Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A newly identified threat supergroup called SLSH, formed by Scattered Spider, LAPSUS$ and ShinyHunters, is targeting more than 100 high‑profile enterprises through sophisticated human‑led vishing attacks on Single Sign‑On platforms, especially Okta. The attackers use a live phishing panel to capture credentials and MFA tokens in real time, granting immediate, persistent access. After breaching SSO, they pivot to internal communication tools to elevate privileges and often follow up with data encryption and ransom demands. Conventional security awareness programs are proving inadequate against this coordinated social‑engineering campaign.
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A former employee of a crypto‑romance scam compound in Laos, calling himself Red Bull, leaked extensive internal documents exposing how pig‑butchering operations function. He described forced‑labor conditions, daily quotas, and a reward system that celebrates six‑figure fraud wins. After being captured...
Introduction to Fund Recovery: HonestGuardPrime.com
HonestGuardPrime.com offers a structured fund‑recovery service for victims of online scams, guiding clients through each legal and documentation step. The company’s transparent, step‑by‑step approach is repeatedly highlighted in Trustpilot and other reviews for reducing client stress. Reviewers praise the firm’s...
What It Doxxing? How It Happens, and How to Stay Safe?
The article defines doxxing as the public disclosure of private personal data without consent, highlighting that over 43 million Americans have been targeted and 90 % of cases reveal the victim’s address. It outlines how doxxers gather information from public records, data...
Cisco AI Summit: Inside Enterprise AI Build, Secure, Scale
Join us online for the Cisco AI Summit livestream. If you care about how enterprise AI is actually being built, secured, and scaled, this is a day worth putting in the diary. Cisco is bringing together many of the people...
Drowning in Spam or Scam Emails? Here’s Probably Why
Inbox overload of spam and scam messages is often traced to multiple technical and human factors. Recent data breaches, botnet‑driven campaigns, and lax email authentication expose addresses to malicious actors. Compromised accounts and aggressive marketing lists amplify the volume. Experts...
What Is the Outlook for Regulation in 2026?
Star Compliance’s 2025 Quarterly Executive Brief highlights a surge in regulatory expectations, especially around digital assets and the UK’s Senior Managers and Certification Regime (SMCR). Market‑abuse supervision is tightening, with regulators expanding insider‑trading definitions to include shadow trading. The report...
Major Security Flaws Found in UK Retailer Websites
A recent Ethiack study of 1,722 European retailers uncovered that 19.7% of SSL certificates on UK retailer websites are invalid, expired, or misconfigured, exposing customer data to interception. Additionally, 19.6% of UK web servers reveal software type and version in...
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Hackers are leveraging SEO poisoning to push malicious ZIP archives that contain BAT scripts masquerading as legitimate tools. The fraudulent pages rank highly in search results, directing users to fake repositories where the scripts contact command‑and‑control servers and download remote...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Trend Micro researchers have uncovered a JScript‑based command‑and‑control framework called PeckBirdy, used by China‑aligned APT groups since 2023. The framework runs via living‑off‑the‑land binaries across browsers, MSHTA, WScript, Node JS and .NET, delivering modular backdoors such as HOLODONUT and MKDOOR. It powers...
Why Cyber Fusion Centers and Zero-Trust Work Better Together
The surge in zero‑trust adoption has not delivered expected protection, as static implementations struggle against zero‑day exploits and a rapidly evolving threat landscape. A leading bank that integrated a cyber fusion center (CFC) with zero‑trust achieved 65% automated incident responses...
Reliance Global Group Acquires Stake in Post-Quantum Cybersecurity Firm Enquantum
Reliance Global Group announced a non‑binding term sheet to acquire a controlling interest in post‑quantum cryptography firm Enquantum Ltd. through its new EZRA International subsidiary. Enquantum’s hardware‑accelerated, FPGA‑based solutions promise terabit‑level, quantum‑resistant encryption, addressing performance concerns of software‑only PQC. The...
Canada Marks Data Privacy Week 2026 as Commissioner Pushes for Privacy by Design
Canada’s Privacy Commissioner Philippe Dufresne launched Data Privacy Week 2026 (Jan 26‑30) with a focus on privacy‑by‑design, urging organizations to embed data protection from the outset. He highlighted recent high‑profile breaches—including Aylo, 23andMe, TikTok, and an investigation into X’s Grok chatbot—to...
Cymulate Joins the Wiz Integration Network (WIN)
Cymulate has joined the Wiz Integration Network, embedding its Continuous Threat Exposure Management platform into Wiz’s cloud‑security ecosystem. The partnership enables automated pre‑ and post‑exploitation simulations across Azure, AWS, and Google Cloud, delivering continuous validation of security controls. Joint customers...
How to Safeguard Executives Through Proactive Planning and Managing Online Presence
Recent high‑profile attacks, including the 2024 assassination of UnitedHealthcare CEO Brian Thompson, have highlighted severe gaps in executive protection, especially online. Organizations are reassessing security operations, investing in physical safeguards while recognizing that digital exposure often reveals executives' locations and...
Descope Introduces Dedicated Identity Infrastructure for AI Agents and MCP Ecosystems
Descope has launched an upgraded Agentic Identity Hub that treats AI agents as first‑class identities alongside human users. The platform adds OAuth 2.1, PKCE, DCR, CIMD and tool‑level scopes to MCP servers, letting developers secure agent access with enterprise‑grade policies. It...
75% of Visitors Will Switch to a Competitor When a Website Feels Unsafe, Liferay Survey Finds
Liferay’s 2026 Broken Trust Report, based on a survey of 1,000 U.S. adults, finds that 75% of users will abandon a website they perceive as unsafe and often turn to a competitor. A single “off” moment erodes trust for 61%...
When Open Science Meets Real-World Cybersecurity
Fermilab CISO Matthew Kwiatkowski explains how open‑science environments create cybersecurity blind spots when scientists design infrastructure without early security input. He notes that collaboration between IT and researchers reduces risky implementations and that publicly releasable data is often mislabeled, prompting...
4 Issues Holding Back CISOs’ Security Agendas
CISOs increasingly view a breach as inevitable, with 76% expecting a material cyberattack within the next year and 58% deeming their organizations unprepared. Four core issues impede progress: insufficient training and empowerment of security teams, lagging AI governance, limited AI...
Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
January 2026 saw CERT‑In publish three critical advisories targeting SAP, Microsoft, and Atlassian products. The alerts disclose high‑severity flaws—including remote code execution, privilege escalation, and data exfiltration—affecting SAP S/4HANA, Windows, Azure, and on‑premise Atlassian tools such as Jira and Confluence. One...
Waiting for AI Superintelligence? Don’t Hold Your Breath
AI superintelligence remains a theoretical goal, yet artificial intelligence is already woven into the fabric of enterprise operations, accelerating decision‑making and threat detection. Companies report faster, more accurate alert investigations, but the same speed introduces novel vulnerabilities and operational risks....
How Financial Institutions Strengthen SAR Readiness With Smarter Risk Practices
Financial institutions are intensifying their suspicious activity reporting (SAR) programs as fraud cycles accelerate and regulators tighten oversight. Strong SAR readiness hinges on real‑time data signals, skilled analysts, clear processes, and modern AML platforms that automate monitoring and case management....
Data Privacy Week 2026: Why Secure Access Is the New Data Protection Perimeter
The CyberExpress article argues that the traditional network perimeter is no longer sufficient for data privacy, and that the true protection now lies at the moment of access. It highlights the rise of the “Identity‑Data Gap” and the shift toward...
Cybersecurity Jobs Available Right Now: January 27, 2026
A wave of cybersecurity openings posted on January 27, 2026 spans senior leadership, engineering, and analyst roles across the United States, Europe, Asia, and the Middle East. Companies such as micro1, Bringg, Oracle, and Snyk are hiring C‑level executives, incident‑response...
Ivanti Expands Neurons Platform with Agentic AI and Autonomous Endpoint Management
Ivanti announced a major upgrade to its Neurons platform, adding Agentic AI‑driven personas to the IT Service Management suite, autonomous endpoint management (AEM) that unifies DEX, UEM and security, and enhanced asset visibility through Discovery. The Agentic AI preview launches...
Clawdbot-Style Agentic Assistants: What Your SOC Should Monitor, Triage, and Contain
Agentic AI assistants such as Clawdbot are moving from simple chatbots to persistent, privileged entities that can act across Slack, Teams, Discord and other platforms. Their ability to retain context, execute commands, and use user‑provided API keys creates new attack...
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
Single Sign-On Account Management in App Stores
App store identities remain fragmented, with developers often using personal emails that expose enterprises to lockout and breach risks. Managed Apple IDs and Enterprise Google accounts tether accounts to corporate domains, ensuring the organization retains control. The industry is moving...
The 7 Essential Elements of a Compliance Framework You Need to Know
The article outlines a seven‑element compliance framework that moves organizations from ad‑hoc checklists to a systematic operating model. It emphasizes leadership governance, risk assessment, policy translation, controls, training, monitoring, and issue management as interlocking components. By aligning these elements, firms...
Secret Service Foils Card Skimmers
The U.S. Secret Service’s fraud‑prevention unit partnered with local law‑enforcement to locate and deactivate 411 illegal point‑of‑sale card‑skimming devices in 2025. Across 22 coordinated operations, agents inspected roughly 9,000 businesses and examined about 60,000 terminals, potentially averting $428.1 million in fraudulent...
Zama’s Encrypted Ethereum Token Auction Draws $118M in Commitments
Zama, a fully homomorphic encryption startup, closed a $118.5 million encrypted token auction on Ethereum, marking the first such ICO on the network. The sealed‑bid Dutch auction attracted 11,103 unique bidders, oversubscribed by 218% and clearing at $0.05 per token. Zama’s...
They're Coming for Our Kids: How Extremists Target Children Online
Extremist groups are increasingly targeting children on platforms such as Discord, Instagram, Reddit, and gaming chats, turning these digital third spaces into recruitment hubs. In 2024, teenagers accounted for roughly two‑thirds of ISIS‑linked arrests in Europe, and similar patterns are...
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
MSSPs face growing risk from shadow IT and data sprawl as hybrid work and SaaS adoption push data into unmanaged cloud locations. Unapproved applications and fragmented data increase attack surface, compliance exposure, and incident‑response delays. Cavelo offers an agent‑less, multi‑tenant...
Unseen Money 16—Synthetic Identity Fraud
In this episode, Paul Amery and guest Timur Yunusov dissect a bizarre DPD delivery of a non‑existent eBay purchase that led them to explore synthetic identity fraud—a scheme where criminals blend stolen personal data with fabricated details to create usable...
Genetec Outlines Data Privacy Best Practices Ahead of Data Protection Day
In this episode, Genetec highlights data‑privacy best practices for physical‑security systems ahead of International Data Protection Day. Principal Security Architect Mathieu Chevalier stresses the need for clear data‑use limits, privacy‑by‑design controls, and continuous protection throughout the data lifecycle. The company recommends...
NDSS 2025 – All Your (Data)base Are Belong to Us: Characterizing Database Ransom(ware) Attacks
Researchers at the IMDEA Software Institute delivered the first systematic analysis of database ransomware attacks, examining 23,736 ransom notes from 60,427 compromised servers over three years. Their honeypot experiments showed new infections rising 60% year‑over‑year, with 6,000 fresh victims in...
Reduce Ecommerce Account Takeovers: Where a VPN Actually Helps
The episode explains how e‑commerce businesses can curb account takeovers by integrating a dedicated IP VPN into their admin workflows. It outlines an access‑control playbook that routes all Shopify and financial dashboard logins through an encrypted VPN tunnel, reducing false...
ShinyHunters, CL0P Return with New Claimed Victims
ShinyHunters has resurfaced with an onion‑based data leak site, claiming breaches of SoundCloud, Betterment and Crunchbase tied to a new vishing campaign targeting SSO credentials at Okta, Microsoft and Google. The group warns that more victims will follow. In parallel,...
Emergency Microsoft Update Fixes In-the-Wild Office Zero-Day
Microsoft released emergency out‑of‑band updates to remediate CVE‑2026‑21509, a zero‑day flaw actively exploited in the wild. The vulnerability bypasses OLE security controls in Office 2016 through 2024 and Microsoft 365 Apps, allowing attackers to execute malicious code via crafted Office...
EScan Antivirus Supply Chain Breach Delivers Signed Malware
On January 20 2026, MicroWorld Technologies’ eScan antivirus was compromised through its legitimate update infrastructure, delivering digitally signed malware to global endpoints. The multi‑stage payload installed a 64‑bit backdoor, persisted via disguised scheduled tasks, and altered hosts and registry settings to block...
Why MSPs Should Add Privileged Access Management (PAM) To Their Security Offerings
Managed service providers (MSPs) are urged to add Privileged Access Management (PAM) to their portfolios as identity‑based attacks surge, with data breaches up 72% since 2021. PAM dovetails with Zero Trust principles, securing administrative credentials that attackers most often target....
Why Digital Identity Systems Are Moving Away From Centralized Data Storage
Digital identity systems are transitioning from centralized databases to decentralized architectures. Centralized stores pose massive breach risks, prompting firms to seek models that limit data exposure. Decentralized solutions leverage cryptography and distributed ledgers, granting users control over their credentials. This...
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
Saudi Satirist Hacked with Pegasus Spyware Wins Damages in Court Battle
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security
The episode examines Google’s Universal Commerce Protocol (UCP), an open‑source standard designed to unify AI‑driven shopping across retailers and payment providers. It highlights UCP’s advantages—single‑point integration, leverage of Google Merchant Center, modular flexibility, and merchant‑first control—while noting the competitive landscape...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
Grid Protection in Severe Weather: What Security Leaders Need to Know
A historic winter storm on Jan. 24‑25 left over 820,000 energy customers without power and placed 200 million people under severe‑cold alerts. While utilities scramble to restore service, cyber adversaries target pre‑existing grid weaknesses such as unpatched systems and lax remote‑access controls....
CISA Releases List of Post-Quantum Cryptography Product Categories
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
Beware: Clawdbot Could Unleash Unaligned AI Risks
Rahul warns us about Clawdbot. I'm not too worried about the nerds here who load it, but it got so popular over the weekend that non-techies will get drawn in. And that's where the trouble starts. I don't know how...
Journalists Should Use Signal Usernames, Not Personal Numbers
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....