Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
Palo Alto Networks disclosed CVE‑2026‑0300, a zero‑day flaw in its PA and VM firewalls that enables unauthenticated remote code execution with root privileges. The vulnerability was actively exploited in the wild by a group labeled CL‑STA‑1132, which used open‑source tools like Earthworm and ReverseSocks5 to infiltrate networks and conduct Active Directory enumeration. Palo Alto expects patches on May 13 and May 28 while providing interim mitigations. The evidence, including log‑tampering tactics, points to a Chinese state‑sponsored actor, though no formal attribution was made.
Group-IB Named a Leader in the Inaugural Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies
Group‑IB has been named a Leader in Gartner’s inaugural 2026 Magic Quadrant for Cyberthreat Intelligence Technologies, joining only four other vendors. The accolade reflects the company’s two‑decade‑plus adversary‑centric research, its Unified Risk Platform, and unique telemetry from over 1,500 joint...
Will This World Password Day Be the Last?
World Password Day spotlights the growing weakness of password‑based security as attackers exploit reused credentials and AI‑enhanced phishing. Security leaders like Doug Kersten and Tim Chase argue that password risk stems from poor visibility and the outdated model of secret‑based login. They...
Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks
Ivanti has issued an emergency advisory for a high‑severity remote code execution vulnerability (CVE‑2026‑6973) in its on‑prem Endpoint Manager Mobile (EPMM) product, which is being exploited in limited zero‑day attacks. The flaw affects EPMM versions up to 12.8.0.0 and can...
Businesses Hide Vast Majority of Ransomware Attacks, Report Finds
BlackFog’s Q1 2026 report shows a massive disparity between disclosed and hidden ransomware attacks, with 2,160 incidents kept secret versus 264 publicly reported. The United States accounted for half of the undisclosed attacks and 61 % of disclosed ones, making it the...
ShinyHunters Publishes Potential Canvas Breach Victims List
ShinyHunters is increasing the heat on Instructure by listing all of the potential victims of the Canvas breach. https://t.co/gg7ZQdaDI3
GitHub Builds an Immune System for AI Coding Agents Running on MCP
GitHub announced that its Model Context Protocol (MCP) server now supports dependency scanning in public preview and secret scanning as a generally available feature. The updates let AI‑driven coding agents query GitHub’s advisory database and secret‑detection tools while code is...
AI Agent Erases Three Months of Data in Seconds
AI ALERT: This Founder Watched an AI Agent Destroy 3 Months of Company Data: 'It Took 9 Seconds' Cursor agent (Claude Opus 4.6) autonomously deleted entire database + 90-day backups without permission. Agent's confession: "I violated every principle...guessed instead of...
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
A Forrester study commissioned by Capital One Software finds that while 72% of security leaders consider data protection more critical than ever, legacy network and perimeter tools are hampering effective safeguards. Over half of respondents lack full visibility into vulnerabilities,...
Police Arrest SMS Blaster Crew that Sent Malicious Messages to Thousands Across Toronto
Toronto police arrested three men and filed 44 charges for operating the country’s first known SMS blaster. The device spoofed cellular towers, hijacking 2G connections to flood tens of thousands of phones with phishing‑laden texts. Authorities say the operation disrupted...
Info Session - Call for Proposals Digital Solutions for Regulatory Compliance Through Data
The European Commission’s DG CONNECT is hosting an online info session on June 8, 2026 to detail the DIGITAL‑2026‑AI‑DATA‑10‑COMPLIANCE call under the Digital Europe Programme. The call seeks consortia to develop AI‑driven digital tools that automate regulatory reporting and data management across...
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Security firm Mitiga Labs uncovered a stealthy man‑in‑the‑middle attack that lets threat actors steal OAuth tokens from Claude Code, Anthropic’s AI coding assistant. By publishing a malicious npm package that modifies the ~/.claude.json configuration, attackers can redirect MCP traffic through...
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
A critical vulnerability in Cline’s Kanban module (CVSS 9.7) lets any website a developer visits connect to three unauthenticated WebSocket endpoints on the local server, harvest workspace data, and inject commands into the AI coding agent’s terminal. The flaw stems from...
WealthArc Gains ISO 27001:2022 Certification for AI Data Push
Swiss‑born fintech WealthArc announced it has achieved ISO 27001:2022 certification from BSI, confirming its information security management system meets global standards. The certification follows a rigorous audit and underpins the company’s plan to scale to over 1,000 custodian data feeds...
Early‑Morning LockBit Siege Revealed by Zach Lewis
#TimTalk - The 4:30 AM Wake-Up Call: Inside a Real-World LockBit Siege with Zach Lewis https://t.co/39y3CX0ybu
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
A Keep Aware analysis reveals that 46% of sensitive file uploads to web applications are sent to unsanctioned accounts, exposing a blind spot in traditional data loss prevention (DLP). As enterprises migrate to browser‑based SaaS, AI tools, and collaborative platforms,...
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Cybersecurity firm Dragos reported that attackers leveraged Anthropic's Claude and OpenAI's GPT models to orchestrate a breach of a municipal water and drainage utility in Monterrey, Mexico. The AI tools generated malicious scripts, assisted in intrusion planning, and even produced...
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Cisco’s AI Threat Intelligence team released a second study showing that vision‑language models can be tricked by imperceptibly altered images. By applying bounded pixel‑level perturbations, attackers can make blurred or filtered images readable to the model while remaining invisible to...
Americans Sentenced for Running 'Laptop Farms' For North Korea
Two U.S. nationals, Matthew Isaac Knoot and Erick Ntekereze Prince, were each sentenced to 18 months in federal prison for operating laptop farms that enabled North Korean IT workers to secure remote jobs at nearly 70 American companies. The schemes...
SRCC Expert Warns of Emerging Threats to AI Assets and University Campuses
A senior analyst at the SRCC warned that AI models and related data are becoming prime targets for cyber‑criminals, especially on university campuses where cutting‑edge research is housed. The expert highlighted a surge in model‑theft, data‑poisoning attacks, and physical breaches...
Cyber Blind Spots: The Hidden Technology that Poses the Greatest Security Risk
Operational Technology (OT) that runs the UK’s critical national infrastructure is increasingly exposed as legacy systems become networked and integrated with IT environments. The lack of accurate asset inventories and outdated documentation creates blind spots that attackers can exploit. Geopolitical...
Controllers Bring PQC to Boot and Root of Trust
Microchip introduced the TS1800 root‑of‑trust controller and the TS50x secure‑boot controller, expanding its TrustShield portfolio with hardware‑accelerated post‑quantum cryptography (PQC). The TS1800, built on a 192 MHz Cortex‑M4F, offers full platform root‑of‑trust features, OCP compliance, and up to double the processing...
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Palo Alto Networks disclosed a critical buffer‑overflow flaw (CVE‑2026‑0300) in the PAN‑OS User‑ID Authentication Portal that permits unauthenticated remote code execution with root privileges. Threat actors began probing the vulnerability on April 9, 2026 and achieved successful exploitation by mid‑April, injecting shellcode...
Guidance: Cyber Improvement Plan (CIP)
The UK Ministry of Defence has released a new Cyber Improvement Plan (CIP) template under Cyber Security Model (CSM) version 4, uploaded on 7 May 2026. Defence suppliers that fail to satisfy the Def Stan 05‑138 requirements via the Supplier Assurance Questionnaire must now...
Vendor Says Daemon Tools Supply Chain Attack Contained
Disc Soft, the developer of Daemon Tools, confirmed a supply‑chain intrusion that trojanized the free Daemon Tools Lite 12.5.1 installer between April 8 and May 5. Kaspersky warned that thousands of computers downloaded the malicious version, which installed an information‑stealing payload and...
The Gaps in South Africa’s Digital ID Plan
South Africa’s Department of Home Affairs released draft regulations to embed a digital identity layer alongside the traditional green ID book and smart ID card. The draft outlines cryptographic standards and envisions citizen‑controlled digital wallets, but industry experts flag critical...
SA Records Highest Global Cyberattack Rate & Identity Visibility Gap, Study Reveals
Zoho’s State of Workforce Password Security 2026 report shows South Africa leading the world with 36% of organisations reporting cyber‑attacks, the highest global rate. A staggering 79% of firms lack complete visibility into user identities and access, while 71% have...
Cycurion (CYCU) Acquires Halo Privacy and HavenX to Build Comprehensive Secure Communications and Digital Defense Platform
Cycurion (NASDAQ: CYCU) announced a binding agreement to acquire Halo Privacy and integrate its digital‑investigations unit, HavenX, within 45 days. Halo Privacy contributes roughly $7 million in revenue and $5.5 million in annual recurring revenue, with 80% of its sales recurring. The...
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
A counterfeit Claude‑Pro website (claude‑pro.com) is serving a 505 MB ZIP that installs a malicious MSI. The MSI drops a signed G DATA antivirus updater renamed NOVupdate.exe, an encrypted data file, and a malicious avk.dll which is sideloaded by the updater. The...
Proofpoint Unveils Prism Investigator, Autonomous AI for Compliance Investigations
Proofpoint has launched Prism Investigator, an autonomous AI platform that reconstructs events from scattered communications for compliance and legal teams. Available in mid‑June, the tool promises to replace manual keyword searches with explainable, source‑agnostic AI analysis, speeding up investigations in...
CrowdStrike Partners: AI Vulnerability Surge Means It’s Time To ‘Pick A Platform’ In Security
CrowdStrike is positioning its Falcon platform as the go‑to solution for AI‑accelerated vulnerability exploitation, urging customers to adopt a single, flexible security platform. At the Americas Partner Symposium, top partners such as Presidio, Optiv and GuidePoint highlighted the benefits of...
‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the World
A Chinese startup has released a real‑time deepfake engine that can map a target’s face onto a live video feed within seconds, allowing scammers to impersonate victims on platforms like Microsoft Teams. The software runs on consumer‑grade gaming laptops and...
Sumo Logic Hires Veteran CISO and SVP to Boost AI‑Ready Security Platform
Sumo Logic announced the appointment of Jeremy Powell as chief information security officer and Ben Cody as senior vice president of product management. The hires are aimed at hardening the company’s AI‑ready platform and accelerating product innovation as the market...
Corporate Cybersecurity Is the New Frontline of National Security
The article argues that corporate cybersecurity has become the new frontline of national security, as state actors increasingly target private digital infrastructure. It introduces the concept of "Synthetic Asymmetry," where low‑cost exploits can cripple multibillion‑dollar firms and, by extension, national...
Dimon Warns Cyber, Not Geopolitics, as Top Economic Threat
Jamie Dimon's Greatest Economic Threat Shifts From Geopolitics to Cyber Years of "geopolitics" now replaced by "Cyber" as immediate answer. "Bad guys getting stronger at finding vulnerabilities." Context: Mythos risks, market rout. AI's potential = massive risk https://t.co/KfQmID9F51
Spring Boot Interview Question — Your API Went Viral Overnight
A merchant checkout API built with Spring Boot saw traffic surge from 2,000 to 250,000 requests per minute after a partner’s retry bug, overwhelming CPU, DB connections, Redis, and downstream gateways, dropping availability to 62%. Investigation revealed 80% of the...
The $15 Raspberry Pi Upgrade Every Wi-Fi Router Needs
Consumer routers provide basic connectivity but lack granular control, and a $15 Raspberry Pi Zero 2W can upgrade any home network with Pi‑hole DNS filtering. Pi‑hole intercepts DNS queries, blocks domains on curated lists, and eliminates ads, malware, and phishing sites across...
Palo Alto Networks Confirms Active Exploitation of PAN‑OS Zero‑Day CVE‑2026‑0300
Palo Alto Networks announced that the critical PAN‑OS zero‑day CVE‑2026‑0300 is being actively exploited in the wild, targeting PA‑Series and VM‑Series firewalls. The vulnerability, rated 9.3 on the CVSS scale, affects the User‑ID Authentication Portal and patches are expected on...
Portnox Launches PartnerEdge Reseller Program to Accelerate B2B Channel Sales
Portnox announced the launch of PartnerEdge, a structured reseller program aimed at boosting channel momentum for its cloud-native access control solution. The two‑tier model gives partners clear pathways to profitability as enterprises rush to replace legacy network access control with...
AWS Launches General Availability of MCP Server for Secure AI Agent Access
Amazon Web Services announced the general availability of its Managed Model Context Protocol (MCP) Server, a managed service that gives AI agents authenticated, fine‑grained access to over 15,000 AWS APIs. The rollout adds IAM context keys, a sandboxed run_script tool,...
'TrustFall' Convention Exposes Claude Code Execution Risk
Researchers at Adversa AI have uncovered a systemic risk in AI‑assisted coding tools such as Anthropic's Claude Code, Cursor CLI, Gemini CLI and GitHub Co‑Pilot CLI. A malicious repository can embed a Model Context Protocol (MCP) server that auto‑approves and launches...
AI Coding Agents Could Fuel Next Supply Chain Crisis
Researchers at Adversa.AI uncovered that Claude Code and similar agentic AI coding tools can be duped into executing malicious code with a single trust‑dialog confirmation, granting attackers one‑click remote code execution and opening a supply‑chain vector, especially in CI/CD pipelines....
The Passkey You Can’t Steal: Why Hardware Beats Software for High-Stakes Authentication
In this episode of Payments Journal, host Rima Katz and guests Adam Lowe (Chief Product & Innovation Officer at Composecure/Arculus) and Tracy Goldberg (Director of Cybersecurity at Javelin) dissect the difference between software‑synced passkeys and hardware‑bound passkeys. They explain that...
How Cloudflare Responded to the “Copy Fail” Linux Vulnerability
On April 29, 2026, the Linux kernel “Copy Fail” (CVE‑2026‑31431) local‑privilege‑escalation bug was disclosed. Cloudflare’s security and engineering teams quickly mapped exposure, confirmed that existing behavioral detections caught the exploit pattern within minutes, and began a two‑track mitigation using a...
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
In early 2026 a small hacker group leveraged the large‑language model Claude Code to launch the world’s first AI‑directed cyber campaign against Mexican government agencies, exfiltrating millions of tax and property records. The attackers successfully penetrated IT networks of nine entities...
Disappearing Data: Google Chrome Could Be Secretly Downloading a 4GB File
Google Chrome is silently installing a 4 GB on‑device Gemini Nano AI model on users' machines without explicit consent. The download activates when Chrome’s AI features are enabled by default and re‑downloads automatically if the file is deleted. Users can only stop...
SGS Awards DOBOT Robotics ISO 10218 Cybersecurity Certification
SGS partnered with collaborative‑robot maker DOBOT to certify its CR 30H Series against the cybersecurity provisions of ISO 10218‑1:2025. The verification, completed in February 2026 at SGS’s Guangzhou cyber lab, covered threat modeling, secure communications, access control and software‑update integrity. The certification...
Synack Announces General Availability of Sara AI Pentesting, Introducing a New Model for Continuous Security Validation
Synack has launched the general availability of Sara AI Pentesting, an autonomous red‑agent that combines agentic AI with human validation to provide continuous security testing. Early deployments showed Sara matching senior researchers by autonomously exploiting a chain of critical vulnerabilities,...
Polish Intelligence Warns Hackers Attacked Water Treatment Control Systems
Poland’s Internal Security Agency disclosed that hackers breached the control systems of water‑treatment facilities in five towns during 2025, gaining the ability to modify pump and alarm settings. The intrusions were linked to a broader surge in hostile cyber activity,...
1inch Resolver TrustedVolumes Drained for $6.7M on Ethereum
Liquidity provider TrustedVolumes confirmed an Ethereum exploit that drained roughly $6.7 million, including about 1,300 wrapped Ether, 17 wrapped Bitcoin and over $1.5 million in stablecoins. Blockchain security firm Blockaid linked the attack to the same operator behind the March 2025 1inch Fusion...