Today's Cybersecurity Pulse
White House order tightens federal fight against cyber‑enabled fraud with digital‑identity focus
The White House issued Executive Order 14390 on March 6, directing tighter federal coordination to combat cyber‑enabled fraud and mandating stronger digital‑identity verification at government entry points. Industry leaders say prevention through robust identity assurance is essential, citing firms such as Socure.
Digital Forensics and Incident Response (DFIR): A CISO’s Guide
Digital Forensics and Incident Response (DFIR) combines evidence collection with threat containment, forming a critical capability for CISOs. The guide outlines core functions—evidence preservation, malware and network analysis, and emerging cloud forensics—while stressing the need for pre‑enabled logging. It recommends a hybrid model that retains internal triage and leverages external specialists for complex cases. Legal considerations, including chain‑of‑custody and regulator‑mandated disclosure timelines, are highlighted as essential to protect evidence admissibility.
OT Network Segmentation: A Practical Guide for Security Teams
Network segmentation is the most effective control for safeguarding operational technology (OT) environments, limiting attackers to isolated zones rather than allowing lateral movement. Implementing segmentation in OT differs from IT because industrial protocols and legacy equipment resist typical firewall solutions...
Incident Response Planning for Business Continuity
Organizations lacking a tested incident response plan face escalating costs, reputational damage, and evidence loss during cyber attacks. The article outlines the NIST incident response lifecycle—preparation, detection, containment, and post‑incident review—and stresses integrating business continuity to meet recovery time objectives....
Americans' Passports Purportedly Stolen in Hacktivist Attack Against Dubai Airport
Nasir Security, a hacktivist group linked to Iran, claimed to have stolen a large data set from Dubai International Airport after a months‑long intrusion. The breach includes passport photos of American, Arab and Emirati travelers, as well as luggage and...
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers
Security cameras, IoT and OT devices are increasingly being compromised and repurposed as attack vectors, enabling nation‑state reconnaissance, espionage, ransomware pivots, and massive botnets. Recent incidents include Iranian hackers hijacking Hikvision cameras during missile strikes, Russian operatives streaming compromised webcams...
PSA: Anyone with a Link Can View Your Granola Notes by Default
Granola, an AI‑powered note‑taking app, shares notes publicly by default to anyone with a link, contradicting its claim of private‑by‑default. Users can change the setting to “Only my company” or “Private,” but the default exposes potentially sensitive meeting content. The...
Quantum Encryption’s Hidden Weakness Exposed by New Eavesdropping Attack
Researchers at the School of Physics and Astronomy have unveiled a new eavesdropping technique called Manipulate-and-Observe that targets the classical reconciliation phase of quantum key distribution (QKD). By intercepting between 0% and 11% of photons and injecting subtle errors, the...
The DOJ’s Cyber FCA Playbook Is Working as Enforcement Triples and Shows No Signs of Slowing
The Department of Justice’s cyber fraud initiative has accelerated, with nine False Claims Act settlements in FY 2025 totaling more than $52 million—a three‑fold increase over the prior two years. Enforcement targets misrepresentations of cybersecurity compliance rather than actual data breaches, implicating...
Agentic Development Security: Why AppSec Needs A New Operating Model
Application security is being reshaped by faster exploit cycles and the rise of AI‑driven coding agents. Traditional testing tools now detect vulnerabilities but struggle to provide real‑world context such as exploitability and business impact. Large language models are enabling richer...
Why Australia’s Tech Sovereignty Needs Smart Partnerships
Mark Hile, Managing Director of Datacom Infrastructure Products, warns that rising cyber threats, geopolitical risk and supply‑chain disruptions are forcing Australia to rethink its digital infrastructure. He argues the country must double down on regionally‑owned, sovereign technology or cede strategic...
Amazon Middle East Datacenter Suffers Second Drone Hit as Iran Steps up Attacks
Iranian drones struck Amazon's ME‑SOUTH‑1 data center in Bahrain for the second time this month, igniting a fire and prompting AWS to label the incident as the lowest level of service disruption. The attack follows a March strike on the...
How Do NHIs Build Trust in Cloud Security?
Machine (non‑human) identities are becoming the backbone of cloud security, requiring end‑to‑end lifecycle management from discovery to remediation. Organizations that integrate NHI controls into a unified cybersecurity strategy can close gaps that expose sensitive data, especially in regulated sectors like...
Agentic Era Demands New Trust Layer, ZKML Offers Solution
Finally going to write a bit more about this (in tomorrow's Clouded Judgement). A snippet of what I wrote: The way I think about it: every major platform shift has required a corresponding trust layer. The internet needed SSL/TLS. Mobile needed...
Broadcom Donates Velero to CNCF Sandbox, Elevating Kubernetes Data‑Protection Tools
Broadcom has transferred ownership of the open‑source backup/restore project Velero to the Cloud Native Computing Foundation (CNCF) Sandbox. The donation, announced at KubeCon Europe 2026, is intended to remove perceived vendor lock‑in and accelerate Velero’s evolution into a de‑facto standard for Kubernetes...
Supply‑Chain Attack Hijacks TrueConf Video‑Conferencing Used by Southeast Asian Governments
Security firm Check Point disclosed a sophisticated supply‑chain intrusion that exploited a zero‑day in TrueConf, a video‑conferencing platform favored by Southeast Asian governments and militaries. The flaw, tracked as CVE‑2026‑3502 with a 7.8 severity score, was patched in version 8.5.3...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters, identified as UNC6040, issued a final warning to Cisco, demanding contact before April 3 2026 or face a public data leak. The group alleges it has exfiltrated more than three million Salesforce records, along with GitHub repositories, AWS storage buckets, and...
How Ecommerce Brands Should Budget for Penetration Testing in 2026 Without Under-Scoping Risk
E‑commerce brands in 2026 must treat penetration testing as a revenue‑protection expense rather than a simple compliance line‑item. Modern stacks combine headless front‑ends, APIs, third‑party services, and mobile apps, expanding the attack surface far beyond the public storefront. Budgeting errors...
What Internal Audit Needs to Know About Zero Trust Architecture
Zero Trust Architecture (ZTA) is reshaping security by demanding continuous verification of users, devices, and connections rather than trusting network perimeters. Internal auditors must evaluate ZTA implementations against standards such as MFA enforcement, least‑privilege access, micro‑segmentation, and immutable logging to...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Hackers are exploiting the critical CVE‑2025‑55182 flaw in Next.js to gain remote code execution and compromise at least 766 hosts across several cloud providers. The UAT‑10608 threat cluster deploys a multi‑phase dropper that harvests SSH keys, cloud IAM tokens, API...
ConductorOne Extends Reach of Identity Governance to AI
ConductorOne has broadened its identity governance platform to cover AI tools, agents and integrations using the Model Context Protocol, and has linked the platform with CrowdStrike Falcon Next‑Gen Identity Security for real‑time threat intelligence. A recent survey shows 95% of organizations...
Even Tech‑Savvy Users Still Fall for Phishing Scams
I just analyzed this BofA text, and it’s a perfect example of why even tech-savvy people get burned. Why do we still fall for these?
CrystalX RAT Bundles Prankware to Taunt Victims During Data Theft
CrystalX RAT comes with a handful of prankware, allowing hackers to tease their victims as they steal their data. https://t.co/aOjjo0ApuY
US Military Contractor Open Sources Tool for Validating Hidden Communications Networks
RTX’s BBN research arm has released Maude‑HCS, a DARPA‑funded toolkit for modeling and validating hidden communication systems, under the Apache 2.0 license on GitHub. Built on the Maude language, the open‑source tool lets users specify protocol behavior, adversary observables, and environmental...
Indirect Prompt Injection Threats and Google’s Defense Strategies
Indirect prompt injection "enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query." https://t.co/smO5fyBfLT < what @google Security does to...
Don’t Trust Your Supply Chain Blindly—Follow Docker’s Guidance
These recent software supply chain breaches are worrisome. How can we avoid assuming trust where we shouldn't? @Docker has a good post up with recommendations for engineering teams ... https://t.co/O5Mfag8N4y
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic unintentionally published a JavaScript sourcemap for Claude Code v2.1.88, exposing roughly 512,000 lines of TypeScript. Within days, security firm Adversa AI uncovered a critical flaw in Claude Code’s permission system that lets deny‑rule checks be bypassed when more than 50 sub‑commands are generated....
FCC Cracks Down on Foreign Bank Impersonation Scams
FCC Acts to Protect U.S. Consumers from Bank Impersonation Scams Linked to Suspicious Foreign Call Traffic https://t.co/4LNmknNXR0
Iran Claims Cyberattack on Oracle, AWS Data Centers
Iran says that they have hit Oracle datacenter in Dubai, AWS datacenter in Bahrain - CNBC (just now)
Amazon’s AWS Bahrain Data Center Damaged in Iranian Strike, Second Disruption in a Month
Amazon Web Services’ Bahrain data center was hit by a fire after an Iranian strike, confirmed by Bahrain’s Interior Ministry. The incident follows a prior outage in the same region last week, marking the second AWS disruption in a month....
AI Is Simplifying Cybercrime; Future Threats Loom
#AI is already making online crimes easier. It could get much worse. (MIT Technology Review) #JVGpost https://t.co/CbJaHfE8I9 https://t.co/Z89pKDgCWW
Durable Nonces Are Intentional Feature, Not a Bug
SOLANA FOUNDER JUST SAID IT OUT LOUD: “durable nonces observed on chain” ⚠️ Not a bug… it’s a permanent feature of how on-chain authority works. Every system has this invisible attack surface. ~ @omeragoldberg https://t.co/1jXnOLapcr
Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh
Microsoft is quietly updating Secure Boot certificates that were issued in 2011 and will expire in June 2026. The new certificates are being delivered through Windows Update and become visible in April 2026 via a badge in the Windows Security...
Fake Collateral Added, Enabling Oracle Manipulation on Drift
💥 DRIFT EXPLOIT BREAKDOWN 💥 “They added CVT as a new collateral asset on the Drift Protocol” That single move changed everything. Whitelist a fake asset → use it as collateral → start manipulating the oracle + market feed. Game over waiting to happen. ~...
Second Cosignature
2-of-5 in ONE second tells you everything 🚨 “Immediately signed by a second cosigner one second after it was created” That kind of speed is just wild. The admin key was already exposed. ~ @omeragoldberg https://t.co/DpFazTNV4V
New Rowhammer Attacks Give Complete Control of Machines Running Nvidia GPUs
Researchers have unveiled two GPU‑focused Rowhammer attacks, GDDRHammer and GeForge, that can flip bits in Nvidia Ampere‑generation GDDR memory and gain arbitrary read/write access to CPU RAM. By massaging GPU page‑table allocations, the exploits break isolation and open a root...
Old Multi‑Sig Signer Omitted Themselves, Triggering Drift Confusion
The most confusing detail in the Drift hack… until it clicks 😬 “a signer from the old multi-sig… created it but then… did not add themselves to the new role” That reads like compromised access during migration. ~ @omeragoldberg https://t.co/DpFazTNV4V
Beware: Fake Login Alerts with Password Reset Links
Received an email from X warning you of new or unusual login attempts, with a handy 'change password' link? Beware, it's a slick new phishing attack that can trick even the most vigilant user. I've seen this with other sites...
Money Transfer App Duc Exposed Thousands of Driver’s Licenses and Passports to the Open Web
The Canadian fintech Duc App left an Amazon‑hosted storage bucket publicly accessible, exposing over 360,000 files that included driver’s licenses, passports, selfies and transaction spreadsheets. The data was stored without encryption, allowing anyone with the URL to view and download the...
Admin Keys Threaten DeFi; Implement Circuit Breakers
“Admin key can drain all funds. Otherwise DeFi means nothing.” ⚠️ Every protocol should have circuit breakers, timelocks, and emergency security councils. Sacrifice a bit of UX. Save billions. ~ @omeragoldberg https://t.co/DpFazTNV4V
Attackers Leveraged Signers, Oracles, Fake Tokens, Massive Pools
They didn’t just steal. They manipulated signers, touched oracles, faked tokens, and ran massive pool volumes. 💥 Next-level attack. ~ @omeragoldberg https://t.co/DpFazTNV4V
Akira Ransomware Group Can Achieve Initial Access to Data Encryption in Less than an Hour
The Akira ransomware group can move from initial access to full data encryption in under an hour, often within four hours. Active since 2023, it has extorted roughly $245 million in ransom payments through September 2025. Akira leverages zero‑day exploits, vulnerable VPNs,...
Web2 Mindset Misses the Mark in Web3
“Wasn’t paranoid enough.” 😬 Top 10 hack, billions in TVL, and the team still got caught off guard. Classic Web2 ops fail in a Web3 world. ~ @omeragoldberg https://t.co/DpFazTNV4V
Solana Hack Spreads Across 20+ Protocols, Proving Contagion
“This hack hit over 20 protocols.” 🔗 Drift wasn’t just a single platform — it spread like wildfire through the Solana ecosystem. Contagion is real. ~ @omeragoldberg https://t.co/DpFazTNV4V
Oracle Launches Defense Isolated Cloud to Enable Secure Collaboration at Scale
Oracle announced its Defense Industrial Base Isolated Cloud Environment (DICE), an air‑gapped OCI offering that meets U.S. Secret and future Top Secret classification requirements. The service, unveiled at the Oracle Federal Forum, is undergoing security assessments and aims for provisional...
One Compromised Signer Can Collapse Massive TVL
“So much TVL… you’d want to see who’s signing is actually who you think it is.” 🔑 One compromised signer and it’s over. ~ @omeragoldberg https://t.co/DpFazTNV4V
Engineers Redesign Smartphone Security for Finance and Health Apps
Senior iOS engineer Madhuri Latha Gondi unveiled a modular, privacy‑by‑design mobile architecture that embeds security into the core of smartphone apps for finance and healthcare, meeting HIPAA and PCI DSS standards while maintaining performance. The approach, highlighted in a 2026...
Crypto Exploit Losses Climb Sharply in March 2026 as Security Threats Evolve, Report Reveals
PeckShield reported that cryptocurrency hacks stole about $52 million in March 2026, a 96 percent jump from February’s $26.5 million. The surge stemmed from roughly 20 major incidents, pushing Q1 2026 losses to $501 million across 145 events. The most severe breach at Resolv Labs involved...
Mercor Hit by Supply‑chain Cyberattack via Compromised LiteLLM Library
Mercor, the AI recruiting platform valued at $10 billion, disclosed a cyberattack linked to a compromised open‑source LiteLLM library that has impacted thousands of companies. The breach, tied to the hacking group TeamPCP and later claimed by Lapsus$, forced Mercor to...
Drift Protocol Halts Operations After $280 Million Hack, Largest Crypto Theft of 2026
Drift Protocol, Solana’s biggest perpetual futures exchange, announced a suspension of all deposits and withdrawals after a sophisticated attack siphoned roughly $280 million. The breach exploited an admin key and Solana’s durable nonce feature, prompting accusations that North Korean state‑sponsored actors...
Cyber Security Is Going in the Wrong Direction
A new CrowdStrike report shows cyber threats in Ireland and Europe spiralling, with AI‑enabled attacks up 89% and cloud intrusions up 266% year‑over‑year. A five‑year CybSafe study reveals employee security habits are eroding: MFA usage dropped from 94% in 2022...