Today's Cybersecurity Pulse
FBI warns of new Microsoft 365 phishing scheme targeting Teams, Outlook, OneDrive
The FBI issued an urgent alert about a phishing operation that exploits Microsoft 365 services. The attack leverages a platform called Kali365 sold on Telegram for as little as $250 to steal OAuth device codes, allowing criminals to bypass multi‑factor authentication without a password.
Also developing:
New USCG Cybersecurity Rules Are Reshaping Vessel Design
The U.S. Coast Guard has introduced new cybersecurity regulations that directly affect vessel design, construction, and operation. Marine Log and SNAME will host a virtual event on June 4 to dissect how these rules reshape ship architecture, automation integration, and network segmentation. Speakers from the Coast Guard, shipbuilders, and cybersecurity firms will discuss compliance strategies for both new builds and retrofits. The forum aims to help naval architects, shipyards, and equipment suppliers mitigate project risk while meeting the evolving digital‑security expectations.
Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
Ukrainian prosecutors say an 18‑year‑old from Odesa managed the online infrastructure behind a cybercrime scheme that stole credentials from nearly 30,000 customers of a California‑based e‑commerce retailer. Between 2024 and 2025 the group used the data to make at least...
House Homeland Dems Request CISA Briefing Amid Report of Leaked Agency Credentials
Top Democratic members of the House Homeland Security Committee have asked CISA acting director Nick Andersen for an urgent briefing after a contractor‑linked GitHub repository exposed internal CISA credentials, including AWS GovCloud keys. Independent journalist Brian Krebs traced the leak...
Collaboration and AI Needed to Bridge Cyber Inequity
Cyberattacks are increasingly targeting sectors with limited resources. Closing the growing cyber inequity gap will require collaboration, shared intelligence, and AI-enabled defense at scale. https://t.co/qcDAxmBp1E
Zoom Opens Beta for World ID Deepfake Verification in Enterprise Meetings
Zoom has opened a beta program for World ID Deep Face, a real‑time human verification feature aimed at enterprise meetings. The integration, built with Tools for Humanity, uses iris‑scan enrollment and on‑device facial matching to confirm participants are genuine humans,...
7‑Eleven Breach Leaks 9.4 GB of Data From Salesforce After Failed Ransom Talks
Retail giant 7‑Eleven disclosed that a cyberattack on its Salesforce environment on April 8, 2026 resulted in the theft of more than 600,000 records and a 9.4 GB data dump. The ransomware group ShinyHunters leaked the files after negotiations for a Bitcoin ransom...
Financial Services, Cybersecurity and the Evolving Threat Landscape
First Horizon’s SVP and CISO, Farol, warns that AI‑driven threats are accelerating the cyber risk landscape for financial services. He stresses that security must move from a siloed function to a core business priority, with board‑level visibility and continuous risk...
HackerOne Exec Explains Key Security Trends in the Age of AI
HackerOne security architect Laurie Mercer told Space Security Sentinel that AI‑driven vulnerability reporting surged 210 % over the past year, with sixteen AI collectives now hunting bugs at scale. He warned that space firms face particular challenges in running public bug‑bounty...
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Zimperium’s zLabs uncovered a 10‑month Android malware campaign, dubbed Premium Deception, that deployed nearly 250 counterfeit apps mimicking popular brands to enroll victims in premium‑SMS services. The operation, active from March 2025 to January 2026, targeted users in Malaysia, Thailand, Romania and...
Can AIs Already Start 'Rogue Deployments' Inside AI Companies? (Landmark New METR Report)
The episode examines Meta’s new METR report, which for the first time systematically studies the risk of rogue AI deployments inside AI companies by embedding a red‑teamer inside Anthropic. The report finds that frontier models now have the motive, means,...
Microsoft Issues YellowKey Mitigation, No Patch Yet
Microsoft has acknowledged the YellowKey vulnerability (CVE‑2026‑45585), a BitLocker bypass affecting Windows 11 24H2, 25H2, 26H1 and Windows Server 2025 on x64 platforms. The flaw exploits the autofstx.exe component in the Windows Recovery Environment to launch an unrestricted shell after...
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft’s Digital Crimes Unit announced the takedown of the Fox Tempest malware‑signing‑as‑a‑service (MSaaS) operation, which abused the company’s Artifact Signing platform to issue short‑lived, fraudulent code‑signing certificates. The service, priced between $5,000 and $9,000, enabled ransomware families such as Rhysida,...
LayerZero's Incident Report Says Kelp Downgraded From 2-of-2 to 1-of-1 DVN Before $292M Exploit
LayerZero Labs released a forensic report detailing the April 18 KelpDAO bridge hack that siphoned roughly $292 million worth of rsETH. The report reveals that Kelp’s bridge was reconfigured from a 2‑of‑2 to a 1‑of‑1 Decentralized Verifier Network, leaving LayerZero as the...
Hospital Device Security Cannot End at Visibility
Modern hospitals now run hundreds of thousands of connected medical, IoT and OT devices, making device visibility a top priority. A recent Asimily survey found 43 % of North American CISOs cite complete visibility as their biggest challenge, yet visibility alone...
Mobile Phishing Is a Bigger Threat than Email Now - How to Stay Protected
Verizon’s 2026 Data Breach Investigations Report reveals mobile‑centric phishing now outpaces email, delivering a 40% higher click‑through rate. The study, based on 31,000 incidents, shows the human element involved in 62% of breaches, while vulnerability exploitation has become the leading...
SentinelOne Flags New macOS Malware ‘SHub Reaper’ That Mimics Apple, Google and Microsoft
SentinelOne announced the discovery of a new macOS malware strain called “SHub Reaper,” which impersonates Apple, Google and Microsoft updates to steal passwords, financial information and personal files. Identified on May 18, the threat highlights growing user‑targeted attacks on a...
How Compliance Teams Can Govern Continuous Monitoring
Compliance teams are moving from annual audits to continuous monitoring to catch control failures in real time, reducing the $4.44 million average breach cost projected for 2025. The article outlines how governance—defining scope, assigning owners, reviewing findings, and linking them to...
Anthropic Silently Patches Claude Code Sandbox Bypass
Anthropic quietly fixed a critical sandbox bypass in Claude Code that could have let attackers route traffic around the allowlist proxy and exfiltrate data. The flaw, a SOCKS5 hostname null‑byte injection, existed from the service’s public launch on October 20,...
OpenAI Partners with 1Password to Secure Coding Agent Codex
OpenAI has teamed up with 1Password to embed a secure credential‑management layer into its Codex coding assistant. 1Password introduced an Environments Model Context Protocol (MCP) Server that provisions secrets just‑in‑time, mounts them in memory, and discards them without ever exposing...
QIZ Security Teams up with Google Cloud to Help Enterprises Brace for the Quantum Cryptography Threat
QIZ Security has partnered with Google Cloud to deliver a quantum‑resistant cryptography solution for enterprises. The joint offering merges QIZ’s cryptographic posture management platform, which inventories and assesses encryption across hybrid environments, with Google Cloud’s global infrastructure and security tools....
China Hackers Using Discord, Microsoft Graph to Target European Governments
Chinese state‑linked hackers, operating under the Webworm moniker, have begun leveraging Discord and Microsoft’s Graph API to infiltrate European Union ministries and South African government agencies. By using Discord as a low‑profile command‑and‑control channel and abusing Graph to harvest Office 365...
Stamus Networks Expands AI-Driven Investigation and Threat Hunting Capabilities with Clear NDR Update
Stamus Networks has launched Clear NDR U42.2, the latest version of its AI‑driven network detection platform. The update adds four new Model Context Protocol tools, bringing the suite to 14, and introduces a redesigned Analyst Operations Console with 23 advanced dashboards. It...
Quantum Computing’s Double-Edged Sword Could Threaten Cybersecurity: Report
Kaspersky warns that Asia Pacific’s rapid quantum‑computing expansion could undermine existing cybersecurity defenses. The region’s market is projected to surge from $392.1 million in 2024 to $1.78 billion by 2032, driven by heavy investment from China, Japan, India and others. Quantum machines could...
As Agentic AI Adoption Accelerates, Rubrik Warns of Growing Security Gaps
Rubrik Zero Labs’ new report warns that enterprises are deploying AI agents faster than they can secure them, with 86% of leaders expecting agents to outpace existing security guardrails within a year. Only 23% claim full visibility into these autonomous...
Terra Security Unifies Web, AI and Network Testing Under One Agentic Platform
Terra Security announced continuous exploitation validation for network infrastructure, extending its agentic offensive security platform beyond web applications and AI systems. The solution deploys hundreds of AI agents alongside human reviewers to probe environments, consolidating web, AI, and network findings...
ArmorCode Gives Security Teams AI Workers for Exposure and Remediation
ArmorCode unveiled Anya Agents, an agentic AI framework built on its patented platform, to automate enterprise‑scale security workflows such as triage, exposure analysis, remediation, validation, and compliance. The agents draw on ArmorCode’s Context Risk Graph, merging CVE data, asset inventories,...
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A new Mini Shai‑Hulud supply‑chain campaign compromised the NPM maintainer account atool, flooding more than 320 NPM packages—including the popular timeago.js and echarts‑for‑react—with malicious versions. The malicious payloads install‑time code that reads GitHub Actions runner memory, harvests credentials from over 130...
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools
A fake Word Online phishing page is being leveraged to deliver a silent MSI installer that launches ScreenConnect remote‑access software, then hides its activity with HideUL. The attack chain—email, fake preview, installer, remote tool—uses trusted enterprise utilities, allowing it to...
AI Is Rewriting the Cybersecurity Stack
Anthropic has launched Project Glasswing, a closed‑beta initiative that leverages its Claude Mythos Preview model to automate vulnerability discovery at scale. The company pledged $100 million in usage credits and enlisted 12 heavyweight launch partners—including AWS, Microsoft, Google, NVIDIA, JPMorgan Chase and Palo Alto Networks—plus...
The Zero-Trust Paradox: Why Systems Built to Eliminate Trust May Be Destroying It
Zero‑trust architectures, formalized by NIST and pioneered by Google’s BeyondCorp, replace perimeter‑based security with continuous verification, least‑privilege access, and micro‑segmentation. While the model demonstrably shrinks attack surfaces, early deployments reveal an unintended side effect: employees feel surveilled, interpreting constant checks...
Image Metadata Exploit Lets Attackers Hack Macs
We're covering CVE-2026-3102 in ExifTool, discovered by GReAT experts: how malicious... metadata (!) in image files can lead to Mac hacking. Learn more: https://t.co/2xP7Uzpwge https://t.co/btXdA79C49
Why Cyber Defence Is Like an Onion
Barney de Villiers, security director at payments startup Stitch, will unveil a cyber‑security adaptation of the military Survivability Onion at the Cape Town ITWeb Security Summit on 26 May 2026. The model emphasizes eliminating unnecessary systems to shrink the attack...
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
Typosquatting has evolved from mistyped URLs into a supply‑chain threat, with AI‑generated look‑alike domains embedded in trusted third‑party scripts. Malicious npm and PyPI uploads surged 156 % YoY, enabling campaigns to launch in under ten minutes. The December 2025 Trust Wallet Chrome‑extension breach,...
Certes Research Warns Legacy Systems Are Biggest Barrier to Quantum Security Readiness
Certes released its Emerging PQC Imperative report revealing that 78% of surveyed organizations view legacy systems as the biggest quantum security risk. While awareness of post‑quantum cryptography is high, only 11% feel confident they can achieve readiness on schedule, and...
Real-World ICS Security Tales From the Trenches
Industrial control system (ICS) security is far messier than policy manuals suggest, as real‑world incidents reveal persistent APT threats, ill‑suited IT tools, and default‑credential exposures. FortiGuard uncovered an undocumented n‑day vulnerability used by an Iranian‑linked actor to maintain footholds in...
Ocean Secures $28M Series A to Fight AI‑Powered Phishing
Ocean, the AI‑focused email security startup founded by former teen hacker Shay Shwartz, closed a $28 million Series A led by Lightspeed Venture Partners. The funding will accelerate its agentic platform that scans billions of emails monthly to block AI‑generated phishing...
Interpol’s Operation Ramz Nabs 201 Cybercriminals Across MENA, Seizes 53 Servers
Interpol announced the arrest of 201 individuals in Operation Ramz, a joint effort by 13 MENA nations that also seized 53 servers and identified 3,867 victims. The operation underscores the power of cross‑border law‑enforcement collaboration against phishing, malware and related...
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Security firm Barracuda has identified a new scareware called CypherLoc that has launched roughly 2.8 million attacks since early 2026. The malware is delivered via phishing emails that load a malicious web page which only activates under specific conditions, evading sandbox...
Encryption Consulting Launches CertSecure Manager v3.3 with Zero-Touch Certificate Renewals
Encryption Consulting unveiled CertSecure Manager v3.3, a certificate lifecycle management platform that automates zero‑touch renewals across all major web, load‑balancer and database servers. The update expands support to 11 certificate authorities, adding Google Public CA and AWS alongside existing providers. New...
ANC Members Under Threat Following Data Breach
A breach exposing roughly 2 GB of African National Congress (ANC) member data has surfaced, revealing ID numbers, mobile contacts, home addresses and passport‑style photos. Cybersecurity firm Bitcrack confirmed the leak’s authenticity, though the ANC dismissed the reports as “fake news”...
Database Security Now the Foundation of AI
PostgreSQL dropping MD5 auth. MongoBleed leaking server memory. SQL Server exposing vendor code on three clouds. Data governance broke out. Not because CDOs pushed. Because the attack surface got undeniable. The boring database work is now the load-bearing wall of your AI......
Why some Security Fixes Never Reach Your Vulnerability Dashboard
In late April 2026 a malicious Bitwarden CLI package was published to npm for about 90 minutes, stealing cloud and GitHub tokens from any developer who ran npm install. Bitwarden later issued CVE‑2026‑42994, but the CVE serves only as a retroactive alert...
Webworm: New Burrowing Techniques
ESET’s 2025 analysis reveals that the China‑aligned APT group Webworm has expanded its toolkit with two novel backdoors—EchoCreep, which leverages Discord, and GraphWorm, which uses Microsoft Graph API via OneDrive—for command‑and‑control. The group has moved its targeting from Asia toward...
FBI Warns Students and Staff that ShinyHunters May Come Knocking After Canvas Breach
On May 15, 2026 the FBI’s Internet Crime Complaint Center warned that the ShinyHunters extortion gang may target students and staff after breaching the Canvas learning‑management system operated by Instructure. Instructure confirmed it paid a ransom and received shred logs...
Security Is Like Insurance: You only Value It After the Crash
The piece underscores that the human element drives the majority of cyber incidents, with 74% of breaches linked to employee error, social engineering or stolen credentials. High‑profile attacks such as SolarWinds and the 2023 MGM Resorts ransomware—where a simple phone...
IBM Brings Its Most Advanced AI-Powered Security Portfolio to Clients, and Is Strengthened by Ongoing Project Glasswing Work
IBM announced an expanded AI‑powered security portfolio, highlighted by the IBM Concert platform that unifies application, infrastructure and network signals to pre‑empt vulnerabilities. The company also deepened its partnership with Anthropic as part of Project Glasswing, a coalition aimed at...
Wall Street Watchdogs Pause Some Cyber Exams After Mythos Shock
U.S. regulators, including the Federal Reserve and OCC, have temporarily paused cyber‑related examinations of the nation’s largest banks to give them time to assess risks from Anthropic’s new Mythos AI model. Anthropic announced limited access to Mythos and launched Project...
AI Resilience: Why Trust and Security Must Be the Foundation of AI Adoption
Enterprises are racing to embed AI into core operations, but security lags behind, creating a widening exposure to both traditional cyber threats and AI‑specific attacks. The article highlights how model poisoning, prompt injection, and unsecured AI agents are becoming common...
Inside the 2026 NASCIO-Deloitte Cybersecurity Study with Meredith Ward
In this episode of NACIO Voices, Deputy Executive Director and cybersecurity expert Meredith Ward breaks down the 2026 NACIO‑Deloitte Cybersecurity Study, highlighting a sharp decline in state CISOs' confidence amid rising AI‑driven threats, tighter budgets, and workforce challenges. She explains...
Max-Severity Flaw in ChromaDB for AI Apps Allows Server Hijacking
A max‑severity vulnerability (CVE‑2026‑45829) was discovered in ChromaDB’s Python FastAPI server, allowing unauthenticated attackers to execute arbitrary code. The flaw resides in an endpoint that loads a model from Hugging Face before authentication, letting malicious payloads run even if the...