Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
French Police Arrest Suspected Hacker Behind Dozens of Data Breaches
French police arrested a 20‑year‑old hacker known online as HexDex, suspected of orchestrating roughly 100 website breaches across public institutions, sports federations and private firms since late 2025. The suspect was detained in western France, and investigators seized his Darkforum account and computer equipment for forensic analysis. Among the most damaging incidents was the compromise of the Ministry of National Education’s Compas database, exposing personal details of about 243,000 teachers. Authorities also linked the hacker to breaches of a weapons‑information system and several high‑profile private entities.
Digital Forensics Round-Up, April 22 2026
The Digital Forensics Round‑Up highlights a surge of tool upgrades—including ALEAPP 3.4.1, iLEAPP 2.3.1, Arsenic 3.0 and UAC 3.3.0—adding mobile parsers, iOS backup navigation, and Unix artifacts. Emil Opachevsky of Cyincore urges auditable AI in DFIR, stressing tamper‑evident logs and human oversight. Research reveals...
Claude Mythos Security Breach: Salesforce Architects Warned of Critical Danger
Anthropic confirmed that a small group of unauthorized users accessed its Claude Mythos preview model through a third‑party vendor environment, as reported by Bloomberg and supported by screenshots. The users appear to be experimenting rather than launching attacks, but the...
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors From Cyber-Attacks
The UK National Cyber Security Centre (NCSC) launched SilentGlass, a plug‑and‑play device that filters HDMI and DisplayPort signals to block malicious traffic. Unveiled at CYBERUK 26, the hardware is now manufactured by Goldilock Labs with Sony UK and sold globally after...
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
North Korean APT group Void Dokkaebi has upgraded its long‑running “Contagious Interview” scam into a self‑propagating supply‑chain worm. By luring developers with fake job‑interview repositories, the attackers embed malicious Visual Studio Code tasks that execute when the project is opened, stealing crypto...
Phishing — Sometimes with AI’s Help — Topped Initial-Access Methods in Q1, Cisco Says
Cisco’s Talos team reported that phishing reclaimed its position as the leading initial‑access technique in Q1 2026, driven by AI‑enhanced campaigns. Hackers leveraged the Softr AI platform to generate credential‑harvesting sites that mimic Outlook Web Access without writing code, even automating...
Frontier AI Models Risk Degrading, Exposing Enterprises to Breaches
Article I'm quoted in on Forbes on the recent Claude model degrading. Note, I am not anti-Anthropic in anyway. I loved Opus 4.6 when it first came out. I almost bought a I <3 Claude t-shirt (kinda joking there). My...
Full Access to Vulnerable Tool, Not AI, Caused Vercel Breach
Vercel April 2026 security incident | Vercel Knowledge Base ~ The problem here was not “AI” but giving complete access to a tool that had a vulnerability. 🤖🔒 https://t.co/WkOPF7pzkU
Acronis Wants MSPs to Turn AI Governance Into a Service
Acronis introduced GenAI Protection, a service‑oriented solution that lets managed service providers (MSPs) monitor how customers use generative AI, scan prompts for sensitive data, and block abusive requests. The offering can be sold as a standalone product or bundled within...
Electricity Is a Growing Area of Cyber Risk
Cybersecurity experts warn that DC power regulators, once simple hardware, are now programmable and firmware‑driven, turning them into a new attack surface. Recent CVEs from vendors such as STMicroelectronics show dozens of vulnerabilities that can be exploited to cause denial‑of‑service...
BlueLeaks 2.0: 7,300+ Schools, Referral Systems Reported, and a Breach Navigate360 Still Hasn’t Publicly Confirmed
A hacktivist group called Internet Yiff Machine (IYM) obtained over 93 GB of data containing 8.3 million anonymous tips submitted to Crime Stoppers and school‑reporting platforms owned by P3 Global Intel, now part of Navigate360. The tips, some dating back to 1987,...
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
The UK government announced a £90 m ($120 m) injection to strengthen national cyber resilience, focusing on small and medium‑sized enterprises (SMEs). The funding will support wider adoption of the Cyber Essentials standard, which saw a 20% uptake increase last year and...
UK Government Says 100 Countries Have Spyware that Can Hack People’s Phones
The UK National Cyber Security Centre disclosed that 100 countries now have access to commercial spyware, up from 80 last year, lowering the barrier for state‑backed surveillance. Tools such as NSO Group’s Pegasus and Paragon’s Graphite can infiltrate phones and...
Microsoft Out-of-Band Updates Fixed Critical ASP.NET Core Privilege Escalation Flaw
Microsoft released out‑of‑band updates to fix a critical ASP.NET Core vulnerability (CVE‑2026‑40372) with a CVSS score of 9.1. The flaw, present in versions 10.0.0‑10.0.6, allowed attackers to forge data‑protection tokens and elevate privileges to SYSTEM level on non‑Windows hosts. The...
The New Leadership Playbook: What Public Sector CISOs Need Now
Public sector CISOs are confronting a new threat landscape where AI‑driven attacks and looming quantum decryption outpace traditional, manual defenses. The article urges a shift from point‑product reliance to integrated, AI‑enabled cyber platforms that can act at machine speed. It...
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
China‑linked threat group Mustang Panda has broadened its espionage campaign to hit India’s banking sector and South Korean political circles. In March 2026 the actors delivered a malicious CHM file that installed the updated LOTUSLITE v1.1 backdoor on HDFC Bank workstations, while a...
Infisical Launches Agent Vault, Letting Engineering Teams Ship AI Agents to Production Without Exposing Credentials
Infisical unveiled Agent Vault, an open‑source credential‑security layer that lets AI agents operate in production without ever seeing API keys or other secrets. The forward‑proxy solution intercepts TLS traffic, injects credentials at the network edge, and works on‑prem, in Kubernetes,...
IoT Security: Threats, Best Practices and Secure-by-Design Strategies
The IoT Business News article outlines how securing connected devices has shifted from a niche concern to a core business requirement as deployments move from pilots to critical infrastructure. It explains that the distributed, resource‑constrained nature of IoT expands the...
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
The head of the UK National Cyber Security Centre warned that state‑backed cyberattacks will rise, with China, Iran and Russia responsible for most high‑impact incidents. The NCSC handles about four nationally significant incidents weekly, while ransomware remains the most common...
Boost.ai Achieves SOC 2 Type II Certification for Enterprise Grade Conversational AI Platform
Boost.ai announced it has passed a SOC 2 Type II audit with zero exceptions, confirming that its conversational AI platform meets stringent data‑security standards. The certification joins its existing ISO 27001, ISO 27701 and ISAE 3402 credentials, creating a unified...
China’s Cyber Capabilities Now Equal to the US, Warns Dutch Intelligence
Dutch Defence Intelligence (MIVD) reports China has reached parity with the United States in offensive cyber capabilities, noting that most Chinese operations against Dutch interests remain undetected. The assessment links the leap to the PLA’s 2024 restructuring into a standalone...
OpenClaw AI Agents Expose Over 28,000 Enterprise Systems to Remote Takeover
SecurityScorecard researchers identified 28,663 unique IP addresses running OpenClaw AI agents that are directly reachable from the internet. About 63% of those deployments are vulnerable to remote code execution, and public exploits for three high‑severity CVEs are already available, putting...
Cloudflare Unveils Multi‑Cloud Platform Architecture to Strengthen Enterprise DevOps Security
Cloudflare announced a reference architecture for its Multi‑Cloud Platform (MCP), giving enterprises a blueprint to scale secure, governed cloud‑native networks. The design emphasizes centralized governance, remote server infrastructure, and cost controls, addressing the security and compliance pressures facing modern DevOps...
Farmers & Merchants Bancorp Names Shalini Singhal as Chief Information and Technology Officer
Farmers & Merchants Bancorp has appointed Shalini Singhal as its Chief Information and Technology Officer. The move reflects a growing trend among regional banks to merge information and technology leadership under a single executive, aiming to accelerate digital transformation and...
Vercel Hit by OAuth Attack Exposing Customer Secrets, Echoing Past Platform Breaches
Vercel disclosed an OAuth‑based intrusion that allowed attackers to harvest environment variables and customer secrets from its platform. The incident mirrors earlier compromises at Codecov, CircleCI, Snowflake and Okta, underscoring a recurring vulnerability in cloud‑development and CI/CD services.
Exabeam Extends Agent Behavior Analytics to Google Cloud’s Agent Ecosystem
Exabeam announced that its Agent Behavior Analytics (ABA) now supports agents built with Google Cloud’s Agent Development Kit and integrates with Google Agent Gateway. The extension covers custom agents, Gemini Enterprise, and multi‑agent workflows, providing unified visibility, behavior baselining, and...
North Korean Lazarus Group Linked to $290 Million DeFi Heist on KelpDAO
KelpDAO, a decentralized finance platform, confirmed a breach on April 18 that drained roughly $290 million. LayerZero, the underlying interoperability protocol, said evidence points to North Korea’s Lazarus Group. The hack helped wipe $13 billion from DeFi’s total value locked in the...
Surge in Silent Subject Phishing Attacks Targets VIP Users
Cyberproof reported a sharp rise in silent‑subject phishing campaigns that omit email subject lines to slip past traditional filters. The attacks, which increased 13.9% in January‑February and another 7% in March 2026, target high‑value executives and use malicious links, QR...
New Npm Supply-Chain Attack Self-Spreads to Steal Auth Tokens
Security researchers at Socket and StepSecurity uncovered a new supply‑chain worm targeting npm packages published from compromised accounts. The malware harvests npm publish tokens, API keys, SSH credentials, and even browser‑stored crypto wallets, then injects malicious code into every package...
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
The UK’s National Cyber Security Centre (NCSC) warned that hostile states—Russia, Iran and China—now drive the most serious cyberattacks against Britain. NCSC chief Richard Horne said the agency dealt with around four nationally significant incidents each week, handling over 200...
Iran Network Backdoors Claim Hits Cisco, Juniper, Fortinet
Iran’s Ministry of ICT alleges that hidden U.S. access mechanisms caused Cisco, Juniper, Fortinet and MikroTik equipment to reboot and go offline during strikes on Isfahan Province. Tehran has not released forensic evidence, and ordinary power or hardware issues could...
Contrast Security Announces Runtime ADR Integration with Google Security Operations
Contrast Security unveiled an integration that feeds its Application Detection and Response (ADR) runtime telemetry directly into Google Security Operations. The link maps verified code‑execution data—such as affected apps, execution paths, and stack traces—into Google’s Unified Data Model, automatically generating...
Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit
Bluesky, the decentralized alternative to Twitter/X with about 43.7 million users, experienced a multi‑day outage after its API was flooded by a DDoS attack on April 15‑20, 2026. The attack was claimed by the Iran‑linked hacker group known as the 313 Team,...
Commvault Brings Its Full Suite of Data Backup and Resilience Capabilities to Google Cloud
Commvault announced at Google Cloud Next 2026 that its full Commvault Cloud platform is now available on Google Cloud, including SaaS rapid‑recovery via its Clumio subsidiary. The integration spans Compute Engine, Kubernetes Engine, BigQuery, Cloud SQL and Google Workspace, adding...
New Defense Department Cyber Strategy Imminent, Official Says
The U.S. Department of Defense is drafting a new cyber strategy that will align with the Trump administration’s aggressive digital‑adversary stance, aiming for completion this summer after the White House’s National Cyber Strategy rollout. Assistant Secretary Katie Sutton outlined three...
Router Security Hardening Steps for 2026: From Default Credential Audits to Automated Firmware Risk Monitoring
Network edge devices, especially routers, have overtaken PCs as the primary cyber‑attack vector, a trend accelerated by hybrid work in the Netherlands. Threat actors exploit default credentials, unpatched firmware, and exposed management interfaces, making routers the weakest link in many...
Unauthorized Users Reportedly Gain Access to Anthropic’s Mythos AI Model
Anthropic’s Claude Mythos, a frontier AI model for vulnerability detection, was accessed by an unauthorized Discord‑based group on the day it was announced. The group guessed the model’s online location and exploited a third‑party vendor’s integration to gain unrestricted access. Anthropic...
Worth Reading 042226
A late‑2024 federal cybersecurity review labeled Microsoft’s flagship Azure cloud offering as insecure, sparking concerns for government and enterprise users. Meanwhile, research highlights the rise of neuro‑symbolic AI, which blends neural networks with symbolic reasoning, and the Linux 7.0 kernel...
CrowdStrike Brings Real-Time Cloud Detection and Response to Google Cloud
CrowdStrike announced that its Falcon Cloud Security platform now offers real‑time Cloud Detection and Response (CDR) on Google Cloud Platform, joining AWS and Azure. The new service replaces batch‑processed tools with an event‑streaming engine that can spot attacks in seconds...
Rubrik Rolls Out Cloud SQL Cyber Resilience and Gemini Agent Governance at Google Cloud Next
Rubrik announced two new integrations at Google Cloud Next, extending its Rubrik Security Cloud to protect managed PostgreSQL databases on Google Cloud SQL and adding a governance layer for AI agents on Google’s Gemini Enterprise Agent Platform. The Cloud SQL...
Kelp DAO Hack Highlights Crypto Risks, Stalls Wall Street Tokenization
UPDATE: Jefferies says the Kelp DAO exploit exposed major crypto infrastructure risks and could slow Wall Street’s blockchain and tokenization plans as firms reassess security Source: Coindesk https://t.co/c83AN6cwbW
Google’s Gemini Can Now Run on a Single Air-Gapped Server — and Vanish when You Pull the Plug
Cirrascale Cloud Services has deepened its partnership with Google Cloud to ship the Gemini model on‑premises via Google Distributed Cloud. The solution bundles a Dell‑certified appliance equipped with eight Nvidia GPUs and confidential‑computing safeguards, allowing a fully private, air‑gapped deployment....
5 Big Google Cloud Security And Wiz Announcements At Next 2026
Google Cloud announced three AI‑powered security agents—Threat Hunting, Detection Engineering, and Third‑Party Context—now in preview, alongside a speed‑boosted Triage and Investigation agent that cuts manual analysis from 30 minutes to one minute. The company also expanded the Wiz platform, acquired...
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
A Mirai botnet is exploiting CVE‑2025‑29635, a command‑injection flaw in discontinued D‑Link DIR‑823X routers. The vulnerability resides in firmware versions 240126 and 24082, which no longer receive patches because the products were retired last year. Akamai observed attackers using a...
Why Your Password May Not Be Good Enough No Matter How Long and Complex It Is
World Password Day highlights that even long, complex passwords can be compromised when reused across services. Brett Russell explains that breaches expose passwords, turning a single weak point into a cascade of compromised accounts. He urges users to check their...
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) statements were mandated in 2021 to give organizations visibility into component inventories and exploitability. Five years later, supply‑chain attacks such as the March 2026 Trivy and Axios incidents have intensified,...
Claude Mythos Finds 271 Firefox Vulnerabilities
Anthropic's Claude Mythos AI model uncovered 271 vulnerabilities in Mozilla Firefox, prompting the release of Firefox version 150 which patched over 40 CVEs, including three directly credited to the AI. While most findings were low‑severity issues not assigned CVEs, the...
Vodafone Rolls Out Google-Powered Security and AI Tools for SMEs
Vodafone Business has introduced two new services for small‑and‑medium enterprises – a managed detection and response (MDR) security suite and an AI‑driven virtual front‑desk called AI Concierge – both built on Google Cloud technologies under its 10‑year, $1 billion partnership. The...
What Can Organizations Do to Address BYOD Privacy Concerns?
Organizations can reap BYOD benefits while protecting privacy by adopting enrollment models that separate work and personal data. Modern options such as Apple User Enrollment and Android work profiles let IT manage only corporate apps, compliance status, and basic device...
Vodafone Business, Google Cloud Target Enterprise AI
Vodafone Business announced a $1 billion partnership with Google Cloud to bring advanced cybersecurity and generative AI services to small‑business customers. The first offering is a managed detection and response (MDR) service powered by Google Security Operations, debuting in Germany. Simultaneously,...