Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Microsoft's May 2026 Patch Tuesday Fixes 137 Flaws, 13 Critical CVEs
Microsoft rolled out its May 2026 Patch Tuesday, delivering updates for 137 vulnerabilities across Windows, Office, Azure and Dynamics 365. Thirteen of those flaws received a critical CVSS rating, prompting urgent remediation for enterprises worldwide.
OpenLoop Health Confirms January 2026 Data Breach Affecting 716,000
OpenLoop Health, a telehealth infrastructure provider, confirmed a cyberattack in early January 2026 that exposed personal information of 716,000 individuals. The intrusion lasted from January 7 to 8, during which threat actors exfiltrated data but did not access electronic health...
Weaponized AI: The New Frontier of Fraud and Identity Spoofing
Enterprises are confronting a surge in AI‑generated fraud as criminals weaponize generative models to mass‑produce synthetic identities and deepfake impersonations. In the past 24 months, synthetic identities have risen 100‑fold and deepfake‑driven attacks sevenfold, with Deloitte forecasting U.S. AI‑enabled fraud...
CIRCIA Is Coming: What Government Contractors Need to Know About the Upcoming Cyber Incident Reporting Rules
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is moving toward final rulemaking, obligating over 300,000 entities—including many government contractors—to report major cyber incidents within 72 hours and ransomware payments within 24 hours to CISA. The rule,...
Chinese Laws Push BambuStudio to Breach Open‑Source License
BambuStudio has been violating PrusaSlicer AGPL license since their fork, with the same networking binary black box in question today. Why are they willing to burn the goodwill over it? There's something most have sensed but never seen it all in...
Google Thwarts First AI‑Generated Zero‑Day Exploit, Averting Mass Attack
Google’s Threat Intelligence Group identified the first zero‑day exploit it believes was created with artificial intelligence and worked with the vendor to patch it before any attacks occurred. The exploit, a Python script that bypassed two‑factor authentication, highlights a new...
Fragnesia Made Public As Latest Linux Local Privilege Escalation Vulnerability
The open‑source security community has disclosed Fragnesia, a new Linux local privilege escalation (LPE) vulnerability that mirrors last week’s Dirty Frag bug. Fragnesia resides in the ESP/XFRM subsystem and enables arbitrary byte writes to the kernel page cache of read‑only files....
FBI Remotely Resets Compromised Routers, Evicts GRU
The FBI used court-authorization to remotely reset thousands of compromised home and small office routers, kicking the GRU out of sensitive networks. https://t.co/ap71RUhBGH
OpenAI’s Daybreak and Anthropic’s Glasswing Have Nearly Identical Benchmarks — and 3 of the Same Partners
OpenAI unveiled Daybreak, a cybersecurity platform built on GPT‑5.5 with a tiered trust framework, while Anthropic’s Glasswing consortium, powered by Claude Mythos Preview, offers a similar capability. Independent testing by the UK AI Security Institute shows the two models perform...
NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks
Lasso security researchers demonstrated that sandboxed autonomous AI agents can still exfiltrate sensitive data from NVIDIA’s NemoClaw and OpenShell environments. By abusing trusted tools such as GitHub, npm, and approved binaries, the team stole API keys, environment variables, and credentials...
Researchers Build Cybersecurity Framework for EUDI Wallets
The European Union’s deadline for member states to launch European Digital Identity (EUDI) wallets is set for the end of 2026, prompting a surge of new digital‑identity apps. A three‑year research project led by the University of Szeged, with partners...
Avada Builder Flaws Expose One Million WordPress Sites
Two critical vulnerabilities in the Avada Builder WordPress plugin have put roughly one million sites at risk. The first, CVE‑2026‑4782, is an arbitrary file‑read flaw that lets subscriber‑level users access sensitive files like wp‑config.php. The second, CVE‑2026‑4798, is an unauthenticated...
Quest KACE SMA Flaw CVE-2025-32975: When One Unpatched Tool Opens the Door to 60 Organizations
Quest KACE Systems Management Appliance (SMA) suffers a critical authentication‑bypass flaw (CVE‑2025‑32975) rated CVSS 10.0. The vulnerability lets an unauthenticated attacker impersonate any user, including administrators, via the SSO module. Although a patch was issued in May 2025, more than 12,000...
OpenAI Deploys Daybreak AI Suite to Counter AI‑Powered Cyber Threats, Challenging Anthropic’s Mythos
OpenAI announced Daybreak, a suite of AI‑powered security tools built on GPT‑5.5 and Codex, aimed at finding and remediating software vulnerabilities. The launch pits OpenAI against Anthropic’s limited‑access Mythos model as both firms vie to dominate the emerging AI‑driven cyber‑defense...
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
A new Absolute Security survey of 750 CISOs reveals that 58% would consider paying a ransomware ransom to restore encrypted systems, with U.S. leaders more inclined (63%) than their U.K. peers (47%). While 83% express confidence in rapid recovery, actual...
Microsoft’s New AI System Finds 16 Windows Flaws, Including Four Critical RCEs
Microsoft unveiled MDASH, an AI‑driven vulnerability discovery platform that identified 16 previously unknown Windows flaws, including four critical remote code execution bugs, which were patched in the May 12 Patch Tuesday release. MDASH orchestrates over 100 specialized AI agents to scan...
Cisco Open-Sources Agentic AI Security Spec
Cisco has open‑sourced its internally developed Foundry Security Spec, a comprehensive framework for evaluating and governing agentic AI in cybersecurity. Hosted on GitHub and built for use with the spec‑kit workflow, the spec outlines eight core agent roles, five extensions,...
Amazon Shares Data on Their Customer Passkey Adoption
Amazon disclosed that 465 million of its customers now use passkeys for authentication. Passkeys enable sign‑ins that are about six times faster than traditional passwords and rely on biometrics or device PINs. Adoption has surged 75% year‑on‑year in 2026, and Amazon...
NIST Narrows the NVD: What Container Security Programs Should Reassess
On April 15, NIST announced a prioritized enrichment model for the National Vulnerability Database, limiting full CVSS scores, CPE mappings, and CWE classifications to three categories of CVEs: those in the CISA KEV catalog, federal‑government software, and "critical" software under Executive...
Foxconn Ransomware Attack Highlights Global Manufacturing Supply Chain Vulnerability
Foxconn, the world’s largest electronics contract manufacturer, was hit this week by the Nitrogen ransomware group, forcing the company to confront a breach that could ripple through the supply chains of Apple and dozens of other tech firms. The incident...
Toxic Flows: When Your AI Agent Skill Becomes a Supply Chain Attack
Snyk’s ToxicSkills study audited over 3,000 AI agent skills and uncovered widespread vulnerabilities, with 36% of skills containing security flaws and 13% harboring critical issues such as credential theft and backdoor installation. The research revealed that 91% of confirmed malicious...
Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported
Microsoft’s May 2026 Patch Tuesday delivered fixes for roughly 120 vulnerabilities across Windows, Office, and enterprise services. The bulletin includes 17 critical flaws—14 of them remote code execution (RCE) bugs—but reports no publicly disclosed or actively exploited zero‑day attacks. High‑impact issues...
The Next Wave of Healthcare Cyber Risk, From IoMT to AI-Enabled Attacks
Healthcare cyber risk is evolving beyond ransomware and data breaches as connected medical devices, remote telehealth services, and cloud platforms expand the attack surface. Legacy equipment lacking modern security controls now coexists with IoT and OT, creating vulnerable footholds for...
Veeam Introduces New Backup Management, Cybersecurity Features
Veeam Software unveiled version 13.1 of its flagship Veeam Data Platform, delivering more than 70 enhancements that include post‑quantum cryptography and an expanded malware scanner covering AWS, Azure, Microsoft 365 and NAS environments. The company also launched the DataAI Command Platform,...
Docker Launches AI Governance Platform to Secure Autonomous Agent Execution
Docker unveiled its AI Governance platform, offering centralized controls over autonomous agents’ runtime, network, and credential usage. The solution combines microVM sandboxes and an MCP Gateway to enforce security policies wherever agents run, aiming to close a critical gap in...
F5 and Red Hat Launch Certified WAF for NGINX on OpenShift, Boosting Kubernetes and AI Security
F5 announced that its Web Application Firewall for NGINX, built on NGINX Gateway Fabric, is now available as a certified Red Hat OpenShift Operator. The joint offering adds Layer 7 protection and AI‑focused security blueprints to Kubernetes‑native and AI‑driven applications, signaling...
Microsoft's May 2026 Patch Tuesday Fixes 137 Vulnerabilities, Including 13 Critical Flaws
Microsoft rolled out its May 2026 Patch Tuesday, patching 137 security flaws across Windows, Azure, Office and Dynamics 365, of which 13 are rated critical. The update includes high‑severity remote‑code execution bugs in Azure and Dynamics 365, but Microsoft reported...
Reducing CVE Fatigue with Red Hat Hardened Images and Anchore
Container teams face overwhelming CVE scans that include irrelevant findings, slowing remediation. Red Hat’s Hardened Images provide minimal, purpose‑built containers that reduce the attack surface and the number of scan results. Anchore adds continuous SBOM generation, vulnerability matching and policy enforcement,...
5 Ways to Fix Misleading Vulnerability Severities with Policy
GitLab introduced vulnerability management severity override policies that let teams automatically adjust CVSS scores based on context such as CVE ID, CWE, file path, or exploitation intelligence. The policies can set, increase, or decrease severity levels on each default‑branch pipeline,...
Banks Slash Patch Times as Anthropic’s Mythos Exposes Security Gaps
Large U.S. banks with access to Anthropic's Mythos AI model have uncovered hundreds to thousands of low‑ to moderate‑risk vulnerabilities, prompting a rapid shift from weeks‑long to days‑long patch cycles. The model can combine minor flaws into high‑risk exposures, forcing...
Infosys Opens Dedicated GSOC in North Sydney
Infosys has opened its first dedicated Global Security Operations Center in Australia, located in North Sydney. The GSOC provides 24/7 monitoring, threat detection and incident‑response services, leveraging both local expertise and Infosys’ global security framework. The launch follows Infosys’ acquisition...
Instructure Pays Canvas Hackers To Delete Students' Stolen Data
Education‑technology provider Instructure announced it reached an agreement with the hackers who exfiltrated 3.5 TB of student and university data from its Canvas platform. The company says it paid the criminals and received digital confirmation that the data was destroyed and...
The End of the Artisanal Hack: How AI Industrialized Cybercrime
Google Cloud researchers reported the first AI‑generated zero‑day exploit tied to a mass‑scale campaign, signalling the industrialization of cybercrime. AI is compressing the cost and skill needed for each stage of an attack, turning hacking from artisanal to mass‑manufactured. Enterprises...
Foxconn Ransomware Attack Shows Nothing Is Safe Forever
A ransomware group claims to have stolen 8 TB of data from Foxconn, including schematics for customers such as Dell, Google, Apple, and Nvidia. Foxconn confirmed that several North American factories experienced a cyberattack but said production is resuming. The incident...
Pwn a CEO with a Single Email? Patch Tuesday Brings Nasty Zero-Click Outlook Bug
Microsoft’s May 2026 Patch Tuesday introduced a critical zero‑click remote code execution vulnerability affecting Outlook. The flaw, originally cataloged as a Word issue, actually enables attackers to execute arbitrary code simply by sending a crafted email, with no user interaction...
Strengthening Salesforce Security Against AI-Driven Threats
Salesforce announced a June 2026 enforcement wave that tightens security across all customer orgs to counter AI‑driven threats. The rollout makes multi‑factor authentication mandatory for every user, adds phishing‑resistant MFA for admins and privileged roles, and introduces step‑up authentication for report...
The Pentagon’s Cyber Rules Leave MSPs as an Attack Vector
The Pentagon’s Cybersecurity Maturity Model Certification (CMMC) aims to secure defense supply chains, but its current framework treats Managed Service Providers (MSPs) as voluntary external service providers, leaving a certification gap. MSPs, which give small and medium‑sized defense contractors affordable...
FCC Extends Security Update Deadline for Banned Foreign Routers to 2029
The U.S. Federal Communications Commission has moved the deadline for manufacturers of banned foreign‑made consumer routers to provide security updates for U.S. customers from March 2027 to at least Jan 1 2029. The extension, announced in a May 8 public notice, aims to keep...
10 Crypto Heavyweights Explain the Quantum Risk to Bitcoin
Google’s recent research paper demonstrates that a quantum computer with roughly 500,000 qubits could extract a Bitcoin private key from an exposed public key in about nine minutes—close to Bitcoin’s 10‑minute block interval. This estimate is far lower than earlier...
Semperis Appoints John Podboy as CISO to Boost Identity‑First Cyber Resilience
Semperis, the identity‑driven cyber‑resilience firm, announced John Podboy as its new Chief Information Security Officer. Podboy brings 15+ years of experience across federal agencies and Fortune 100 firms, positioning Semperis to deepen its AI‑infused, identity‑first ransomware defenses. The hire reflects...
How to Protect Your Identity From AI, Doxxers, and Scammers
Recent concerns about AI models like Anthropic's Claude Mythos, which can exploit software vulnerabilities, have heightened awareness of identity‑theft risks. The blog post outlines practical operational‑security measures for individuals seeking to keep personal data separate from their online presence, emphasizing...
Jensen Huang and Bill McDermott Bet on OpenShell to Secure Enterprise AI Agents
Nvidia unveiled OpenShell, an open‑source sandboxed runtime designed to secure autonomous AI agents operating at machine speed. The runtime isolates each agent in its own sandbox and routes credential handling through a gateway, eliminating direct OS or network access. ServiceNow...
Zara Breach Leaks 197,400 Customer Emails and Purchase Data, No Payment Info Stolen
Zara, the flagship brand of Inditex, confirmed that a breach by the ShinyHunters group exposed 197,400 customer email addresses, purchase records and support tickets. The attackers accessed data stored in Google BigQuery via a compromised third‑party analytics platform, but no...
Signal Adds Security Warnings for Social Engineering, Phishing Attacks
Signal has rolled out in‑app confirmations and warning messages to curb phishing and social‑engineering attacks. The new UI flags unverified contacts, shows “No groups in common,” and reminds users that Signal never asks for registration codes or PINs. The changes...
The Canvas Breach: Reframing Higher Ed’s SaaS Risk Exposure
Cybercriminal group ShinyHunters breached Instructure's Canvas LMS, exfiltrating over 6.65 TB of data that includes 275 million records from 8,809 educational institutions worldwide. Instructure detected the intrusion on April 29, revoked credentials, deployed patches, and ultimately paid a ransom to have the data...
Mini Shai-Hulud Threat Targets Emerging AI Coding Workflows
the Mini Shai-Hulud attack is scary because it attacks new AI coding workflows like CI, editor hooks, agent configs, etc
Microsoft Releases Windows 10 KB5087544 Extended Security Update
Microsoft released the Windows 10 KB5087544 extended security update, targeting Enterprise LTSC and ESU customers. The patch addresses the May 2026 Patch Tuesday batch, fixing 120 vulnerabilities and correcting a Remote Desktop warning rendering issue on multi‑monitor setups. It also adds dynamic Secure Boot...
Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticator
Fortinet released emergency patches for two critical remote‑code‑execution flaws affecting its FortiAuthenticator IAM solution (CVE‑2026‑44277) and FortiSandbox platform (CVE‑2026‑26083). The updates cover on‑premise, cloud, and PaaS versions, while FortiAuthenticator Cloud is not impacted. Although no active exploitation has been reported,...
Microsoft May 2026 Patch Tuesday Fixes 120 Flaws, No Zero-Days
Microsoft’s May 2026 Patch Tuesday delivered security updates for 120 flaws across its product portfolio. The release includes 17 critical vulnerabilities—14 remote code execution, two elevation‑of‑privilege, and one information‑disclosure flaw. Notably, four critical Office RCE bugs can be triggered through the...
Microsoft Patches 137 Vulnerabilities
Microsoft’s May 2026 Patch Tuesday addressed 137 vulnerabilities across Windows, Office, Azure, and other services, though none have been seen exploited in the wild. About a dozen flaws are rated “exploitation more likely,” with a critical SSO plugin bug (CVE‑2026‑41103) that...