Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Cybercriminals Exploit Maduro Arrest News to Spread Backdoor Malware
Cybercriminals are exploiting news of Venezuelan President Nicolás Maduro’s alleged arrest to distribute a backdoor malware via spear‑phishing ZIP attachments. The ZIP contains a weaponized KuGou executable that loads a malicious DLL through DLL search‑order hijacking, creates a hidden Technology360NB folder, and establishes persistence via a Run registry key. After forcing a system restart, the malware contacts a TLS‑encrypted command‑and‑control server at 172.81.60.97. Researchers note similarities to Mustang Panda tactics but stop short of definitive attribution.
7MS #709: Second Impressions of Twingate
In this episode the host revisits Twingate, focusing on the new Twingate LXC connector and how it’s been deployed to replace most remote access to datacenter servers and pentest dropboxes. He shares practical observations on performance, security benefits, and the...
USPS to Restrict Access to Package Tracking
USPS announced it will restrict access to package tracking data for commercial API users, introducing paid access and stricter authorization requirements. Consumers can still view tracking information on the USPS website, mobile app, and Informed Delivery without changes. The new...
Microsoft May Soon Allow IT Admins to Uninstall Copilot
Microsoft is testing a new RemoveMicrosoftCopilotApp policy that lets IT administrators uninstall the AI‑powered Copilot app from managed Windows 11 devices. The policy rolls out to Dev and Beta Insider channels on build 26220.7535 and works with Intune or SCCM. It targets...
Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses
AI-driven cyber defense has shifted from optional to essential as threats become faster, more sophisticated, and harder to detect with legacy tools. Machine‑learning models analyze massive network and user‑behavior data in real time, flagging anomalies and enabling automated response. Companies...
Top 10 Privileged Access Management Solutions for 2026
Privileged Access Management has shifted from a compliance checkbox to a critical security control as organizations adopt hybrid cloud, SaaS, DevOps pipelines, and AI agents. The 2026 guide evaluates ten leading PAM vendors, highlighting capabilities such as Zero Standing Privileges,...
AI Deployments Targeted in 91,000+ Attack Sessions
Researchers observed more than 91,000 attack sessions targeting AI infrastructure over a four‑month window, highlighting a shift from experimental probing to systematic exploitation. The first campaign leveraged server‑side request forgery against Ollama and Twilio webhooks, using a uniform JA4H TLS...
Tonic.ai Product Updates: January 2026
Tonic.ai’s January 2026 release adds Guided Redaction in Textual, a beta human‑in‑the‑loop workflow that couples AI detection with manual review for high‑risk data. The platform also expands model‑based custom entity types, letting users train detectors for niche business vocabularies. A...
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
XMRig, an open‑source Monero miner, is increasingly weaponized by threat actors across Windows, Linux, Kubernetes and AWS environments. Recent campaigns have leveraged the high‑severity React2Shell exploit and UPX‑packed binaries to spread the miner via game torrents and commodity malware. Expel’s...
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records
A hacker using the alias “Lovely” is now offering nearly 40 million Condé Nast user records for sale, expanding on a prior leak of 2.3 million Wired.com accounts. The alleged dataset spans dozens of Condé Nast‑owned sites, including high‑traffic titles such as Vanity Fair,...
Tim Kosiba Named NSA Deputy Director
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical vulnerability (CVE-2026-21876) in the OWASP Core Rule Set lets attackers bypass charset validation, enabling encoded XSS payloads to slip past web application firewalls. The flaw resides in rule 922110, which only inspects the final part of multipart requests,...
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained
MITRE’s Center for Threat‑Informed Defense released a major update to its INFORM maturity model, incorporating two years of field feedback and new partner input. The revision introduces revamped assessment questions, a timeliness factor, and an impact‑vs‑complexity recommendation matrix. INFORM now...
Illinois Man Charged with Hacking Snapchat Accounts to Steal Nude Photos
Illinois prosecutors have charged 26‑year‑old Kyle Svara with a large‑scale phishing scheme that compromised roughly 570 Snapchat accounts, stealing private photos from nearly 600 women. Between May 2020 and February 2021 he impersonated Snap representatives, texting over 4,500 targets to obtain access...
European Commission Opens Consultation on EU Digital Ecosystems
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
Data Governance in Banking, Financial and Insurance Industry
The BFSI sector faces mounting regulatory pressure, prompting banks, insurers and financial firms to adopt rigorous data‑governance frameworks. Robust policies, access controls and quality standards protect customer data, reduce fraud risk, and enable faster, more accurate decision‑making. Vendors such as...
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
Fog Ransomware Targets U.S. Organizations via Compromised VPN Credentials
Arctic Wolf Labs identified a new ransomware variant called Fog targeting U.S. organizations, primarily in education (80%) and recreation (20%) sectors. The attackers gained entry through compromised VPN credentials from two vendors and quickly escalated privileges using pass‑the‑hash, PsExec, and credential‑stuffing...
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
Illinois Man Charged in Snapchat Hacking Investigation
Illinois resident Kyle Svara was indicted in Boston federal court for phishing Snapchat access codes from roughly 570 women, accessing at least 59 accounts, and stealing nude images. He allegedly sold or traded the illicit content on internet forums. The...
Palo Alto Crosswalk Signals Had Default Passwords
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
XRAT Malware Targets Windows Users via Fake Adult Game
AhnLab Security Intelligence Center uncovered a campaign that disguises the open‑source xRAT (QuasarRAT) remote‑access trojan as a fake adult game on Korean web‑hard services. The ZIP archive contains a Game.exe launcher that first runs a legitimate game stub, then copies...
AI-Powered Truman Show Operation Industrializes Investment Fraud
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China
Chinese authorities extradited billionaire Chen Zhi and two associates from Cambodia to face charges linked to the Prince Group’s $15 billion Bitcoin‑based pig‑butchering operation. The joint China‑Cambodia investigation uncovered forced‑labour scam compounds, seized the largest cryptocurrency haul in history, and triggered...
The Cyber Express Weekly Roundup: Schools, Hacktivists, and National Cyber Overhauls
The first week of 2026 saw a wave of cyber incidents spanning education, activism, corporate, and government sectors. Higham Lane School in England shut down after ransomware crippled systems for 1,500 students, while Australian insurer Prosura faced unauthorized access exposing...
50 Best Free Cyber Threat Intelligence Tools – 2026
The article curates a list of the 50 best free cyber‑threat‑intelligence (CTI) tools available in 2026, spanning data‑feeds, analysis platforms, automation frameworks, and IOC‑parsers. It highlights open‑source projects such as MISP, OpenCTI, and IntelMQ, as well as real‑time feeds like...
The Role of Initial Access Markets in Ransomware Campaigns Targeting Australia and New Zealand
The 2025 Threat Landscape Report shows a sharp rise in initial‑access sales targeting Australia and New Zealand, with 92 documented compromised‑access listings. Retail accounts for roughly one‑third of incidents, while BFSI and professional services together make up over half. The market...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)
Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]
Sectigo is retiring its legacy multi‑purpose root and intermediate CAs in favor of single‑purpose public roots, with a hard migration deadline of January 1 2026. Browsers will cease to trust certificates issued under the old chains, causing security warnings, broken HTTPS, and...
January 2026 Patch Tuesday Forecast: And so It Continues
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
How AI Agents Are Turning Security Inside-Out
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security Teams Are Paying More Attention to the Energy Cost of Detection
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
Wi-Fi Evolution Tightens Focus on Access Control
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
CISA Retires 10 Emergency Cyber Orders in Rare Bulk Closure
The Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives spanning 2019‑2024, the largest bulk closure in its history. All required mitigations are now covered by Binding Operational Directive 22‑01, which leverages the agency’s Known Exploited Vulnerabilities (KEV) catalog....
CCPA Compliance Checklist for 2026: What You Need to Know
The California Consumer Privacy Act (CCPA) is entering a pivotal phase in 2025‑26 as inflation‑adjusted thresholds raise applicability and new rules target automated decision‑making and cybersecurity governance. Organizations must continuously reassess scope, maintain precise data inventories, and embed repeatable rights‑fulfillment...
How Does Agentic AI Adapt to Changing Security Needs?
Organizations increasingly rely on machine identities, or non‑human identities (NHIs), to authenticate services in cloud environments. Effective NHI management—covering discovery, classification, threat detection, and remediation—delivers risk reduction, compliance, and operational efficiency. Agentic AI platforms enable dynamic policy adaptation, cross‑department collaboration,...
Cisco Switches Hit by Reboot Loops Due to DNS Client Bug
Cisco has identified a firmware bug in the DNS client service of several switch families that treats DNS lookup failures as fatal, causing affected devices to reboot repeatedly. The issue, first observed around 2 AM on July 18, 2024, impacts CBS250, CBS350,...
NDSS 2025 – ReThink: Reveal The Threat Of Electromagnetic Interference On Power Inverters
Researchers from Zhejiang University presented at NDSS 2025 a study exposing electromagnetic interference (EMI) threats to photovoltaic (PV) power inverters. They found that current and voltage sensors inside inverters are vulnerable to EMI at frequencies of 1 GHz or higher despite...
GenDigital Research Exposes AuraStealer Infostealer Tactics
GenDigital researchers detailed AuraStealer, a modular malware‑as‑a‑service infostealer targeting Windows 7‑11 systems. The threat spreads through “scam‑yourself” TikTok videos and cracked software, then harvests credentials, session tokens, and financial data. AuraStealer employs advanced evasion such as exception‑driven API hashing, Heaven’s...
135% Surge: Inside the Holiday Bot Attacks of December 2025
In December 2025, malicious bot traffic surged 135% year‑over‑year, turning the holiday season into a cyber‑fraud hotspot. AI‑enhanced bots mimicked human browsing, generated high‑fidelity synthetic identities, and performed adaptive reconnaissance, making detection harder. The spike spanned vulnerability scanning, credential stuffing,...
Securing MCP Servers at Scale: How to Govern AI Agents with an Enterprise Identity Fabric
Enterprises are witnessing a rapid, uncontrolled rollout of Model Context Protocol (MCP) servers, with research showing 15.28% of a 10,000‑person workforce running an average of two servers each. Most deployments use full‑privilege personal access tokens, store credentials in plaintext, and...
When the Vendor Becomes the Customer: Building Internal Tools on an Agentic IAM Platform
Aembit’s test automation team built an internal dashboard to aggregate nightly test results from Qase.io and Slack, using the Aembit Workload IAM platform for runtime credential injection. By centralizing access policies, the Flask‑Vue service never handled static API keys, eliminating...
US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case
A 25‑year‑old Montana man, Jeremiah Daniel Starr, received a 46‑month federal prison sentence for a three‑year cyberstalking campaign that escalated into a fake shooting inside the victim's apartment. Investigators uncovered his use of more than 50 phone numbers and NordVPN...
How to Protest Safely in the Age of Surveillance
Protests erupted after a federal officer killed Renee Nicole Good in Minneapolis, sparking nationwide unrest against the Trump administration's immigration policies. Activists warn that modern surveillance tools—from IMSI catchers to facial‑recognition cameras—are being deployed to monitor and suppress dissent. The...
Texas Court Blocks Samsung From Tracking TV Viewing, Then Vacates Order
A Texas district court issued a temporary restraining order (TRO) on Jan. 5 prohibiting Samsung from collecting audio and visual data from smart‑TVs using Automated Content Recognition (ACR). The order cited deceptive enrollment practices and alleged Chinese Communist Party access to...
Texas Court Blocks Samsung From Collecting Smart TV Viewing Data
Texas a district court issued a temporary restraining order prohibiting Samsung from collecting, selling, or transferring audio‑visual data from smart TVs owned by Texas residents. The order targets Samsung’s Automated Content Recognition (ACR) system, which captures screenshots every 500 milliseconds...
New Zero-Click Attack Lets ChatGPT User Steal Data
Researchers at Radware disclosed a new prompt‑injection method called ZombieAgent that lets ChatGPT exfiltrate data from integrated services such as Gmail, Outlook, Google Drive, and GitHub. The technique sidesteps OpenAI’s recent URL‑modification guardrails by using pre‑built static URLs, leaking information...
China-Linked UAT-7290 Targets Telecom Networks in South Asia
Cisco Talos has identified a long‑running cyber‑espionage campaign, designated UAT‑7290, targeting high‑value telecommunications infrastructure across South Asia since at least 2022. The group compromises public‑facing edge devices using one‑day vulnerabilities and SSH brute‑force techniques, deploying a suite of Linux‑based tools...
The Myth of Linux Invincibility: Why Automated Patch Management Is Key to Securing the Open Source Enterprise
The article debunks the myth that Linux’s inherent security makes it invulnerable, emphasizing that unpatched vulnerabilities are a growing risk for enterprises. Recent SANS and NVD data show rising ransomware, kernel exploits, and misconfigurations targeting Linux workloads. Automated, autonomous patch...
CISA Warns of Attacks on PowerPoint and HPE Vulnerabilities
CISA has added two high‑severity flaws to its 2026 Known Exploited Vulnerabilities (KEV) catalog: CVE‑2025‑37164, a code‑injection bug in Hewlett Packard Enterprise OneView rated 10.0, and CVE‑2009‑0556, a 9.3‑severity remote‑code‑execution issue in legacy Microsoft PowerPoint 2000‑2004. Rapid7 published a proof‑of‑concept...