Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Cside Targets Hidden Website Privacy Violations with Privacy Watch
cside unveiled Privacy Watch, an AI‑driven platform that continuously monitors client‑side third‑party scripts for hidden data collection and privacy violations. The tool automatically generates evidence logs and regulation‑specific reports to help organizations meet GDPR, CPRA, HIPAA and emerging state‑level requirements. With 94% of modern websites embedding unseen scripts, Privacy Watch gives compliance teams the visibility needed to document and limit data flows before audits or incidents occur. The launch addresses a growing compliance burden as U.S. privacy laws multiply and regulators demand proof of reasonable security safeguards.
IonQ Appoints New SVP to Lead Quantum Networking and Security Division
IonQ announced the appointment of Domenico Di Mola as Senior Vice President of Engineering for its Quantum Networking, Security, and Sensing (QNSS) division. Di Mola will steer engineering and strategy for quantum‑secure networking, distributed‑sensing architectures, and the integration of quantum processors with...
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts that within the next two years up to 50% of global enterprises will adopt zero‑trust data governance as AI‑generated content floods books, code repositories, and research papers. The feedback loop of large language models training on prior AI...
Crittora Introduces APP, an Execution-Time Authorization Layer for AI Agents
Crittola launched the Agent Permission Protocol (APP), a runtime authorization layer that cryptographically binds a specific AI agent, its intended action, and the tools it may use. The protocol enforces least‑privilege, time‑bound permissions and fails closed if verification is missing....
13 Cyber Questions to Better Vet IT Vendors and Reduce Third-Party Risk
Enterprises are increasingly exposed to cyber‑risk through third‑party IT providers, as recent high‑profile breaches—Marks & Spencer’s £300 million loss, a Chinese group stealing OAuth tokens from 700 firms, and a SAP NetWeaver zero‑day—demonstrate. Attackers exploit trusted vendor pathways, bypassing traditional perimeter...
Cybercriminals Speak the Language Young People Trust
Criminal networks are systematically recruiting minors through familiar platforms such as TikTok, Instagram, Snapchat and Discord, using encrypted messaging and crypto payments to mask their activities. They speak in coded, game‑like language that makes illegal tasks appear low‑risk and rewarding,...
For Cyber Risk Assessments, Frequency Is Essential
Cyber risk assessments function like medical check‑ups, enabling organizations to detect vulnerabilities before attackers exploit them. The article highlights that regular assessments uncover data exposure—one in ten cloud data sets is openly accessible—and reveal that over 99% of compromised accounts...
Bandit: Open-Source Tool Designed to Find Security Issues in Python Code
Bandit is an open‑source Python security scanner maintained by the PyCQA community. It parses source files and flags risky patterns such as unsafe eval calls, weak cryptography, hard‑coded credentials, and insecure temporary file handling. Each finding is annotated with severity...
The 2026 State of Pentesting: Why Delivery and Follow-Through Matter More than Ever
Penetration testing has shifted from static, point‑in‑time reports to continuous, outcome‑driven programs. Modern teams now demand real‑time delivery, automated routing of findings, and closed‑loop validation to reduce risk. Platforms like PlexTrac enable centralized visibility, integration with ticketing tools, and automated...
Security Leaders Push for Continuous Controls as Audits Stay Manual
Security and risk teams still rely heavily on manual GRC processes, spending thousands of person‑hours each year collecting evidence and preparing audits. While organizations adopt automation for policy management and evidence gathering, deeper workflow automation and continuous controls monitoring remain...
.webp?ssl=1)
Threat Actors Exploit LinkedIn for RAT Delivery in Enterprise Networks
A new phishing campaign is using LinkedIn private messages to deliver remote access trojans to enterprise networks. Attackers send self‑extracting WinRAR archives that contain a legitimate PDF reader, a malicious DLL, and a portable Python interpreter. The DLL is loaded...
The Email Insider Threat Has Evolved in the Era of Generative AI
The article warns that generative AI is reshaping email insider threats, turning everyday tools like grammar checkers into vectors for intellectual property loss. Attackers now use AI‑crafted phishing emails and malicious attachments that bypass traditional filters, while browser extensions silently...
Risky Business #821 -- Wiz Researchers Could Have Owned Every AWS Customer
In episode #821 of Risky Business, hosts Patrick Gray and Adam Boileau, joined by BBC World Cyber Correspondent Joe Tidy, dissect a week of cyber news ranging from alleged U.S. attacks on Venezuela’s power grid to a major AWS console...
NSFOCUS Enters the Global Top Tier of DDoS Security: NSFOCUS DDoS Solutions Positioned in the MarketsandMarkets™ Star Quadrant
NSFOCUS has been placed in the Star Quadrant of MarketsandMarkets' Global DDoS Protection and Mitigation Security Market Forecast to 2030, marking its entry into the industry’s top tier. The ranking reflects NSFOCUS’s mature technology stack, broad solution portfolio, and expanding...
Attribute-Based Access Control (ABAC): Complete Guide with Policy Examples
Businesses are abandoning passwords for B2C apps, citing high friction and security risks. Password resets cost about $70 each and cause significant support expenses, while passwordless solutions can boost conversion rates by more than 10%. The CIAM market is expanding,...
Data Destruction: Why Secure ITAD and Certified Partners Matter More Than Ever
Data destruction is now a strategic imperative, requiring more than simple file deletion. Certified IT asset disposition (ITAD) vendors, especially those with R2v3, Appendix B, and Appendix C credentials, guarantee logical sanitization, physical destruction, and secure refurbishment. These certifications provide...
Coherent and Quside Demonstrate Scalable, Verifiable Quantum Entropy for Data Security
Coherent Corp. and Quside have demonstrated a mass‑manufacturable quantum entropy source using Coherent’s 6‑inch VCSEL line combined with Quside’s QRNG technology. The system generates true, verifiable randomness by measuring VCSEL phase fluctuations and includes real‑time entropy monitoring to detect tampering....
Everest Ransomware Claims McDonalds India Breach Involving Customer Data
Everest ransomware announced a breach of McDonald’s India, claiming to have stolen 861 GB of customer and internal data. The leaked material reportedly contains financial reports, ERP migration files, investor contact lists, and store‑level employee details. HackRead published screenshots to substantiate...
Brazen Scheme Combines Fraud, Visiting Customers' Homes
Barnegat Township Police warned New Jersey residents of a hybrid fraud scheme that combines phone spoofing with a physical courier pickup to steal debit cards. Criminals pose as bank fraud agents, claim unauthorized out‑of‑state activity, and arrange a courier to...
Integrating Enzoic Alerts Into Microsoft Sentinel with Azure Logic Apps
Enzoic’s real‑time breach alerts can now be piped into Microsoft Sentinel using Azure Logic Apps, turning each webhook into a Sentinel incident. The guide walks through provisioning a Log Analytics workspace, creating a consumption‑based Logic App, parsing Enzoic’s JSON payload,...
UStrive Security Lapse Exposed Personal Data of Its Users, Including Children
UStrive, a nonprofit mentoring platform for students, fixed a security lapse that let any logged‑in user view personal data of others, including children. The flaw stemmed from a vulnerable Amazon‑hosted GraphQL endpoint, exposing at least 238,000 records containing names, emails,...
Introducing Mend.io’s AI Security Maturity Survey + Compliance Checklist Available Today
Mend.io launched an interactive AI Security Maturity Survey and a companion Compliance Checklist to help organizations assess and document AI risk. The tools map to OWASP AIMA, NIST AI RMF, ISO 42001 and the upcoming EU AI Act, delivering a personalized...
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact
Airlock Digital released an independent Total Economic Impact study by Forrester Consulting showing a 224% return on investment and a $3.8 million net present value over three years for its allow‑listing solution. The research reports more than a 25% reduction in...
Mass Spam Attacks Leverage Zendesk Instances
Zendesk reported a wave of mass spam campaigns that exploit its customer‑service platform to send phishing emails. The messages appear to originate from legitimate Zendesk subdomains, tricking recipients into opening malicious links. Zendesk clarified that the campaigns are not linked...
NDSS 2025 – Studying the Defensive Registration Practices of the Fortune 500
Researchers at NDSS 2025 examined defensive domain registrations by Fortune 500 firms, uncovering 19,523 domains registered across 447 companies. The study found most firms register only a handful of domains, yet they collectively rely heavily on online brand protection (OBP)...
The Zero Risk Trap: How to Ditch Perfection and Prioritize Real Cyber Resilience
Cybersecurity leaders are trapped in a zero‑risk mindset, chasing perfect audit scores while real threats evolve. The article argues that this pursuit leads to burnout, misallocated resources, and a false sense of security. It proposes a shift toward ruthless risk...
EU Plans Cybersecurity Overhaul to Block Foreign High-Risk Suppliers
The European Commission has unveiled a comprehensive cybersecurity package that gives it authority to conduct EU‑wide risk assessments and restrict high‑risk foreign suppliers in critical telecom infrastructure. The proposal builds on the voluntary 5G Security Toolbox and expands the Cybersecurity...
10 Defining Moments in Space and Cybersecurity in 2025
2025 marked a turning point for space cybersecurity as the National Reconnaissance Office unveiled a centralized Space Cyber Program, while Ukraine publicly confirmed a 2023 hack on Russia’s Dozor‑Teleport satellite network. Academic research revealed that low‑cost satellite receivers can capture...
The Data Center Is Secure, But Your Users Are Not
Data centers now feature layered physical safeguards, redundant systems and zero‑trust digital controls, creating a robust perimeter. Despite these defenses, most breaches stem from human error, especially phishing and weak passwords. The article highlights that 90 % of 2021 data breaches...
Beyond the Interface: Assessing the Security and Payment Infrastructure of Today’s Top Digital Wallets
Digital wallets are evolving beyond UI to prioritize security architecture, payment infrastructure, and regulatory intelligence for 2026. Agentic commerce will enable AI agents to execute transactions autonomously, requiring cryptographic consent and continuous trust orchestration. Multi‑biometric authentication, AI‑driven predictive security, and...
Zero-Trust UTM: TII, VentureOne, and High Lander Join Forces at UMEX to Forge New Airspace Security Standards in the UAE
High Lander Aviation, Abu Dhabi’s Technology Innovation Institute (TII) and venture builder VentureOne announced a strategic collaboration at UMEX 2026 to develop national‑level zero‑trust security standards for unmanned traffic management (UTM) in the UAE. The partnership will focus on end‑to‑end security...
ECommerce Outsourcing Philippines: Battling Cyber Threats with Next-Gen Fraud Detection Systems in BPO
E‑commerce retailers are shifting Philippine outsourcing from a pure cost play to a fraud‑resilience strategy as cyber threats intensify. Leading BPOs now embed machine‑learning, behavioral analytics, device intelligence and seasoned fraud analysts, delivering 40‑60% lower fraud losses, 50‑70% fewer false...
Why Smart Contract Security Can’t Wait for “Better” AI Models
In 2024, smart‑contract vulnerabilities cost the Web3 ecosystem $1.42 billion across 149 incidents, with access‑control flaws alone responsible for $953.2 million. While the community debates perfect AI solutions, current AI‑powered static analysis tools already capture roughly 80 % of known issues, and models...
Cybersecurity in the Age of AIOps: Proactive Defense Strategies for IT Leaders
Cybersecurity AIOps combines AI, machine learning, and automation to transform traditional security operations. It enables real‑time threat detection, reduces human error, and shifts defenses from reactive to proactive. Key strategies include predictive analytics, automated response, alert prioritization, cross‑team collaboration, and...
The Hidden Cybersecurity Risk of “Integrated” Security Platforms
Security vendors increasingly market ‘integrated’ platforms as a way to simplify protection, but most are merely stitched collections of separate tools. This architectural shortcut leaves each product with its own data model, causing delayed correlation and siloed response actions that...
PAI Boosts Claude Code Efficiency by 50% – Free Workshop
PAI is a super power. @DanielMiessler created features on top of Claude Code that increase its efficacy by 50%... and that's a lot based on how awesome Claude Code is. Incoming FREE workshop of PAI and other tools I'm using to...
Signaloid Successfully Achieves SOC 2 Type II Attestation
Signaloid announced that it has earned a SOC 2 Type II attestation, concluding a three‑month audit of its cloud infrastructure, data‑processing pipelines, and operational controls. The audit, performed by compliance specialist A‑LIGN, covered the period from July 1 to September 30, 2025,...
Sprocket Security Appoints Eric Sheridan as Chief Technology Officer
Sprocket Security announced the appointment of Eric Sheridan as its new Chief Technology Officer. Sheridan brings decades of cybersecurity and software engineering experience, along with multiple patents, to guide the firm’s technology vision. In his role, he will oversee engineering...
Make Identity Threat Detection Your Security Strategy for 2026
Identity Threat Detection & Response (ITDR) is positioned as the core security strategy for 2026, shifting focus from perimeter defenses to monitoring compromised accounts. The article highlights that identity‑based attacks are the most common threat, and traditional controls like MFA...
UPM and Q*Bird Launch Spain’s First Multi-Node MDI-QKD Network in Madrid
Universidad Politécnica de Madrid and Q*Bird have deployed Spain’s first operational multi‑node measurement‑device‑independent quantum key distribution (MDI‑QKD) network in Madrid. The hub‑and‑spoke architecture links two INTA facilities and the Ministry of the Interior’s SGSICS site, using Q*Bird’s Falqon® MQX4000 hub...
Ping Identity Launches Universal Services for Ongoing Identity Assurance
Ping Identity introduced Universal Services, a continuous identity assurance suite that extends trust beyond the login event to every digital interaction. The offering integrates with any existing identity provider via standard APIs, allowing enterprises to validate, re‑verify, and adapt protections...
SK Telecom Files Lawsuit to Revoke Record 135 Bln-Won Fine over Data Breach
South Korea’s largest mobile carrier, SK Telecom, has filed a lawsuit with the Seoul Administrative Court to overturn a record 135 billion‑won (US$91 million) fine imposed by the Personal Information Protection Commission for a massive data breach. The breach, disclosed belatedly, exposed...
How Crypto Criminals Stole $700 Million From People – Often Using Age-Old Tricks
Crypto criminals are increasingly buying stolen consumer databases to pinpoint high‑net‑worth individuals and siphon cryptocurrency. A breach at luxury conglomerate Kering exposed millions of shopper records, which a hacker purchased for $300,000 and cross‑referenced with other leaks. Using the combined...
UK: Secret Gagging Order Should Not Have Been Used to Cover up Afghan Data Breach, Sir Ben Wallace Says
Former defence secretary Sir Ben Wallace criticised the use of a secret gagging order to conceal a massive data breach at the Ministry of Defence that exposed the personal details of thousands of Afghan collaborators. The breach occurred after an...
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey reveals cyber risk has risen to a top‑three threat alongside macroeconomic volatility, with 31 % of CEOs rating their firms as highly or extremely exposed to significant financial loss from cyber attacks in the coming year....
Privacy, Security, and Scale: Non‑Negotiable Blockchain Essentials
3 things that will become non-negotiable for any chain that plans to operate in the long-term: Privacy, security, scale. - Privacy (by now it's obvious, and still) - because if we're to migrate our digital life -- financial and non-financial --...
HackerOne Launches Good Faith AI Research Safe Harbor to Protect Responsible AI Testing
HackerOne introduced the Good Faith AI Research Safe Harbor, a framework that grants legal protection to researchers testing AI systems in good faith. Building on its 2022 Gold Standard Safe Harbor for traditional software, the new program clarifies authorization, limits...
AI Framework Flaws Put Enterprise Clouds at Risk of Takeover
Two critical flaws were discovered in the open‑source AI framework Chainlit, allowing arbitrary file reads (CVE‑2026‑22218) and server‑side request forgery (CVE‑2026‑22219). The vulnerabilities can expose environment variables, API keys and cloud credentials, and enable attackers to forge authentication tokens for...
City of London Police Launches Fraud Reporting Service
The City of London Police has unveiled a national "Report Fraud" service, replacing the older Action Fraud programme. The platform offers victims and businesses across England, Wales and Northern Ireland a single gateway to report cyber crime and fraud. By centralising...