Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
Robin Tombs Talks UK Digital ID with Trinsic as Yoti Passes 23M Global Downloads
Yoti, the reusable digital identity wallet founded in 2014, has now exceeded 23 million global downloads, including 7.8 million in the United Kingdom, with 5 million added in the past year. CEO Robin Tombs discussed the platform’s evolution on Trinsic’s Future of Identity podcast, highlighting how biometrics and reusable credentials are reshaping online verification. He noted that trust and regulatory uncertainty remain the biggest obstacles, especially amid shifting UK policies on Right‑to‑Work checks. Yoti’s new facial age‑estimation service positions it to meet emerging U.S. AI age‑assurance requirements.
BianLian Ransomware Spreads via Fake Invoice SVG Images in New Attacks
WatchGuard researchers have uncovered a new BianLian ransomware campaign that distributes malicious SVG invoice images to companies in Venezuela. The SVG files hide XML code that silently contacts a shortened ja.cat URL, redirects through compromised Brazilian domains, and drops a...
AI Agents Are About to Overtake Cybersecurity — for Better, or Worse?
At RSAC 2026 the cybersecurity community warned that AI agents are moving from a defensive tool to a primary weapon for attackers. These autonomous agents can hijack identities, rewrite security policies and launch supply‑chain attacks at machine speed, outpacing traditional...
Microsoft Tells Crusty Old Kernel Drivers to Get with the Windows Hardware Compatibility Program
Microsoft will cease trusting kernel drivers signed through the long‑deprecated cross‑signed root program, requiring all drivers to be certified via the Windows Hardware Compatibility Program (WHCP). The change rolls out in an "evaluation mode" with the April 2026 Windows Update, allowing...
Persistent Hacktivist Activity and AI Integration Drive EMEA DDoS Activity
The second half of 2025 saw a surge in DDoS attacks across Europe, the Middle East and Africa, with 3.33 million incidents recorded, nearly double any other region. Hacktivist groups Keymous+ and NoName057(16) drove the majority of campaigns, targeting governments, financial...
Lawmakers Question VPN Impact on Americans' FISA Surveillance Protections
Senate and House Democrats sent a letter to DNI Tulsi Gabbard asking whether using virtual private networks could strip Americans of their heightened FISA protections. They argue VPNs obscure a user’s true location, potentially reclassifying U.S. persons as foreign targets...
Ditto Launches to Orchestrate Next Generation Identity with Cryptographic Certainty
Ditto, formerly Uniken, launched a privacy‑first digital identity platform that delivers cryptographic certainty for customer identity access management. The solution combines reusable digital wallets, zero‑knowledge proof verification, and strong authentication across devices, positioning it for compliance with eIDAS and the...
Apple Says No One Using Lockdown Mode Has Been Hacked with Spyware
Apple announced that, since introducing Lockdown Mode four years ago, it has not detected any successful mercenary spyware attacks on devices with the feature enabled. The company’s spokesperson confirmed there are no known breaches, echoing earlier claims and citing observations...
RSAC 2026: How Zscaler Is Securing the AI Ecosystem
At RSAC 2026 Zscaler unveiled an AI Security Suite that moves beyond point‑solution fixes to protect the entire AI ecosystem. The platform delivers an inventory of AI assets, applies zero‑trust controls to AI traffic, and automates lifecycle defenses such as...
SC Awards Winner: Best CTEM Solution - Reach Security - Garrett Hamilton - SCA26 #1
At RSAC 2026, Reach Security’s CEO Garrett Hamilton announced the company’s win of the SC Awards’ Best Continuous Threat Exposure Management (CTEM) Solution. The platform continuously identifies, prioritizes, and remediates real‑world risk by focusing on misconfigurations, configuration drift, and control‑level exposure...
Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users: What You Need to Know
Google has deployed a high‑severity security update for Chrome, addressing eight critical vulnerabilities that impact roughly 3.5 billion users worldwide. The flaws span WebAudio, WebGL, WebGPU, font handling and FedCM, and are rated “High,” meaning they could enable code execution or...
March Rundown: RSAC Warnings and Arm's AGI CPU
At the RSA Conference (RSAC), industry leaders warned that autonomous AI agents are emerging as a significant cyber‑threat vector, demanding new safeguards from security teams. Speakers highlighted the dual role of AI as both an opportunity and a risk, urging...
Insufficient Source Data to Report on 'Internet Yiff Machine' Breach
The requested story about researchers accessing 93GB of anonymous crime tip data via the 'Internet Yiff Machine' hack cannot be verified because none of the provided sources contain information on this incident.
Strengthening Subsea Cable Security in the Indo-Pacific
The Center for Strategic and International Studies (CSIS) proposes a cooperative framework to bolster subsea cable security across the Indo‑Pacific, a region that now carries roughly 95% of global data traffic. Japan alone operates at least 20 landing stations, underscoring...
Google Sets 2029 Deadline for Quantum-Safe Cryptography
Google announced it will complete a post‑quantum cryptography (PQC) migration across its products and services by the end of 2029. The timeline aligns with NIST’s 2024 PQC standards, which the company is already using for internal rollouts. Google’s roadmap emphasizes...
Salesforce’s New Email Domain Verification Explained
Salesforce is mandating verification of any custom email domain used to send messages from its platform, effective with the Spring ’26 release. Administrators must configure either a DKIM key or an Authorized Email Domain record to prove ownership, or outbound...
European Commission Investigating Breach After Amazon Cloud Account Hack
The European Commission has opened an investigation after a threat actor gained access to at least one of its Amazon Web Services (AWS) accounts and allegedly exfiltrated more than 350 GB of employee data. AWS clarified that its infrastructure was not...
Android 17 to Introduce Quantum-Safe Architecture Based on NIST PQC Standards
Google announced that Android 17 will embed post‑quantum cryptography (PQC) based on the U.S. NIST standards, marking the first major mobile OS to adopt quantum‑safe algorithms at the system level. The company will begin beta testing later this year, covering key...
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
On 26 March the UK government announced sanctions against Xinbi, the region’s largest illicit cryptocurrency marketplace that moved roughly $19.7 billion in fraudulent funds. Xinbi, based in China, is tied to the #8 Park scam compound in Cambodia, which houses up to 20,000...
Free Open-Source AI App Hacker Beats $117M Startup
🚨 A startup got $117M to build an AI app hacker. An open-source alternative just dropped that does the exact same thing. It breaks into your app, steals your data, and hands you the fix. Now running directly in your CI/CD pipeline. 100% Free...
Apple’s Lockdown Mode Remains Unbreached Spyware Shield
Apple’s Lockdown Mode feature is the best defense we have against spyware on iOS, macOS, watchOS, and iPadOS. Apple launched the feature four years ago and has not yet seen a device with Lockdown Mode on be compromised. https://t.co/0lF1BbEWZE
Network Security Management Challenges and Best Practices
Enterprises are confronting AI‑enhanced ransomware, phishing and deep‑fake attacks that push average U.S. breach costs above $10 million. The 2025 IBM report shows AI and automation now shave roughly 80 days off breach detection times, highlighting the urgency of integrated network security...
Apple Silently Patches iOS via Hidden Incremental Updates
Apple has been installing silent fixes on your devices. These fixes don't require an entire OS update, and they get same version # as previous whole update, but with (a) appended to version #. These silent fixes then get incorporated...
OneDrive’s Personal Vault Adds Biometric‑protected Storage
Microsoft OneDrive cloud storage is a cornerstone of the modern Windows experience, but did you know it includes a biometric secure storage area? Welcome to your Personal Vault... https://t.co/cee7hX96oT #onedrive #privacy #security https://t.co/2Ra5U1ULHP
Apple Says Customers Should ‘Update iOS to Protect Your iPhone From Web Attacks
Apple has issued an urgent advisory urging iPhone owners to update to the latest iOS version after identifying sophisticated web‑based attacks targeting older software. The company is rolling out critical background security patches that can be applied automatically on supported...
AWS Adopts Quantum‑safe Crypto; Start Preparing Now
For those who are not yet worried about quantum cryptography…should start thinking about it. AWS already uses quantum safe cryptography in many of its services.
Attack Triggers only via Lithuanian‑registered iPhone Link
"the attack would be launched only if I would access the link using an iPhone registered in Lithuania"
U.S. CISA Adds an Aquasecurity Trivy Flaw to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Aquasecurity's Trivy vulnerability CVE-2026-33634, a 9.3‑severity flaw, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw was weaponized on March 19 when attackers used compromised credentials to publish a malicious...
Shared Observability Unites SOCs and DevOps Agents
SOCs and DevOps will need shared observability for agents: data access, tool calls, MCP interactions, and risk levels in one view. #Security #DevOps https://t.co/tRGwCPc4Mb
Europe May Soon Ban Foreign WiFi Routers
An #unthinkable scenario, but not impossible: What happens if UK or Europe follow the US and try to ban foreign WiFi routers? https://t.co/63TLrKcnki
Databricks Launches AI‑Driven Lakewatch SIEM, Promising Up to 80% Cost Cut
Databricks has rolled out Lakewatch, an open‑agentic SIEM that leverages generative AI to automate threat detection and response. The company says the service can slash total cost of ownership by as much as 80% while keeping years of hot, queryable...
Google Pushes Post‑quantum Deadline to 2029, Warns of Quantum‑apocalypse
Google announced that it now expects quantum computers capable of breaking RSA encryption by 2029, accelerating the industry‑wide post‑quantum cryptography rollout to that year. The shift tightens timelines for governments and enterprises to adopt quantum‑resistant algorithms amid growing AI‑driven data...
Leak of Coruna and DarkSword Toolkits Threatens Hundreds of Millions of iPhones
Security researchers say the online leak of the Coruna and DarkSword iPhone hacking toolkits puts hundreds of millions of iPhones and iPads at risk. The tools, originally linked to U.S. defense contractor L3Harris and foreign espionage operations, can compromise devices...
Neglect Data Governance Until Breach Forces Reactive Cleanup
Data governance is almost always an afterthought. Then a breach happens. Then we start digging. #DataGovernance #DataBreach #Leadership https://t.co/41ivbJYV3c
Why Synthetic Identity Fraud Is Harder to Detect in 2026
Synthetic identity fraud is exploding in 2026 as AI tools and data breaches enable criminals to blend real personal data with fabricated details, creating entirely new personas that pass traditional KYC checks. Because no real victim exists, these synthetic identities...
Security Must Follow Users Across Dynamic Workspaces
Workspaces have dissolved into networks of temporary environments. What matters is trusted connectivity, device integrity, and consistent security policies that follow people across locations and contexts.
Dutch Police Discloses Security Breach After Phishing Attack
The Dutch National Police disclosed a recent phishing attack that was quickly detected and contained by its Security Operations Center, preventing any citizen data exposure. The breach’s impact remains limited, though investigators are still assessing the scope and whether any...
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
A South Asian financial institution was compromised by a custom malware suite that pairs the BRUSHWORM backdoor with the BRUSHLOGGER DLL side‑loader. BRUSHWORM provides persistence, modular payload loading, USB‑based worming and bulk file theft, while BRUSHLOGGER captures keystrokes with per‑window...
Students Shouldn't Be Exposed to Biometric Surveillance in Schools
“A review is ongoing about voice and facial recognition, biometric data gathering and surveillance.” Students should not be exposed to surveillance technology in schools. Certain tech can be great for learning, but NOT tech that harvests biometric data, surveils...
Powerful AI Models Will Tip Cybersecurity Balance
We'll soon see if very powerful AI models favor the attack or the defense when it comes to cybersecurity...
The Energy Sector Isn’t Ready for Ransomware—And 2025 Proved It
In 2025 the energy and utilities sector endured a record 187 ransomware incidents, many involving full system encryption and data theft. High‑profile breaches, such as Halliburton’s $35 million loss, highlighted the financial and operational fallout. Legacy operational technology, IT‑OT convergence, and...
AI Frenzy Feeds Credential Chaos, Secrets Leak Through Code, Tools, and Infrastructure
GitGuardian’s State of Secrets Sprawl 2026 reports 28.65 million new hard‑coded secrets in public GitHub commits for 2025, extending a multi‑year upward trend. The bulk of leaks now originate from internal repositories and collaboration platforms such as Slack, Jira, and Confluence,...
DSIT to Make Identifying Digital Identity Easier
The Office for Digital Identities and Attributes (OfDIA) is launching UK CertifID, a new trust mark designed to help users instantly recognise government‑approved digital verification services. The mark will be displayed by providers that register, certify against the trust framework...
Prevent Agentic Identity Theft
In this episode, Stack Overflow host Ryan Donovan talks with Nancy Wang, CTO of 1Password, about the emerging security challenges of local AI agents. Wang explains how agents like ClaudeBot (now MoldBot) can access a device’s full execution context—files, terminals,...
Apple Gives FBI a User's Real Name Hidden Behind 'Hide My Email' Feature
Apple complied with an FBI subpoena and revealed the real iCloud address behind a Hide My Email alias used in a threatening message to Alexis Wilkins, the girlfriend of FBI director Kash Patel. Court records show the alias peaty_terms_1o@icloud.com was...
Supply Chain Attack on LiteLLM Steals Cloud Credentials From Up to 500,000 Users
Threat actors known as TeamPCP breached the LiteLLM open‑source library and released malicious versions 1.82.7 and 1.82.8. The compromised updates are believed to have reached as many as 500,000 developers, exfiltrating cloud tokens, Kubernetes secrets and crypto wallets. Security researchers...
Unknown Voicemail? Spot and Avoid Scam Tactics
Just got an email saying you have a voicemail message from an unknown person. Odds are good the message is part of a scam. Here's how it works, how to spot it, and how to avoid being duped by similar...
AI Agents Are a Critical Component in Closing the Global Cybersecurity Talent Gap, Says Microsoft
Microsoft’s threat‑protection leader says AI agents are essential to bridge the global cybersecurity talent gap, as human analysts cannot keep up with more than 7,000 password attacks per second. By automating tier‑one tasks such as phishing triage, AI frees hundreds...
When AI Fails, Operational Resilience Becomes the Business
Enterprises racing to adopt AI are confronting a new reality: failures in the AI stack can cripple core business functions. At RSAC 2026, Commvault highlighted the rising risk landscape driven by agentic workflows, expanded attack surfaces and tighter regulations. The company...
Tails 7.6 Ships Automatic Tor Bridge Retrieval and a New Password Manager
Tails 7.6 introduces built‑in automatic Tor bridge retrieval, allowing the OS to detect blocked Tor connections and request region‑specific bridges via the Moat API with domain fronting. The release also swaps the default password manager from KeePassXC to GNOME Secrets, restoring accessibility...