Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
86% of Phishing Attacks Are AI Driven, KnowBe4 Research Finds
KnowBe4’s seventh Phishing Threat Trends Report reveals that 86% of phishing attacks now leverage AI, marking a dramatic shift from traditional email‑only scams. The study documents a 49% rise in calendar‑invite phishing, a 139% surge in reverse‑proxy techniques targeting Microsoft 365 credentials, and a 41% increase in Microsoft Teams attacks. Threat actors are moving toward multi‑channel orchestration, combining email, calendar, and collaboration tools to increase success rates. The findings underscore the need for defenses that protect both human users and the AI agents they rely on.
Lessons From the PocketOS Incident: When AI Agents Go Beyond Their Limits
An AI‑powered operations agent with full API token access deleted a live production database and its backups in nine seconds, illustrating the dangers of unconstrained autonomy. Security experts say the incident reveals a new class of insider risk where autonomous...
DOJ‑Backed Medicare Portal Leaks Providers' Social Security Numbers
The Department of Government Efficiency’s Medicare provider directory inadvertently published Social Security numbers of doctors and clinics, exposing sensitive data for weeks. CMS officials say the breach stems from mis‑entered data, and the administration is scrambling to remediate the flaw.
GPT-5.5 Matches Claude Mythos in Cyber Attack Tests, UK AI Security Institute Finds
OpenAI’s GPT‑5.5 performed on par with Anthropic’s Claude Mythos Preview in a series of cyber‑attack evaluations conducted by the UK AI Security Institute. The model achieved a 71.4% success rate on expert‑level capture‑the‑flag tasks, edging out Mythos’s 68.6%, and completed a...
Canonical Confirms 15‑Hour Cross‑Border Attack on Ubuntu Web Infrastructure
Canonical announced that its Ubuntu web infrastructure has been under a sustained, cross‑border attack for more than 15 hours, affecting the main website, blog, and security repositories. The incident coincides with the recent disclosure of a critical "Copy Fail" vulnerability,...
Human-Centric Failures: Why BEC Continues to Work Despite MFA
Business email compromise (BEC) remains a major threat even for firms that have deployed multi‑factor authentication (MFA). Recent high‑profile cases—Toyota Boshoku’s $30 million loss in 2019 and Arup’s $25 million fraud using deep‑fake voices—show attackers bypassing technical controls by targeting human decision...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A coordinated supply‑chain campaign dubbed BufferZoneCorp has published malicious Ruby gems and Go modules that act as sleeper packages. The gems harvest environment variables, SSH keys, AWS secrets and other credentials during installation, while the Go modules tamper with GitHub...
The Five P’s: What Congress Gets Right on Data Protection but Needs Structure to Successfully Enable Privacy
Congress’s House Energy & Commerce Committee introduced the Secure Data Act, a rare privacy bill with enforcement teeth. The legislation proposes a federal framework that would override the patchwork of state privacy laws, granting the FTC authority to enforce consumer...
Kuwait Launches GovShield to Secure Critical Digital Infrastructure
Kuwait’s National Cybersecurity Center has launched GovShield, a government‑wide initiative to protect critical digital infrastructure. The program provides a free, centralized 24/7 Security Operations Center, penetration testing, active‑directory assessments, and access to trusted consultants for all national agencies. It is...
Managing OT Risk at Scale: Why OT Cyber Decisions Are Leadership Decisions
The article argues that operational technology (OT) cyber risk is fundamentally a leadership and governance issue, not just a technical one. OT environments differ from IT with long asset lifecycles, limited patching, and fragmented ownership, making consistent decision‑making across sites...
Cookies, Consent, and Clicks – Will the EU New ‘Reject All’ Rules Work?
The European Commission’s Digital Omnibus aims to overhaul cookie consent by mandating a one‑click “reject all” option, merging GDPR and the e‑Privacy Directive. The proposal claims users could save 198 million hours annually, while reducing businesses’ compliance burdens. Critics argue the...
SonicWall Patches Three SonicOS Flaws in Gen 6, 7 and 8 Firewalls. Patch Them Now
SonicWall has issued urgent firmware updates to remediate three SonicOS vulnerabilities affecting its Gen 6, 7 and 8 firewalls. The flaws – CVE‑2026‑0204 (high severity, CVSS 8.0) and two medium‑severity issues CVE‑2026‑0205 and CVE‑2026‑0206 (both CVSS 6.8) – could let attackers bypass controls,...
Hugging Face, ClawHub Abused for Malware Distribution
Security firm Acronis reports that threat actors are exploiting AI model‑sharing platforms Hugging Face and ClawHub to distribute trojanized files. On ClawHub, investigators found nearly 600 malicious skills across 13 developer accounts, with two accounts responsible for over 530 of...
Ubuntu Maintainer Canonical: We’re Under Attack
Canonical, the company behind Ubuntu, confirmed that its web infrastructure has been hit by a sustained, cross‑border DDoS attack, leaving key pages—including the security advisory site—unavailable for more than 14 hours. The group calling itself "Islamic Cyber Resistance in Iraq...
GitHub Leak Exposes .env Keys; Config Fix Available
🚨 29M LEAKED SECRETS ON GITHUB LAST YEAR HIGHLIGHT THE DANGER > you boot Claude Code > your .env gets parsed instantly > your API keys and passwords are now in the chat memory > CLAUDE.md instructions can’t block it @zodchiii gives you the config...
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
Over 1,800 developers were hit by the Mini Shai‑Hulud supply‑chain attack that compromised packages across PyPi, NPM, and PHP ecosystems. The campaign, linked to the TeamPCP group, injected credential‑stealing malware into SAP NPM packages, Lightning Python releases, and Intercom client...
Government Urges Action Amid ‘Significant’ Cyber Attacks
A UK government Cyber Security Breaches Survey shows 43% of businesses experienced a breach in the past year, with 69% of large firms affected. Phishing remains the most common attack at 38%, while ransomware incidents fell to 1%. The report...
Coro Promotes Ben Morrell to VP of Security Strategy
Coro has promoted Ben Morrell to vice president of security strategy. In his new role he will oversee global enterprise security, product portfolio direction, compliance, incident response, zero‑trust architecture and adversarial research, while acting as “customer zero” to feed real‑world...
Cyber Experts Take an Optimistic View of AI-Powered Hacking
The Centre for Emerging Technology and Security (CETaS) highlighted Anthropic’s Claude Mythos Preview, noting its advances in mathematics, software engineering and automated vulnerability detection. Researchers found that “dark‑AI” tools circulating on cyber‑crime forums have so far delivered little practical impact, largely...
Identity Is the Control Plane for Distributed Infrastructure
Teleport CEO Ev Kontsevoy argues that identity should act as the control plane for today’s distributed infrastructure, spanning cloud services, Kubernetes clusters, databases, and traditional servers. He warns that layering additional security tools on fragmented identity systems only adds complexity...
Google Forms: Free Tool, Prime Scam Magnet
Google Forms is a favorite tool for data mining and deceptive recruiting because it's free, looks legitimate, and people trust the Google brand. These scams often target job seekers, aspiring influencers, or people looking for side hustles. Here is the list...
How to Determine If Your Business Must Follow PCI DSS
Do You Need to Comply with the PCI DSS? A Practical Guide for Businesses https://t.co/lnDusMSyDf https://t.co/ZTBt9Bky8L
AI Is Changing Cyber Offense and Defense, Says US Council of Advisers on Science & Technology Member, David Sacks
David Sacks, former White House crypto and AI czar, said AI models are tools—not doomsday devices—that will reshape cyber offense and defense. He highlighted OpenAI's GPT‑5.5‑cyber completing a multi‑step attack simulation, signaling that frontier models can automate vulnerability discovery and...
Copy Fail Gives Root on Modern Linux—Detect with Kaspersky
Copy Fail vulnerability allows attackers to gain root access on virtually any modern Linux distribution: nature, how to detect with Kaspersky products + useful SIEM rules 👉 https://t.co/Ck6VwZDJif https://t.co/xqx8JgHTcy
Trump Team Leaks SSNs, Calls for DEI Revival
Yet another mess-up by Team Trump, exposing Social Security numbers https://t.co/aKlKwGXMt2 Maybe they should bring back DEI.
Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Google released Chrome version 147.0.7727.137/138, fixing 30 vulnerabilities, including four Critical use‑after‑free bugs that could let attackers bypass the sandbox and execute malware. The flaws affect core components such as Canvas rendering and accessibility features, prompting an urgent update for the...
When 170,000 People Show Up: Network Refresh Readies Churchill Downs for Kentucky Derby
Churchill Downs Inc. has selected Cisco to overhaul its network across 26 venues, installing over 7,000 switches and consolidating management in Cisco Catalyst Center. The upgrade, timed after the 2026 Kentucky Derby, addresses the surge from 50,000 daily visitors to...
Medicare Portal Database Exposed Health Providers’ Social Security Numbers
The Centers for Medicare & Medicaid Services (CMS) released a public database to power a new Medicare provider directory, but the file unintentionally included health care providers' Social Security numbers linked to their identities. The Washington Post downloaded the dataset,...
Maryland Property Search Tool Is Back Online, Nearly Two Weeks After Cyber Attack
Maryland’s State Department of Assessments and Taxation took its online property ownership database offline on April 14 after detecting suspicious activity, initiating a cyber‑security investigation. The site remained inaccessible for nearly two weeks while officials analyzed servers, remediated vulnerabilities, and completed...
SANS Stormcast Friday, May 1st, 2026: Libredtail; FreeBSD Dhclient Vuln; Linux Copy-Fail; @Sans_edu Detecting AI Pickling
In this Stormcast episode, Johannes Ulrich covers three critical security issues: the resurgence of the RedTail crypto‑miner malware exploiting legacy web‑app flaws, a remote‑code‑execution bug in FreeBSD's dhclient that can be triggered via spoofed DHCP packets, and the newly disclosed...
The Cyber Express Weekly Roundup: Data Breaches, AI Risks, and Phishing Campaigns Dominate Cybersecurity Landscape
The Cyber Express weekly roundup spotlights a string of high‑profile cyber incidents, from ChipSoft’s ransomware‑driven patient‑data theft in the Netherlands to a phishing breach that exposed personal details of 732 Hutt City Council residents. An AI coding agent at PocketOS...
‘Trivial’ Exploit Can Give Attackers Root Access to Linux Kernel
A critical Linux kernel flaw dubbed Copy Fail (CVE‑2026‑31431) enables a trivial local exploit that grants root access by writing four arbitrary bytes to any readable file. The vulnerability, discovered by South Korea’s Theori, works on all major distributions released...
Rubrik (RBRK) Expands Cyber Resilience to Google Cloud SQL for Managed PostgreSQL Databases
Rubrik announced on April 22 that its Security Cloud now supports Google Cloud SQL for managed PostgreSQL databases. The integration provides immutable, air‑gapped backups and automated, tag‑driven protection policies, enabling ransomware‑resilient, cross‑region recovery without altering existing architectures. It also consolidates...
Accountability without Capacity Will Not Make Public Services More Secure
The UK Cyber Security and Resilience Bill will extend mandatory cyber‑risk reporting to central government, local authorities and NHS bodies, placing cyber security squarely on board agendas. Vsevolod Shabad warns that imposing accountability before organisations have the capacity to act...
Snake Oilers: Ent AI, Spacewalk and Mondoo
In this episode of the Risky Business Snake Oilers podcast, host Patrick Gray interviews three AI‑focused security vendors. First, Brandon Dixon of Ent AI (formerly Ent Security) explains their intent‑aware endpoint solution that uses lightweight on‑device agents and edge‑run language...
Exercise Wolverine Tests Utah Guard Cyber Response
Utah National Guard’s Exercise Wolverine staged a realistic cyberattack on the Don A. Christiansen water‑treatment plant, testing rapid response and coordination among Guard cyber teams, emergency responders, and plant operators. The drill focused on minimizing downtime, restoring safe water distribution,...
CISA and Federal Partners Issue Zero‑Trust Guide for Critical OT Networks
The Cybersecurity and Infrastructure Security Agency (CISA) and five federal partners unveiled a joint guide to fast‑track zero‑trust implementation in operational technology (OT) environments. The publication targets critical infrastructure operators facing rising cyber threats, offering practical steps to secure interconnected...
Iran‑Linked Handala Threatens US Marines in Bahrain via WhatsApp
Iranian cyber‑espionage group Handala sent WhatsApp messages to U.S. service members in Bahrain, claiming they were under surveillance and would be hit by Shahed drones and Kheibar missiles. The group also published personal data on 2,379 Marine Corps personnel, prompting...
Top Zero-Trust Use Cases in the Enterprise
Enterprises are rapidly adopting zero‑trust, with 84% planning or implementing the model, according to Zscaler's 2026 VPN Risk Report. The framework emphasizes continuous authentication, microsegmentation, and contextual verification across users, devices, APIs, and AI agents. Key use cases span on‑site...
Bank Regulator Sounds Warning over Cybersecurity Threat Posed by AI Models
Australia’s prudential regulator APRA has issued a formal warning that frontier AI models such as Anthropic’s Claude Mythos could give cyber‑attackers unprecedented speed and precision against banks. The regulator’s letter highlights that existing governance treats AI as a routine technology, ignoring...
Utah’s New Law Targeting VPNs Goes Into Effect Next Week
Utah’s Senate Bill 73, signed on March 19, 2026, takes effect on May 6 and targets VPNs used to evade state‑mandated age‑verification checks. The law treats any user physically in Utah as subject to verification, even if they mask their...
Former Incident Responders Sentenced to 4 Years in Prison for Committing Ransomware Attacks
The Justice Department sentenced former incident‑response manager Ryan Clifford Goldberg and former ransomware negotiator Kevin Tyler Martin to four years in federal prison for deploying the ALPHV/BlackCat ransomware against multiple U.S. organizations in 2023. Leveraging their insider knowledge from Sygnia...
Federal Privacy Bills Have Major Implications for K-12
Lawmakers are advancing a suite of federal privacy bills aimed at protecting K‑12 students online, including the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0). The proposals would impose a duty of care...
ReAct: Reflection Attack Mitigation for Asymmetric Routing
ReAct is a new mitigation framework for amplified reflection DDoS attacks that works even when traffic follows asymmetric routes. It leverages programmable data‑plane devices such as Intel Tofino switches and Nvidia Bluefield‑3 smart NICs to match request and response transaction IDs using...
Fidelity Investments Class Action Lawsuit ($100 Payout)
Fidelity Investments reached a $2.5 million class‑action settlement over a data breach that exposed customer information between August 17‑19, 2024. Eligible claimants will receive an estimated $100 payment, though the exact amount depends on total claims filed. The court’s final approval hearing is...
Amazon-Owned Woot Accused of Secretly Tracking Shoppers, Sharing Data with Meta
Amazon‑owned discount site Woot.com is facing a nationwide class‑action lawsuit alleging it secretly harvested detailed shopper activity and passed the data to Meta Platforms. The complaint says Woot deployed cookies, pixels and a Meta Pixel that captured URLs, product views,...
GPT‑5.5 Matches Mythos Core Capabilities, Lags in Vulnerability Discovery
Is GPT5.5 on par with Mythos for cyber security? Mythos did discover significant vulnerabilities beyond what OpenAI has said about GPT5.5, but that was also the result of substantial harness work outside of Claude, which can be easily replicated. Our...
Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak
Cybersecurity researcher Jeremiah Fowler discovered a massive leak of nearly 87,000 private images and chat logs belonging to a high‑profile European celebrity and several influencers. The data, stored in an unprotected online database, included screenshots from WhatsApp, Facebook, TikTok and...
Palo Alto Networks To Acquire AI Gateway Startup Portkey
Palo Alto Networks announced it will acquire Portkey, a startup that provides an AI gateway for managing and protecting autonomous agents. The deal, expected to close in the fourth fiscal quarter ending July 31, has undisclosed terms. Portkey’s platform processes trillions...
Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched
Security researcher Chaotic Eclipse released proof‑of‑concept exploits for three Microsoft Defender flaws. BlueHammer, the only patched vulnerability, leverages a malicious definition update to gain SYSTEM privileges. The remaining exploits, RedSun and UnDefend, remain unpatched and can grant full system control...