Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Hong Kong Hospital Authority breach exposes data of 56,000 patients
The Hospital Authority in Hong Kong confirmed a breach that accessed personal and medical records of over 56,000 patients across Kowloon East hospitals. Exposed data included names, identification numbers, contact details and health information. The privacy watchdog and police have launched a joint investigation.
Also developing:
By the numbers: Noma Security raises $132M to scale AI agent security platform
Pathology labs are accelerating digital transformation, but integrating laboratory information systems (LIS) with imaging management systems (IMS) remains a hurdle. Cybersecurity and image management top the agenda as AI-driven diagnostics expand. Cloud‑based LIS‑IMS solutions promise stronger security controls and scalable storage, yet onboarding new vendors and instruments triggers strict compliance checks. Stakeholders convened to map practical pathways for seamless, secure integration across heterogeneous platforms.
Security, IT and engineering teams face pressure to accelerate outcomes while extracting AI value, yet 88% of AI proofs‑of‑concept never reach production despite 70% of workers seeking time‑saving automation. The Hacker News article outlines three pre‑built intelligent‑workflow use cases—automated phishing response,...
ClickFix is weaponizing a fake Homebrew installation workflow to deliver Cuckoo Stealer, a macOS credential‑stealing RAT. The campaign uses typosquatted domains such as homabrews.org that mimic brew.sh and inject a malicious curl | bash command into the clipboard, prompting developers to run it....
The article argues that traditional security dashboards hide the true predictors of a breach, emphasizing metrics that expose process debt, access sprawl, and human behavior. It highlights four high‑impact signals: credential reuse and identity drift, stale access paths, alert‑fatigue ratios,...
Enterprise networks face unprecedented strain as AI workloads surge, generating unpredictable, high‑volume traffic across regions. A recent Broadcom study shows only 49% of organizations believe their networks can meet AI’s bandwidth and latency demands, despite 99% adopting cloud strategies. Retrieval‑augmented...
Generative AI’s rapid consumer adoption has exposed enterprises to data leakage risks, prompting security teams to reassess protection strategies. Traditional DLP solutions are expensive and cumbersome, limiting their use to large organizations. Two viable paths emerge: purchasing enterprise‑grade GenAI licenses...
IntelliGenesis launched CYBERSPAN, an AI‑driven network detection and response solution tailored for managed security service providers. The platform offers a multi‑tenant, agentless architecture that can be deployed on‑premises or in the cloud, integrating with existing SIEM, SOAR and ticketing tools...
Actionstep, a cloud‑based practice‑management platform used by nearly 5,000 law firms, announced completion of its SOC 2 Type 2 examination conducted by Prescient Assurance. The audit evaluated both the design and operating effectiveness of the company’s security controls over a defined period, providing...
🔥🔥🔥 This hits on something that has bothered me for most of my career... Much of what orgs do to "assess risk" is largely performative, and has very little do with actual risk. Impact is what matters. Your AI Pentester Found...
SANS Institute and cybersecurity firm siberX have launched NOW // AI, an immersive simulation program built on the SANS AI Blueprint. The curriculum targets executives and security teams, focusing on three pillars—Protect AI, Utilize AI, and Govern AI—to tighten risk...
Researchers at LevelBlue identified a new SysUpdate variant targeting Linux systems, packaged as a packed ELF64 binary that mimics a system service. The malware employs a custom, multi‑layered symmetric cipher to encrypt its command‑and‑control traffic across several protocols. By emulating...
Lasso Security unveiled Intent Deputy, a runtime behavioral‑intent framework that secures autonomous AI agents by interpreting their decision flow and operational context. The solution claims 99.83% threat detection at sub‑50 ms latency and a 570‑fold cost advantage over cloud‑native guardrails. By...
Suped is a cloud‑based DMARC monitoring platform aimed at small to mid‑size businesses, offering a visual dashboard, guided DNS setup, and an AI Copilot that translates technical errors into plain‑language tasks. Users can onboard in minutes and see initial data...
With the TIA Portal and platforms like WinCC Unified, Siemens Industry is clearly strengthening its security capabilities. ✔️ Encrypted communication ✔️ Certificate-based authentication ✔️ Hardened PLCs, HMIs and drives Technically strong. No doubt. But let’s be honest: Where is the...
PANW strong q/good initial guide with CyberArk. The need for AI-native, integrated security platforms rather than fragmented point solutions is further increasing demand for PANW platform. AI increasing PANW’s value proposition-not displacing it. $225 PT..very well positioned🏆
KnowBe4 released a white paper highlighting the U.S. public sector’s exposure to escalating cyber threats, with ransomware affecting an estimated 43 % of local governments by 2025. The report identifies four core challenges: relentless attacks, chronic staffing shortages, mounting compliance pressures,...
Microsoft Defender now includes a Library Management feature that lets security operations centers (SOCs) organize, preview, and control the scripts and tools used in live response. Analysts can upload PowerShell, batch, and other response files ahead of investigations, making them...
AWS introduced Agent Plugins, a framework that equips AI coding assistants with native AWS capabilities. The initial "deploy‑to‑AWS" plugin lets developers issue natural‑language prompts to generate architecture recommendations, cost estimates, and infrastructure‑as‑code templates. It currently integrates with Claude Code and...
AI‑assisted coding is set to dominate enterprise development, with Gartner projecting 90% of engineers using AI assistants by 2028. As AI automates line‑level vulnerability detection, security teams face a surge in code volume and reduced review windows. This forces a...
Cyber adversaries are moving beyond classic espionage to disrupt the defense industrial base (DIB), aiming to cripple production capacity and supply chains. Attackers now target everything from large primes to niche startups, especially firms with dual‑use technologies, using ransomware and...
A coordinated phishing campaign is exploiting Booking.com’s partner platform to steal hotel staff credentials and then target guests with payment‑stealing lures. The operation uses a three‑stage chain: email phishing to hotel inboxes, a bespoke partner login kit to harvest credentials,...
Enterprise security teams now rely on open source for core infrastructure, development pipelines, and production applications, yet patching cycles remain sluggish. TuxCare’s 2026 Open Source Landscape Report shows that 60% of recent incidents involved known vulnerabilities that were not patched...
In this episode, Patrick Gray, Adam Boileau, and James Wilson dissect a week of cybersecurity headlines, from Palo Alto Networks’ decision to avoid publicly attributing a Chinese‑linked hacking campaign to geopolitical concerns, to the rise of data‑only extortion as ransomware...
SlowMist has uncovered a wave of supply‑chain attacks targeting ClawHub, the official plugin repository for the OpenClaw AI agent framework. Over 340 malicious plugins were identified among roughly 3,000 listings, many embedding Base64‑encoded commands in the SKILL.md documentation that download...
The U.S. Coast Guard’s Cybersecurity in the Marine Transportation System rule took effect in July 2025, imposing mandatory cybersecurity and incident‑response plans for U.S.-flagged vessels, OCS facilities and MTSA‑covered sites. Owners must appoint a Cybersecurity Officer, enforce account lockouts, maintain...
The UK Department for Business and Trade has signed a 10‑week, £300,000 contract with Deloitte to explore a unified digital business ID that would provide a single login and a cross‑government business entity directory. The discovery phase will assess existing...
The Government Digital Service’s Vulnerability Monitoring Service (VMS), launched in summer 2024, now has over 700 public‑sector organisations signed up and is detecting more than 100 critical vulnerabilities each month. Offered free through the National Cyber Security Centre, the service...
Singapore’s Cyber Security Agency and the nation’s four major telcos (M1, Simba Telecom, Singtel, StarHub) launched the "Cyber Guardian" operation, expelling the China‑linked threat actor UNC3886 after an 11‑month campaign. The attackers breached critical network segments but did not steal...
The Electronic Frontier Foundation (EFF) has sent a letter to Wisconsin’s entire legislature urging a vote against S.B. 130 and A.B. 105, bills that would ban VPN use and impose invasive age‑verification on certain websites. The measures have cleared the...
Fortanix, NTT DATA and NVIDIA have launched a joint service that lets Indian enterprises run AI Factories within hardware‑based secure enclaves. The offering combines Fortanix’s Confidential Computing platform, NVIDIA’s secure GPUs and NTT DATA’s full‑lifecycle managed services to protect data and models...
Smart contract auditing is a critical pre‑deployment step that safeguards blockchain applications by uncovering coding errors and security vulnerabilities. The process follows a structured workflow—from specification gathering and automated scanning to manual line‑by‑line analysis, functional testing, and iterative remediation—culminating in...
Amnesty International reported that a government client of sanctioned spyware firm Intellexa used its Predator tool to compromise the iPhone of Angolan journalist Teixeira Cândido in 2024. The intrusion was delivered through a malicious WhatsApp link, exploiting an outdated iOS...
Red Hat has rebranded its Insights service as Red Hat Lightspeed, keeping core advisor, vulnerability and compliance capabilities while emphasizing AI‑driven speed. New Image Builder integrations now auto‑register RHEL images to Red Hat Satellite and Ansible Automation Platform, and allow compliance profiles...
Hong Kong released its Cybersecurity Outlook 2026, revealing that nearly 30% of local firms lack dedicated security staff and only 26% of SMEs have such roles compared with 59% of large enterprises. To address the talent gap, the government, HKPC...
Waymo disclosed that a single remote‑assist operator supports roughly 40 autonomous vehicles, a ratio that underscores its reliance on human fallback. The company confirmed that many of these operators are based overseas, a fact previously hinted at but not widely...
Texas Attorney General Ken Paxton sued TP‑Link Systems Inc., alleging the Wi‑Fi maker deceived consumers by marketing its routers as "Made in Vietnam" while sourcing most components in China. The complaint cites longstanding firmware vulnerabilities that Chinese state‑backed hackers have...
CompTIA unveiled SecAI+, its first Expansion Series certification, aimed at securing AI systems and leveraging AI tools within cybersecurity operations. The credential builds on foundational certifications such as Security+, CySA+ and PenTest+, requiring three to four years of IT experience...
In a recent Palo Alto Networks webcast, experts highlighted that modern attackers compress breach timelines to under an hour, overwhelming traditional SOC processes. They argued that XDR platforms like Cortex XDR solve the data‑silo problem by unifying telemetry across endpoints,...
Security researchers at Ox Security uncovered critical and high‑severity vulnerabilities in four widely used Visual Studio Code extensions, collectively downloaded over 128 million times. The flaws—affecting Code Runner, Markdown Preview Enhanced, Live Server, and Microsoft Live Preview—allow attackers to execute remote...
A log‑poisoning flaw was discovered in OpenClaw’s gateway server, affecting versions up to 2026.2.12. The vulnerability arises from unsanitized WebSocket headers—such as Origin and User‑Agent—being written directly to structured logs when a handshake is aborted. An unauthenticated attacker could inject...
Palo Alto Networks’ 2026 Global Incident Response Report shows cyber‑attack timelines have collapsed, with the fastest breaches moving from initial access to data exfiltration in just 72 minutes, down from nearly five hours in 2024. The acceleration is largely driven...
A new vulnerability, CVE‑2026‑25903, affects Apache NiFi versions 1.1.0 through 2.7.2 and was patched in 2.8.0. The flaw allows users with limited privileges to modify the configuration of already‑deployed restricted components, bypassing the platform’s authorization checks. While it does not...
HashiCorp announced that HCP Packer now offers SBOM vulnerability scanning in public beta, while its package‑visibility feature has moved to general availability. The new scanning capability cross‑references each artifact’s software bill of materials against the MITRE CVE database and flags...
Quesma unveiled BinaryAudit, an independent benchmark that measures how well artificial‑intelligence models can spot hidden threats in software binaries. The tool aims to shift binary analysis from a reactive, post‑breach activity to a proactive safeguard applied before deployment, during updates,...
As more companies “assume breach,” I am seeing a shift from prevention to recovery. Boards are starting to ask different questions.
Apparently, the hackers stole “a limited number of files”. Humour me here, but when does a breach ever *not* affect a limited number of files? I mean, when was the last breach you can remember that impacted an *unlimited* number...
AI has become the baseline for security vendors in 2026, with advanced generative AI and agentic features now considered essential rather than differentiators. Leaders like MicroAge note that clients increasingly expect AI‑enhanced upgrades across their security stacks. As large language...
We partnered with @socketsecurity, @snyksec, and @gendigitalinc to continuously audit https://t.co/NfXI7skfWe for security vulnerabilities. There are now 62,000+ skills in the open ecosystem https://t.co/rtwkKCBeBz
Aware announced that its biometric platform has earned independent validation for presentation‑attack detection (PAD) at ISO/IEC 30107‑3 Levels 1‑3, completed bias testing under ISO/IEC 19795‑10, and participated in the U.S. Department of Homeland Security’s 2025 Remote Identity Validation Rally. The company ties these...
WSO2 has partnered with IIIT‑Bangalore and the MOSIP project to overhaul eSignet, the open‑source authentication layer used in national digital ID systems. The effort focuses on boosting scalability, OpenID Connect‑style flows, and offline QR support for low‑connectivity environments. By integrating...
