Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited by Attackers
Researchers have identified active exploitation of CVE‑2026‑45112, a critical authentication bypass flaw in Palo Alto Networks PAN‑OS firewalls. The vulnerability allows unauthenticated attackers to access administrative functions through exposed management interfaces. Exploits have been observed targeting internet‑facing portals, potentially giving threat actors control over firewall policies and network traffic. Palo Alto has issued patches, and security teams are urged to apply updates and tighten access controls immediately.
Exploit Code Published for Critical Flowise RCE Vulnerability
Obsidian Security disclosed a critical remote code execution flaw in Flowise, an open‑source LLM workflow platform, tracked as CVE‑2026‑40933 with a CVSS score of 9.9. The vulnerability originates from unsafe serialization of stdio commands in Anthropic’s MCP protocol, allowing any...
Wall Street’s Trillion-Dollar Dilemma: Why AI-Powered Hackers Are Keeping Big Banks Off the Blockchain
Traditional banks aim to move trillions of dollars onto blockchain, but a surge of AI‑powered DeFi hacks is creating a major roadblock. CertiK’s CEO Ronghui Gu reports that April 2026 saw exploits on 27 of 30 days, including a $1.46 billion Bybit...
New CIFSwitch Linux Flaw Gives Root on Multiple Distributions
Security researcher Asim Viladi Oglu Manizada disclosed a new Linux kernel local privilege escalation vulnerability named CIFSwitch. The flaw lets an unprivileged user forge cifs.spnego key requests, manipulate the cifs.upcall helper, and ultimately execute code as root on affected distributions....
IBM, Red Hat Commit $5B to Build Open‑Source Security Clearinghouse
IBM and Red Hat announced Project Lightwell, a $5 billion, 20,000‑engineer initiative to create an AI‑powered security clearinghouse for open‑source enterprise applications. The effort targets the pervasive vulnerabilities in open‑source code that affect more than 90% of Fortune 500 firms, aiming to...
Snyk Unveils Evo Continuous Offensive Security, AI‑Powered Pentesting Platform
Snyk introduced Evo Continuous Offensive Security (COS), an AI‑powered penetration‑testing platform that provides continuous coverage, addressing the 350‑day vulnerability window left by traditional 15‑day annual tests. The launch signals a shift toward AI‑driven security for enterprises racing to ship code...
AIAI Holdings’ Constellation Network Unveils Gate AI Security Gateway and Performance Benchmarks Ahead of June Launch
AI‑enabled holding company AIAI Holdings announced that its portfolio firm Constellation Network will release the Constellation Gate AI security gateway in June 2026. A technical report shows Gate AI topped eight of sixteen public prompt‑injection benchmarks and posted a 97.4%...
Lone Attacker Published 14 Malicious Npm Packages Mimicking Popular OpenSearch, Elasticsearch Libraries
A single npm maintainer alias published 14 malicious packages within four hours, impersonating popular OpenSearch, Elasticsearch, and DevOps libraries. The packages used typosquatting, spoofed metadata, and inflated version numbers to appear legitimate, then executed a Bun‑compiled credential harvester via install‑time...
Okta Writes Its Own License to Kill Rogue AI Agents
Okta announced a new identity‑centric control layer for autonomous AI agents, positioning itself as the "kill switch" for rogue bots. The company highlighted that 92% of executives report moderate or widespread AI‑agent use, yet only 22% have tied those agents...
Yoti Challenges Academic Research, Invites Independent Audit of Age Assurance Platform
Yoti, a leading age‑verification provider, publicly disputed academic research from Georgia Tech and UC Irvine that alleged its platform shares facial images and device data with third parties. The company issued an open letter denying the claims and invited the...
Semperis: Enforcing Phishing-Resistant Authentication at Scale with Passkeys
Semperis, an identity‑security firm, mandated phishing‑resistant passkeys for its entire workforce using Microsoft Entra conditional‑access policies. The rollout, staged by user tier, combined device‑bound passkeys, Windows Hello for Business, and FIDO‑certified hardware keys, achieving 100% adoption among full‑time staff. Live...
FBI Alerts on Silent Ransom Group’s IT‑Impersonation Scheme Targeting U.S. Law Firms
The FBI issued a flash alert warning that the Silent Ransom Group (SRG) is posing as internal IT staff to infiltrate U.S. law firms, stealing data with external drives and extorting victims. The group combines phone‑based social engineering with physical...
Synergy Quantum Launches SynQ MythGuard as AI-Driven Attacks Outpace Cloud Defenses
Synergy Quantum announced the SynQ MythGuard platform, an AI‑powered solution designed to detect and block Mythos‑class attacks that can locate and exploit vulnerabilities at machine speed. The launch underscores growing alarm among cloud security firms that AI is now outpacing...
FBI Issues Alert on Cyber Actors Impersonating IT Personnel
The FBI issued an alert warning that the Silent Ransom Group, also known as Luna Moth, Chatty Spider and UNC3753, is impersonating IT support staff to infiltrate organizations. The threat actor has focused on healthcare and other critical sectors since...
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Researchers at Permiso Security have uncovered a new vulnerability dubbed ChatGPhish that tricks OpenAI's ChatGPT into rendering malicious Markdown links and images when summarizing web pages. The AI’s response renderer automatically fetches embedded images and activates clickable links, allowing attackers...
K-12 Cyber Threats Are Rising. Here's What Vendors Need to Know to Protect Themselves and Their Customers.
K‑12 school districts are tightening procurement standards, demanding robust cybersecurity from ed‑tech vendors as cyber‑attacks on schools surge. Recent data shows ransomware and data‑breach incidents in K‑12 rising sharply, prompting administrators to treat security on par with educational outcomes. Vendors...
The Ad-Tracking Industry Is Exposing US Soldiers on the Battlefield
U.S. Central Command has publicly confirmed that hostile actors are exploiting commercial ad‑tech location data to track American service members in active war zones. The Pentagon’s own reports show that data brokers sell detailed geolocation, identity and financial information on...
The Future of Cybersecurity: What CISOs Must Do Differently in 2026
The 2026 cybersecurity outlook warns CISOs that AI‑powered attackers, ransomware‑as‑a‑service, and deepfake fraud are outpacing traditional defenses. Signature‑based tools and manual patching are obsolete, while real‑time behavioral analytics, dynamic allowlisting, and automated containment become essential. Boards now demand concrete metrics—dwell...
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
SecurityWeek’s weekly roundup highlights a wave of high‑profile cyber incidents. A third‑party breach at Trump Mobile exposed customer contact data, while a Russian state‑sponsored APT gained deep access to Treasury email accounts. Vulnerabilities in popular tools such as VS Code Remote‑SSH, Veeam,...
23andMe Inherits Lawsuit over 'Disturbing' DNA Data Breach
California Attorney General Rob Bonta sued 23andMe, now operating as Chrome Holding Co., alleging the company failed to safeguard genetic data and misled consumers after the 2023 breach. The incident, initially affecting about 14,000 accounts, leveraged the DNA Relatives feature...
CISA Flags Nx Console, GitHub Repos in Supply Chain Attacks
CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises – tools across enterprise, cloud, and DevOps environments exploited https://t.co/AhpMs8oxpa
Federal Audit Reveals NIST’s NVD Is Plagued by Poor Planning and Duplication
The Department of Commerce’s inspector general flagged serious mismanagement at NIST’s National Vulnerability Database (NVD). A backlog of unprocessed flaws ballooned from roughly 13,000 in mid‑2024 to over 27,000 by the end of 2025, far exceeding the agency’s pledged processing...
IBM Launches Cloud Sovereignty Risk Profile to Boost Data Governance
IBM introduced the Cloud Sovereignty Risk Profile, a tool that monitors data residency, encryption and operational controls across hybrid and multicloud environments. The platform aims to close the visibility gap highlighted by a study showing 93% of executives consider digital...
Health Officials Shift Cybersecurity Toward Proactive Resilience
Federal health agencies are moving from reactive cyber defense to proactive resilience, leveraging AI‑enhanced threat detection, role‑based microlearning, and expanded interagency intelligence sharing. AI analytics now identify vulnerabilities and anomalous user behavior faster than traditional tools, while keeping a human...
Pentagon Confirms Adversaries Use Commercial Location Data to Track U.S. Troops
U.S. Central Command has officially acknowledged that foreign adversaries are exploiting commercially sold phone‑location data to track American troops in the Middle East. The admission follows a decade of internal warnings and recent research showing that data brokers sell personal...
CISA Urges Security Teams to Check for Software Development Compromises
The Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are targeting software development pipelines, citing the Megalodon supply‑chain attack and a compromised GitHub employee device via a malicious Nx Console VS Code extension. Megalodon injected malicious GitHub Action workflows into...
Windows BitLocker Exploit Sparks Messy Feud Between Microsoft and the Researcher Who Exposed It
A security researcher named Chaotic Eclipse disclosed a zero‑day called “YellowKey” that can unlock BitLocker‑encrypted drives on Windows 11 using a USB device, while it fails on Windows 10. Microsoft assigned CVE‑2026‑45585, issued mitigation guidance, but has not yet released a full...
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
A threat actor exploited the critical Marimo CVE‑2026‑39987 remote code execution flaw to gain initial access to an internet‑exposed notebook. Using a large language model (LLM) agent, the attacker harvested AWS credentials, retrieved an SSH private key from Secrets Manager,...
Dutch Govt Disrupts Malware Botnet with 17 Million Infected Devices
The Dutch National Cyber Security Centre, together with police, dismantled a botnet that infected at least 17 million devices worldwide. More than 200 servers hosting the command infrastructure were seized from a local provider, effectively taking the network offline. The operation...
Shadow AI: The Hidden Risk Expanding Across the Enterprise
Enterprises are rapidly adopting generative AI, but many employees and developers use unauthorized tools, creating a hidden attack surface known as shadow AI. This ungoverned usage exposes sensitive data, invites prompt‑injection attacks, and bypasses traditional security controls such as firewalls...
TTEC Launches TTEC Titan, an AI-Powered Security Platform for Remote Customer Experience Operations
TTEC announced the launch of TTEC Titan, an AI‑powered security platform built to protect remote contact‑center and customer‑experience (CX) operations at enterprise scale. The solution combines real‑time threat detection, behavioral monitoring, fraud prevention, and compliance management, including SOC 2 and PCI‑DSS...
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Token Security researchers exposed a five‑step exploit that could have seized control of Zapier’s low‑code automation platform by leveraging an over‑permissive AWS Lambda role and lingering secrets. The chain began with custom code in Zapier’s sandbox, uncovered a misnamed “allow_nothing_role”,...
KATE ROBERTSON: Bill C-22 and Carney's Return to Giving over Data Sovereignty and Civil Liberties to Trump's USA
Canada’s Liberal government, led by Prime Minister Mark Carney, is pushing Bill C-22, a streamlined law titled “An act respecting lawful access.” The bill seeks to embed the U.S. CLOUD Act’s extraterritorial data‑request powers into Canadian legislation, effectively allowing American...
Google Chrome Adds Session Cookie Theft Protection for All Users
Google Chrome has made its Device Bound Session Credentials (DBSC) feature generally available, rolling it out to all Workspace, Individual, and personal users. DBSC cryptographically binds session cookies to a device’s security chip, such as TPM or Secure Enclave, so...
ChatGPT Blindly Trusts Browser Content, Turning the Page Into a Payload
A researcher has shown that ChatGPT cannot distinguish its own generated text from attacker‑controlled Markdown fetched from web pages, a flaw dubbed “ChatGPhish.” By embedding hidden instructions in a page, an attacker can make the model append phishing links or...
Russia-Linked Threat Group Put ChatGPT to Work From Lure to Payload
A Russia-linked cyber espionage group, dubbed GREYVIBE, has been leveraging generative AI tools such as ChatGPT, Google Gemini, and Ideogram AI across its entire attack lifecycle against Ukrainian targets. The campaign, active since at least August 2025, employs AI‑generated spear‑phishing...
Acumen Cyber and AttackIQ Partner to Strengthen Cyber Defense Validation
Acumen Cyber and AttackIQ announced a strategic partnership to deliver continuous validation of cyber defenses. The collaboration merges Acumen Cyber’s engineering‑led security operations with AttackIQ’s Continuous Threat Exposure Management (CTEM) platform. Together they will emulate MITRE ATT&CK techniques, expose exploitable...
ShinyHunters Adds Charter to Trophy Shelf After 4.9M Customer Records Leak
ShinyHunters released the personal details of 4.9 million Charter Communications customers after the telecom declined the gang’s extortion demand. The leak, confirmed by Have I Been Pwned, contains names, email addresses, phone numbers, physical addresses, and a subset of about 85 000...
Chrome 148 Update Patches 151 Vulnerabilities
Google rolled out Chrome 148, patching 151 vulnerabilities, including 22 critical‑severity flaws. The most severe CVEs 2026‑9872 and 2026‑9873 earned $43,000 each in bug‑bounty rewards. Use‑after‑free bugs dominate the critical set, posing remote‑code‑execution and sandbox‑escape risks. Google disclosed over $130,000 in payouts and...
LinkedIn-Themed Phishing Abuses Adobe’s A/B Testing Platform
A new phishing campaign is targeting professionals with LinkedIn‑styled business emails that contain a PDF‑named HTML attachment. When opened, the attachment displays a counterfeit LinkedIn login page that auto‑fills the victim’s email and captures credentials. The malicious page is delivered...
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
The Cybersecurity Communities of Support (CyCOS) pilot, launched by UK universities, is expanding from two to seven peer‑led communities for small and micro businesses. The growth adds five new SME‑facilitated groups and coincides with a handover of governance from academia...
Notepad++ Vulnerabilities Could Enable Arbitrary Code Execution on Windows Systems
Two high‑severity vulnerabilities (CVE‑2026‑48778 and CVE‑2026‑48800) were found in Notepad++ that let a local attacker execute arbitrary commands by tampering with XML configuration files. The flaws affect all versions up to 8.9.6 and were patched the same day in version...
The Gentlemen Are Coming for Your Files, and Then Your Network
Microsoft warned that the Gentlemen ransomware now employs a self‑propagating Go‑based encryptor that moves laterally across networks via SMB and harvested credentials before encrypting files. First observed in mid‑2025, the malware transitioned to a ransomware‑as‑a‑service model in September 2025, recruiting...
Designing for Data Compliance — Automated PII Redaction in Logs and Backups
Engineers frequently expose personally identifiable information (PII) when logs or backups capture raw objects, leading to GDPR, PCI‑DSS, and trust violations. Automated redaction pipelines—both inline and asynchronous—scan logs, trace spans, ORM queries, backup streams, and third‑party SDK payloads to strip...
Arctic Wolf Takes Aim at South Africa’s Security Blind Spots
Arctic Wolf has introduced its Aurora Attack Surface Management (ASM) platform to the South African market, offering organizations real‑time, agent‑less visibility of all assets across cloud, on‑premise and hybrid environments. The solution consolidates data from endpoints, servers, network devices and...
MEPs Urge European Commission to Take Action over Europol’s Shadow IT
Members of the European Parliament have written to the European Commission demanding action after investigations uncovered that Europol stored massive volumes of sensitive personal data on undocumented shadow‑IT systems, and that Frontex transferred data on roughly 13,000 interviewees to Europol...
NHS England Selects Partners for NHS Secure Boundary Service
NHS England has appointed IBM and Palo Alto Networks to build the NHS Secure Boundary, a cloud‑native, AI‑enabled cyber‑security platform for the health system. The service will centralise threat intelligence, integrate with the NHS Cyber Security Operations Centre, and replace...
Claroty Targets Cyber-Physical System Risks with AI-Powered Security Agent
Claroty unveiled Claroty Claire, an AI‑driven security agent built natively for cyber‑physical systems (CPS). The agent leverages a CPS‑specific language model trained on more than a decade of industry data and insights from over 6,500 OEMs. Deployed across 20,000+ sites in...
Notepad++ Patches High-Severity RCE Flaws in Version 8.9.6.1
The Notepad++ team released version 8.9.6.1, patching three newly disclosed vulnerabilities—CVE‑2026‑48778, CVE‑2026‑48770 and CVE‑2026‑48800. The most critical flaw, CVE‑2026‑48778, allows remote code execution by abusing the entry in the config.xml file, enabling attackers to launch arbitrary programs such as calc.exe....
Humanix Expands Detection to Identify Live Violations of Security Procedures
Humanix unveiled a new capability that detects live violations of organization‑defined IT support procedures. The conversational‑AI platform monitors voice, chat, email, and ticket interactions to flag impersonation, manipulation, and attempts to bypass security steps in real time. By identifying the...