Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1
In September 2025 Zscaler ThreatLabz uncovered two Pakistan-linked APT campaigns, Gopher Strike and Sheet Attack, targeting Indian government entities. Gopher Strike delivers malicious PDFs that trigger ISO downloads, employing a new Golang downloader called GOGITTER, a lightweight backdoor GITSHELLPAD that uses private GitHub repositories for command‑and‑control, and a Golang shellcode loader GOSHELL to deploy a Cobalt Strike beacon. The attackers perform IP‑ and User‑Agent‑based checks to ensure payloads reach only Windows systems in India, and the toolset shows similarities to APT36 but suggests a new subgroup. Zscaler’s cloud security platform now flags these components under distinct malware names.
01 Quantum Reports Q4 2025 Revenue Growth & PQC Deployments
01 Quantum Inc., rebranded from 01 Communique Laboratory, reported FY 2025 revenue of $767,993—up 86% from the prior year—driven by commercial deployments of post‑quantum cryptography (PQC) solutions such as DoMobile Ver.5. The company raised $3.78 million in equity financing and continues to...
Hackers Are Using LLMs to Build the Next Generation of Phishing Attacks - Here's What to Look Out For
Security researchers at Palo Alto Networks’ Unit 42 have demonstrated a proof‑of‑concept where generative AI models produce on‑the‑fly JavaScript that creates personalized phishing pages. The technique sends prompts to a legitimate LLM API, receives unique code for each visitor, and executes...
Expereo: Enterprise Connectivity Amid AI Surge with ‘Visibility at the Speed of Life’
Expereo’s chief digital officer Julian Skeels warns that AI workloads turn networking into a system‑of‑record, requiring deterministic, observable, and resilient connectivity. Enterprises are tangled in hybrid clouds and multiple providers, leading to “connectivity everywhere but visibility nowhere.” The company’s expereoOne...
Microsoft Handed over BitLocker Keys to Law Enforcement, Raising Enterprise Data Control Concerns
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
6 Okta Security Settings You Might Have Overlooked
Okta is the backbone of many SaaS‑first enterprises, making its security settings critical. The article outlines six often‑overlooked configurations—password policies, phishing‑resistant MFA, ThreatInsight, admin session ASN binding, session lifetimes, and behavior rules—that strengthen identity protection. It also highlights how continuous...
Researchers Uncover “Haxor” SEO Poisoning Marketplace
Security researchers uncovered the HaxorSEO (HxSEO) marketplace, a Telegram and WhatsApp‑based service that sells over 1,000 malicious backlinks from compromised, decades‑old domains. Each listing includes trust scores such as domain authority and is priced at $6, allowing threat actors to...
Upwind Secures $250 Million to Expand Runtime-First Cloud Security for AI Workloads
Upwind announced a $250 million Series B round, bringing total capital to $430 million. The funding, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, will accelerate the company’s runtime‑first cloud security platform aimed at AI‑driven workloads. Upwind claims...
Booz Allen’s Vellox Reverser Accelerates Malware Analysis and Threat Intelligence
Booz Allen Hamilton has launched the general availability of Vellox Reverser, an AI‑driven malware reverse‑engineering platform. The solution leverages a resilient agentic AI architecture on AWS Lambda, Bedrock, and Step Functions to automate deep analysis of complex threats. New features...
Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies
The recent discovery by Koi Security reveals that NPM’s handling of Git‑based dependencies can circumvent the post‑Shai‑Hulud “PackageGate” defenses, allowing malicious code execution even with the `--ignore‑scripts` flag. The bypass exploits a crafted `.npmrc` file that overrides the Git binary...
Wiz Found It. Swimlane Fixed It. The Cloud Security Power Play
Cloud security teams face alert fatigue, drowning in critical notifications that outpace manual response. Wiz, a cloud risk visibility leader, has partnered with Swimlane’s Turbine agentic‑AI to turn detection into automated remediation. The integration pulls Wiz telemetry, enriches it with...
Stellar Cyber Expands Autonomous SOC Capabilities with Agentic AI
Stellar Cyber unveiled version 6.3, embedding agentic AI to push its Autonomous SOC vision forward. The update automates threat detection, investigation, triage and response across identity, network, endpoint, email and cloud layers, slashing alert fatigue and mean‑time‑to‑respond. New Model Context Protocol...
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
US law firm Hagens Berman is urging investors to join a class action against Coupang over a massive June 2025 cyber‑attack that exposed personal data of 33.7 million customers. The breach prompted a police raid, the resignation of CEO Park Dae‑Joon,...
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
North Korean state‑sponsored Lazarus group launched a new Operation DreamJob campaign targeting European defense firms that build uncrewed aerial vehicles. The attackers used fake job offers to distribute trojanized PDFs that install the ScoringMathTea RAT and BinMergeLoader loader. Malware leverages...
GeoComply Uses Device and Location Data to Stop Fraud
GeoComply’s digital identity platform, integrated with Dabble, combines device integrity, precise location, behavioural and network signals to enhance KYC. The partnership delivered KYC pass rates above 90% and uncovered large fraud clusters, including 250+ accounts from a single address and...
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer
Blackpoint Cyber uncovered a new fake CAPTCHA campaign that tricks users into executing a signed Microsoft script, SyncAppvPublishingServer.vbs, to install the Amatera Stealer malware. The attack directs victims to press Windows Key + R, paste a code, and run a command, while fetching...
Deepfake ‘Nudify’ Technology Is Getting Darker—And More Dangerous
Deep‑fake “nudify” services now turn a single photo into realistic, eight‑second explicit videos, offering dozens of sexual scenarios for a small fee. Platforms ranging from web sites to Telegram bots automate image‑to‑video generation, with AI models capable of adding audio...
Winning Against AI-Based Attacks Requires a Combined Defensive Approach
Offensive AI is reshaping cyber attacks, with large language models generating and morphing malware in real time. Recent incidents such as Anthropic’s AI‑orchestrated espionage campaign and ClickFix steganography attacks show adversaries bypassing traditional endpoint detection (EDR). Network Detection and Response...
Quantum Computing Firm IonQ Acquires US Semiconductor Firm SkyWater for $1.8 Billion
IonQ announced a definitive agreement to acquire SkyWater Technology for $35 per share, valuing the semiconductor foundry at roughly $1.8 billion in a cash‑and‑stock transaction. The deal creates a vertically integrated quantum platform that combines IonQ’s fault‑tolerant quantum processors with SkyWater’s...
$6,000 “Stanley” Toolkit Sold on Russian Forums Fakes Secure URLs in Chrome
A new crime‑ware toolkit called Stanley is being sold on Russian‑language forums for $2,000 to $6,000. The kit disguises itself as the Notely note‑taking extension and guarantees that its malicious Chrome extension will pass Google’s Web Store review. Once installed,...
NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution
Security researchers uncovered two critical 0‑day flaws—CVE‑2025‑34164 and CVE‑2025‑34165—in NetSupport Manager versions up to 14.10.4.0. The bugs reside in an undocumented broadcast feature and can be chained to achieve unauthenticated remote code execution by corrupting heap memory and reading stack...
Why Voice-Based Scams Are a Growing Threat to Banks
Phone‑based scams have moved from a niche consumer problem to a material risk for banks, with U.S. consumers losing over $12.5 billion in 2024, many through voice attacks. Fraudsters exploit the inherent trust of human speech and caller‑ID spoofing to impersonate...
Matcha Meta Breach Tied to SwapNet Exploit Drains up to $16.8M
Decentralized exchange aggregator Matcha Meta disclosed a security breach originating from its primary liquidity provider, SwapNet, which allowed an attacker to siphon between $13.3 million and $16.8 million on the Base network. The exploit leveraged an arbitrary call flaw in SwapNet’s router...
F5 Strengthens, Scales & Sustains AI Security With Integrated Runtime Protection
In this episode Adrian Bridgwater discusses F5’s new AI security offerings—AI Guardrails and AI Red Team—designed to protect enterprise AI models throughout their lifecycle. The Guardrails provide both out‑of‑the‑box and custom‑built runtime protections that enforce policies, prevent data leaks, and...
Microsoft Entra ID Will Auto-Enable Passkey Profiles, Synced Passkeys
Microsoft Entra ID will automatically enable passkey profiles and add synced passkey support starting March 2026. The update moves passkey profiles to general availability and introduces a new passkeyType property that lets admins choose device‑bound, synced, or both types of passkeys....
Inside Microsoft’s Veteran-to-Tech Workforce Pipeline
Microsoft’s Military Affairs team has expanded the Software and Systems Academy (MSSA) into a nationwide veteran‑to‑tech pipeline, graduating more than 4,000 service members since its 2013 pilot. The program now offers three core learning paths—cloud development, cloud administration, and cybersecurity...
Firewalla Outlines a Zero Trust Approach to Fixing Flat Home Networks
Firewalla introduced a zero‑trust, microsegmentation approach that lets homeowners modernize large, flat Wi‑Fi networks without renumbering IP addresses or reconfiguring devices. Using the AP7 and Orange appliances, users can keep existing SSIDs while automatically isolating legacy IoT, newer smart devices,...
New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware
A sophisticated phishing campaign has been leveraging Vercel's *.vercel.app subdomains since November 2025 to deliver remote‑access malware. The attackers disguise malicious pages as invoice portals or document viewers, then conditionally serve a signed GoTo Resolve installer after fingerprinting the victim’s browser....
Brakeman: Open-Source Vulnerability Scanner for Ruby on Rails Applications
Brakeman is an open‑source static analysis scanner that inspects Ruby on Rails codebases for security flaws without executing the application. It evaluates controllers, models, views, templates, and dependency versions, flagging injection, XSS, unsafe redirects, and authentication weaknesses. The tool integrates...
Consensys Pushes for Balanced Cybersecurity Rules in FTC’s Nomad Case
Consensys submitted a comment letter to the FTC urging technology‑agnostic security standards in the agency’s settlement with Nomad Capital Labs over the 2022 $190 million bridge hack. The firm warns that prescriptive measures such as mandatory circuit‑breaker mechanisms could clash with...
Incident Response Lessons Learned the Hard Way
Ryan Seymour, VP of Consulting and Education at ConnectSecure, draws on over twenty years of incident‑response work to explain why many failures begin before an attack even starts. He shows that teams often hesitate when alerts appear, not because of...
AWS Releases Updated PCI PIN Compliance Report for Payment Cryptography
Amazon Web Services has released an updated PCI PIN compliance package for its Payment Cryptography service, confirming a recent third‑party audit with zero findings. The package includes a PCI PIN Attestation of Compliance and a Responsibility Summary that outlines customer obligations. The...
The New ATO Playbook: Session Hijacking, MFA Bypass, and Credential Abuse Trends for 2026
In this episode Jason Wagner outlines how account takeover (ATO) has shifted from brute‑force logins to stealthy session hijacking, MFA fatigue, and credential reuse tied to real identities. He explains that attackers now harvest active session tokens and device fingerprints,...
What Is User Managed Access?
User Managed Access (UMA) extends OAuth 2.0 by letting data owners set granular sharing policies. It introduces components such as Resource Owner, Authorization Server, and Requesting Party Token to mediate consent. In enterprise SSO, UMA decouples resource data from policy logic,...
26M+ Scammed By Fake QR Codes: NordVPN
NordVPN research finds more than 26 million people may have been lured to malicious sites via fake QR codes. Scammers embed these codes in “brushing” packages, a tactic that now delivers 26 % of all malicious links. Seventy‑three percent of Americans admit...
The Future of Everything: What CEOs of Circle, CrowdStrike & More See Coming in 2026
In this episode, the All‑In hosts interview four CEOs about the landscape they expect in 2026. Jeremy Allaire of Circle discusses the post‑GENIUS Act stablecoin environment, interest‑rate pressures and how AI will reshape money. George Kurtz of CrowdStrike warns that...
NDSS 2025 – RContainer
The NDSS 2025 paper introduces RContainer, a secure container architecture that leverages ARM Confidential Computing Architecture (CCA) hardware primitives to protect containers from untrusted operating systems. By deploying a lightweight trusted mini‑OS alongside the host OS, RContainer monitors control‑flow interactions...
Terrifying Solana Flaw Just Exposed How Easily the “Always-On” Network Could Have Been Stalled by Hackers
Solana validators were urged to install Agave v3.0.14 after a critical security advisory revealed two vulnerabilities that could crash nodes or stall consensus. Early adoption was slow, with only 18% of stake on the patched client, exposing the network to...
The Fraud Hiding in Email Signups
E‑commerce merchants are increasingly hit by fraud that begins with fake but technically valid email sign‑ups. Fraudsters use these accounts for low‑value card‑testing transactions and to harvest welcome coupons, driving chargebacks and an estimated $89 billion in annual coupon abuse losses....
Nike Is Investigating a Possible Data Breach, After WorldLeaks Claims
Nike announced it is probing a potential cyber incident after the WorldLeaks group claimed to have accessed and exfiltrated roughly 1.4 TB of company data. The hacker collective, which evolved from the Hunters International ransomware gang, posted the alleged breach on...
Microsoft Investigates Windows 11 Boot Failures After January Updates
Microsoft is investigating Windows 11 boot failures marked by the UNMOUNTABLE_BOOT_VOLUME stop code after the January 2026 Patch Tuesday cumulative update (KB5074109). The problem impacts Windows 11 version 25H2 and all editions of version 24H2 on physical devices, displaying a black crash screen and requiring...
Coinbase Establishes Quantum Computing Advisory Board with Stanford & UT Austin Experts
Coinbase announced the creation of an Independent Advisory Board on Quantum Computing and Blockchain, staffed by leading researchers from Stanford University and the University of Texas at Austin, including Scott Aaronson and Dan Boneh. The board will develop position papers...
Cybersecurity’s New Business Case: Fraud
Government CISOs are being urged to reframe cybersecurity discussions around financial fraud and AI‑generated scams rather than traditional technical jargon. Pandemic‑relief programs alone saw over $300 billion in fraudulent payments, while consumer fraud hit $12.5 billion in 2024, underscoring the fiscal stakes....
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81
Security Affairs’ Malware Newsletter Round 81 curates the latest threats and research across the malware landscape. Highlights include the emergence of AI‑generated malware frameworks such as VoidLink, sophisticated evasion tactics like PDFSIDER’s DLL side‑loading, and supply‑chain abuse via a malicious...
Carahsoft Expands Quantum-Resilient Cybersecurity Offerings with Cyber Intell
Carahsoft Technology Corp. has signed a Master Government Aggregator partnership with Cyber Intell Solution to distribute the patented CISEN‑SDN‑PQC quantum‑resistant platform to U.S. federal, state and local agencies. The collaboration leverages the ITES‑SW2 contract (W52P1J‑20‑D‑0042) and additional procurement vehicles to...
Microsoft Releases Emergency OOB Update to Fix Outlook Freezes
Microsoft issued emergency out‑of‑band (OOB) updates on Saturday to address a critical Outlook freeze affecting PST files stored in cloud services such as OneDrive and Dropbox. The problem, introduced by the January 2026 Patch Tuesday roll‑out, caused Outlook to become...
Gmail Is Having Issues with Spam and Misclassification
Google reported a widespread Gmail outage on January 24, 2026, affecting spam filtering and email classification. The issue began around 5 a.m. Pacific, causing promotional and social messages to appear in the Primary inbox and legitimate emails to trigger spam warnings....
How Does AI Ensure Calm in Cybersecurity Operations?
Non‑Human Identities (NHIs), or machine identities, are becoming the backbone of AI‑driven cybersecurity operations. By pairing encrypted secrets with server‑granted permissions, NHIs function like digital passports that enable secure automated interactions. AI enhances NHI management through real‑time threat analytics, lifecycle...
How Do NHIs Deliver Value in Digital Security Landscapes?
Non‑Human Identities (NHIs) are machine credentials that now underpin most cloud‑native environments. Effective NHI management couples secret rotation, permission controls, and continuous monitoring to reduce breach risk and streamline compliance. Organizations that automate discovery, classification, and remediation see faster incident...
Can You Trust AI with Your Digital Secrets Management?
Non‑human identities (NHIs) or machine identities are becoming central to digital secrets management, especially as enterprises expand across hybrid cloud environments. Effective NHI platforms automate discovery, lifecycle handling of secrets, and real‑time monitoring, reducing breach risk and compliance burdens. AI...