Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
Since late 2023, the REF1695 hacker group has been embedding Monero‑mining malware in counterfeit software installers that masquerade as non‑profit projects. The scheme uses a fake ISO download, a persuasive ReadMe.txt, and instructions to bypass Windows SmartScreen, delivering a toolkit that includes CNB Bot, PureRAT and SilentCryptoMiner. The malware monitors 35 security utilities, pausing mining when they are opened, then resumes unnoticed. Researchers traced four wallets that have already harvested about 27.88 XMR, roughly $9,400, and the operation also generates CPA fraud revenue.
AI-Driven Brute Force: Why Traditional Rate Limiting Is Dead in 2026
AI‑driven brute‑force attacks have surged, rising 89% year‑over‑year to roughly 11,000 attempts per second in early 2026. Traditional rate‑limiting, which blocks traffic based on per‑IP or per‑session thresholds, is increasingly ineffective as AI‑powered botnets distribute low‑rate, human‑like requests across millions...
NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools
Researchers at Straiker have uncovered a multi‑stage vulnerability chain, dubbed NomShub, in the Cursor AI‑powered code editor. The flaw lets an attacker achieve persistent shell access by simply opening a malicious repository, leveraging prompt injection, a sandbox‑escape in the command...
Russia Hacked Routers to Steal Microsoft Office Tokens
Russian GRU-linked group Forest Blizzard exploited vulnerabilities in over 18,000 outdated SOHO routers to hijack DNS settings and intercept Microsoft Office OAuth tokens. The campaign required no malware, instead redirecting traffic through attacker‑controlled DNS servers to perform man‑in‑the‑middle attacks on...
Max Severity Flowise RCE Vulnerability Now Exploited in Attacks
A critical remote code execution flaw, CVE‑2025‑59528, has been confirmed in Flowise, the open‑source low‑code platform for building LLM‑driven applications. The vulnerability allows attackers to inject arbitrary JavaScript through the CustomMCP node, leading to full command execution and file‑system access....
Solana Rolls Out Tools to Fend Off Blockchain Security Threats
The Solana Foundation announced two new security initiatives—STRIDE and the Solana Incident Response Network (SIRN)—to protect its rapidly expanding DeFi ecosystem. Led by Asymmetric Research and funded by Solana, STRIDE will independently audit projects and publish results, while SIRN creates...
Russian Military Hackers Reroute British Internet Users’ Traffic
Russian military hackers linked to the GRU executed a BGP hijack that rerouted traffic from British internet users to malicious servers. The intrusion affected multiple UK ISPs, exposing users to potential data interception and malware. Network monitoring tools eventually detected...
The New Rules of Engagement: Matching Agentic Attack Speed
AI‑enabled cyberwarfare has moved from theory to reality, highlighted by Anthropic's September 2025 disclosure of an autonomous attack that operated with minimal human input. A 2026 Armis report shows 64% of U.S. IT decision‑makers already suffered AI‑generated attacks, while 92%...
Outdated Hospital Systems Invite Ransomware, Endanger Patient Care
I was just listening to an interview on the radio with a person who worked at a hospital. 1. Your cyber insurance makes you a target. They know how much you can pay. 2. Don’t use your backups until you...
UK Data Watchdog Launches Campaign to Teach Kids Online Privacy Like Road Safety
Britain's Information Commissioner’s Office (ICO) has rolled out a public‑policy campaign urging parents to teach online privacy with the same rigor as road‑crossing lessons. The drive follows research showing three‑quarters of parents doubt their children can navigate digital privacy safely.
Ensemble Judge Model Validates LLM Decisions in NightBeacon UI
New UI design for our NightBeacon AI SOC solution @Binary_Defense. Recently implemented a new ensemble (judge) model. This model checks the work of the primary LLM to ensure it agrees with the steps taken to validate its malicious, suspicious, or...
Secure Internal Collaboration: Best Practices for Companies
How to ensure secure internal collaboration in your company by @antgrasso #CyberSecurity #Infosec #IT #Technology https://t.co/P005pWoFq3
Wells Fargo Flags 466% Surge in AI‑Generated Fraud Scams, Warns Customers
Wells Fargo’s fraud team warned that AI‑generated phishing attacks have jumped 466% in early 2025, with click‑through rates four times higher than human‑crafted emails. The bank highlighted a surge in payment fraud, deepfake scams and a drop in fund‑recovery rates,...
China's OSINT Firms Now Supplying Iran with Targeting Intel
I've seen some incredible open source intelligence focused companies supporting our government and industry with phenomenal insights. The PRC has firms doing that too and they are supporting Iran with intelligence precise enough to enable targeting. https://t.co/6Hl0lJQh4y
Cybersecurity Measures Focus on Activity, Not Threat Reduction
"I do believe that cybersecurity is fundamentally broken,"Payton said. "It's measured in terms of activity instead of reduction of threat surface." Pretty much what I wrote in my book in 2020. Old news but no one seems to be listening. https://t.co/53DAIYfvP1
Here’s How We Built Gmail to Keep Your Data Secure and Private in the Gemini Era.
Google announced that its Gemini AI, now embedded in Gmail, does not train on users' personal email content and only accesses messages for isolated tasks such as summarization. The system processes the request within the inbox, then discards the data,...
Beware: Scammers Impersonate Me—Only Official Research Here
These messages are ALWAYS posted by scammers who impersonate me. I do not run any such service on WhatsApp, Telegram or Discord. Our research is only published on https://t.co/9W3aDdLK3Q Do NOT engage with these scammers, block & report. https://t.co/64AJ4IQj1C
Massachusetts Hospital Turning Ambulances Away After Cyberattack
A cyberattack on Signature Healthcare Brockton Hospital in Massachusetts forced the facility to turn away ambulances and activate downtime procedures, cancelling chemotherapy infusions while keeping emergency rooms and surgeries operational. The hospital is working with external experts to restore systems,...
Authorities Disrupt Router DNS Hijacks Used to Steal Microsoft 365 Logins
Law enforcement and private‑sector partners have dismantled the FrostArmada operation, an APT28‑run campaign that hijacked DNS settings on MikroTik and TP‑Link routers to intercept Microsoft 365 credentials. At its peak in December 2025, the malware infected roughly 18,000 devices across...
Ex-Meta Worker Investigated for Downloading 30,000 Private Facebook Photos
A former Meta software engineer is accused of creating a tool that downloaded roughly 30,000 private Facebook photos, prompting a Metropolitan Police cybercrime investigation after an FBI referral. Meta discovered the breach over a year ago, terminated the employee, and...
You Already Assess Risk for a Living. Do It for Your Own Agency
Insurance agencies are facing new cybersecurity mandates from carriers and regulators, who now require multi‑factor authentication, email threat protection, endpoint security, and a written security plan. The blog argues that agencies already perform risk assessments for clients and can apply...
Naoris - Post-Quantum Security as Infrastructure
Naoris unveiled its post‑quantum Layer 1 mainnet on April 1 2026, embedding a NIST‑approved quantum‑resistant signature algorithm from the first block. The network’s delegated Proof of Security combines block production with anomaly‑detection incentives, and a parallel security node layer monitors wallets, contracts, and...
Circle's Judge‑Only Freeze Policy Fails Amid $285M Hack
Circle’s policy: they only freeze funds if a judge orders it. For a $285M hack that just happened, that timeline doesn’t work. @tayvano_ and @kaiynne on why this is the wrong call. Uneasy Money: https://t.co/3LBYxJBwbb https://t.co/Yder2DQH5I
OpenAI and Spotify Leaders Back London-Based AI Agent Security Startup in $13M Seed Round
London‑based Trent AI emerged from stealth with a $13 million seed round led by LocalGlobe and Cambridge Innovation Capital, joined by executives from OpenAI, Spotify, Databricks and AWS. The startup offers the first multi‑agent security platform that continuously scans, assesses risk...
Tackling Data Breach Risks Requires Perpetual Planning
Data breach fallout can linger, damaging reputation and sparking class‑action lawsuits. Finance and cyber experts warn that an annual security review is no longer sufficient; continuous assessment is required. Hydrolix illustrates this approach with weekly cyber discussions, quarterly board reporting,...
Russian Cyber Spies Targeting Consumer, Soho Routers
The UK National Cyber Security Centre and Microsoft have uncovered a large‑scale DNS hijacking operation run by Russian APT28, also known as Fancy Bear, targeting vulnerable consumer and small‑office routers. The campaign, active since August 2025, has compromised over 200 organisations and...
Inside Intelligent Enterprises
Wipro and Intel have launched the WINGS.OTNxT.AI platform, an end‑to‑end managed service that unifies operational technology (OT) and Internet of Things (IoT) environments for manufacturers. The solution, already deployed by more than 40 customers, combines device inventory, secure networking, vulnerability...
Asylon and Thrive Logic Bring Physical AI to Enterprise Perimeter Security
Asylon and Thrive Logic have partnered to embed physical AI into enterprise perimeter security, combining Asylon’s autonomous robotic patrols with Thrive Logic’s AI‑driven analytics and automated incident workflows. The integration streams video from mobile robots to the AI platform, which...
Bet: Quantum Won’t Break ECC by 2032, ML‑KEM
I’m making a bet with Filippo Valsorda that quantum computers won’t break ECC by 2029/2032, and (secondarily) that one version of ML-KEM will be de-standardized. I have loads of confidence in the former and little in the latter. I just...
1 Billion Microsoft Users Warned As Angry Hacker Drops 0-Day Exploit
Security researcher released the BlueHammer zero‑day exploit targeting Windows, affecting roughly one billion Microsoft users worldwide. The exploit enables privilege escalation at the kernel level and, unlike typical disclosures, no patch exists yet. Microsoft has acknowledged the threat and is...
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
The RSAC 2026 conference opened with AI taking center stage, as vendors aggressively promote AI‑driven security solutions, including ambitious agentic AI that could augment or replace traditional security‑operations centers. Executives debated the scalability of the "human‑in‑the‑loop" model, with Vodafone’s CISO Emma Smith...
Severe StrongBox Vulnerability Patched in Android
Google released the April 2026 Android security patch, fixing two high‑profile flaws: a local denial‑of‑service bug (CVE‑2026‑0049) in the Framework and a high‑severity vulnerability (CVE‑2025‑48651) affecting StrongBox, the hardware‑backed keystore. StrongBox implementations from Google, NXP, STMicroelectronics and Thales are impacted. While...
VMRay Joins the Microsoft Intelligent Security Association
VMRay announced its membership in the Microsoft Intelligent Security Association (MISA), joining an ecosystem of security vendors integrated with Microsoft’s security stack. The company’s deep‑malware analysis platform now connects directly with Microsoft Sentinel and Microsoft Defender for Endpoint, adding behavior‑based...
Standard Bank Notifies Clients of Data Breach
Standard Bank, Africa’s largest lender by assets, disclosed a data breach that exposed business client records such as account numbers, limited account information, business names, and ID or registration numbers. The bank emphasized that its transactional banking systems were not...
Up to 28,000 Employees Could Have Been Affected by Paperwork Data Breaches in 2025
Officeology’s analysis of UK Information Commissioner’s Office (ICO) data shows 11,141 paperwork‑related data breaches were reported between 2020 and 2025, with 1,820 incidents in 2025 alone. Employee information featured in 330 of those 2025 cases, potentially exposing up to 28,000...
Smarter AI Agents Expand Cybersecurity Attack Surface
🔺 AI Agents Are Getting Smarter and Their Attack Surface is Getting Bigger 😳 | Cybersecurity https://t.co/4yOZbkldG5 https://t.co/NdtoEK56SM
UK Exposes Russian Cyber Unit Hacking Home Routers to Hijack Internet Traffic
British officials warned that Russian GRU‑linked hackers, known as Fancy Bear or APT28, are compromising home and small‑office routers to hijack internet traffic. The campaign exploits weak SNMP configurations and unpatched TP‑Link models, allowing attackers to alter DNS settings and conduct...
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
Security researcher Noma Security disclosed a critical Grafana vulnerability dubbed GrafanaGhost, which lets attackers exploit the platform’s AI features to exfiltrate enterprise data via crafted image prompts. By injecting a hidden “intent” keyword, the flaw bypasses Grafana’s image URL validation...
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes’ liability in a biometric privacy lawsuit, finding the fast‑food chain did not control the franchisee’s fingerprint‑scanning policy. The employee alleged violations of the Biometric Information Privacy Act (BIPA) after her thumbprint was...
Ambulances Diverted After Cyberattack Hits Mass. Hospital
Brockton Hospital in Massachusetts is diverting ambulances and cancelling certain services after a cybersecurity incident disrupted its information systems. Chemotherapy infusions and retail pharmacies were suspended, while inpatient and walk‑in emergency care remain operational. The hospital reverted to paper records...
Linux's Second-In-Command Turns To New Fuzzing Tools For Uncovering Kernel Bugs
Linux stable kernel maintainer Greg Kroah‑Hartman has introduced a new fuzzing suite called gregkh_clanker_t1000 to hunt for kernel defects. The tool was first exercised on the ksmbd/SMB code and quickly expanded to patches affecting USB, HID, F2FS, LoongArch, Wi‑Fi, LEDs and...
Acronis MDR by TRU Brings 24/7 Managed Detection and Response to MSPs
Acronis unveiled Acronis MDR by Acronis TRU, a 24/7/365 managed detection and response service tailored for managed service providers. The offering combines endpoint detection, rapid threat containment, patch management, and built‑in business continuity in a single platform. MSPs can now deliver...
How to Unlock Possibilities Through Data Privacy Enhancing Technologies
Singapore’s Infocomm Media Development Authority and Personal Data Protection Commission have launched the nation’s first Privacy‑Enhancing Technologies (PET) sandbox, signaling a regulatory push for secure data innovation. In the Philippines, Aboitiz Data Innovation introduced Parlay, a cloud‑based data exchange platform...
Threat Cluster Launches Extortion Campaign Using Social Engineering
Google Threat Intelligence Group uncovered a financially motivated threat cluster, UNC6783, running a social‑engineering extortion campaign. The group compromises business‑process outsourcers and targets help‑desk staff to gain footholds in client networks. Attackers deploy fake live‑chat Okta pages and phishing kits...
Everyday Devices and Fiber Optics Can Spy on You
Interesting new attack. Your house is probably full of embedded devices that can be hacked at will, open mics in sensitive areas, and cellphones that continuously monitor your speech. And it turns out that even the raw fiberoptic cable can...
Civil Service Pension Scheme: Capita Confirms Data Breach
Capita, the contractor overseeing the Civil Service Pension Scheme, confirmed a data breach on its portal that exposed personal Annual Benefit Statements of 138 members to other scheme participants. The breach was identified quickly, prompting the suspension of the ABS...
NASA’s New Moon Base Project Requires Operational Technology Systems in Space, but They Are Vulnerable.
NASA Administrator Jared Isaacman announced a $20 billion Moon‑base program, shifting from a lunar‑orbit station to a surface settlement. The plan, timed against China’s 2030 lunar landing goal, includes robotic landers, drones, and a future nuclear power plant. Experts warn the...
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
Rapid7 Labs identified seven new BPFDoor variants that embed Berkeley Packet Filter code in the Linux kernel, allowing the backdoor to remain hidden in telecom environments. The malware now employs a stateless command‑and‑control model, treating the source of a specially...
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
Researchers at Cyera disclosed CVE‑2026‑34040, a critical Docker Engine flaw that lets attackers bypass authorization plugins by sending API requests larger than 1 MB. The daemon processes the full payload while the plugin sees a truncated request, enabling creation of privileged...
Zero‑click Grafana AI Attack Can Enable Enterprise Data Exfiltration
Security researchers have uncovered GrafanaGhost, a chained exploit that leverages indirect prompt injection in Grafana’s AI dashboards to exfiltrate sensitive enterprise data without user authentication. The attack persists malicious prompts, tricks the AI model into generating outbound image requests, and...