Today's Cybersecurity Pulse
South African government websites expose hundreds of unpatched vulnerabilities
A cybersecurity researcher identified exploitable flaws on more than 1,600 South African government sites, many managed by the State Information Technology Agency. One in seven SITA‑run public systems and one in five non‑SITA systems contain known, unpatched issues, some dating back over a decade, highlighting systemic risk after a recent ransomware breach of the Statistics agency.
Also developing:
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon’s 2026 Data Breach Investigations Report warns that vulnerability exploitation surged 31% to become the leading initial‑access vector, while only 26% of critical flaws were fully remediated in 2025. The volume of detected vulnerabilities exploded, with records rising from 68.7 million in 2022 to 527.3 million in 2025—an eight‑fold jump driven largely by AI‑assisted bug hunting. Threat actors are leveraging generative AI to accelerate exploit development, creating an asymmetric advantage over defenders. The report reiterates that disciplined patch prioritization and strong cyber fundamentals remain the most effective defense.
Attackers Hit Vulnerabilities Hard Last Year, Making Exploits the Top Entry Point for Breaches
Verizon’s 2026 Data Breach Investigations Report shows exploits became the leading initial access vector, responsible for 31% of over 22,000 breaches—up from 20% the prior year. Only 26% of critical vulnerabilities in the CISA Known Exploited Vulnerabilities (KEV) catalog were...
Contractor’s Public GitHub Account Exposed GovCloud and CISA Credentials
An unsecured personal GitHub repository, labeled “Private‑CISA,” publicly exposed AWS GovCloud credentials, GitHub tokens, and internal CISA documentation. The repo, created by a contractor and live since November 2025, contained 844 MB of Kubernetes configs, scripts, and plain‑text passwords before being taken...
Hackers Using AI Just Found a ‘Zero-Day.’ The Spyware Industry Is Watching.
Google disclosed that hackers for the first time employed artificial intelligence to locate and weaponize a zero‑day vulnerability that could bypass two‑factor authentication across its services. The breakthrough collapses the traditional cost, time and expertise barriers to zero‑day development, a...
Discord Completes End‑to‑End Encryption for All Voice and Video Calls
Discord announced on May 18, 2026 that it has finished rolling out its DAVE protocol, delivering end‑to‑end encryption (E2EE) to every voice and video call on the platform. The multi‑year effort began in September 2024 after early experiments in 2023...
Grafana Labs Confirms GitHub Breach, Code Exfiltrated and Ransom Demanded
Grafana Labs disclosed that a stolen GitHub token let attackers download its entire codebase, prompting a ransom demand that the company rejected. No customer data was compromised, but the incident highlights supply‑chain risks for open‑source projects.
Wireless Security Is a Battle of AI Vs. AI
A Cisco survey of 6,098 organizations reveals that 85% suffered at least one wireless security incident in the past year, with 58% incurring financial losses—half exceeding $1 million annually. AI‑generated or automated attacks now top the threat landscape, cited by 35%...
CISA Exposes Secrets, Credentials in 'Private' Repo
GitGuardian researcher uncovered a public GitHub repository labeled “Private‑CISA” that belonged to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The repo, accessible since Nov 13 2025, contained 844 MB of sensitive data—including plain‑text passwords, AWS tokens, SAML certificates, CI/CD logs, and Kubernetes...
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
SentinelOne has uncovered SHub Reaper, a new macOS malware that blends infostealer and backdoor capabilities. The variant disguises itself as Apple, Google and Microsoft updates, using fake WeChat and Miro installers and typosquatted domains to lure victims. It bypasses Apple’s...
The Real Reason CMMC Costs Are Shocking Companies
The Cybersecurity Maturity Model Certification (CMMC) is now in phased rollout, and companies are confronting the combined expense of implementing NIST SP 800‑171 controls and paying for third‑party assessments. Official DoD estimates list assessment fees around $105,000‑$118,000 for three years, but those...
Drupal Is Rolling Out an Emergency Security Update on May 20. You Cannot Miss It
The Drupal Security Team will issue an emergency core update on May 20 between 17:00‑21:00 UTC for all supported branches. The advisory warns that exploits could appear within hours, urging administrators to reserve time for immediate patching. Patches cover branches 11.3.x, 11.2.x,...
CIOs Must Act on Post‑quantum Cryptography Today.
CIOs must take post quantum cryptography seriously today or risk future peril. #CIO #CISO #Quantum #Cybersecurity https://t.co/vZgTOh99DD
CIOs Must Take Post Quantum Cryptography Seriously Today or Risk Future Peril
Quantum computers are poised to break the cryptographic algorithms that protect most enterprise data, with experts predicting practical attacks as early as 2029. Post‑Quantum Cryptography (PQC) offers algorithms resistant to both classic and quantum attacks, but many organizations have yet...
Analysis & Implications of the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC)
The Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC) was announced today as a private‑sector nonprofit aimed at bolstering cyber defenses across the U.S. telecommunications landscape. Founding members include AT&T, Verizon, T‑Mobile, Comcast, Charter, Cox, Lumen and Zayo, with...
Microsoft Pushes Personal Accounts Away From SMS Codes Toward Passkeys
Microsoft is phasing out SMS verification codes for personal accounts, steering users toward passkeys, the Microsoft Authenticator app, and verified email addresses for sign‑in and recovery. The change affects Outlook.com, Xbox, Microsoft 365 and other consumer services. Passkeys rely on device‑based...
Massive Npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised
A coordinated supply‑chain attack compromised more than 300 npm packages in the AntV ecosystem, a suite of data‑visualization tools originally built by Alibaba. Attackers hijacked the maintainer account “atool” and published malicious versions within a 22‑minute window, embedding malware that...
The Invisible Workforce: Why Your Household Apps Now Have Their Own Digital IDs
The article warns that machine identities—digital certificates, tokens and API keys used by applications, cloud workloads, bots and AI agents—are proliferating faster than human credentials. These invisible workers perform critical tasks with high privileges but often lack oversight, making them...
Azure Hub-and-Spoke Generally Available for HCP Vault Dedicated
HashiCorp announced that Azure hub‑and‑spoke networking for HCP Vault Dedicated is now generally available. The new capability lets enterprises attach Vault to a centralized Azure virtual network without bespoke routing, peering, or firewall exceptions. By leveraging HashiCorp Virtual Networks, customers...
Cyber Security Moves Up the SMB Agenda as AI Adoption Exposes Operational Gaps
Small and medium-sized businesses are elevating cyber security to a top strategic priority as AI, SaaS, and third‑party integrations expand their attack surface. A new IDC‑sponsored study of 2,200 SMBs across North America, Europe and South Africa finds 60% plan...
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Researchers at HUMAN’s Satori team uncovered a sophisticated Android ad‑fraud operation named Trapdoor, leveraging 455 malicious utility‑style apps and 183 C2 domains. At its peak the scheme generated 659 million ad‑bid requests per day and prompted more than 24 million app installs,...
Anthropic Shifts Stance on Mythos to Enable Shared Threat Intelligence
Anthropic announced that its AI‑driven cybersecurity platform Mythos will now permit partners to share threat findings, best practices, and tools with each other, the public, and media outlets. Until now Mythos was limited to a few tech firms and U.S....
AI‑Powered Defenses Become Critical as Cloud Attack Speed Slashes to Days
Google Cloud Security’s new report shows the window between vulnerability disclosure and mass exploitation has collapsed from weeks to days, while Mandiant’s 2025 survey finds automated attack handoffs now average 22 seconds. The twin findings push DevSecOps teams toward AI‑augmented,...
AI Faces External and Internal Security Threats, Unprepared
AI Security Threats Coming From Outside And Inside, And Few Are Ready (My latest in @forbes) https://t.co/DzD1PKLGdd
Iran-Linked Handala Claims Cyber‑physical Strike on UAE’s Fujairah Port, Stealing 430,000 Documents
Iran-linked hacker group Handala announced a cyber‑physical attack on the UAE’s Fujairah Port, claiming to have exfiltrated more than 430,000 confidential documents, including detailed oil‑line maps. Tehran’s state news agency echoed the claim, suggesting coordination with the Iranian military, though...
The Glasswing Warning: What Companies Outside the Inner Circle Must Do Now
Anthropic’s Claude Mythos preview, a reasoning‑first AI model, has autonomously uncovered thousands of high‑severity zero‑day vulnerabilities across major operating systems and browsers. Only a privileged inner circle—Apple, Amazon and Microsoft—has been granted early access to begin remediation, leaving the rest...
Orange and WEF Launch Tool to Map Cybercrime
Orange’s Cyberdefense unit and the World Economic Forum have launched Cosmos, a new component of the WEF’s Cybercrime Atlas initiative. Using open‑source research and Orange’s threat‑intelligence platform, Cosmos will build a universal taxonomy and interactive knowledge‑graph of the global cyber‑crime...
Patch Fatigue Drives Surge in Vulnerability Exploitation
Verizon DBIR 2026: Vulnerability Exploitation Takes the Lead, and Patch Fatigue Is the Reason https://t.co/VqEwEEH8Qb
CROCS Turns OT Cyber Policy Into Action
CROCS, the Air Force’s Cyber Resiliency Office for Control Systems, is moving Pentagon OT cyber directives into concrete actions. The office has built a 100‑point cyber plan, tracks each initiative, and convenes over 100 OT experts each month. It also...
Hackers Have Compromised Dozens of Popular Open Source Packages in an Ongoing Supply-Chain Attack
Hackers have launched a new supply‑chain assault, hijacking a developer account to publish over 630 malicious versions across 317 open‑source packages in just 20 minutes. Cybersecurity firms StepSecurity and SafeDep flagged the rapid rollout, which targets credential‑stealing code embedded in...
US Cyber Agency CISA Exposed Reams of Passwords and Cloud Keys to the Open Web
U.S. Cybersecurity and Infrastructure Security Agency (CISA) discovered that a contractor employee inadvertently published spreadsheets on GitHub containing plaintext passwords, cloud access tokens, and other credentials for CISA and Department of Homeland Security systems. Security researcher Guillaume Valadon identified the exposure,...
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Microsoft’s Digital Crimes Unit filed a civil suit in New York to dismantle Fox Tempest, a cyber‑crime enabler that sold malware‑signing‑as‑a‑service. The group’s infrastructure, including the Signspace.cloud site and roughly 1,000 accounts, was sinkholed and hundreds of VPS instances were disabled....
Microsoft Disrupts Cybercrime Service Offering Malware Disguised as Legitimate Software
Microsoft disrupted the “malware‑signing‑as‑a‑service” operation known as Fox Tempest, seizing its website, shutting down hundreds of virtual machines, and blocking related code‑hosting sites. The group sold code‑signing certificates that made ransomware and other malware appear legitimate, charging thousands of dollars per...
3 in 4 Compromised Healthcare Devices Expose Patient Records, Flare Report Reveals
Flare’s 2026 State of Healthcare Credential Exposure report documents a 33% year‑over‑year surge in compromised healthcare credentials, with nearly three‑quarters of infected devices leaking EHR/EMR logins. The United States accounts for 48% of all healthcare‑related credential logs surfaced on underground...
Microsoft Disrupts Cybercrime Service that Abused Software Verification Systems en Masse
Microsoft’s Digital Crimes Unit secured a court order to dismantle Fox Tempest, a threat group that ran a malware‑signing‑as‑a‑service. The group sold more than 1,000 forged code‑signing certificates, charging up to $9,500 each, enabling ransomware gangs to bypass security controls....
Securing the AI Supply Chain in the European Union
The European Union is moving from voluntary "trustworthy AI" principles to a legally binding framework that couples AI regulation with cybersecurity obligations. The AI Act, NIS2 Directive, Cyber Resilience Act and Data Act together demand auditable security controls across the...
Anthropic’s Mythos Threatens Healthcare Cybersecurity: 6 Updates
Anthropic’s Claude Mythos preview can autonomously discover and exploit zero‑day vulnerabilities across major operating systems and browsers, a leap in AI‑driven cybersecurity. Researchers found thousands of previously unknown flaws before the model’s restricted release, and even users with limited training...
Building an Efficient Side-Channel-Resilient Post-Quantum Root-of-Trust Design
The OpenTitan project introduces a hardware‑software co‑design that hardens post‑quantum ML‑DSA for root‑of‑trust devices against side‑channel attacks. Dedicated mask‑conversion accelerators and vectorized arithmetic in the OTBN reduce the performance penalty of full masking to roughly 2‑4×, making secure boot feasible....
Applying OpenTelemetry Security Practices in Legacy Environments
OpenTelemetry is expanding into manufacturing and other legacy environments, but traditional systems lack the flexibility to apply cloud‑native security controls. The article explains that security must shift from the source to the telemetry pipeline, emphasizing the role of the OpenTelemetry...
Lessons for Irish Organisations From the Verizon 2026 Data Breach Investigations Report (DBIR)
The Verizon 2026 Data Breach Investigations Report, analyzing over 31,000 incidents, shows vulnerability exploitation now accounts for 31% of breaches, surpassing stolen credentials at 13%. Only 26% of critical CISA‑listed vulnerabilities were fully remediated in 2025, while ransomware featured in...
AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines
DragonForce ransomware‑as‑a‑service group alleges it exfiltrated 390 GB from AdvancedHEALTH, including 2.3 million patient records—83 k of them minors—and a trove of business documents, threatening to publish 1,000 lines daily until a ransom is paid. AdvancedHEALTH has not confirmed the claim, though an...
Anthropic’s Mythos and OpenAI’s GPT‑5.5 Ignite AI Security Arms Race
Anthropic unveiled its general‑purpose Mythos model, which flagged thousands of previously unseen security flaws, while OpenAI rolled out GPT‑5.5, a more capable code‑generation engine. The twin releases have forced CIOs and CISOs to accelerate AI‑risk programs and reconsider defensive architectures.
Solo Hacker Uses Claude AI to Breach Mexican Government, Exfiltrates 150 GB Data
A single, unaffiliated cybercriminal used two commercial AI subscriptions to jailbreak Claude and, later, ChatGPT, extracting 150 GB of sensitive data from Mexico’s tax authority, electoral institute and several state governments. The breach, confirmed by Gambit Security, marks the largest solo‑operator...
Internet Explorer May Be Dead, but Its Ghost Still Runs Malware
Microsoft’s legacy mshta.exe utility, a component of the retired Internet Explorer, remains a favorite living‑off‑the‑land binary for attackers. Bitdefender’s research shows MSHTA is being leveraged in active campaigns involving loaders like CountLoader, stealers such as LummaStealer, and the PurpleFox backdoor....
Understanding the Modern Cybercrime Landscape
HPE’s 2025 "In the Wild" report reveals that cybercriminal groups have industrialized their operations, leveraging automation and generative AI to scale attacks. The study identifies five inter‑related factors shaping today’s threat landscape: heightened network expectations, tighter financial constraints, increasingly complex...
Healthcare Cyber Exercise Tops 300 Registrations as Operational Details Emerge
Operation Vital Signs, a national healthcare cybersecurity tabletop exercise organized by the HSCC Cybersecurity Working Group and Health‑ISAC, has attracted over 300 registrations since opening in May. The July 21‑22 event will simulate a sector‑wide cyber incident focused on trusted...
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanners such as Claude Mythos and OpenAI’s GPT 5.5‑Cyber now enable firms to instantly locate and remediate software bugs. ENISA’s chief highlighted that under the EU Cyber Resilience Act, which takes full effect on 11 December 2027, security by design is...
Agentic AI Accelerates Software Builds and Mobile App Attacks
Digital.ai’s 2026 Application Security Threat Report reveals that 87% of customer‑facing mobile apps were attacked in 2026, up from 55% in 2022. The surge mirrors the rapid adoption of agentic AI, which lets low‑skill threat actors automate code inspection, exploit...
Everpure’s Immutable Snapshots Provide Accelerated Malware Attack Recovery
Everpure introduced in‑array immutable snapshots paired with its AI‑driven 1touch context engine, promising ransomware recovery in minutes instead of weeks. The Everpure Data Cloud guarantees data can be rolled back to the last known clean state, with a Human‑in‑the‑Loop (HITL)...
Assume Autonomy: Why Security Teams Need to Rethink Defence at Machine Speed
The article argues that the long‑standing belief that attackers and defenders operate at comparable speeds is obsolete. Advances in generative AI now let machines discover vulnerabilities and launch exploits with little human oversight, forcing a shift to an "Assume Autonomy"...
Cloudflare Says Anthropic's Mythos Preview Finds Exploit Chains that Earlier Frontier Models Missed
Cloudflare evaluated Anthropic’s security‑focused AI model Mythos Preview across more than 50 of its own code repositories as part of Project Glasswing. The model can automatically chain small vulnerabilities into working exploit sequences, compile proof‑of‑concept code, and demonstrate real‑world exploitability....