Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
UK Biobank Health Data Keeps Ending up on GitHub
UK Biobank has been using copyright takedown notices to remove health‑related data from GitHub, filing 110 requests since July 2025. The notices mainly target specific files such as Jupyter/R notebooks, genomic datasets, and CSV tables, rather than whole repositories. Developers in at least 14 countries have been affected, with the United States and China representing the largest shares. After a brief lull in early 2026, takedown activity resumed following a Guardian exposé.
OpenAI Releases Open-Source Model that Strips Personal Data From Text
OpenAI unveiled Privacy Filter, an open‑source model that automatically detects and redacts personal data from text. The 1.5 billion‑parameter model activates only 50 million parameters per request, allowing it to run on a laptop or directly in a browser without cloud connectivity....
Apache ActiveMQ Bug Chain Gives Pre-Auth RCE, Is Getting Exploited
Researchers have confirmed active exploitation of a two‑step vulnerability chain in Apache ActiveMQ, combining CVE‑2026‑34197 (code injection) with CVE‑2024‑32114 (unauthenticated Jolokia exposure). The chain grants pre‑authentication remote code execution, and attacks have been observed in the wild, with canary hits...
MacOS Malware Tricks Crypto Users with Fake Invites
Is now a good time to switch to Windows OS for bit? 😅 Jokes aside. Stay safe folks. There is a macOS malware targeting the crypto & fintech community: > Uses fake meeting invites to trick users into running Terminal commands...
From Ingress NGINX to Higress: Migrating 60+ Resources in 30 Minutes with AI
Following the official retirement of Ingress NGINX in March 2026, enterprises faced a compliance deadline to replace the now‑unsupported controller. An Alibaba engineer demonstrated a migration of more than 60 complex Ingress resources to Higress, an AI‑native API gateway built...
India Needs Digital Identity for Every Device and Stronger AI-Led Cyber Defence to Curb Threats: Experts
At the Cyber Security India Expo, experts urged India to assign a digital identity to every networked device and to bolster AI-driven cyber defenses. Lt General Madhavan Unnikrishnan Nair argued that device identities are crucial for accountability and protection of...
Keeping GPS Free From Interference: An Interview with Lisa Dyer
Lisa Dyer, executive director of the GPS Innovation Alliance, warned that GPS—critical to billions of users and essential for transportation, finance, and defense—is increasingly vulnerable to jamming and spoofing. With 32 medium‑Earth‑orbit satellites transmitting low‑power signals, both foreign actors and...
Why AI Governance without Guardrails Is Theater
Enterprises are grappling with a widening gap between AI governance policies and reality, as shadow AI proliferates across workstations and SaaS tools. Surveys show 45% of employees use AI without manager knowledge and more than half connect unauthorized AI services,...
Anything in a Database Can Surface on a Marketplace
Folks I don't know what to tell you if you're shocked about the UK Biobank story other than if something (anything) is on a database there is a very much more than non-zero chance that it can end up on...
FCC Bans Dozens of Foreign‑Made Wi‑Fi Routers Over National‑Security Risks
The Federal Communications Commission announced a ban on the sale of dozens of foreign‑made Wi‑Fi routers, citing unacceptable national‑security risks. The list targets Chinese manufacturers, a U.S.‑registered firm owned by a Chinese company, and Russia’s Kaspersky Lab, tightening supply‑chain controls...
Booking.com Breach Exposes Guest Names, Emails and Reservation Details
Booking.com disclosed that unauthorized parties accessed guest names, email addresses, phone numbers and reservation details. The company said financial data and home addresses were untouched, but warned travelers of targeted phishing scams, raising alarm across the hotel industry.
Offer Customers Passkeys by Default, UK’s NCSC Tells Enterprises
The UK National Cyber Security Centre (NCSC) is urging enterprises to make passkeys the default authentication method for consumer-facing services. Passkeys, built on FIDO2 standards, offer phishing‑resistant, password‑less login by leveraging device‑bound cryptographic keys. The guidance highlights that while passkeys...
GCHQ Urges UK to Ditch Passwords in Favor of Passkeys, Warning of Rising Cyber Threats
The UK’s cyber security agency, GCHQ, has issued a fresh advisory urging citizens and organisations to stop using passwords and adopt passkey technology, which it says can eliminate entire categories of attacks. The move reflects growing concerns over credential‑stuffing and...
Copperhelm Dives Deep Into Automation to Build Enterprise Cloud Defenses
Copperhelm Inc., a startup focused on agentic AI for cloud cybersecurity, announced its launch with a $7 million seed round led by TLV Partners, joined by ToDay Ventures, ICON and SaaS Ventures Israel. The company’s platform uses a "Context Lake" decision...
As Fraud and Agentic Risks Mount, Data Provides Continuity
In this episode of the Payments Journal, host Rima Katz and guests Dermit Thoma (Head of Fraud & Data Science at AdData), senior sales director Brand (AdData), and senior fraud analyst Jennifer Pitt (Javelin Strategy & Research) discuss how fraud...
Mile Bluff Medical Center Says Security Incident that Involved Data Encryption Disrupted Phone, Computer Systems
Mile Bluff Medical Center in Mauston, Wisconsin, reported a security incident that encrypted data and disrupted phone and computer systems. Clinical teams immediately shifted to downtime procedures to keep patient care flowing while the hospital activated its security protocols. An...
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
Chinese cybersecurity firm 360 Digital Security announced an AI‑driven Multi‑Agent Collaborative Vulnerability Discovery System that reportedly uncovered roughly 1,000 bugs, including more than 50 high‑severity flaws, during the revived Tianfu Cup hacking contest. The firm claims its AI identified a...
A ‘Perfect Storm’: NCSC Chief Issues Warning over Quantum Threats, Nation-State Hackers, and the Dangers of Global ‘Hacktivism’
NCSC chief Richard Horne warned at CyberUK that nation‑state actors—China, Iran, Russia—now drive most UK nationally significant cyber incidents, averaging four per week. He highlighted a "perfect storm" where ransomware, AI‑enabled exploits, hacktivism and an approaching quantum "Q‑Day" converge to...
Hybrid Clouds Have Two Attack Surfaces and You’re Not Paying Enough Attention to Either
Researchers at Black Hat Asia uncovered four critical CVEs in Microsoft’s Windows Admin Center (WAC), exposing a two‑way attack surface for hybrid cloud environments. The flaws allow malicious actors to drop payloads on on‑premises WAC installations and forge proof‑of‑possession tokens...
America’s Cyber Strategy Has a Budget Problem
The Trump administration’s FY2027 budget proposes a $707 million cut to the Cybersecurity and Infrastructure Security Agency (CISA), shrinking its budget to just over $2 billion—well below the $2.6 billion Congress had earmarked. The proposal also trims the Office of the National Cyber...
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
A new campaign is using a command‑injection flaw in digital video recorders (DVRs) to spread a Mirai‑derived botnet. Attackers combine the vulnerability with default credentials and cross‑platform payloads, achieving persistence through scheduled tasks and firmware tweaks. Compromised DVRs join a...
Surveillance Vendors Caught Abusing Access to Telcos to Track People’s Phone Locations, Researchers Say
Security researchers at the Citizen Lab disclosed two distinct spying campaigns that exploited long‑standing weaknesses in global telecom signaling protocols to locate individuals’ phones. The attackers masqueraded as legitimate carriers—using 019Mobile, Tango Networks U.K., and Airtel Jersey—to piggyback on SS7...
IAB Statement on the SECURE Data Act
The Interactive Advertising Bureau (IAB) issued a statement supporting the SECURE Data Act (H.R. 8413), praising its push toward a federal privacy standard that would harmonize disparate state laws. IAB emphasized core consumer rights—opt‑out of data sale, access, deletion, and...
AI Startup’s Data Practices Spark Legal Risk
A fast-growing AI startup is facing serious legal pressure. Mercor is being sued over alleged data collection and exposure practices, following a breach involving sensitive contractor information. It highlights a critical issue. In AI, data is the foundation, but how it is...
Zero Day Clock Definitions Conflict; Which Is Accurate?
@EppSecurity For the Zero Day Clock, these definitions appear different from each other and measure different things. If so, which is the correct definition? https://t.co/b8oY85mFiO
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
Anthropic’s Project Glasswing, built on the Mythos model, can autonomously discover and chain software vulnerabilities, achieving a 72.4% success rate in Firefox’s JavaScript shell and uncovering bugs that survived decades of human review. The AI identified exploits across all major...
AI‑enhanced Phishing Leads Q1 Initial‑access Attacks
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says | Cybersecurity Dive https://t.co/nJv4RA7sVV
Massive Wave of Security Patches Hits All Devices
Brace yourself for a flood of patches in all of your tech gadgets https://t.co/xXZthlRWg1 via @FastCompany #cybersecurity
Thrive Launches Abacode Compliance Services to Help Organizations Build and Maintain Continuous Compliance
Thrive, a global technology outsourcing firm, has launched Abacode Compliance Services, a managed Governance, Risk and Compliance (GRC) offering built on its 2025 acquisition of Abacode. The service combines consulting, continuous monitoring, and a centralized compliance portal to help enterprises...
Half‑million UK Medical Records Listed for Sale After Breach
Medical data of 500,000 people in UK put up for sale after data breach - https://t.co/zBa4Kbu9u3 via @FT
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
Attackers are moving away from pure technical exploits toward manipulating trusted relationships and everyday workflows. An analysis of 800,000 email attacks across 4,600 firms shows phishing still dominates at 58%, while business email compromise (BEC) accounts for 11% and its...
BEREC External Workshop on Combatting Fraud
BEREC will host an external stakeholder workshop on combatting fraud on 21 May 2026, delivered online via AVC connection. Organized by the BEREC Cybersecurity and Resilience Working Group and co‑chaired by Katja Kmet Vrcko (AKOS) and Zdravko Jukic (HAKOM), the...
How the EU’s NIS2 Directive Is Changing How CIOs Think About Digital Infrastructure
The EU’s NIS2 directive reframes cybersecurity risk as an ecosystem issue, forcing CIOs to look beyond internal controls to the full supply‑chain of cloud providers, network operators and software vendors. It expands the definition of resilience to include how interconnected...
Cyber-Attacks Surge 63% Annually in Education Sector
A new Quorum Cyber report shows cyber‑attacks on schools and universities jumped 63% year‑over‑year, with recorded incidents climbing from 260 to 425 between November 2023‑October 2025. Data breaches rose 73% and hacktivist activity 75% across 67 countries, while ransomware grew 21%, led...
Systancia Hires Xavier Lefaucheux as CRO to Accelerate Global Zero‑Trust Growth
Systancia announced the appointment of Xavier Lefaucheux as chief revenue officer, tasking him with scaling the company’s Zero‑Trust identity‑access‑management platform worldwide. The veteran executive brings experience from Juniper, Stormshield and WALLIX to drive revenue growth in Europe, the Middle East...
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
A leaked MySQL dump from Russia’s RAMP forum reveals a sophisticated ransomware marketplace that operated from November 2021 to January 2024. The data shows 7,707 registered users, 1,732 threads, over 340,000 IP logs, and thousands of private messages coordinating sales of network...
OneSpan Adds Nok Nok Labs for $8 M, Boosting ARR to $178 M
OneSpan announced an $8 million acquisition of Nok Nok Labs, contributing $8 million to its annual recurring revenue, now $178 million. The deal expands its authentication suite as the firm pivots from hardware tokens to subscription‑based security, a trend CIOs must weigh.
Security by Design Is the Channel’s Strongest Pitch
South Africa’s cyber‑crime costs roughly $119 million annually, and POPIA fines can reach $540,000, prompting channel partners to prioritize security. Resellers now face legal obligations to ensure client environments meet POPIA, turning compliance into a competitive differentiator. Security‑by‑design—embedding access controls, encryption,...
MoD ‘Has Long Recognised Risks’ of Fitness Apps and Will Issue Guidance Where Necessary
An investigation by the i Paper found that 519 UK military personnel inadvertently disclosed their whereabouts by posting Strava workout data, some of which mapped routes around sensitive bases. The revelations prompted a parliamentary question about the Ministry of Defence’s...
4 Cyber Habits For Deal Teams On The Move
Deal teams on the move face a heightened cyber threat landscape, with roughly 1,200 attacks on financial services daily targeting nonpublic, market‑moving information. Open Wi‑Fi in hotels, airports and rides creates a “convenience trap” that adversaries exploit through twin hotspots...
The AI Risk You Did Not Deploy, Cannot See, and Are Fully Liable For
Enterprises are grappling with a hidden wave of "shadow AI" as employees increasingly use free generative AI tools without approval. Research shows that organizations upload an average of 8.2 GB of sensitive data each month to unsanctioned applications, exposing proprietary research,...
0APT Threatens to Expose Krybit Operators, Offers Decryption to Victims
Ransomware gang 0APT has warned it will publish photos, names and locations of rival Krybit operators unless a payment is made, and it is also offering to unlock Krybit victims' data. The move pits cyber‑criminals against each other and could...
The Best Smart TV VPNs of 2026: Expert Tested and Reviewed
ZDNET’s 2026 guide ranks NordVPN, ExpressVPN, Surfshark, IPVanish and Private Internet Access as the top VPNs for smart TVs. NordVPN leads with fast speeds (704 Mbps download), a 126‑country server network and pricing from $3.09 per month. ExpressVPN offers premium performance...
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
Palo Alto Networks' Unit 42 demonstrated that autonomous AI agents can execute a full cloud‑attack chain with a single natural‑language prompt. Their proof‑of‑concept tool, named Zealot, used three specialized agents to discover misconfigurations, exploit a server‑side request forgery, and exfiltrate...
Your AI Coding Agent Isn’t a Tool. It’s a Junior Developer. Treat It Like One
The article argues that AI coding agents should be treated as junior developers rather than mere productivity tools. By onboarding, pairing, and mentoring these agents, organizations can harness their speed while avoiding rapid technical debt and security vulnerabilities. Treating them...
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
Security researchers at Forcepoint uncovered ten new indirect prompt injection (IPI) payloads that can hijack AI agents when they crawl or summarize web content. The payloads use common triggers such as “ignore previous instructions” to force agents to execute malicious...
U.S. CISA Adds a Flaw in Microsoft Defender to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Defender vulnerability CVE‑2026‑33825 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated 7.8 on the CVSS scale, enables privilege escalation and was patched in Microsoft’s April 2026 Patch Tuesday. Huntress reported...
1Password Sees AI as Both Threat and Tool
1Password, the Toronto‑based password manager, is grappling with AI as both a productivity boost and a security liability. The firm’s CTO, Nancy Wang, says AI can speed code creation and vulnerability discovery, yet it also enables sloppy app development and...
Cybersecurity Shifts to Executive Strategic Priority in AI Era
Anthropic’s Claude Mythos is reframing cybersecurity at the top level. The risk is no longer a technical issue to delegate, but a core business concern that requires executive attention. This is the wake-up call. In the AI era, cybersecurity becomes a strategic...
Is Your Node.js Project Really Secure?
Node.js projects often rely on vulnerability scanners that surface issues only after code reaches CI, leaving developers with late, ambiguous alerts. The real gap is actionable remediation—knowing which findings are direct, which are transitive, and how to fix them before...