Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns
The Go filesystem‑notification library fsnotify, used by over 300,000 projects, faced a governance shock when long‑time contributor Yasuhiro Matsumoto lost access to its GitHub organization. The dispute coincided with the release of versions 1.10.0 and 1.10.1 after a year of inactivity, prompting downstream users to question the integrity of the code. While no malicious changes have been detected, the episode has sparked supply‑chain anxiety across the open‑source ecosystem. A community fork, gofsnotify/fsnotify, is now being watched as a possible fallback.
1 Billion IDs Exposed: America’s Data Security Crisis
Every day, in every way, it gets worse. Surely there’s no one left in America whose personal information isn’t already in the hands of crooks.. IDMerit exposes 1 billion identity records in unprotected database | Fox News
Critical CVE‑2024‑YIKES Fuels 73‑hour Supply‑chain Breach Affecting 4 Million Developers
A compromised JavaScript package triggered CVE‑2024‑YIKES, leading to a 73‑hour incident that spread malware to roughly 4 million developers. The breach moved through a Rust compression library and a Python build tool before being unintentionally patched by a cryptocurrency mining worm.
AI‑Powered Cyber Threats Loom Over Banks as Security Gaps Expose Financial Systems
Commentators warn that Anthropic's Claude Mythos AI model can uncover and exploit cyber‑security weaknesses, a development that has already rattled security‑stock prices. The risk is especially acute for banks, whose data and payment infrastructures could become prime targets for AI‑enabled...
Anthropic Opens Public Bug Bounty on HackerOne to Boost Claude Security
Anthropic has launched a public bug bounty program on HackerOne, inviting external researchers to disclose flaws in Claude.ai, its API, Claude Code and related assets. The move follows the company's recent Mythos and Project Glasswing initiatives and signals a broader...
Trinity Researchers Bring True Privacy to Cloud Collaboration as Europe Rethinks Its Tech Reliance on US Tech Giants
Trinity College Dublin researchers have unveiled InvizCrypt, a cloud collaboration platform that encrypts documents on the user’s device, ensuring the service provider cannot read any content. The system currently supports LaTeX editing for research teams and will expand to document...
How to Secure Secrets in CI/CD Pipelines
CI/CD pipelines automate every code change but rely on a web of credentials, making them prime targets for secret leakage. Common missteps include storing plain‑text tokens in repositories, using long‑lived keys, and exposing secrets through logs or environment variables. The...
Google Discovers Weaponized Zero-Day Exploits Created with AI
Google's Threat Intelligence Group (GTIG) uncovered what it believes is the first AI‑crafted zero‑day exploit observed in the wild, a Python script that bypasses two‑factor authentication on a widely used open‑source system‑administration tool. The exploit was traced to a cybercrime...
Hackers Use AI for Exploit Development, Attack Automation
Google’s Threat Intelligence Group released research showing that threat actors are now using large language models to develop exploits and automate attacks. The report documents a zero‑day Python script that bypasses two‑factor authentication, likely generated with an AI model, and...
Google Spotted an AI-Developed Zero-Day Before Attackers Could Use It
Google's Threat Intelligence Group uncovered a zero‑day exploit that was generated by artificial intelligence and warned the vulnerable vendor before a notorious cybercrime group could launch a mass‑exploitation campaign. The exploit targeted a popular open‑source web‑based administration tool, using a...
Linux Developers Weigh Emergency “Killswitch” For Vulnerable Kernel Functions
Linux kernel maintainers are evaluating a "killswitch" patch that lets privileged administrators disable individual kernel functions at runtime. The proposal, submitted by Sasha Levin, follows the public disclosure of two high‑impact privilege‑escalation bugs—Copy Fail (CVE‑2026‑31431) and Dirty Frag (CVE‑2026‑43284/43500). By...
Generative AI Turns Identity Theft Into an Industrial-Scale Operation
A Bloomberg investigation reveals that generative AI and autonomous agents are turning identity theft into an industrial‑scale operation in the United States. Tools such as FraudGPT can test millions of Social Security numbers in minutes, while sub‑agents scrape darknet data,...
SailPoint Agentic Fabric Expands Identity Governance to Autonomous AI Agents
SailPoint unveiled Agentic Fabric, a platform that extends its Identity Security Cloud to govern AI agents and other non‑human identities. The solution provides discovery, mapping, real‑time authorization and threat response, linking each agent to a human owner. It launches with...
Canvas Hack Exposes Risks of Centralized EdTech Data
'The Biggest Student Data Privacy Disaster in History': Canvas Hack Shows the Danger of Centralized EdTech https://t.co/uYhtnaIe2g
UK Government Renews Calls to Sign Cyber Resilience Pledge
The UK government is urging businesses to sign the Cyber Resilience Pledge, a new initiative tied to the Cyber Security and Resilience Bill that will launch later this year. The pledge requires three actions: making cyber security a board‑level responsibility,...
Why Penetration Testing in Security Audits Is the Key to Uncovering Vulnerabilities
The article stresses that adding penetration testing to routine security audits is vital for exposing hidden vulnerabilities, especially as AI‑driven threats become more sophisticated. Audits evaluate policies, compliance, and overall system health, while pen tests simulate real attacks to uncover...
CPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication‑bypass flaw in cPanel and WHM (CVE‑2026‑41940) is being actively exploited by the sophisticated Mr_Rot13 cyber‑crime group. The vulnerability, rated 9.8 on the CVSS scale, lets unauthenticated attackers gain full admin rights on Linux servers. Since its public...
OpenAI Is Offering Europe Access to Its Cybersecurity AI Model. But Anthropic Is Holding Out
OpenAI announced it will grant the European Union access to its new cybersecurity AI model, GPT‑5.5‑Cyber, through a limited preview for vetted cybersecurity teams, governments and EU bodies. The European Commission welcomed the offer, saying it will enable close monitoring...
Webinar This Week: Prevention Alone Is Not Enough Against Modern Attacks
BleepingComputer will host a live webinar on May 14, 2026 featuring Kaseya’s Austin O'Saben. Titled “From phishing to fallout: Why MSPs must rethink both security and recovery,” it examines how AI‑generated phishing, business‑email compromise, ransomware and SaaS abuse bypass traditional defenses. The...
Dirty Frag: Linux Kernel Hit by Second Major Security Flaw in Two Weeks
An independent researcher disclosed a new Linux kernel vulnerability dubbed “Dirty Frag,” following the recent “Copy Fail” bug. The flaw, tracked as CVE‑2026‑43284 and CVE‑2026‑43500, lets a low‑privilege user corrupt in‑memory files and escape containers when both components are chained....
Did the EU Parliament Really Vote Not to Protect Children Online?
In April 2026 the EU’s interim ePrivacy derogation – known as “Chat Control 1.0” – expired after the European Commission delayed its extension proposal and the Council refused Parliament’s privacy safeguards. The European Parliament voted to preserve its negotiating mandate...
Checkmarx Tackles Another TeamPCP Intrusion as Jenkins Plugin Sabotaged
Checkmarx disclosed that a malicious version of its Jenkins AST plugin was uploaded to the Jenkins Marketplace, prompting an urgent advisory to users. The compromised package, part of the company’s code‑security suite, was identified over the weekend and is being...
PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely
A set of new PHP vulnerabilities, highlighted by a high‑severity Use‑After‑Free flaw in the SOAP extension (CVE‑2026‑6722), enables remote code execution on unpatched servers. Additional moderate bugs expose denial‑of‑service and out‑of‑bounds read issues across core modules. The flaws affect PHP...
Palantir’s Access to Identifiable NHS England Patient Data Is ‘Dangerous’, MPs Say
The UK NHS has granted US‑based Palantir access to identifiable patient records as part of a £330 million (≈$420 million) contract to build a federated data platform powered by AI. The arrangement allows Palantir engineers “unlimited” access to raw data before it...
Cybersecurity Shifts From Prevention to Resilience at Zero Day Con 2026 in Dublin
At Zero Day Con 2026 in Dublin, cybersecurity leaders declared that the era of pure prevention is ending and resilience is now the core strategy. Speakers from the FBI, Microsoft, and industry vendors highlighted AI’s role as a force‑multiplier that...
Purple Teams Are Just Red and Blue Co‑Located
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room https://t.co/SgiQ1iLO6J https://t.co/n2GviJHqgA
Xinnor and the University of Utah’s SCI Institute Replace Aging PostgreSQL Backend with xiRAID
Xinnor’s xiRAID has replaced the University of Utah’s SCI Institute’s single‑drive PostgreSQL backend with a ten‑NVMe RAID10 solution, delivering a 2.65× boost in PostgreSQL 17 throughput and latency. The new system achieves 8.24 million read IOPS and 129 GB/s, roughly 39× more read...
New Cybersecurity Industry Coalition Aims to Lead US Critical Infrastructure Protection
Private-sector leaders JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI) in February to fill a coordination void as federal support wanes. The nonprofit coalition will create working groups and pilot projects focused on...
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
Kaspersky Lab has identified a cyber‑espionage group dubbed HeartlessSoul that is phishing and malvertising aviation firms and drone operators to steal geospatial and GPS data. The attackers distribute malware disguised as legitimate aviation software, even hosting a fake project on...
AWS Security Digest #260 -
AWS released security bulletin 2026‑026 and five AL2023 live‑patches to address the Copy Fail kernel vulnerability (CVE‑2026‑31431), which can grant root on Linux instances from the past eight years. Live‑patches provide an immediate mitigation for customers who cannot reboot, while full kernel...
Solibri Launches Security+ for Air-Gapped BIM Workflows
Solibri introduced Solibri Security+, a standalone BIM validation product designed for air‑gapped, sovereign environments where cloud solutions are prohibited. The offering enables rule‑based model checking, coordination and compliance verification for defense, government and critical‑infrastructure projects. It operates offline, meeting data‑sovereignty...
ICO Fines Cl0p Victim South Staffs Water over Data Breach
South Staffordshire Plc and its water subsidiary were fined £964,900 (about $1.23 million) by the UK Information Commissioner’s Office after a Cl0p ransomware attack exposed personal data of more than 600,000 customers. The breach, which originated from a 2020 phishing email,...
Eric Fookes, Founder & CEO, Fookes Software
Eric Fookes, a geologist‑turned entrepreneur, founded Swiss‑based Fookes Software in 1996 and later launched Aid4Mail, now a leading email forensics and eDiscovery solution. Since its 2005 debut, the product has adapted to three major shifts: migration of email to cloud...
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
The article argues that today’s purple‑team concept is ineffective because human handoffs slow response while attackers exploit vulnerabilities in seconds. In 2026 the average time from CVE disclosure to a working exploit is roughly ten hours, and AI‑assisted adversaries can...
Crimenetwork Returns After Takedown, Dismantled Again by German Authorities
German police dismantled a revived version of the German‑language cybercrime marketplace Crimenetwork, which had amassed more than 22,000 users and over 100 sellers. The site generated over €3.6 million (≈$3.9 million) in revenue before being shut down, and authorities seized €194,000 (≈$210,000)...
Stop Letting ChatGPT and Other AI Chatbots Train on Your Data. Here’s Why—And How
Chatbot providers routinely harvest every user prompt to fine‑tune their large language models, often without explicit consent. This practice turns personal questions about health, finance, or relationships into training data that can be stored indefinitely. Companies claim they anonymize inputs,...
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
The U.S. Federal Communications Commission has pushed back the deadline for security updates on banned foreign‑made consumer routers to at least January 1, 2029, extending the original March 2027 cutoff by two years. The original ban, enacted in March 2026, prohibited import and sale...
Instagram Messaging Encryption Removed, and Privacy Advocates Are Pushing Back
Meta announced in March 2026 that Instagram will discontinue the optional end‑to‑end encryption introduced in 2023, removing the feature on May 8. The change means Meta can now access the content of direct messages, including images, videos and voice notes....
Rakuten Symphony Inks Maritime Cybersecurity Pact
Rakuten Symphony, the Japanese telecom and digital services firm, has signed a memorandum of understanding with classification society American Bureau of Shipping (ABS) to build maritime cybersecurity capabilities. The deal pairs Rakuten Maritime’s cyber‑resilience platform—launched in December 2024—with ABS’s safety...
Gartner: GenAI Has Broken Traditional Cybersecurity Awareness – What Comes Next?
Gartner warns that the surge in generative AI use has shattered traditional cybersecurity awareness models. Over 86% of organizations now pilot or deploy GenAI, while 57% of employees rely on personal AI accounts, creating a shadow‑AI risk surface. AI‑generated deepfakes...
Obsidian Plugin Abuse Delivers New PHANTOMPULSE RAT to Finance and Crypto Targets
Security researchers have identified a highly targeted campaign that weaponizes the Obsidian note‑taking application to drop a previously undocumented Remote Access Trojan, PHANTOMPULSE, against financial‑sector and cryptocurrency professionals on Windows and macOS. The attack leverages malicious community plugins and a...
CIOs Rise to the Global Challenge
Geopolitical volatility, from the Iran war’s impact on data centers to looming semiconductor shortages, is reshaping CIO priorities worldwide. CIOs must now balance modest AI funding with tighter budget scrutiny, tighter vendor management, and heightened compliance across fragmented regulatory regimes....
Shadow AI Fuels Cybersecurity Gap as Experts Warn Systems Lag Behind Emerging Threats
Security leaders warn that corporate defenses are falling behind a surge in “shadow AI” use, with 71% of UK workers admitting to unapproved AI tools and half doing so weekly. The practice creates data leakage risks that current security systems...
Java Code Isn’t the Problem – The Container Is
A development team discovered that dozens of vulnerabilities in a Java Spring Boot service were coming from the container, not the application code. Outdated base‑image packages and unsafe Maven transitive dependencies were the culprits. By integrating Docker Scout into their CI...
“Cyberwar Is Already in Poland,” Polish Deputy Prime Minister Says
Poland’s deputy prime minister Krzysztof Gawkowski told the Defence24 Days conference that the nation is already engaged in a cyber‑war with Russia, citing hundreds of daily attacks and a 99% neutralisation rate. He highlighted the January cyber‑attack on the country’s...
The Missing Cybersecurity Leader in Small Business
Small and medium businesses face average cyberattack costs exceeding $250,000, while hiring a full‑time CISO costs $250‑400k, creating a costly leadership gap. Virtual and fractional CISOs offer affordable senior cyber expertise, delivering risk assessments, remediation roadmaps, and governance. The article...
AI Security Is Repeating Endpoint Security’s Biggest Mistake
AI security is repeating the endpoint security mistake of over‑relying on posture‑based controls. While organizations implement model inventories, SBOMs, and guardrails, they neglect behavioral detection that monitors actual AI actions. The article argues that, as with the shift from signature‑based...
Georgia Tech Builds Network Sandbox to Test Hospital Cyber Defenses
Georgia Tech secured up to $12 million from ARPA‑H’s UPGRADE program to launch the Hospital‑Integrated Vulnerability Identification and Proactive Remediation (H‑VIPER) project. The initiative builds a whole‑hospital network sandbox that lets IT teams test patches and remediation strategies without disrupting patient...
U.S. CISA Adds a Flaw in BerriAI LiteLLM to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the critical LiteLLM flaw (CVE‑2026‑42208, CVSS 9.3) to its Known Exploited Vulnerabilities catalog. Attackers began exploiting the SQL‑injection bug within 36 hours of disclosure, targeting the proxy’s database tables that store API...
.jpg)
TrickMo Android Banker Adopts TON Blockchain for Covert Comms
A new TrickMo Android banking malware variant, dubbed TrickMo.C, uses The Open Network (TON) for its command‑and‑control traffic. The malware disguises itself as TikTok or streaming apps and targets banking and crypto wallets in France, Italy, and Austria. By routing...