Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
TrustAsia Pulls 143 Certificates Following Critical LiteSSL ACME Vulnerability
TrustAsia revoked 143 SSL/TLS certificates after uncovering a critical vulnerability in its LiteSSL ACME service. The flaw allowed domain‑validation data to be reused across different ACME accounts, enabling unauthorized issuance of wildcard certificates. The issue stemmed from a logic error that failed to verify CSR ownership and an overly long DNS‑01 challenge cache. TrustAsia suspended ACME issuance, patched the code, reset all authorizations, and completed remediation within eight hours.
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work
In 2025 phishing evolved from a nuisance into a professional, subscription‑based service. Threat actors now rent disposable infrastructure, use generative AI to craft high‑fidelity pages, and repurpose mainstream no‑code platforms, while large language models eliminate the classic bad‑writing tell. These...
ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
Arqit Launches ‘Encryption Intelligence’ to Automate Discovery for Post-Quantum Migration
Arqit Quantum has launched Encryption Intelligence (EI), an automated SaaS platform that inventories an organization’s cryptographic assets across cloud, OT and legacy systems. The tool identifies obsolete algorithms and protocols, providing real‑time visibility to accelerate post‑quantum cryptography (PQC) migration and...
Secure Your Google Ads Account Against The Rise In Hijackings
Google Ads account hijackings are accelerating, especially against agencies that manage large budgets. Attackers exploit weak login practices, phishing, and even Google Analytics or Tag Manager to bypass two‑factor authentication. Google’s official guide recommends HTTPS, verified @google.com emails, link scrutiny,...
Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial...
On Jan. 16, 2026 the Supreme Court granted certiorari in United States v. Chatrie, asking whether bulk geofence warrants satisfy the Fourth Amendment’s particularity requirement. A geofence warrant compels a data custodian to hand over location records for every device within a...
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
Percipience Achieves SOC 2 Type I Compliance
Percipience, an insurtech data and analytics provider, announced it has achieved SOC 2 Type I compliance, confirming that its security, availability, and confidentiality controls are properly designed. The audit, conducted by an independent firm, validated the company’s policies on access management, change...
Secure Solutions for Journalists and At‑Risk Professionals
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. https://t.co/5eyprsSuBF
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise
Red Teaming simulates real‑world attacker behavior across people, processes, and technology, going beyond traditional penetration testing that only flags technical flaws. It helps enterprises verify whether detection, response, and containment capabilities can stop a breach before business damage occurs. Leaders...
How ASPM Protects Cloud-Native Applications From Misconfigurations and Exploits
Application Security Posture Management (ASPM) consolidates vulnerability, misconfiguration, and runtime data into a single, continuous risk model for cloud‑native applications. By graph‑linking code commits, container images, Kubernetes objects, and cloud resources, ASPM reveals which findings are truly exploitable. This unified...
149 Million Usernames and Passwords Exposed by Unsecured Database
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
FBI Seizes Reporter’s Devices, Including Encrypted Drive
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored reporting notes on an encrypted external drive, so...
Elastic Agent Builder Expands How Developers Build Production-Ready AI Agents
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
Cobalt Achieves CSA AI Trustworthy Pledge
Cobalt, a pioneer of Penetration Testing as a Service, has earned the Cloud Security Alliance (CSA) AI Trustworthy Pledge by completing the STAR Level 1 CAIQ Self‑Assessment based on version 4.0.3. The certification aligns Cobalt’s practices with the CSA Cloud Controls Matrix,...
Ring Now Lets Users Verify Whether Videos Have Been Altered
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
What Are Drive-By Download Attacks?
Drive‑by download attacks automatically install malware when a user visits a compromised website, requiring no clicks or consent. They exploit outdated browsers, plugins, or operating systems, often via malicious scripts, malvertising, or exploit kits. The resulting payloads range from trojans...
Buterin Calls 2026 the Year to Reclaim Self-Sovereign Computing
Vitalik Buterin announced 2026 as the year to reclaim self‑sovereign computing, swapping his daily tools for open‑source, privacy‑preserving alternatives. He moved from Google Docs to Fileverse, Telegram to Signal, Google Maps to OrganicMaps/OpenStreetMap, and Gmail to ProtonMail, while also experimenting with...
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
Manage My Health, a New Zealand digital health portal, confirmed a breach that accessed documents in its My Health Documents feature, affecting over 120,000 patients. While live clinical systems remained untouched, fraudsters are now impersonating the service to send phishing and...
Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t
Technology veteran Alan Shimel discovered an Instagram account impersonating him, using the handle shimel.alan, which quickly followed 85 of his contacts and received follow‑backs from ten. He reported the account through Meta’s built‑in AI‑driven reporting tool, only to receive an...
Iboss Unveils AI-Powered SSPM Capability to Reduce SaaS Risk
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
This Guide Will Show You How to Create SAML Identity Management.
The guide walks CTOs and VPs of Engineering through building SAML‑based identity management for enterprise single sign‑on, covering claim design, certificate handling, and a step‑by‑step migration from ADFS. It explains how to configure assertions, secure metadata, and align SAML with...
ADIB Names Winners of UAE Cybersecurity Innovation Challenge to Drive Digital Resilience
Abu Dhabi Islamic Bank (ADIB) announced the three winners of its UAE Cybersecurity Innovation Challenge—Corgea, Nothreat and DTEX Systems—selected from more than 50 global applicants. The competition, run with the UAE Cyber Security Council and DIFC Innovation Hub, featured 10...
Finextra & ACI Worldwide Release New Survey Report on the Global State of Fraud and Financial Crime
Finextra and ACI Worldwide released the "AI in Action" global survey, analyzing responses from 154 industry leaders on AI‑driven fraud prevention. Over half of organisations (51%) already run AI solutions, with another 47% planning deployments within two years. The study...
South Korea Probes Loss of Seized Bitcoin in Phishing Attack
South Korean prosecutors in Gwangju are investigating the disappearance of a large bitcoin cache seized in a criminal case, which an internal audit attributes to a phishing breach during official custody. The incident underscores the vulnerability of government-held digital assets...
Microsoft Introduces Winapp, an Open-Source CLI for Building Windows Apps
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
Ethereum Mainnet Daily Active Addresses Surpass All Layer-2s
Ethereum’s mainnet daily active addresses have surged to roughly 945,000, briefly peaking at 1.3 million, surpassing all major layer‑2 networks. The recent Fusaka upgrade, which slashed gas fees, is credited for the activity boost, though security analysts warn that address‑poisoning attacks...
Advances Post-Quantum Aggregation with Code-Based Homomorphic Encryption and LPN
Researchers at the Technical University of Munich present a post‑quantum secure aggregation protocol built on code‑based homomorphic encryption under the Learning Parity with Noise (LPN) assumption. The design features a key‑ and message‑additive homomorphic scheme, a committee‑based decryptor realized via...
Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
NDSS 2025 – Rethinking Trust In Forge-Based Git Security
The NDSS 2025 paper introduces gittuf, a decentralized security layer for Git repositories that removes reliance on a single trusted forge. By distributing policy declaration, activity tracking, and enforcement among all contributors, gittuf lets developers independently verify changes. The system...
Why AI Is Making Attack Surface Management Mandatory
Amit Sheps of CyCognito warns that AI is rapidly expanding enterprise attack surfaces, making traditional vulnerability hunting insufficient. He stresses that without continuous external discovery and clear ownership mapping, security teams cannot prioritize true risk. AI both creates new entry...
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
AI-Powered Disinformation Swarms Are Coming for Democracy
Researchers warn that advances in AI will enable single operators to command swarms of thousands of autonomous social‑media agents that produce indistinguishable human content. These AI‑driven disinformation networks can adapt in real time, target specific communities, and conduct rapid micro‑testing...
ICE Agents Are ‘Doxing’ Themselves
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
Governing Cybersecurity in the AI Era -Pwc Workshop 2026
PwC‑affiliated firm A.F. Ferguson & Co. hosted a one‑day masterclass titled “Governing Cybersecurity in the AI Era – Digital Trust, Risk & Resilience” on 22 January 2026 in Karachi. More than 100 senior technology and business leaders, including CISOs, CIOs and CFOs,...
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
Microsoft Teams to Add Brand Impersonation Warnings to Calls
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
10Web WordPress Photo Gallery Plugin Vulnerability via @Sejournal, @Martinibuster
A vulnerability in the Photo Gallery by 10Web WordPress plugin allows unauthenticated attackers to delete image comments. The flaw stems from a missing capability check in the delete_comment() function and affects all versions up to 1.8.36, primarily the Pro edition...
INC Ransomware Opsec Fail Allowed Data Recovery for 12 US Orgs
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
Critical Appsmith Flaw Enables Account Takeovers
A critical authentication flaw (CVE‑2026‑22794) was discovered in Appsmith’s low‑code platform. The vulnerability stems from the password‑reset endpoint trusting the client‑supplied Origin header, allowing attackers to craft malicious reset links and capture tokens. Exploitation enables full account takeover, including admin...
Claude Extension Serves as Fallback when Browsers Blocked
When you don't have an Skill/MCP, a headless browser is blocked, curl and fetch are blocked... the Claude extension is a slow but serviceable backup.
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
A critical vulnerability (CVE‑2025‑67968) in the RealHomes CRM plugin, bundled with a popular WordPress real‑estate theme, affected over 30,000 sites. Versions 1.0.0 and earlier allowed any logged‑in subscriber to upload arbitrary files via a CSV import endpoint, enabling potential full...
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
Why Active Directory Password Resets Are Surging in Hybrid Work
Hybrid work has turned routine Active Directory password resets into a major productivity drain, as cached credentials and frequent rotation policies cause more lockouts. Since 2022, over half of U.S. employees operate in hybrid models, leading to an estimated 923...
RSA Group Announces New $135 Million Capital Infusion and Debt Refinancing to Accelerate AI Product Innovation and Organic Growth
RSA Group announced a $135 million capital infusion backed by its existing lenders, coupled with a refinancing of its first‑ and second‑lien debt. The deal extends debt maturities, de‑leverages the balance sheet, and improves liquidity. Proceeds will fund AI‑driven enhancements to...
Kasada Launches AI Agent Trust to Secure Agentic Commerce
Kasada, a bot management and fraud protection company, unveiled AI Agent Trust, a solution designed to secure automated traffic on digital commerce sites. The platform provides a searchable directory that verifies AI agents and lets brands apply policy‑based controls to...
Canada Court Overturns Order to Close TikTok Operations
Canada’s Federal Court has overturned a government directive that would have forced TikTok to shut down its Canadian operations. Judge Russell Zinn set aside the order and instructed Industry Minister Melanie Joly to conduct a new security review. The ruling...
Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data
Kazakhstan is drafting legislation to impose criminal liability for mass leaks of personal data, as proposed by the Ministry of Artificial Intelligence and Digital Development. The same proposal would dramatically increase administrative fines for organizations that fail to meet information‑security...
Searchlight Cyber Adds Ransomware Leak Site Visibility with Ransomware File Explorer
Searchlight Cyber introduced Ransomware File Explorer, a new feature in its Cerberus platform that provides searchable visibility into file‑tree data posted on ransomware leak sites. The tool indexes file‑tree metadata, enabling instant keyword searches without handling malicious archives. It helps...