Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
JPMorgan Teams with ACI Worldwide to Embed Real‑Time Fraud Checks
JPMorgan Chase and ACI Worldwide announced a partnership that embeds JPMorgan's Kinexys Liink Confirm verification into ACI's fraud‑prevention suite. The integration aims to stop fraud before funds move on instant‑payment rails, a growing target for thieves.
Sophisticated Robinhood Email Spoofing Threats Rise, Stay Vigilant
this looks like an extremely real @RobinhoodApp email but its fake. the email it was sent to was slightly off. most of the links except the big one to reset my account link to RH websites. email comes from noreply@robinhood.com....
Grant Williams at Risk—Enable 2FA Now
Grant Williams is the next account to be hacked. Turn on 2FA folks. Jeez. https://t.co/c6issUS2KE
Cisco Says AI Forces Real-Time Cyber Defense Shift, Citing Machine-Speed Threats
Cisco president and chief product officer Jeetu Patel told BankInfoSecurity that generative AI is compressing vulnerability‑to‑exploit cycles to minutes, forcing enterprises to move from periodic patching to continuous, real‑time cyber defense. He highlighted early access to Anthropic and OpenAI models...
Twitter's Chaos: Broken Polls, Hacks, and Phishing
Is it me or X starting to look like a vibe coded mess? Polls are broken. Accounts are getting hacked. My DMs are full of phishing scams. Basics that used to work no longer work.
Kyverno Graduates to CNCF Top‑Tier, Cementing Its Role as Kubernetes Policy Engine
Kyverno was elevated to CNCF Graduated status at KubeCon + CloudNativeCon in Amsterdam, confirming its production‑ready stance and growing adoption as the leading policy‑as‑code engine for Kubernetes governance. The milestone underscores the project's shift to the Common Expression Language and...
Rubrik Adds Cyber‑Resilience to Google Cloud SQL, Boosting Immutable Backups for PostgreSQL
Rubrik announced today a cyber‑resilience add‑on for Google Cloud SQL that delivers immutable, automated backups for managed PostgreSQL workloads. The integration promises ransomware‑proof protection and rapid cross‑region recovery without altering existing disaster‑recovery architectures.
Microsoft Issues Emergency Patch for Critical ASP.NET Core Flaw on macOS and Linux
Microsoft rolled out an emergency patch (version 10.0.7) for a high‑severity ASP.NET Core vulnerability (CVE‑2026‑40372) that allowed unauthenticated attackers to obtain SYSTEM privileges on macOS and Linux. The flaw affected versions 10.0.0‑10.0.6 of the Microsoft.AspNetCore.DataProtection package and was rated 9.1...
U.S. Administration Launches Crackdown on Chinese Firms Exploiting American AI Models
President Biden’s science adviser Michael Kratsios issued a memo promising a coordinated U.S. effort to stop Chinese firms from “distilling” American AI models. The move follows bipartisan legislation and provoked sharp rebuttals from Chinese officials, highlighting a new front in...
Q-Day Could Arrive Within 3‑7 Years, Not Decades
Everyone's asking when Q-Day is. That's not the right question. Everyone wants the Q-Day date so they can plan backwards. But can change your cryptography at all, and fast? Some data from a recent Project Eleven (@projecteleven, @apruden08) presentation on Q-Day modeling: -...
TekStream Acquires ImagineX to Bolster Proactive Threat‑Intelligence Services
TekStream has completed the acquisition of ImagineX’s cyber division, merging managed detection and response with governance, risk and compliance services. The deal targets heavily regulated sectors and aims to give CIOs a unified, real‑time defense platform.
PhantomRPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
Kaspersky researchers disclosed PhantomRPC, an architectural vulnerability in Windows Remote Procedure Call that lets low‑privileged processes gain SYSTEM access on any supported Windows version. Microsoft classified the issue as moderate, assigned no CVE and has not scheduled a fix, leaving...
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Security researchers at Silverfort uncovered a critical flaw in Microsoft Entra's Agent ID framework that let the Agent ID Administrator role modify any Application Service Principal. By adding themselves as owners, attackers could inject credentials and impersonate high‑privilege accounts, including Global...
The World’s Data Lifelines Are Increasingly Exposed to Sabotage
Undersea cables transport roughly 99% of global internet and AI traffic and are increasingly used to move renewable power from offshore projects. The network is set to expand dramatically, with 119 new cables slated for deployment in 2026, up from...
Why PoP Count Isn’t the Real Measure of Application Security Performance
The article argues that counting Points of Presence (PoPs) is a misleading gauge of application security performance. While PoP density matters for content delivery networks, security platforms need deep inspection, high‑capacity nodes, and intelligent routing. Modern WAAP solutions rely on...
Concerns Raised over Childcare Surveillance Storage
Taiwan's new Childcare Services Act, passed on April 14, requires childcare centers to upload video recordings of children under two to a centralized government cloud for 30 days. Advocacy groups rallied outside the Legislative Yuan, arguing the mandate violates the...
Your ISP Has Been Watching Your Browsing This Whole Time — Here's the Windows 11 Fix
ISPs in the United States can see every website you visit because most DNS requests travel in plaintext. After the 2017 repeal of the FCC's broadband privacy rules, this data collection became routine and vulnerable to spoofing or hijacking. Windows 11...
Agent, Heal Thyself (on Cyber Security)
Independent insurance agents are advising clients on cyber liability while many run their own firms with shared passwords and informal access controls. Underwriters are now scrutinizing agencies with the same rigor they apply to clients, demanding evidence of privileged access,...
Thai Police Arrest Indonesian Wanted for US$10mil Cyberfraud
Thai police detained a 33‑year‑old Indonesian at a Phuket resort after an FBI tip, accusing him of a $10 million cyber‑fraud scheme targeting Americans. The suspect allegedly recruited models to lure victims via video calls, dating apps, and social media, managing...
Kerala Police Use AI Tool Katalyst to Arrest 96 Dark‑Web Predators
Kerala Police’s Counter Child Sexual Exploitation unit deployed the AI‑driven platform Katalyst, developed by New Zealand’s Kindred Tech, to sift through dark‑web data and arrest 96 sexual predators. The pilot, which began in 2024, also rescued 20 children and generated...
Protecting Michigan’s Patients: The State’s Healthcare CISOs
Michigan’s healthcare ecosystem, spanning long‑term care, integrated health systems, academic centers, and statewide associations, is highlighted through a profile of its top CISOs. The feature showcases leaders from Ciena Healthcare, McLaren Health Care, the Michigan Health and Hospital Association, Corewell...
Critical Bug in CrowdStrike LogScale Let Attackers Access Files
CrowdStrike disclosed a critical vulnerability (CVE‑2026‑40050) in its self‑hosted LogScale product that enables unauthenticated path‑traversal file reads. The flaw affects specific LogScale cluster API endpoints and requires customers to upgrade to a patched version immediately. SaaS LogScale users were protected...
CISA Adds Four Actively Exploited Flaws to KEV List, Mandates May 2026 Fix Deadline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Friday that four actively exploited vulnerabilities – affecting SimpleHelp, Samsung MagicINFO 9 Server and D‑Link DIR‑823X routers – have been added to its Known Exploited Vulnerabilities (KEV) catalog. CISA set...
Donation Pages Become Fraud Hotspots, Costing Nonprofits Thousands
A sustained attack on your donation page that generates hundreds of thousands of declined transactions can rack up thousands of dollars in authorization fees that were never legitimate: https://blog.clickandpledge.com/why-nonprofits-are-ground-zero-for-credit-card-fraud/ ✅
Agentic AI Shatters Old Security Model; Cyera Offers Solution
Agentic AI Broke the Old Data Security Model. Cyera Is Betting It Can Build the New One. https://t.co/gAuASNYvDf
American Utility Firm Itron Discloses Breach of Internal IT Network
Itron, a public utility‑technology provider, disclosed that an unauthorized third party accessed its internal IT network on April 13, 2026. The company activated its cybersecurity response plan, engaged external advisors, and notified law enforcement, successfully blocking further activity. Itron reported...
AI Scams Are Heading Into a Darker, Stranger Era
the AI scam era is going to be so much darker and weirder than people realize https://t.co/jqF5bwKmgY
Blockchain Enhances Data Security: Practical Guide
How to Apply #Blockchain #Technology to #Data Security by Zac Amos @_odsc Learn more: https://t.co/xNYYkp3Mf8 #CyberSecurity #Infosec #IT #Tech https://t.co/m6A6nCczW5
Chernobyl Virus Turned 27 Today, and It Could Brick Your PC in Ways Modern Malware Can't by Overwriting BIOS Firmware
The CIH "Chernobyl" virus, first released in 1998, turned 27 on April 26, 2026. It infected an estimated 60 million Windows 9x PCs, wiping hard drives and attempting to flash garbage data to BIOS chips, which could permanently brick a machine. The payload...
Spike in Phishing DMs Suggests X Account Breach
getting so much phishing email in my X DMs. either a lot of accounts have been hacked or someone has discovered a back door to posting DMs.
Spam Texts Masquerading as Friends Signal Platform's
Latest sign of the end of x: overwhelming number of spam private text messages supposedly from people I know, but in fact, pure spam/phishing
Healthcare’s Identity Crisis: Why A Single Prescription Requires Multiple Logins
Healthcare providers are hampered by fragmented identity systems that force patients, clinicians, insurers and other stakeholders to juggle multiple logins for routine tasks like prescription refills. The article highlights that the average 2025 data breach in the sector costs $7.42 million,...
1999’s CIH Virus First to Attack PC BIOS
#ThisDayInTechHistory. April 26, 1999. The first known virus to target the flash BIOS of a PC, the CIH/Chernobyl Virus triggers its payload on this day, erasing hard drives and disabling PCs primarily in Asia and Europe. https://t.co/urNvbAJTbh
EU Demands Real‑time Google Search Feed, Privacy at Risk
tl;dr: the EU wants to force Google to make a real time feed of all searches done on Google, with bullshit privacy protections, available to any EU company or researcher who wants it. Complying is evil. A future EU government should...
Coinbase Advisory Board Warns Quantum Computers Could Crack Blockchain Encryption
Coinbase’s independent advisory board released a position paper warning that a sufficiently powerful quantum computer could break the elliptic‑curve signatures securing Bitcoin, Ethereum and other blockchains. The six‑member panel urges firms to begin post‑quantum migration now, even as the exact...
China's Critical Sectors Run Vulnerable Software, Lack Oversight
NYT: “Inside China, researchers and the broader A.I. community have been watching…The country’s banks, energy companies and government agencies run on the same software in which Mythos found vulnerabilities—but for now, they have no seat at the table.” https://t.co/45lu2SGkPE
Trigona Ransomware Uses Custom Tool to Speed Data Theft and Dodge Detection
In March 2026, Trigona ransomware switched from public utilities like Rclone to a bespoke command‑line program called uploader_client.exe, enabling faster exfiltration and improved stealth. The move, reported by Symantec, signals a growing investment in proprietary malware to outpace security defenses.
Drones and Data Centers: The AI Boom Is Outpacing Security Protocol
The AI surge is driving a $7 trillion data‑center build‑out by 2030, but the rapid proliferation of over one million U.S. drones is exposing a critical security gap. Existing physical‑security models lack airspace protection, and FAA/FCC rules prevent kinetic countermeasures, leaving...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94
The Security Affairs Malware Newsletter Round 94 aggregates the most consequential malware developments from the past month. Highlights include the Morpheus spyware linked to IPS Intelligence, the DarkSword and Coruna iOS exploits that erode iPhone defenses, and the Lotus Wiper targeting...
The New Linux Kernel AI Bot Uncovering Bugs Is A Local LLM On Framework Desktop + AMD Ryzen AI Max
Greg Kroah‑Hartman’s new AI‑driven fuzzing bot, gkh_clanker_t1000, has been actively hunting Linux kernel bugs on a Framework Desktop equipped with an AMD Ryzen AI Max processor. Since April 7, the tool has helped merge nearly two dozen patches covering subsystems such as ALSA, HID,...
GitHub Repo’s Quantum ECDLP Claim Disproved by Classical Randomness Test
A GitHub repository that touted a quantum attack on the elliptic‑curve discrete logarithm problem (ECDLP) using IBM Quantum hardware was shown to produce the same key‑recovery rates when the quantum backend was swapped for a simple /dev/urandom source. The finding...
Anthropic's Mythos AI Finds 2,000+ Zero‑Day Bugs in Seven Weeks, Sparking Safeguard Debate
Anthropic’s Mythos AI model identified more than 2,000 previously unknown software vulnerabilities in just seven weeks, prompting the company to limit access to a handful of trusted partners and spurring regulators worldwide to convene panels on AI‑driven cyber risk. The...
GnuPG 2.5.19 Launches with Kyber Post‑Quantum Encryption, Raising Crypto Security Stakes
The GNU Privacy Guard project released version 2.5.19 on April 24, 2026, embedding the Kyber post‑quantum encryption algorithm into its mainline codebase. The update arrives as the 2.4 series nears end‑of‑life, urging developers and crypto‑wallet providers to upgrade for quantum‑ready...
How to Audit What ChatGPT Knows About You - and Reclaim Your Data Privacy
OpenAI provides multiple consumer‑focused controls to limit the personal data ChatGPT retains. Users can opt out of model training, delete chat histories, employ temporary chats, manage or disable memories, and even delete their entire account via the privacy portal. Deleted...
AWS Secrets Manager Supports Hybrid Key Exchange With ML-KEM Algorithm
AWS Secrets Manager now supports TLS 1.3 hybrid post‑quantum key exchange, combining X25519 with the ML‑KEM algorithm. The feature activates through client‑side upgrades to version 2.0.0 or later for the Secrets Manager Agent, Lambda extension, CSI driver, and supported SDKs. By protecting...
GDPR Enacted 2016, Compliance Deadline Passed 2018
#WaybackWeekend. April 14, 2016. #GDPR was first enacted. Any individual or business that handles personal data had until May 28, 2018, to begin following the GDPR rules. #Data #Privacy https://t.co/B68gph1gYn
US State Dept Issues Global Alert on Chinese AI Theft
Exclusive: US State Dept orders global warning about alleged AI thefts by DeepSeek, other Chinese firms https://t.co/pddPI6zgPF
Backup Under Attack
Ransomware groups are now targeting backup repositories, forcing organizations to reassess their data‑protection strategies. Many firms rely on immutable storage, but the protection often depends on policy settings that can be overridden by privileged users. Andy French of Object First explains...
LeakWatch 2026: Security Incidents, Data Breaches, and the IT Landscape for the Current Calendar Week 17
Calendar week 17 (April 20‑26 2026) saw a cascade of security incidents that highlighted the erosion of trust across SaaS, developer toolchains, and critical infrastructure. A compromised OAuth token from Context.ai gave attackers access to Vercel’s Google Workspace and project settings, while malicious...
Windows Defender Leaving the Door WIDE OPEN
Security researchers have uncovered two active Windows Defender zero‑day exploits, RedSun and UnDefend, that have been used in the wild since April 16. Both bypass all Microsoft patches for Windows 10, Windows 11 and Server 2019+, allowing an attacker to write a malicious binary...