Today's Cybersecurity Pulse
FBI warns of new Microsoft 365 phishing scheme targeting Teams, Outlook, OneDrive
The FBI issued an urgent alert about a phishing operation that exploits Microsoft 365 services. The attack leverages a platform called Kali365 sold on Telegram for as little as $250 to steal OAuth device codes, allowing criminals to bypass multi‑factor authentication without a password.
Also developing:
Cisco Nerds Out: May the Fourth Be with Your AI Assistant
Cisco unveiled "Galaxy Mode" for its AI Assistant, a limited‑time Star Wars‑themed interface for Meraki and Thousand Eyes customers that runs through June 4. The release introduces Deep Reasoning, an AI‑driven analysis engine that interprets network events and offers security compliance insights, and Agentic Workflows, a low‑code automation tool that builds tasks from plain‑language prompts. Additional features surface hidden capabilities such as packet capture, AI‑guided RRM and configuration recommendations, consolidating troubleshooting into a single conversational window. Cisco says the themed rollout is a preview, with broader enhancements slated for upcoming Cisco Live announcements.
U.S. Cyber Officials Mull 3‑Day Fix Deadline for Exploited Flaws Amid AI Threats
Acting CISA director Nick Andersen and National Cyber Director Sean Cairncross are weighing a proposal to cut the federal deadline for remediating known exploited vulnerabilities from two‑to‑three weeks down to three days. The move is driven by fears that advanced...
DigiCert Revokes Certificates After Support Portal Hack
DigiCert disclosed that a cyber‑attack on its support portal led to the fraudulent issuance of EV Code Signing certificates. The breach, traced to malicious payloads delivered via a chat channel on April 2, compromised two endpoints and allowed attackers to extract...
Mythos AI Is a Cybersecurity Threat, but It Doesn’t Rewrite the Rules of the Game
Anthropic unveiled Claude Mythos Preview, a large‑language model that autonomously discovers and exploits software vulnerabilities at unprecedented speed. In controlled tests, the model identified 271 flaws in Firefox and crafted exploits for 181 of them, and it uncovered thousands of...
Polsia's Real Business: Sending Spam Emails
Got my first Polsia spam finally Now I finally understand what their business really is: sending spam emails (allegedly) https://t.co/Zfxt6pMWdp
Progress Warns of Critical MOVEit Automation Auth Bypass Flaw
Progress Software issued an urgent advisory about a critical authentication‑bypass flaw (CVE‑2026‑4670) in MOVEit Automation, affecting versions prior to 2025.1.5, 2025.0.9 and 2024.1.8. The vulnerability can be exploited remotely without credentials or user interaction, and a separate high‑severity privilege‑escalation bug...
Webinar: Why MSPs Must Rethink Security and Backup Strategies
Cyber attackers are leveraging generative AI to launch highly personalized phishing campaigns that outpace traditional email security, putting managed service providers (MSPs) at heightened risk. The breach often leads to data loss and downtime, exposing a gap where many MSPs...
Insiders Now Biggest Cybersecurity Threat, Attackers Aware
Company insides pose a bigger risk than ever to company cybersecurity, and attackers know this. https://t.co/RXNWVP4M0v
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
The U.S. defense industrial base’s small and mid‑size contractors, which make up about 80% of the sector, are severely lacking network telemetry to monitor edge infrastructure. Nation‑state actors such as China’s Volt, Russia’s Fancy Bear and Iran’s UNC1549 are exploiting zero‑day...
Previously Deported Nicaraguan National Receives 15-Year Sentence for $29 Million Bank Impersonation Scheme
A deported Nicaraguan national, Ernesto Ortega Padgett, received a 15‑year federal prison sentence after pleading guilty to a sophisticated bank‑impersonation scheme that stole more than $29 million from U.S. victims. The fraud, conducted from 2020 onward, used social‑engineering tactics, unauthorized wire transfers,...
Teenager Alleged to Be Scattered Spider Hacker Arrested in Finland, Faces US Extradition
The 19‑year‑old alleged Scattered Spider member known as “Bouquet” was arrested at Helsinki Airport and now faces U.S. extradition on wire fraud, conspiracy and computer intrusion charges. Prosecutors allege he participated in at least four attacks, including a 2025 breach...
AI Democratizes Phishing, Empowering More Attackers
Not only is AI helping attackers generate more sophisticated phishing attacks, but it's also democratizing tools to even more attackers. https://t.co/LWqNrqXAtd
CISA Lists Linux Kernel Flaw as Actively Exploited
U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog https://t.co/hP6t8SVUqa #BreakingNews https://t.co/xKBTyF2jvn
Q&A: Why the Threat of Anthropic’s Mythos Demonstrates the Need for Sovereign AI
Anthropic unveiled Mythos, an early‑access AI model that can locate and exploit vulnerabilities across major operating systems and browsers. In a preview, Mozilla CTO reported 271 flaws—over ten times more than its predecessor. The program, Project Glasswing, currently grants access...
Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations
Nonprofit donation platforms are increasingly targeted by ransomware, formjacking, and SQL‑injection attacks because many charities run outdated web forms and third‑party scripts without dedicated security staff. The article outlines how payment flows, API exposure, and weak compliance practices create exploitable...
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
A vulnerability dubbed Copy Fail (CVE‑2026‑31431) in the Linux kernel has moved from disclosure to active exploitation, giving attackers root‑level access. The flaw, present in kernels since 2017, lets an unprivileged user overwrite in‑memory data of setuid‑root binaries, enabling privilege escalation...
U.S. CISA Adds a Flaw in Linux Kernel to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Linux kernel flaw CVE-2026-31431, dubbed “Copy Fail,” to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability scores 7.8 on the CVSS scale and enables an unprivileged local user to write...
Norton VPN Unveils First AI‑Native VPN for Autonomous Agents
Norton VPN has launched the industry’s first AI‑native VPN designed for autonomous agents, featuring multi‑tunnel technology and a zero‑installation Docker‑based architecture. The product, built with Gen Threat Labs and Gen AI Foundry, is now available to a limited set of...
Copy Fail Exploitation Has Begun, and Brian Pak Is Sorry for the Chaos
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed CVE‑2026‑31431, known as "Copy Fail," on its Known Exploited Vulnerabilities (KEV) catalog, confirming active attacks against Linux systems. The flaw, disclosed only days earlier, enables privilege escalation by exploiting a...
Housing Bank Rolls Out Open Banking Platform to Power Jordanian FinTechs
Housing Bank announced on May 3, 2026 the launch of an advanced open‑banking platform that gives fintechs and digital service providers secure API access to core banking functions. The move is designed to broaden financial inclusion in Jordan and align...
Citizen Lab Reveals Two Global Telecom Surveillance Campaigns Targeting High‑Profile Users
Citizen Lab disclosed two covert surveillance operations that leveraged SS7 and Diameter signaling to track a high‑profile mobile subscriber in November 2024 and a second target in early 2025. The campaigns spanned 3G and 4G networks in Israel, the United Kingdom and...
Why Data Centers Now Belong on the Critical Infrastructure List
Recent missile and drone attacks on cloud data centers in the Middle East highlighted a new strategic vulnerability: the physical disruption of digital infrastructure that underpins modern economies and militaries. As artificial intelligence workloads surge, data centers have become indispensable...
7 Key Features That Make Secure Browsers Safer
New research shows browsers are involved in 48% of cyberattacks, making them the most exploited vector in modern workplaces. Gartner predicts enterprise adoption of secure browsers will rise from 10% today to 28% by 2028, reflecting growing awareness of the...
Unified Identity Layer Key to Securing Agentic AI
Silverfort will headline the ITWeb Security Summit 2026 in Johannesburg, urging firms to replace fragmented point solutions with a unified identity security layer. The company highlights two pressures: outdated legacy infrastructure that was never fully secured, and the emergence of...
CIOs Internalize Data Destruction to Prevent Custody Crises
Avoiding a chain of custody crisis: why CIOs are bringing data destruction in-house https://t.co/bnmzu4xKEt https://t.co/qCCXJqtiVm
The Fake IT Worker Problem CISOs Can’t Ignore
Hiring fake IT workers has become a widespread insider‑risk threat, with thousands of synthetic identities infiltrating U.S. firms. Amazon alone blocked more than 1,800 North Korean attempts to secure IT roles, while SentinelOne has logged 360 fake personas and over...
Agentic Browsers Rewrite the Rules of Enterprise Security
Enterprise browsers are evolving from passive tools to autonomous agents, driven by rapid AI adoption. Deloitte reports 74% of organizations will deploy agentic AI within two years, while 84% of knowledge workers are eager to use it. These agentic browsers...
Post Quantum Migration Struggles, AI Threats, and Modern Defenses - Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel Dos...
Post‑quantum cryptography (PQC) is moving from theory to implementation, but enterprises still struggle to locate and upgrade legacy servers, IoT and OT assets. AI‑generated deep‑fakes and multi‑channel impersonation are outpacing traditional point solutions, prompting calls for unified, behavior‑driven defenses. In...
Preparing for the 2026 HIPAA Changes: A Practical Guide for Healthcare Leaders
The Department of Health and Human Services will finalize a major overhaul of the HIPAA Security Rule in 2026, turning many previously optional safeguards into mandatory requirements. Organizations will face a tight compliance window—potentially as short as 60 days—once the...
How CISOs Should Utilize Data Security Posture Management to Inform Risk
Chief information security officers face a persistent dilemma: they know their data security posture must improve, yet budgets and headcount are limited. Data security posture management (DSPM) platforms can deliver visibility into where sensitive data resides, but full‑featured solutions often...
Avoiding a Chain of Custody Crisis: Why CIOs Are Bringing Data Destruction In-House
CIOs are re‑evaluating data disposal as the volume of retired hard drives, SSDs and backup media surges, exposing a hidden security gap. Traditional outsourced shredding creates multiple handoffs that weaken chain‑of‑custody control and increase breach risk. To meet stricter audit...
How OpenClaw’s Agent Skills Become an Attack Surface
OpenClaw’s AI agent offers deep integration with a user’s local machine, granting access to files, browsers, and long‑term memory, but it stores configuration and credentials in plain‑text files. This design lets attackers who compromise the host quickly exfiltrate API keys,...
Obvious Security Flaw in Website of Important R54-Billion South African Fund
The National Student Financial Aid Scheme (NSFAS) website lost its TLS certificate on May 1 2026, leaving the main portal unencrypted and inaccessible to many students. NSFAS manages a R54 billion budget and serves over a million beneficiaries, making the outage a significant...
OpenAI To Extend Cyber Program to Government Agencies
OpenAI released a roadmap titled "Cybersecurity in the Intelligence Age" outlining plans to broaden its Trusted Access for Cyber (TAC) program to federal, state and local government agencies, as well as key industry players. The expansion coincides with the launch...
Idiot Hackers Strike Again
Pro‑Iran hacktivist group 313 Team threatened Canonical, demanding payment to stop a DDoS campaign that crippled Ubuntu.com. The same day, the popular webcomic site questionablecontent.net was compromised, likely by an opportunistic script‑kiddie scan. Both incidents illustrate how politically motivated extortion...
Vocus and Fortinet Fighting Shadow AI with Secure Shield Launch
Australian telecom Vocus and cybersecurity firm Fortinet have launched Vocus Secure Shield, a managed SASE platform designed to expose and control shadow AI usage within enterprises. The service leverages Fortinet’s AI‑driven security and deep application awareness to detect AI tools,...
NTT Docomo Rolls Out New Measures to Prevent Spoofed Emails
NTT Docomo, Japan’s largest mobile operator, has deployed DMARC and BIMI across its email services to combat spoofed messages. The domain‑based authentication verifies that emails originate from authorized Docomo domains, while BIMI displays the company logo for verified senders. Emails...
KISA Partners with Hyundai and Kia to Strengthen Automotive Supply Chain
The Korea Internet & Security Agency (KISA) has entered a formal partnership with Hyundai Motor Company and Kia Corporation to embed cybersecurity across their multi‑tiered automotive supply chain. The agreement expands KISA’s protective framework beyond the OEMs to include component...
The AI Battlespace: Artificial Intelligence, Civil Stability, and the Weaponization of Trust
Artificial intelligence is increasingly embedded in military, cyber and civilian systems, offering speed and analytical power but also creating new vulnerabilities. The article explains how adversaries can weaponize AI by poisoning data, manipulating trusted outputs, and automating cyber attacks, citing...
How to Address 7 Common Endpoint Management Mistakes
Enterprises face mounting complexity as laptops, smartphones, and IoT sensors multiply, exposing gaps in endpoint management. The article outlines seven common mistakes—from delayed patching and fragmented tooling to weak access controls and insufficient monitoring—and offers practical remediation steps. Implementing automated...
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
A coordinated international operation led by Dubai Police, the FBI and China’s Ministry of Public Security arrested at least 276 suspects, shut down nine cryptocurrency‑investment scam centers and seized roughly $701 million in illicit crypto assets. The crackdown, which also rescued...
NCSC Warns Organisations to Act Fast as Hidden Software Flaws Surface
The UK National Cyber Security Centre (NCSC) has issued an urgent alert that advances in artificial intelligence are set to expose long‑standing software flaws, prompting a wave of critical vulnerability patches across all technology stacks. Chief Technology Officer Ollie Whitehouse...
Pipelock: Open-Source AI Agent Firewall
AI coding agents with shell access and unrestricted internet pose a single point of failure for credential leakage. Pipelock, an open‑source Go‑based firewall from the PipeLab project, inserts an enforcement layer between agents and the network, scanning all traffic through...
Stop Excuses, Make Bitcoin Quantum‑ready Now
"Perfectly explained" is not how I'd describe it... Can we please stop looking for excuses to avoid the tough but necessary work to get Bitcoin quantum-ready?
Identity Risk Intelligence vs Threat Intelligence: What’s the Difference?
Identity Risk Intelligence (IRI) focuses on exposing and correlating compromised credentials, emails and other identity data, while traditional Threat Intelligence (TI) tracks external attackers, malware and infrastructure. As cyber‑criminals increasingly rely on stolen identities to bypass defenses, organizations with only...
Spotting Third-Party Cyber Risk Before Attackers Do
Black Kite’s SVP Jeffrey Wheatman explains how firms can detect third‑party cyber risk before attackers exploit vulnerabilities. He urges a shift from a data‑loss mindset to resilience, ensuring operations stay functional when vendors are breached. Practical steps include early stakeholder...
May 4, 2000: ILOVEYOU Worm Sparks Global Email Outbreak
#ThisDayInTechHistory. May 4, 2000. The ILOVEYOU computer virus or worm virus is spread around the world via email. https://t.co/AEpIv3yV4P
‘The Inbox Is No Longer the only Frontline’: Phishing Attacks Are Evolving as Cyber Criminals Ramp up ‘Multi-Channel’ Campaigns over...
Security researchers warn that phishing is shifting from email‑only to multi‑channel campaigns that combine email, calendar invites, and Microsoft Teams. KnowBe4’s Phishing Threat Trends Report recorded a 49% rise in calendar‑invite phishing and a 41% increase in Teams‑based attacks between...
What Researchers Learned About Building an LLM Security Workflow
Researchers from the University of Oslo and the Norwegian Defence Research Establishment demonstrated that large language models (LLMs) alone cannot reliably triage security alerts, missing every malicious case in a baseline test. When the same models were embedded in a...
Intel SGX: Old Trusted Execution Architecture Catches Up with the Embedded World – New Security Warning for Gemini Lake Systems
Intel has issued a security advisory covering SGX vulnerabilities on Gemini Lake (Goldmont Plus) CPUs launched in 2017‑18. The flaws stem from well‑known side‑channel and speculative‑execution issues that remain exploitable on systems lacking recent microcode or firmware patches. Because these low‑cost...