Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
‘SolyxImmortal’ Information Stealer Emerges
Cyfirma has uncovered a new Python‑based information stealer dubbed SolyxImmortal, targeting Windows machines. The malware runs silently, establishes persistence in the user’s AppData folder, and exfiltrates credentials, keystrokes, and screenshots through hard‑coded Discord webhooks over HTTPS. It harvests Chrome master keys, monitors active windows for financial‑related titles, and deletes temporary files after upload. The tool is being sold on a Telegram marketplace, indicating it is aimed at low‑to‑medium sophistication actors.
Cyber Insights 2026: Information Sharing
Cybersecurity information sharing remains essential but faces structural challenges. The Cybersecurity Information Sharing Act of 2015, set to lapse on Jan 30 2026, threatens to curtail the legal protections that encourage voluntary threat‑intel exchange, while the CISA agency confronts funding cuts and...
How to Remove Saved Passwords From Google Chrome (And Why You Should)
Google Chrome’s built‑in password manager offers convenience but accumulates credentials across devices, creating a hidden security liability. The article details how to delete individual, multiple, or all saved passwords on desktop, Android, and iOS, and explains how Chrome sync propagates...
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
A short‑lived campaign from January 11‑15 2026 masqueraded as Malwarebytes installers to deliver infostealers. Attackers distributed ZIP archives named like “malwarebytes‑windows‑github‑io‑X.X.X.zip” that contain a legitimate EXE loader, a malicious CoreMessaging.dll, and a benign‑looking TXT pivot file. The DLL is sideloaded, granting code...
AI-Powered Surveillance in Schools
AI-powered surveillance systems are being installed in U.S. high schools, exemplified by Beverly Hills High School's deployment of facial-recognition cameras, behavioral-analysis software, audio monitors, drones, and license-plate readers. The technology claims to identify violent behavior, locate distressed students, and track...
Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware
Acronis Threat Research Unit uncovered a new espionage campaign that uses a Venezuela‑related news lure to target U.S. government officials. The attack distributes a malicious DLL through DLL sideloading, hidden inside a renamed Tencent music player called “Maduro to be...
Keepnet Bets on Agentic AI Behavioral Training to Curb Security Mistakes
Keepnet introduced Agentic AI for Behavioral Microlearning, shifting training success metrics from completion rates to measurable behavior change and incident reduction. The autonomous platform plans, creates, delivers, and optimizes short, contextual lessons using real‑time risk data, cutting content‑creation time from...
The Future of Risk: Integrating AI and Human Intelligence for Proactive Mitigation with Garry Singh
In this 29‑minute episode, Garry Singh, President of IIRIS Consulting, explains how AI can shift risk management from a reactive to a predictive discipline. He outlines practical steps for leaders to embed machine learning into risk identification, while emphasizing the...
Attackers Rerouted Employee Pay Without Breaching IT Systems
An attacker bypassed technical defenses by socially engineering help‑desk staff to reset passwords and re‑enroll MFA, gaining legitimate access to payroll accounts. Using the compromised credentials, the fraudster altered direct‑deposit details and diverted salaries from three employees without triggering alerts....
CertiK Links $63M in Tornado Cash Deposits to $282M Wallet Compromise
Blockchain security firm CertiK traced roughly $63 million of Tornado Cash deposits to the $282 million wallet hack on Jan. 10. Their analysis shows 686 BTC were bridged to Ethereum, converted into about 19,600 ETH, and then broken into ~400‑ETH chunks before entering the mixer....
British Army to Spend £279 Million on Permanent Cyber Regiment Base
The British Army will invest £279 million to build a permanent base for its 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire. The new facility will house cyber training, operations, and the Army’s Cyber, Information and Security Operations Centre, enhancing...
Why FinCrime Detection Is Delayed and How to Fix It
FinCrime detection latency occurs when the signal arrives late or lacks context, not because analysts are slow. Opoint outlines four timestamps—event, first public mention, internal awareness, and decision—to expose where delays happen. Early‑stage OSINT, especially from non‑English sources, can close...
TMT Expands Digital Trust and Safety with Microsoft Publishers
The Media Trust (TMT) announced a partnership to bolster digital trust and safety within Microsoft’s advertising ecosystem. Leveraging TMT’s proprietary AI detection, global infrastructure, and malware‑analysis teams, the collaboration will deliver real‑time threat detection and mitigation for malware, redirects, and...
Threat Hunting in 2026: Why Proactive Defence Is the Only Way Forward
Threat hunting is shifting from reactive incident response to proactive, pattern‑based defense as attackers repeatedly exploit known vulnerabilities. Experts at Qualys argue that focusing on adversary telemetry—such as weaponization, ransomware links, and dark‑web chatter—enables teams to anticipate exploitation cycles. Automation...
Oligo Appoints Shira Bendkowski as VP of Product
Oligo Security announced Shira Bendkowski as its new Vice President of Product. Bendkowski, formerly VP of Product at Aqua Security and head of product at XM Cyber, will steer Oligo’s product vision for runtime security across applications, cloud, workloads, and...
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Researchers have uncovered PDFSIDER, a backdoor malware that exploits DLL side‑loading in the legitimate PDF24 Creator application to evade endpoint detection and response tools. The malicious payload is delivered via spear‑phishing ZIP archives, signed with valid certificates, and replaces the...
Argus: Python-Based Recon Toolkit Aims to Boost Security Intelligence
Argus v2.0, a Python‑based reconnaissance toolkit, launches with 135 specialized modules unified under a professional command‑line interface. The overhaul adds multi‑threaded execution, over 25 CLI commands, and four deployment options—including pip, Docker, script, and direct Python. It integrates major threat‑intelligence...
SEON Identity Verification Combines KYC Checks with Real-Time Fraud Intelligence
SEON introduced an AI‑powered Identity Verification solution that combines document validation, biometric liveness detection, proof‑of‑address checks, and optional government database queries within its unified risk platform. The service draws on more than 900 real‑time fraud signals to evaluate both the...
SIOS Technology VP of CX Cassius Rhue Shares 2026 IT Predictions
SIOS Technology’s Vice President of Customer Experience, Cassius Rhue, outlined a forward‑looking vision for high‑availability (HA) and disaster‑recovery (DR) solutions through 2026. He predicts HA will evolve from pure uptime guarantees to a strategic pillar for hybrid‑cloud resilience, cybersecurity, AI...
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Geopolitical rivalries are increasingly manifesting as cyber operations that target critical infrastructure, disinformation networks, and supply‑chain dependencies. Recent incidents—from the Ukrainian power‑grid outage to a Norwegian dam breach—illustrate how state actors can weaponize digital tools against civilian services. AI‑generated disinformation...
Rubrik Introduces Security Cloud Sovereign for Data Sovereignty and Regulatory Compliance
Rubrik unveiled Security Cloud Sovereign, a data‑protection platform that keeps all data, metadata, and control planes inside a customer‑chosen jurisdiction. The solution offers immutable safeguards that prevent encryption, deletion, or alteration even if attackers gain elevated access. Integrated threat‑detection analytics...
Outsourcing IT Support: Benefits, Risks, and Smart Next Steps
The episode outlines how fast‑growing SaaS companies can outsource IT support by contracting for clear outcomes, defining precise scopes, and applying zero‑trust controls. It emphasizes data‑driven metrics such as First Contact Resolution, MTTR, and CSAT to justify the move, while...
Why Wrench Attacks Are Becoming One of the Most Violent Forms of Crypto Crimes
Wrench attacks are physical coercion crimes that force cryptocurrency holders to reveal credentials or authorize transfers, bypassing technical defenses. The phenomenon gained headlines after the 2025 kidnapping of Ledger co‑founder David Balland and has accelerated as crypto market capitalisation climbs, with...
Review: AI Strategy and Security
AI Strategy and Security, authored by Dr. Donnie W. Wendt, is a practical guide for technology leaders and security professionals designing enterprise AI programs. The book maps AI adoption to business objectives, outlines readiness assessments, and defines a comprehensive team...
7 Top Cybersecurity Projects for 2026
The 2026 cybersecurity roadmap highlights seven priority projects for CISOs, ranging from AI‑aware identity and access management to advanced email protection, autonomous code‑vulnerability discovery, and enterprise‑wide zero‑trust adoption. Leaders emphasize extending IAM controls to non‑human agents, leveraging small language models...
Researchers Hijack Hacker Domain Using Name Server Delegation
Infoblox researchers exploited a DNS misconfiguration called lame nameserver delegation to seize control of abandoned hacker domains. Within hours they intercepted over 57 million push‑notification logs from roughly 120 misconfigured domains, capturing traffic at 30 MB per second. The data exposed a...
Bytebase: Open-Source Database DevOps Tool
Bytebase is an open‑source DevOps platform that streamlines database schema and data changes through a structured change‑request workflow. It lets teams submit SQL changes, run automated reviews, and track executions across development, staging, and production environments. The tool includes built‑in...
Threat Actors Abuse Browser Extensions to Deliver Fake Warning Messages
Huntress researchers uncovered a malicious Chrome extension, NexShield, that masquerades as the legitimate uBlock Origin Lite ad blocker. The extension installs a delayed denial‑of‑service loop, then displays a fake crash warning that tricks users into running a PowerShell command which...
Traveling? ‘Evil Twin’ WiFi Networks Can Steal Crypto Passwords
Evil Twin attacks clone legitimate Wi‑Fi hotspots, luring travelers to connect and exposing them to credential theft. The method is prevalent in airports, cafés, hotels and conference venues, where attackers intercept traffic and harvest exchange logins, 2FA codes, or seed...
Entity Resolution Vs. Identity Verification: What Security Teams Actually Need
The episode clarifies the distinction between identity verification—confirming a person’s claimed identity at a specific moment—and entity resolution—linking disparate identity fragments into a unified profile. It explains why security teams, facing credential exposure and reuse, need entity resolution combined with...
Return Fraud, Counterfeits and Other Scams: 2025 Was a Banner Year
2025 proved a banner year for retail fraud, with the OECD and EUIPO estimating counterfeit sales near US$467 billion and Liquidonate reporting US$127 billion in fraudulent returns alone. Online returns now outpace in‑store returns three‑to‑one, creating fertile ground for tactics like wardrobing,...
Why Financial Analysts Need Robust PC Security—And How Online Cleaners Help
Financial analysts face heightened cyber risk, making workstation hygiene essential. Modern online PC cleaners now combine malware detection, registry repair, and privacy safeguards, turning routine maintenance into a security layer. Paid solutions add real‑time monitoring, frequent definition updates, and enterprise...
New OpenAI Leak Hints at Upcoming ChatGPT Features
OpenAI is quietly testing a major ChatGPT web update slated for rollout in the next few weeks. The preview, dubbed “Salute,” adds a task‑creation interface with file uploads and progress tracking. Additional changes include a model‑preference flag aimed at hospitality‑specific...
OAuth Scopes & Consent: Complete Guide to Secure API Authorization
The episode explains OAuth scopes as granular permission strings that let users grant apps only the access they need, illustrating real‑world examples from healthcare, retail, and finance and showing how consent screens translate technical scopes into plain language. It covers...
Hacktivists Hijacked Iran ’S State TV to Air Anti-Regime Messages and an Appeal to Protest From Reza Pahlavi
Hackers seized control of Iran’s Badr satellite on Jan 18, 2026, broadcasting a ten‑minute anti‑regime video featuring exiled Crown Prince Reza Pahlavi. The clip urged citizens to keep protesting and called on the military to join demonstrators. The intrusion occurred amid a...
Hundreds Answer Europe's 'Public Call for Evidence' On an Open Digital Ecosystem Strategy
The European Commission launched a public call for evidence on open digital ecosystems, running from 6 January to 3 February 2026. More than 370 submissions have already been received, reflecting strong stakeholder interest. The evidence will shape a Commission communication that outlines concrete...
Microsoft Releases OOB Windows Updates to Fix Shutdown, Cloud PC Bugs
Microsoft issued emergency out‑of‑band (OOB) updates for Windows 10, Windows 11, and Windows Server after the January 2026 Patch Tuesday introduced two critical bugs. The first bug broke credential prompts for Microsoft 365 Cloud PC and Azure Virtual Desktop sessions, while the second prevented...
.webp?ssl=1)
How Security Teams Use IP Location and DNS History In Cybercrime Investigation
Security teams start cybercrime investigations with a single alert—often a suspicious IP or login—and quickly need context beyond raw logs. By enriching that alert with IP location data and DNS history, analysts can identify geographic anomalies, hosting providers, and past...
NDSS 2025 – Compiled Models, Built-In Exploits
Researchers at NDSS 2025 unveiled a systematic study of bit‑flip attacks targeting deep‑learning executables compiled by modern DL compilers. Unlike prior work that focused on flipping weights within frameworks, the new approach exploits publicly known model structure embedded in the...
4 in 5 Small Businesses Had Cyberscams Last Year, Almost Half Were AI Powered
A recent Identity Theft Resource Center survey shows that four out of five small businesses experienced a cyber‑scam or breach in the past year, with almost half of those attacks powered by artificial intelligence. The study found that 38% of...
Japanese Nuclear Regulator Employee Loses Phone Containing Sensitive Info in China
Japan’s Nuclear Regulation Authority disclosed that an employee lost a government‑issued smartphone while on a personal trip to China in November. The device contained a database of contact information for senior nuclear officials, plant operators, and emergency responders, classified as...
80% of Hacked Crypto Projects Never ‘Fully Recover,’ Expert Warns
Nearly four out of five crypto projects hit by a major hack never fully recover, according to Immunefi CEO Mitchell Amador. He attributes the low survival rate to operational paralysis, lack of incident‑response plans, and breakdowns in communication that erode...
Google Chrome Now Lets You Turn Off On-Device AI Model Powering Scam Detection
Google Chrome now lets users delete the on‑device AI model that powers the Enhanced Protection feature, which uses generative AI to detect scams, malicious downloads, and risky extensions. The toggle appears in Settings > System under “On‑device GenAI.” The capability is currently...
Amera IoT Unveils Quantum-Proof Encryption Backed by 14 US Patents
Amera IoT introduced AmeraKey® Encryption, a quantum‑proof solution backed by 14 U.S. patents. The system creates identical encryption keys on both ends of a link using a Picture‑and‑PIN method, eliminating the need to transmit keys or ciphertext. By leveraging transmission‑free...
NEXCOM Unveils Quantum-Resistant Platforms at MWC Barcelona 2026
NEXCOM announced at MWC Barcelona 2026 a suite of quantum‑resistant platforms that embed post‑quantum cryptography (PQC) frameworks for long‑term data protection. The rollout targets telecom, enterprise and industrial networks, emphasizing edge security and resilient networking. Alongside the PQC platforms, the...
Newsrooms Must Adopt Holistic Safety Beyond Digital Checklists
I spoke to @CJR about the FBI seizing devices from a @washingtonpost reporter and what newsrooms should know. The way forward here is more than just a digital security checklist, but a holistic focus on safety: physical, digital, emotional, legal....
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German authorities have arrested two Ukrainian suspects linked to the Black Basta ransomware‑as‑a‑service operation and placed its alleged Russian leader, Oleg Nefedov, on the EU Most Wanted and INTERPOL Red Notice lists. The gang, which emerged in 2022, infiltrated over...
A Faceless Hacker Stole My Therapy Notes – Now My Deepest Secrets Are Online Forever
Finnish psychotherapy provider Vastaamo suffered a massive data breach, exposing personal and therapy records of about 33,000 patients. Hackers contacted victims, demanding Bitcoin payments under threat of publishing the sensitive information. In September 2025, a Helsinki court released the alleged...
JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability
JFrog researchers have demonstrated a remote code execution (RCE) exploit for Redis vulnerability CVE‑2025‑62507, leveraging a stack buffer overflow triggered by the XACKDEL command with multiple IDs. The flaw, originally rated 8.8 CVSS, now warrants urgent patching to Redis version 8.3.2....
Update: hash.py Version 0.0.14
Didier Stevens released hash.py version 0.0.14 on 17 January 2026. The update is labeled a bug‑fix release and is available as a zip archive. The post provides both MD5 (66A205915A280CC474541053739B8EDD) and SHA‑256 (C459B75F132BB4AA394D8EA27A79F409C446AAA67536946673EC824EA9219F9F) checksums for verification. No additional features are announced, emphasizing stability...