Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
CoSN 2026: Why Human Error Remains Greatest Threat to FERPA
At the 2026 CoSN conference, data‑security adviser Mike Tassey warned that simple human mistakes—like a teacher accidentally using CC instead of BCC—remain the biggest threat to FERPA compliance. He illustrated the point with multiple real‑world incidents, from mis‑directed emails exposing special‑education status to vendors leaving cloud storage unsecured. While schools are investing in sophisticated cyber defenses, the session emphasized that privacy breaches often stem from everyday workflow errors and misunderstandings about data ownership. Tassey called for a cultural shift that treats student‑data protection as a core mission, not a paperwork exercise.
Belgium’s NIS2 Audit Window Opens April 18, 2026. The Rest of the EU Is Right Behind.
Belgium becomes the first EU member to enforce a hard NIS2 conformity‑assessment deadline on April 18 2026, marking the start of active enforcement across the bloc. The directive obliges essential‑service entities to meet strict incident‑reporting windows (24‑hour early warning, 72‑hour notice, 1‑month...
Singapore: Collective Cyber Defence in an AI-Driven Threat Era
Senior Minister Tan Kiat How highlighted Singapore’s digital transformation milestone at STACKx 2026, noting that 99% of government transactions now occur online. Platforms such as Singpass and LifeSG handle tens of millions of monthly interactions, but the expanding digital footprint...
Critical Sandbox Bypass Fixed in Popular Thymeleaf Java Template Engine
Thymeleaf, the default template engine for Java Spring applications, patched a critical Server‑Side Template Injection flaw (CVE‑2026‑40478) rated 9.1 on the CVSS scale. The vulnerability let unauthenticated attackers bypass the engine’s sandbox by using whitespace characters, enabling arbitrary expression execution....
World ID Expands Its ‘Proof of Human’ Vision for the AI Era
World ID, the biometric “proof of human” platform co‑founded by Sam Altman, unveiled version 4.0 at its Lift Off event. The upgrade adds key rotation, multi‑party entropy and a selfie‑based verification option, while expanding into business tools, agent delegation, and...
ShinyHunters Alleges Kemper Corporation Hack, Exposes over 13M Records
Kemper Corporation disclosed that the ShinyHunters hacking group claimed to have exfiltrated more than 29 GB of data from its Salesforce environment, leaking over 13 million records. The stolen files span SharePoint corporate documents, Azure-stored employee PII, Salesforce employee data, and Stripe...
Claude Mythos Preview Shows How AI Collapses the Distance Between Discovery and Exploitation in Financial Systems
U.S. Treasury and Federal Reserve leaders convened top bank CEOs to discuss the Claude Mythos Preview, an Anthropic AI model that can rapidly discover and map software vulnerabilities across financial systems. The model’s ability to compress the gap between flaw...
GitHub User Attachments Abused to Spread Novel Infostealer
Cyderes researchers uncovered a new malware campaign that abuses GitHub user‑attachment links to deliver ZIP archives containing a custom loader called Direct‑Sys and the CGrabber infostealer. The loader sideloads a Microsoft‑signed DLL, performs three anti‑sandbox checks, and uses direct syscalls...
‘The Face Thing Is Probably Going to Break’ — Sam Altman-Backed Firm Warns AI Will Soon Outgrow Facial Recognition, but...
Tools for Humanity, backed by Sam Altman, warns that AI‑generated faces will soon render traditional facial‑recognition unreliable. Its World ID system, anchored by the Orb device, has received a protocol upgrade that enables broader human‑verification use cases. The company is piloting...
Grinex Crypto Exchange Halts Operations After $13.7 Million Hack
Kyrgyzstan‑based crypto exchange Grinex suspended operations after a $13.7 million hack that primarily affected Russian users trading crypto‑ruble pairs. The theft was executed via TRON and Ethereum addresses and laundered through the SunSwap decentralized exchange. Grinex, which succeeded the U.S.–sanctioned Russian...
Observability as the Backbone of Compliance in a New Federal Cyber Era
Federal agencies are moving toward continuous compliance validation as AI adoption and a new national cybersecurity strategy raise the stakes for real‑time governance. Lee Koepping argues that observability—beyond simple uptime—must become a unified, enterprise‑wide capability that ties together telemetry, configuration...
Site Updates/Requests + DDoS Attack
Doctor of Credit announced that its website is currently under a DDoS attack, prompting a temporary block on older browsers and intermittent downtime. The team has completed most of the immediate to‑do list, including a report/flag feature, newsletter unsubscribe fix,...
Flawed Cisco Update Threatens to Stop APs From Getting Further Patches
Cisco's recent IOS XE update for over 200 wireless access point models adds a log that grows about 5 MB per day, eventually exhausting flash memory and blocking further patches or bricking devices. Affected models include Catalyst 9130AX, 91361, 9162x, 9164x, IW9167...
Shuttered Startups Are Selling Old Slack Chats and Emails to AI Companies
Defunct startups are monetizing their digital footprints by selling Slack messages, internal emails, and Jira tickets to AI firms. Companies like SimpleClosure have facilitated over 100 such transactions in the past year, with payouts ranging from $10,000 to $100,000 per...
Top 19 AI Red Teaming Tools (2026): Secure Your ML Models
The article outlines AI red teaming as a systematic approach to probe machine‑learning and generative AI models for hidden vulnerabilities such as prompt injection, data poisoning, and bias exploitation. It lists 19 leading tools for 2026, ranging from open‑source libraries...
Tools Are Easy; Business‑focused Risk Understanding Is Hard
The more time I spend in security, the more I believe tools are the easy part. Understanding risk in a way the business cares about and then acting on it is where most teams struggle.
Federal Cyber Leaders Urge Faster AI Adoption to Counter Evolving Threats
Federal cyber leaders warned that agencies are lagging behind the rapid evolution of AI‑driven threats and called for faster AI adoption. Keith Busby, acting CISO at CMS, emphasized the need to embed AI in security operations while preserving human decision‑making. Anil Chaudhry...
China and U.S. Data Rules Cramp Legal‑Tech Cross‑Border Flows
China’s April 7 Regulations on Industrial and Supply Chain Security and the U.S. Department of Justice’s Data Security Program create opposing obligations for legal‑tech providers that move client data across the Pacific. The clash forces vendors to redesign contracts, architecture and...
Man Who Hacked US Supreme Court Filing System Sentenced to Probation
Nicholas Moore pleaded guilty to infiltrating the U.S. Supreme Court’s electronic filing system, as well as the networks of AmeriCorps and the Department of Veterans Affairs, using stolen credentials. He publicly bragged about the breaches on an Instagram account, posting...
Anthropic’s New Cybersecurity Model Could Get It Back in the Government’s Good Graces
Anthropic is attempting to repair its fraught relationship with the U.S. government by launching Claude Mythos Preview, a cybersecurity‑focused AI model. The model claims to spot vulnerabilities in major browsers, operating systems and other critical internet infrastructure, and has already...
AI‑Driven Hack Exfiltrates 195 Million Records From Nine Mexican Agencies
A cyber‑espionage campaign that ran from Dec 2025 to Feb 2026 used Anthropic’s Claude and OpenAI’s GPT‑4.1 to breach nine Mexican government agencies, exfiltrating 195 million personal identities, 15.5 million vehicle records and millions of property and civil documents. Researchers say AI acted as...
OpenAI Launches GPT‑5.4‑Cyber, a Security‑focused LLM for Defenders
OpenAI introduced GPT‑5.4‑Cyber, a large language model tuned for defensive cybersecurity tasks, and opened it to a limited pool of vetted researchers, vendors and enterprises. The rollout expands the Trusted Access for Cyber (TAC) program and pits OpenAI’s more permissive...
Time for Government, Business Leaders to Figure Out AI Cybersecurity Regulation
A Harvard panel of cybersecurity experts warned that rapidly advancing agentic AI is amplifying cyber threats, from AI‑driven phishing to sophisticated code‑exploitation, prompting calls for new regulation. IBM data shows AI‑enabled attacks on public‑facing software rose 44% year‑over‑year in 2026....
How NIST's Cutback of CVE Handling Impacts Cyber Teams
NIST announced it will scale back its National Vulnerability Database operations, shifting to a risk‑based model that enriches only high‑impact CVEs. The change follows a 12% federal funding cut in 2024 that triggered staff losses and a growing backlog of...
Critical Infrastructure Attacks Push Agencies to Secure OT
Federal agencies are intensifying efforts to protect operational technology (OT) and Internet of Things (IoT) devices as cyber threats become more sophisticated. The EPA issued an advisory warning of Iranian‑affiliated actors targeting OT/IoT infrastructure, while the Navy is transitioning to...
Man with @Ihackedthegovernment Instagram Account Tells Judge, “I Made a Mistake"
A 25‑year‑old Tennessee man, Nicholas Moore, pleaded guilty to unauthorized access of the U.S. Supreme Court’s electronic filing system, AmeriCorps, and the Veterans Administration Health System, then posted victims' personal data on his Instagram account @ihackedthegovernment. The court sentenced him...
We Need a Shared Responsibility Model for AI
Researchers uncovered multiple AI vulnerabilities that let attackers steal data, hijack AI browsers, and poison model memories. When the flaws were disclosed, most AI vendors dismissed responsibility, claiming security only covered the model itself. The author argues that, like cloud...
Questioning Peston’s Access to Sensitive Email Traffic
Congratulations @Peston on getting access to such sensitive email traffic Obviously you’ve only got the important bits…& there’s obviously nothing further to see here btw who gave you access & why?
Testing AI Systems for Regulatory Compliance
In 2024 Dutch regulators fined Clearview AI €30.5 million (about $33 million) under the GDPR for illicit facial‑image scraping, flagging the system as a high‑risk biometric tool under the EU AI Act. The fine, along with other international penalties, highlights how AI...
Payouts King Ransomware Uses QEMU VMs to Bypass Endpoint Security
The Payouts King ransomware has begun using the open‑source QEMU emulator to spin up hidden Alpine Linux virtual machines on compromised hosts. By launching these VMs through a SYSTEM‑level scheduled task named TPMProfiler, the malware evades host‑based endpoint scanners and...
Continuous Threat Exposure Management Enhances Higher Ed Cybersecurity
Continuous Threat Exposure Management (CTEM) is gaining traction in higher education as a proactive alternative to traditional vulnerability programs. The framework guides security teams through five iterative stages—scoping, discovery, prioritization, validation, and mobilization—to maintain real‑time visibility of assets and exposures....
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
A coordinated law‑enforcement operation dismantled 330 Tycoon 2FA domains, slashing its monthly attack volume from over 9 million to roughly 2 million. The disruption opened a power vacuum that competitors such as Mamba 2FA, EvilProxy and Sneaky 2FA quickly filled, with Mamba doubling its output...
Canada and the European Space Agency Sign Security Agreement
On April 14, the Canadian Space Agency and the European Space Agency signed a General Security of Information Agreement (GSOIA) at the Space Symposium in Colorado Springs. The pact creates a legally binding framework for exchanging classified data, a prerequisite for...
Agencies Shift Toward Automated Identity Management to Bolster Zero Trust
Federal agencies are accelerating zero‑trust adoption by making identity management the core of their cybersecurity architecture. The Indian Health Service (IHS) is deploying satellite links and offline‑caching software to keep clinician credentials verified in remote clinics like the Grand Canyon...
A Picnic of Shit Sandwiches
Tom, co‑founder of privacy‑infrastructure startup Ketch, reflects on being early in a market that only now values data privacy as a strategic asset. A recent Harvard Business Review piece cites a Journal of Marketing study showing privacy‑focused brands outperform peers,...
Microsoft’s Patch Tuesday Release for April Is a Whopper
Microsoft’s April Patch Tuesday is the largest on record, delivering 165 updates that address roughly 340 unique CVEs, including two zero‑day vulnerabilities—one of which is already being exploited in the wild. The Readiness team recommends “Patch Now” for all major...
Ransomware Attack Continues to Disrupt Healthcare in London Nearly Two Years Later
In June 2024 a Qilin‑linked ransomware attack on Synnovis crippled blood‑testing services across South East London, forcing hospitals to cancel surgeries and postpone thousands of appointments. More than 18 months later South London and Maudsley NHS Foundation Trust (SLaM) still...
New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps
Zimperium’s zLabs identified four new Android malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 banking and crypto apps. The campaigns use phishing and smishing to deliver malicious APKs, then launch overlay attacks that mimic legitimate login screens. By abusing Accessibility...
/file/attachments/orphans/lindsey_stdbank_271354.jpg)
Hack Job: Standard Bank Is Discovering the Extent of the Cyberattack in the Daily Data Dumps
Standard Bank of South Africa confirmed a cyberattack that exfiltrated roughly 1.2 TB of data, amounting to 154 million rows of customer and employee records. The breach includes full names, addresses, ID numbers, passport details, and credit‑card numbers with expiry dates, though...
Anthropic’s Amodei Heads to the White House as Washington Fights over Mythos Access
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to Mythos, the company’s frontier AI model that can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused...
The White House Weighs Whether Anthropic's Mythos Is Too Valuable for the Federal Government to Refuse
Anthropic’s new Claude model, dubbed Mythos, is being touted as a breakthrough AI capable of breaching cyber defenses. After the Pentagon blacklisted the firm for refusing unrestricted access, CEO Dario Amodei met White House Chief of Staff Susie Wiles to...
The IMF’s Warning to Banks: Share Data to Beat AI Fraud
The International Monetary Fund released a Technical Note at its 2026 Spring Meetings urging banks to break long‑standing data‑sharing taboos. It argues that fragmented transaction and threat data hampers AI‑driven fraud detection, and recommends collaborative exchange via APIs and ISO 20022...
Zoom Partners with Sam Altman’s World to Verify that Meeting Participants Are Actually Human
Zoom announced a partnership with Sam Altman’s biometric firm World to embed a “Verified Human” badge in video meetings. The feature uses World’s Deep Face technology, matching live video to an iris‑scanned profile captured by the Orb device, and can...
Booking.com Breach Shows Exactly How Smishing Attacks Get Made
On April 13, 2026 Booking.com disclosed that hackers accessed customer reservation data through a compromised hotel‑partner account. The breach revealed names, phone numbers, email addresses, and detailed booking information, but not financial data. Within days, fraudsters turned the stolen details...
The Race to Quantum-Proof the Internet Has Already Begun
The tech industry is moving from viewing quantum computing as a distant risk to treating it as an imminent threat. Researchers at a Fhenix livestream warned that encrypted data can be harvested now and decrypted later once quantum computers become...
Anthropic’s Project Glasswing Tackles AI Security Challenges in Data Centers
Anthropic has unveiled Project Glasswing, a collaborative effort to embed AI‑driven security into data‑center software stacks. The initiative centers on Claude Mythos, a model that scans for vulnerabilities across cloud platforms and open‑source components in real time. Leading providers such...
Researchers Warn Microsoft Defender Vulnerability Is Already Being Exploited
Security researcher Chaotic Eclipse disclosed a vulnerability dubbed “Red Sun” (CVE‑2026‑33825) that lets Microsoft Defender rewrite cloud‑tagged files, potentially overwriting system files and escalating privileges. The proof‑of‑concept suggests the flaw is already being weaponized in the wild. Microsoft’s Security Response...
Stealing Your Data Via TotalRecall Reloaded Is A Feature, Not A Bug?
Microsoft’s Windows 11 Recall feature, part of Copilot+, records screenshots and OCR‑derived text to help users revisit past activity. Researchers discovered that the AIXHost.exe process, which writes data to the secured Recall database, is vulnerable to a DLL‑injection attack that requires...
Sam Altman's "Proof of Human" Company Pushes Into Mainstream Services
World, the identity‑verification startup co‑founded by Sam Altman, announced a wave of new integrations with Zoom, DocuSign, Tinder, Okta, Shopify and VanEck. The company upgraded its World ID protocol, open‑sourced it for any app, and launched a standalone app for...
CISA Resources ‘More Limited than I Would Like’ Amid Shutdown, Top Official Says
CISA acting director Nick Andersen told House appropriators that the agency’s ability to detect and counter hacking threats is severely constrained by the Department of Homeland Security shutdown. The shutdown forces CISA to limit spending to employee salaries, with any...