Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
$15M Grinex Hack Forces Trading Halt After Major Crypto Wallet Breach
Kyrgyzstan‑based crypto exchange Grinex halted all trading after hackers breached its hot‑wallet infrastructure and stole roughly $15 million in USDT, equivalent to about 1 billion rubles. The attackers rapidly moved the stolen tokens across Ethereum and Tron, consolidating the proceeds into a single wallet holding 45.9 million TRX. Grinex, which absorbed much of the user base from the sanctioned Garantex platform, filed a criminal complaint and is cooperating with law enforcement. The incident underscores persistent hot‑wallet vulnerabilities and the growing geopolitical stakes surrounding ruble‑denominated crypto hubs.
Recently Leaked Windows Zero-Days Now Exploited in Attacks
Threat actors are actively exploiting three newly disclosed Windows vulnerabilities after researcher “Chaotic Eclipse” published proof‑of‑concept code. The flaws—BlueHammer, RedSun and UnDefend—target Microsoft Defender, enabling attackers to gain SYSTEM or elevated admin rights. Huntress Labs confirmed real‑world use of all...
AI Tools Empower New Wave of Bank Hackers
Forewarned is fore armed. New level of hacking of banks could come from these AI advances. 👉Cops & robbers when the robbers get a new tool. https://t.co/GKklqa2Kai
Russian GRU Cyber Campaign Targets Western Logistics Firms Supporting Ukraine
A joint cybersecurity advisory has identified a sustained Russian GRU operation, attributed to Unit 26165 (APT28/Fancy Bear), that has been targeting Western logistics firms and technology providers supporting Ukraine since early 2022. The campaign leverages credential‑guessing, spear‑phishing, and weaponized CVEs such as...
OpenAI Launches GPT‑5.4‑Cyber via Expanded Trusted Access
.@OpenAI releases GPT-5.4-Cyber, beefed-up Trusted Access for Cyber program https://t.co/Cqe6QG6I3Z OpenAI released GPT-5.4-Cyber, a model that will be released to select participants in a beefed-up Trusted Access for Cyber (TAC) program. https://t.co/pvHgkQtziD
Apple AirTag Tracking Can Be Misled by Replayed Bluetooth Signals
Apple’s Find My network uses Bluetooth Low Energy signals from AirTags to report locations via nearby Apple devices. Security researchers demonstrated a relay attack that captures an AirTag’s BLE advertisements, replays them from a different location, and injects false location data...
Ising Models Redefine Quantum Error Correction
NVIDIA unveiled Ising, the first open‑source AI model suite built for quantum computing, on April 14‑15, 2026. The family includes a 35‑billion‑parameter vision‑language model that shrinks quantum‑processor calibration from days to hours, and a 3‑D CNN decoder that speeds error‑correction...
SBOM for OT: Can We Actually Do It?
The piece examines how Software Bill of Materials (SBOM) can be applied to operational technology (OT) environments, where opaque firmware, strict change‑control processes, and legacy systems make transparency challenging. It argues that SBOM should be treated as an operational‑risk workflow...
Phishing Attacks Now Pivot to Crypto Scam Pitches
Not me. Phishing. Apparently next step is they will pitch you a crypto scheme https://t.co/L4QDjDF1BH
Phishing Tactics Shift From Freebies to Political Pitches
Evolution of phishing scams: -“Click here to redeem a free iPhone” -“This is USPS. We’re holding your package” -“Vote for me to co-host a podcast”
Best Free Antivirus 2026: Keep Your Devices Safe With These Free Tools
Most modern PCs and Macs already include solid real‑time protection through Microsoft Defender and XProtect, but many users still seek extra layers of security. Independent testing shows AVG Free Antivirus delivering the best overall free suite, with real‑time scanning, scheduled...
How Zscaler and OpenAI Turn Zero-Trust Security Into an AI Accelerator
Zscaler has partnered with OpenAI through the Trusted Access for Cyber (TAC) program, gaining early access to the security‑tuned GPT‑5.4‑Cyber model. The firm is embedding these models into its Zero Trust Exchange, AI Red Teaming, and managed detection and response...
Freecash Was More Like Scamcash
Freecash, a rewards app marketed on TikTok as a way to earn money by scrolling, surged to the No. 2 spot in the U.S. App Store before Apple removed it following TechCrunch’s investigation. In reality, the app redirects users to mobile...
White House Pushes ‘Action-Oriented’ Cyber Strategy to Deter Threats
The White House unveiled an action‑oriented National Cyber Strategy aimed at deterring cyber adversaries and protecting American victims. Senior ONCD official Seth McKinnis highlighted six strategic pillars, with deterrence as the first, and emphasized the need for swift, aggressive responses. President...
Learn How to Protect Your Phone From Viruses and Other Threats
Smartphones now serve as personal, professional, and financial hubs, making them prime targets for cyber threats. A recent CNET survey found that 54% of laptop owners encountered malware in the past year, underscoring the broader risk landscape. The article outlines...
Bluesky Blames DDoS Attack for Server Outages
Bluesky reported intermittent service disruptions on April 16 after a Distributed Denial‑of‑Service (DDoS) attack began at 1:42 AM ET. The attack intensified throughout the day, affecting feeds, notifications, threads and search, and caused rolling blackouts on the platform and its status...
Cisco FMC Zero-Day Exploited by Interlock Ransomware Among 31 High‑Impact Bugs in March
Interlock ransomware leveraged a critical deserialization flaw (CVE‑2026‑20131) in Cisco Secure Firewall Management Center, one of 31 high‑impact vulnerabilities actively exploited in March 2026. Cisco patched the bug on March 4, but threat intel shows attackers had a month‑long window of...
Thoma Bravo, Google Cloud Team Up to Embed AI Across $8B Cybersecurity Portfolio
Thoma Bravo and Google Cloud have launched a strategic partnership that will give the private‑equity firm’s enterprise software portfolio direct access to Google’s Gemini AI models and engineering resources. The deal targets roughly $8 billion in revenue from Thoma Bravo’s cybersecurity...
MCP Security: Containerization and Red Hat OpenShift Integration
Red Hat OpenShift’s container platform now serves as the recommended foundation for securing Model Context Protocol (MCP) deployments. By running MCP servers in non‑root containers with read‑only filesystems, minimal UBI base images, and dropped Linux capabilities, organizations can harden the runtime...
Friday Five — April 17, 2026
Red Hat’s latest Friday Five highlights a strategic push toward AI sovereignty, emphasizing the need for comprehensive inventories of data, infrastructure, and architecture to meet security and compliance demands. A Red Hat blog warns that advanced models like Claude Mythos can both uncover...
Bluesky Hit by Sophisticated DDoS, Fix Due Tomorrow
Bluesky has been wonky all day to due to a "sophisticated" DDoS attack. It sounds like they are still trying to get it under control w/ an update coming "no later than" 10am PT tomorrow
Beware: Unknown 267 Area Code Texts Are Phishing
No. I am not texting you asking to engage with me unless you already know my number. Yes. Somebody is doing this from a 267 area code and maybe others. Several people have now asked me. It's Phishing. Sadly. The world that...
The AI-Driven Shift in Vulnerability Discovery: What Maintainers and Bug Finders Need to Know
AI‑powered code models are now able to locate real software vulnerabilities with minimal prompts, dramatically increasing the volume of reports to open‑source projects. The surge includes a flood of low‑impact, often invalid findings that consume hours of analyst time, while...
AI as the Defender: Reinventing Proactive Cybersecurity Through Intelligent Automation
Artificial intelligence is reshaping cybersecurity by acting as a force multiplier rather than replacing human analysts. Tenable and peers define "AI for security" as the use of machine learning to automate analysis, amplify detection and improve decision‑making, while "security for...
ZionSiphon Malware Designed to Sabotage Water Treatment Systems
Darktrace discovered ZionSiphon, a new operational‑technology malware aimed at water treatment and desalination plants, primarily in Israel. The code attempts to raise chlorine levels and hydraulic pressure, but a broken XOR‑based IP check triggers a self‑destruct routine, rendering the current...
NIST Cuts Down CVE Analysis Amid Vulnerability Overload
The National Institute of Standards and Technology announced it will scale back enrichment of its National Vulnerability Database, concentrating only on the most critical CVEs—those in CISA’s Known Exploited Vulnerabilities catalog and software used by the federal government. The change...
Dispatches From the Front Lines of Russia-Linked Cyberattacks on Europe
Sweden’s civil defence ministry has formally attributed a 2025 cyberattack on a western heating plant to a pro‑Russian group linked to Russian intelligence, marking the first public attribution of such activity to state‑aligned actors. The incident mirrors a December 2025...
DuckDuckGo VPN Audit Shows It Doesn't Track Your Activity
DuckDuckGo’s VPN has passed a third‑party no‑log audit conducted by cybersecurity firm Securitum. The audit, spanning October 2025 to January 2026, included source‑code review, deep‑dive technical inspection and live system analysis, confirming the service does not collect or retain user‑identifiable data. The...
AI Agent Delegation via MCP Has Gaps a Murderbot Could Walk Through
Anthropic’s Model Context Protocol (MCP) expands data‑sharing among AI agents, but securing those interactions remains a challenge. At the 2026 MCP Dev Summit, Gluu CEO Michael Schwartz warned that relying on a single gateway for zero‑trust is insufficient and advocated...
#545: OWASP Top 10 (2025 List) for Python Devs
In episode 545, Michael Kennedy and security expert Tanya Janka unpack the newly released OWASP Top 10 (2025) with a focus on Python developers. They walk through each of the ten categories—highlighting fresh additions like supply‑chain attacks and exceptional condition...
CenterSeat Elevates Founding Engineer Saurav Mishra to CTO to Accelerate AI‑Security Platform
CenterSeat announced the promotion of founding engineer Saurav Mishra to chief technology officer. Mishra will now steer technology strategy, product architecture, and engineering as the Austin‑based startup expands its AI‑driven compliance platform. The move underscores CenterSeat’s focus on scaling its...
Despite Cease-Fire, Iran’s Hackers Haven’t Logged Off
Despite a week‑long cease‑fire announced on April 8, Iranian state‑linked hackers have kept their cyber campaign alive. They have continued targeting U.S. and Israeli entities, including a disruptive attack that temporarily shut down medical‑equipment manufacturer Stryker and the public release of...
Knox Systems Secures FedRAMP High Authorization, Expanding FEMA Partnership
Knox Systems announced it has achieved FedRAMP High authorization for its Managed Service Platform, a milestone that expands its partnership with FEMA and brings high‑security cloud services to 16 federal agencies. The new high‑baseline environment adds 52 security controls and...
DC3 Making Better Sense of Its Cyber Data
The Defense Department Cyber Crime Center (DC3) is widening its Defense Industrial Base Cybersecurity program, adding more prime contractors and subcontractors and boosting daily data inflows. To tame the surge, DC3 is deploying a data‑mesh fabric with metadata tagging, zero‑trust...
Inside Anjuna’s Confidential Computing Approach to Data Protection
Enterprises have long relied on encrypt‑at‑rest and in‑transit safeguards, but data in use remains vulnerable. Anjuna Security tackles this gap with confidential computing, using hardware‑based enclaves that keep data encrypted even while applications process it. Its Seaglass platform lets existing...
Cisco Urges Immediate SAML Certificate Update to Patch Critical Webex Impersonation Flaw
Cisco has released a critical security advisory for its cloud‑based Webex Services, warning that CVE‑2026‑20184 allows remote, unauthenticated attackers to impersonate any user via a faulty SSO certificate check. The company patched the backend and now requires customers to upload...
North Korea Uses ClickFix to Target macOS Users' Data
Microsoft Threat Intelligence uncovered a new macOS‑focused ClickFix campaign linked to the North Korean group Sapphire Sleet. The attackers pose as recruiters, schedule fake technical interviews, and convince victims to run a malicious AppleScript named “Zoom SDK Update.scpt.” The script...
McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked
McGraw‑Hill confirmed a data exposure caused by a Salesforce misconfiguration, after extortion group ShinyHunters claimed it had accessed up to 45 million records. The company’s investigation found only a limited set of non‑sensitive data exposed on a publicly reachable webpage, not...
'Harmless' Global Adware Transforms Into an AV Killer
A threat actor operating as Dragon Boss Solutions LLC pushed a malicious update on March 22, 2025 that transformed its ad‑ware into a potent antivirus‑disabling payload. The update affected roughly 23,500 computers in 124 countries, with half of the victims...
The only Way to Fight Deepfakes Is by Making Deepfakes
Deep‑fake detection firms such as Reality Defender, Pindrop and GetReal are racing to combat AI‑generated audio, video and image fraud, a market now valued at roughly $5.5 billion. These companies train detection models by creating their own deepfakes, using a student‑teacher...
Apple Pay Express Mode for Transit, When Used With a Visa Card, Is Vulnerable to Scam Tap-to-Pay Readers
Researchers from the University of Surrey and Birmingham demonstrated that Apple Pay’s Express Transit Mode, when paired with a Visa card, can be hijacked by a specially tuned NFC reader. The attack works on a locked iPhone, intercepts the payment flow,...
An AI View of SentinelOne
McKinsey warns that AI is enabling cybercriminals to launch attacks in minutes rather than days. Attackers leverage AI for hyper‑personalized phishing, deepfakes, instant malicious code, and adaptive tactics. In response, 77% of organizations have integrated AI into security functions, automating...
Agentic AI Security Needs Layered, Integrated Defenses
We keep asking how to solve agentic security as if there is a single answer, but most of the conversations I am having suggest it is a combination of least privilege, access controls, monitoring, and good architecture. The question might not...
Open Source Will Outsecure Closed Source in Mythos Era
Open source software will be many times more secure than closed source software in the new Mythos era
Threat Exposure Management Establishes a Risk-Driven Approach for Federal Agencies
Federal agencies are adopting Continuous Threat Exposure Management (CTEM) to shift from traditional vulnerability counting to a risk‑driven security posture. CDW’s leaders describe CTEM as a five‑stage framework—scoping, discovery, prioritization, validation, and mobilization—that ties technical findings to business impact. By...
AI Labs Purchase Defunct Startup Communications, Raising Privacy Concerns
AI labs are buying internal communications of defunct startups to train their agents. Emails, Slack archives, etc. Personally identifiable info is removed by data resellers. But how would you feel knowing your former board/CEO is selling your comms to recover...
Treat Dependencies as External Attack Surfaces, Upgrade Tooling
Your Dependencies Are Someone Else's Attack Surface https://t.co/zDbAITTE9f < good post with cause for optimism at the end. But we need to apply better skills/services to agent tooling to stay diligent when building
North Korea Targets macOS Users in Latest Heist
North Korean Lazarus Group offshoot Sapphire Sleet is targeting macOS users with a fake Zoom SDK update delivered via a malicious AppleScript. The campaign begins with LinkedIn recruiter scams aimed at finance professionals, then tricks victims into running the script, which...
Simple Closure Launches Asset Hub to Sell Legacy Data
a company called @simple_closure that helps startups wind down is launching "asset hub", which is a marketplace to sell all the old slack/email data apparently they are working on hardening the PII removal tech for this
New AI TUIs May Expand Attack Surface via React
I know there are some new TUIs coming out for AI development but I’m concerned about increasing the attack surface with web technologies like react. Securing AI is hard enough as it is.