Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Open Cybersecurity Schema Framework gains traction as de‑facto standard
The Open Cybersecurity Schema Framework (OCSF) is emerging as a de‑facto standard for describing security events, findings, and context across vendors. Since its 2022 launch, the community has grown to roughly 900 contributors after joining the Linux Foundation, and major cloud and SIEM providers now ship OCSF‑native data. Recent releases add AI‑specific telemetry, expanding its utility for security teams.
Also developing:
By the numbers: Noma Security raises $132M to scale AI agent security platform
In this episode, Daniel Lyman, VP of Threat Detection and Response at Fiserv, discusses why simply adding new security tools— even AI‑driven ones—cannot repair broken SOC processes. He explains the concept of "process gravity," showing how entrenched workflows and cultural habits undermine technology investments. Lyman shares practical steps for redesigning processes, aligning people, and measuring outcomes to ensure tools actually improve detection and response. The conversation also touches on the limits of AI in fixing systemic issues without foundational process changes.
Organizations are rapidly replacing passwords with passkey authentication to curb the 49% of security incidents tied to compromised credentials. Passkeys, built on FIDO2 and WebAuthn, satisfy AAL2/AAL3 standards and are already deployed in billions of accounts, including Google’s 800 million users....
A developer released Bluehood, an open‑source Bluetooth scanner that passively logs nearby devices and visualises their appearance patterns. The tool runs on a Raspberry Pi or laptop and can identify phones, wearables, vehicles and IoT gadgets without ever connecting. Its release...
Passwork has launched version 7.4, adding centralized restrictive settings for User vaults. Administrators can now block adding users, sending passwords, creating links, and shortcuts across all personal vaults. The controls apply automatically to existing and new vaults, tightening data‑leak defenses and...
A Citi Institute report warns that a quantum‑enabled cyberattack on a top U.S. bank could jeopardize $2‑3.3 trillion of GDP, turning quantum computing from theory into an operational emergency. The article highlights the “harvest now, decrypt later” (HNDL) threat, where adversaries...
Microsoft has launched a public‑preview Security Dashboard for AI, consolidating posture and real‑time risk signals from Microsoft Defender, Entra, and Purview into a single interface. The tool inventories AI assets—including models, agents, and third‑party applications—and surfaces AI‑related security risks in...
Detego Case Manager for DFIR launches as a purpose‑built platform that consolidates digital and physical evidence, audit trails, and chain‑of‑custody logs in a tamper‑proof environment. It offers a unified dashboard delivering real‑time visibility, customizable Kanban‑style workflows, and role‑based permissions for...
Researchers at LayerX uncovered 30 malicious Chrome extensions masquerading as AI assistants, collectively amassing over 260,000 downloads. These extensions embed attacker‑controlled iframes that capture user prompts, emails, and webpage data, then relay them to remote servers while returning plausible AI...
Resecurity, a U.S. cybersecurity firm, showcased its AI‑driven threat detection suite at AI Everything MEA Egypt 2026, an event held under President Abdel‑Fattah El‑Sisi’s patronage and organized by the Ministry of Communications and Information Technology. In partnership with Alkan CIT/Alkan Telecom, the company...
A 40‑year‑old man from Ridderkerk attempted to extort the Dutch police by demanding something in exchange for returning compromised files. Police intercepted the scheme and arrested him on Thursday evening around 7:00 PM. The arrest was reportedly triggered by a procedural...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to patch the actively exploited BeyondTrust Remote Support vulnerability (CVE‑2026‑1731) within three days. The flaw, an OS command‑injection that enables unauthenticated remote code execution, affects Remote Support 25.3.1...
Odido, the Dutch telecom formerly known as T‑Mobile, suffered a social‑engineering breach that compromised its Salesforce instance, exposing personal data of up to six million current and former customers. Attackers phished employee credentials, impersonated the IT department, and gained unauthorized...
AWS introduced new IAM condition keys that specifically target requests routed through Managed Control Plane (MCP) servers, allowing administrators to deny actions taken via that path. The feature is designed to mitigate risks posed by AI agents that programmatically call...
Security researcher Q Continuum identified 287 Chrome extensions that secretly transmit users' browsing histories, affecting an estimated 37 million installations worldwide. The extensions span categories such as VPNs, productivity utilities, and shopping add‑ons, and many request broad host permissions that enable...
Threat actors have weaponized Net Monitor for Employees, a legitimate workforce‑tracking product, as a remote access trojan and paired it with SimpleHelp RMM software to stage ransomware attacks. Huntress identified two separate incidents where the dual‑tool chain was used to...
DTEX, a leader in risk‑adaptive security, announced that cybersecurity veteran Pete Angstadt has joined its Advisory Board. Angstadt brings decades of go‑to‑market leadership, having scaled revenue at ForgeRock, Ping Identity, Securiti and Oracle’s cloud security unit. His expertise in identity‑focused...
authID (Nasdaq: AUID) unveiled an out‑of‑the‑box biometric security platform that conforms to the Personal Identity Verification (PIV) framework for energy, water, gas and other critical utilities. The solution replaces passwords and physical tokens with live‑face verification, protecting SCADA consoles, privileged...
The UK Driver and Vehicle Standards Agency (DVSA) is recruiting a chief digital and information officer with a £95,000 salary to overhaul its 18‑year‑old practical test booking platform, which has been plagued by bots and resale schemes. A National Audit...
OpenAI has added a Lockdown Mode and Elevated Risk labels to ChatGPT to mitigate prompt‑injection attacks and other security threats. Lockdown Mode restricts tool and network access, allowing admins to create dedicated roles that limit external interactions, initially for Enterprise,...
SecurityBridge has launched the AI Companion, the first AI‑powered security assistant built specifically for SAP environments. Leveraging a proprietary, continuously enriched SAP security knowledge base, the tool transforms thousands of technical findings into context‑aware, actionable recommendations delivered via natural‑language interaction....
Researchers at Moonlock Lab discovered that hackers hijacked verified Google Ads accounts belonging to a children’s charity and a Colombian retailer to promote malicious “ClickFix” links. The ads direct users searching for macOS commands to a counterfeit Claude AI page...
Google has issued emergency updates to patch CVE‑2026‑2441, a high‑severity use‑after‑free flaw in Chrome’s CSSFontFeatureValuesMap implementation. The vulnerability, confirmed to be exploited in the wild, can cause crashes, rendering issues, or data corruption. Google back‑ported the fix to stable desktop...
A decade after the Bangladesh Bank heist, the 2016 cyberattack that attempted to steal $951 million via the SWIFT network remains a benchmark for nation‑state hacking. Attackers used spear‑phishing malware to obtain valid SWIFT credentials, executing 35 fraudulent payment orders, of...
.webp?ssl=1)
LockBit has released version 5.0, a cross‑platform ransomware that encrypts Windows, Linux and VMware ESXi systems with a single code base. The new variant uses XChaCha20 and Curve25519 encryption, while the Windows build adds sophisticated anti‑forensic tricks such as ETW...
A new study of 49 Chinese smart‑home apps on Apple’s App Store reveals systematic gaps in by‑stander privacy and frequent mismatches between privacy policies, user‑interface controls, and App Store privacy labels. All apps require real‑name phone registration and collect a...
Reminder about Privacy: Privacy can mean a lot of things. Think about how you achieve privacy for different things in your daily life: An envelope gives you privacy for your mail. A window curtain provides privacy to your home. A lock screen maintains the...
My son showed me one of the overflow vulnerabilities found in FFmpeg by Google/Deepmind’s security AI agents. I was thinking about how hard these things are to find, and at least this one didn’t seem deep — just required enormous...
A new study of 288,604 GitHub Security Advisories from 2019‑2025 shows that only about 8% (23,563) complete GitHub’s formal review process. Advisories created directly in repositories are reviewed far faster—median under one day—than those imported from the National Vulnerability Database,...
In a Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains CISA’s Known Exploited Vulnerabilities (KEV) Catalog and clears up common misconceptions. He notes that KEV entries vary in urgency, with some requiring local access and...
Between June and December 2025, the state‑sponsored Lotus Blossom group compromised the shared hosting provider that delivered Notepad++ updates, turning the popular text editor into a covert espionage conduit. By exploiting weaknesses in the older WinGUp updater, attackers redirected update...
MOS is an open‑source, modular operating system built on Devuan that targets homelab enthusiasts and small‑scale server operators. It unifies server monitoring, storage pooling, container orchestration, and virtualization behind a browser‑based dashboard and a REST/WebSocket API. The platform leverages mergerfs...
Canada Goose disclosed that a 1.67 GB dataset containing over 600,000 customer records was posted by the ShinyHunters extortion group. The leak includes personal identifiers, shipping details, IP addresses and partial payment‑card information, but the company says it found no evidence...
The episode explains firewall penetration testing, detailing its purpose of validating filtering rules and boundary controls to prevent unwanted traffic. It walks through a 14‑step methodology—from discovery and port scanning to firewalking, NAT testing, and rule‑base analysis—highlighting the tools (Nmap,...
Executive interest in AI has flooded the cyber‑security market, prompting CISOs to evaluate a surge of AI‑enhanced tools. While some solutions genuinely reduce analyst workload and improve detection, many are marketing‑driven add‑ons lacking proven risk reduction. Experts warn that AI...
Brennan’s latest analysis warns that expanding multi‑cloud footprints and rapid AI trials will heighten operational risk in 2026. Seventy‑five percent of surveyed organisations say their attack surface has grown, prompting a move away from pure public‑cloud strategies toward hybrid, repatriated...
The episode examines the trust gap in Model Context Protocol (MCP) deployments, where AI models invoke remote tools without verifiable proof of correct execution. It introduces zero‑knowledge proofs (ZKPs), especially Sigma‑Protocols and non‑interactive variants like SNARKs, as a way for...
Citi warns that quantum computers could break public‑key encryption within the next decade, estimating a 19‑34% probability of a widespread breach by 2034 and 60‑82% by 2044. A successful quantum attack on a major U.S. bank could generate $2‑3.3 trillion in...
Microsoft has released Windows 11 update KB5077181, fully fixing the UNMOUNTABLE_BOOT_VOLUME boot failure that struck some enterprise machines after recent security patches. The bug, linked to a failed December 2025 update and exacerbated by the January 13, 2026 KB5074109 rollout, affected devices running 25H2...
The episode explores how companies are evaluating the integration of Non‑Human Identities (NHIs) into their compliance frameworks, highlighting the benefits of reduced risk, improved regulatory adherence, and operational efficiency. It outlines best‑practice steps such as discovery, automated secret rotation, behavioral...
The episode explores how Non‑Human Identities (NHIs)—machine credentials like tokens and keys—are reshaping cybersecurity in healthcare, especially as cloud adoption and Agentic AI expand. It outlines a lifecycle‑focused NHI management strategy that includes discovery, classification, continuous threat monitoring, and context‑aware...
The episode explores how Non‑Human Identities (NHIs), or machine identities, are essential for securing protected data exchanges in financial services. It explains the lifecycle of NHIs—from discovery and classification to secret rotation and decommissioning—and why holistic management platforms outperform point...
The episode explores how Non‑Human Identities (NHIs)—machine credentials and permissions—are essential to securing sensitive data, especially in cloud environments. It outlines a full lifecycle approach to NHI management, from discovery and classification to real‑time monitoring, automated secret rotation, and threat...
Dutch Defence Secretary Gijs Tuinman told Dutch radio that the F‑35’s software could potentially be “jailbroken,” hinting at a future where the Netherlands might operate the jet without U.S. approval. He stopped short of confirming any concrete plan, noting the...
My hack job of testing distance and range of BLE devices. Light enough to get lift with the drone still with an amplifier, high gain antenna, gps - and a mini computer. It’s all I had sitting around the shelves...
Hospitality cyber risk escalates in 2026 as AI-driven phishing, ransomware‑as‑a‑service, and deepfake fraud target increasingly connected hotel environments. Regulatory pressure intensifies with the EU’s NIS2 directive and Cyber Resilience Act, forcing global compliance and tighter insurance terms. Smart‑room IoT devices...
Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement...
If someone tells me on The Post-Quantum World that the government cracked RSA 2048, I will certainly have a followup question.
CTM360 uncovered an active campaign that hijacks more than 4,000 Google Groups and 3,500 Google‑hosted URLs to distribute credential‑stealing malware. The threat actors deliver Lumma Info‑Stealer to Windows devices and a trojanized “Ninja Browser” to Linux systems, embedding organization‑specific keywords to boost...
Math is the ultimate equalizer. It doesn’t bend based on who uses it. It doesn’t care who you are or how loud you shout. ZK-STARKs use math to verify integrity. They work the same whether operated by Darth Vader or Luke Skywalker.
Global Navigation Satellite System (GNSS) outages are emerging as a systemic risk for modern infrastructure, affecting both positioning and, critically, precise timing. Interference such as jamming and spoofing can disrupt multiple constellations simultaneously, while system‑level faults can degrade services worldwide....
