unlike traditional validators that rely on simple syntax or MX checks, Email Insights scores each address on domain stability,...
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of twelve vulnerabilities in OpenSSL have been patched, including a high‑severity remote code execution (RCE) flaw. All issues were identified by a single cybersecurity research firm and disclosed through coordinated channels. The fixes address weaknesses that could allow...
Hackers Exploit React2Shell Vulnerability to Deploy Miners and Botnets Worldwide
A critical insecure‑deserialization flaw in React Server Components, identified as CVE‑2025‑55182 or “React2Shell,” is being actively exploited worldwide. The vulnerability affects react‑server‑dom‑webpack, –parcel and –turbopack versions 19.0‑19.2, allowing attackers to execute arbitrary code and deploy a range of malware, including...
Prompt Injection Threat Turns AI Agents Against Employers
When AI Agents Turn Against You: The Prompt Injection Threat Every Business Leader Must Understand As organizations deploy #AIagents to handle everything from customer service to financial decisions, a critical #security #vulnerability threatens to turn these digital workers against their...
CERT UEFI Parser: Open-Source Tool Exposes UEFI Architecture to Uncover Vulnerabilities
The Software Engineering Institute at Carnegie Mellon University released the CERT UEFI Parser, an open‑source utility that statically parses UEFI firmware binaries and source code into a structured, machine‑readable model. By extracting modules, execution phases, protocols and dependencies, the tool gives...
Why Prevention-First Secrets Security Will Define Enterprise Scale: Learnings From a Leading Telecom
Orange Business discovered that traditional secret detection tools generate massive false positives, leading developers to ignore alerts. By implementing mandatory GitLab pre‑receive hooks and a three‑layer defense, they reduced new secret leaks by 80% while keeping false positives below 5%....
Major Cyberattack Cripples Russia’s Alarm and Vehicle Security Provider Delta
Russian security firm Delta suffered a large‑scale external cyberattack on Jan 26, crippling its alarm, home, and vehicle security platforms. The breach disabled online services, phone lines, and the mobile app, leaving thousands of customers unable to control alarms or unlock...
Grammarly and QuillBot Are Among Widely Used Chrome Extensions Facing Serious Privacy Questions
Incogni’s 2026 privacy risk report examined 442 AI‑powered Chrome extensions and found that over half collect user data, often with deep‑level permissions. The study highlighted that scripting and activeTab permissions let extensions read and modify any web page, exposing emails,...
Audits for AI Systems that Keep Changing
ETSI released TS 104 008, a continuous‑auditing based conformity assessment (CABCA) specification for AI systems. It shifts assurance from periodic reviews to ongoing cycles that automatically collect evidence from logs, model parameters, and data samples. The framework operationalizes regulatory requirements into machine‑readable...