Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
How Zscaler and OpenAI Turn Zero-Trust Security Into an AI Accelerator
Zscaler has partnered with OpenAI through the Trusted Access for Cyber (TAC) program, gaining early access to the security‑tuned GPT‑5.4‑Cyber model. The firm is embedding these models into its Zero Trust Exchange, AI Red Teaming, and managed detection and response services, as well as into its internal secure software development lifecycle. This integration enables automated vulnerability detection, real‑time red‑team simulations, and AI‑accelerated SecOps for customers. As a result, enterprises can deploy their own AI applications faster while maintaining a hardened, zero‑trust security posture.
Freecash Was More Like Scamcash
Freecash, a rewards app marketed on TikTok as a way to earn money by scrolling, surged to the No. 2 spot in the U.S. App Store before Apple removed it following TechCrunch’s investigation. In reality, the app redirects users to mobile...
White House Pushes ‘Action-Oriented’ Cyber Strategy to Deter Threats
The White House unveiled an action‑oriented National Cyber Strategy aimed at deterring cyber adversaries and protecting American victims. Senior ONCD official Seth McKinnis highlighted six strategic pillars, with deterrence as the first, and emphasized the need for swift, aggressive responses. President...
Learn How to Protect Your Phone From Viruses and Other Threats
Smartphones now serve as personal, professional, and financial hubs, making them prime targets for cyber threats. A recent CNET survey found that 54% of laptop owners encountered malware in the past year, underscoring the broader risk landscape. The article outlines...
Bluesky Blames DDoS Attack for Server Outages
Bluesky reported intermittent service disruptions on April 16 after a Distributed Denial‑of‑Service (DDoS) attack began at 1:42 AM ET. The attack intensified throughout the day, affecting feeds, notifications, threads and search, and caused rolling blackouts on the platform and its status...
Cisco FMC Zero-Day Exploited by Interlock Ransomware Among 31 High‑Impact Bugs in March
Interlock ransomware leveraged a critical deserialization flaw (CVE‑2026‑20131) in Cisco Secure Firewall Management Center, one of 31 high‑impact vulnerabilities actively exploited in March 2026. Cisco patched the bug on March 4, but threat intel shows attackers had a month‑long window of...
Thoma Bravo, Google Cloud Team Up to Embed AI Across $8B Cybersecurity Portfolio
Thoma Bravo and Google Cloud have launched a strategic partnership that will give the private‑equity firm’s enterprise software portfolio direct access to Google’s Gemini AI models and engineering resources. The deal targets roughly $8 billion in revenue from Thoma Bravo’s cybersecurity...
MCP Security: Containerization and Red Hat OpenShift Integration
Red Hat OpenShift’s container platform now serves as the recommended foundation for securing Model Context Protocol (MCP) deployments. By running MCP servers in non‑root containers with read‑only filesystems, minimal UBI base images, and dropped Linux capabilities, organizations can harden the runtime...
Friday Five — April 17, 2026
Red Hat’s latest Friday Five highlights a strategic push toward AI sovereignty, emphasizing the need for comprehensive inventories of data, infrastructure, and architecture to meet security and compliance demands. A Red Hat blog warns that advanced models like Claude Mythos can both uncover...
Bluesky Hit by Sophisticated DDoS, Fix Due Tomorrow
Bluesky has been wonky all day to due to a "sophisticated" DDoS attack. It sounds like they are still trying to get it under control w/ an update coming "no later than" 10am PT tomorrow
Beware: Unknown 267 Area Code Texts Are Phishing
No. I am not texting you asking to engage with me unless you already know my number. Yes. Somebody is doing this from a 267 area code and maybe others. Several people have now asked me. It's Phishing. Sadly. The world that...
The AI-Driven Shift in Vulnerability Discovery: What Maintainers and Bug Finders Need to Know
AI‑powered code models are now able to locate real software vulnerabilities with minimal prompts, dramatically increasing the volume of reports to open‑source projects. The surge includes a flood of low‑impact, often invalid findings that consume hours of analyst time, while...
AI as the Defender: Reinventing Proactive Cybersecurity Through Intelligent Automation
Artificial intelligence is reshaping cybersecurity by acting as a force multiplier rather than replacing human analysts. Tenable and peers define "AI for security" as the use of machine learning to automate analysis, amplify detection and improve decision‑making, while "security for...
ZionSiphon Malware Designed to Sabotage Water Treatment Systems
Darktrace discovered ZionSiphon, a new operational‑technology malware aimed at water treatment and desalination plants, primarily in Israel. The code attempts to raise chlorine levels and hydraulic pressure, but a broken XOR‑based IP check triggers a self‑destruct routine, rendering the current...
NIST Cuts Down CVE Analysis Amid Vulnerability Overload
The National Institute of Standards and Technology announced it will scale back enrichment of its National Vulnerability Database, concentrating only on the most critical CVEs—those in CISA’s Known Exploited Vulnerabilities catalog and software used by the federal government. The change...
Dispatches From the Front Lines of Russia-Linked Cyberattacks on Europe
Sweden’s civil defence ministry has formally attributed a 2025 cyberattack on a western heating plant to a pro‑Russian group linked to Russian intelligence, marking the first public attribution of such activity to state‑aligned actors. The incident mirrors a December 2025...
DuckDuckGo VPN Audit Shows It Doesn't Track Your Activity
DuckDuckGo’s VPN has passed a third‑party no‑log audit conducted by cybersecurity firm Securitum. The audit, spanning October 2025 to January 2026, included source‑code review, deep‑dive technical inspection and live system analysis, confirming the service does not collect or retain user‑identifiable data. The...
AI Agent Delegation via MCP Has Gaps a Murderbot Could Walk Through
Anthropic’s Model Context Protocol (MCP) expands data‑sharing among AI agents, but securing those interactions remains a challenge. At the 2026 MCP Dev Summit, Gluu CEO Michael Schwartz warned that relying on a single gateway for zero‑trust is insufficient and advocated...
#545: OWASP Top 10 (2025 List) for Python Devs
In episode 545, Michael Kennedy and security expert Tanya Janka unpack the newly released OWASP Top 10 (2025) with a focus on Python developers. They walk through each of the ten categories—highlighting fresh additions like supply‑chain attacks and exceptional condition...
CenterSeat Elevates Founding Engineer Saurav Mishra to CTO to Accelerate AI‑Security Platform
CenterSeat announced the promotion of founding engineer Saurav Mishra to chief technology officer. Mishra will now steer technology strategy, product architecture, and engineering as the Austin‑based startup expands its AI‑driven compliance platform. The move underscores CenterSeat’s focus on scaling its...
Despite Cease-Fire, Iran’s Hackers Haven’t Logged Off
Despite a week‑long cease‑fire announced on April 8, Iranian state‑linked hackers have kept their cyber campaign alive. They have continued targeting U.S. and Israeli entities, including a disruptive attack that temporarily shut down medical‑equipment manufacturer Stryker and the public release of...
Knox Systems Secures FedRAMP High Authorization, Expanding FEMA Partnership
Knox Systems announced it has achieved FedRAMP High authorization for its Managed Service Platform, a milestone that expands its partnership with FEMA and brings high‑security cloud services to 16 federal agencies. The new high‑baseline environment adds 52 security controls and...
DC3 Making Better Sense of Its Cyber Data
The Defense Department Cyber Crime Center (DC3) is widening its Defense Industrial Base Cybersecurity program, adding more prime contractors and subcontractors and boosting daily data inflows. To tame the surge, DC3 is deploying a data‑mesh fabric with metadata tagging, zero‑trust...
Inside Anjuna’s Confidential Computing Approach to Data Protection
Enterprises have long relied on encrypt‑at‑rest and in‑transit safeguards, but data in use remains vulnerable. Anjuna Security tackles this gap with confidential computing, using hardware‑based enclaves that keep data encrypted even while applications process it. Its Seaglass platform lets existing...
Cisco Urges Immediate SAML Certificate Update to Patch Critical Webex Impersonation Flaw
Cisco has released a critical security advisory for its cloud‑based Webex Services, warning that CVE‑2026‑20184 allows remote, unauthenticated attackers to impersonate any user via a faulty SSO certificate check. The company patched the backend and now requires customers to upload...
North Korea Uses ClickFix to Target macOS Users' Data
Microsoft Threat Intelligence uncovered a new macOS‑focused ClickFix campaign linked to the North Korean group Sapphire Sleet. The attackers pose as recruiters, schedule fake technical interviews, and convince victims to run a malicious AppleScript named “Zoom SDK Update.scpt.” The script...
McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked
McGraw‑Hill confirmed a data exposure caused by a Salesforce misconfiguration, after extortion group ShinyHunters claimed it had accessed up to 45 million records. The company’s investigation found only a limited set of non‑sensitive data exposed on a publicly reachable webpage, not...
'Harmless' Global Adware Transforms Into an AV Killer
A threat actor operating as Dragon Boss Solutions LLC pushed a malicious update on March 22, 2025 that transformed its ad‑ware into a potent antivirus‑disabling payload. The update affected roughly 23,500 computers in 124 countries, with half of the victims...
The only Way to Fight Deepfakes Is by Making Deepfakes
Deep‑fake detection firms such as Reality Defender, Pindrop and GetReal are racing to combat AI‑generated audio, video and image fraud, a market now valued at roughly $5.5 billion. These companies train detection models by creating their own deepfakes, using a student‑teacher...
Apple Pay Express Mode for Transit, When Used With a Visa Card, Is Vulnerable to Scam Tap-to-Pay Readers
Researchers from the University of Surrey and Birmingham demonstrated that Apple Pay’s Express Transit Mode, when paired with a Visa card, can be hijacked by a specially tuned NFC reader. The attack works on a locked iPhone, intercepts the payment flow,...
An AI View of SentinelOne
McKinsey warns that AI is enabling cybercriminals to launch attacks in minutes rather than days. Attackers leverage AI for hyper‑personalized phishing, deepfakes, instant malicious code, and adaptive tactics. In response, 77% of organizations have integrated AI into security functions, automating...
Agentic AI Security Needs Layered, Integrated Defenses
We keep asking how to solve agentic security as if there is a single answer, but most of the conversations I am having suggest it is a combination of least privilege, access controls, monitoring, and good architecture. The question might not...
Threat Exposure Management Establishes a Risk-Driven Approach for Federal Agencies
Federal agencies are adopting Continuous Threat Exposure Management (CTEM) to shift from traditional vulnerability counting to a risk‑driven security posture. CDW’s leaders describe CTEM as a five‑stage framework—scoping, discovery, prioritization, validation, and mobilization—that ties technical findings to business impact. By...
North Korea Targets macOS Users in Latest Heist
North Korean Lazarus Group offshoot Sapphire Sleet is targeting macOS users with a fake Zoom SDK update delivered via a malicious AppleScript. The campaign begins with LinkedIn recruiter scams aimed at finance professionals, then tricks victims into running the script, which...
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Researchers at Cisco Talos have uncovered a new botnet, PowMix, actively targeting Czech workers since at least December 2025. The malware is delivered through phishing emails that contain a malicious ZIP file, which drops a Windows shortcut that launches a...
If You Want Into Anthropic's Claude Club, You May Have to Show ID
Anthropic is rolling out identity verification for select Claude features, using Persona Identities as its vendor. The verification prompts may appear at any time to enforce platform integrity, prevent abuse, and meet legal obligations. Anthropic assures users that identity data...
Officials Seize 53 DDoS-for-Hire Domains in Ongoing Crackdown
Authorities from 21 nations coordinated Operation PowerOFF to dismantle 53 DDoS‑for‑hire domains and seize related servers and databases. The crackdown yielded data on more than 3 million alleged criminal accounts and led to four arrests. Over 75,000 warning emails and letters...
CEO Interview: Underdark
Underdark operates in the cyber threat intelligence and dark‑web monitoring market, competing with larger firms such as Recorded Future, Digital Shadows, Flashpoint and Cyberint. While most rivals rely on AI‑assisted crawlers to collect data, Underdark’s core service is human intelligence—direct...
Why Donald Trump and Kash Patel Want Your Data
Congress is set to vote on a clean reauthorization of FISA Section 702, a foreign‑intelligence tool that also sweeps up the communications of millions of Americans. The Trump administration, with FBI director Kash Patel at the helm, is pushing the bill...
Delivering Reliable Connectivity And Cybersecurity On The High Seas: Inside MSP Marlink’s Approach
Marlink, a maritime‑focused managed services provider, delivers satellite connectivity and cybersecurity to oceangoing vessels despite tight budgets that often hover around $100‑$200 per month. The company leverages an "exchange platform" that aggregates Inmarsat, OneWeb, Starlink, SES and Iridium links, providing...
How Push Notifications Can Betray Your Privacy (and What to Do About It)
Push notifications travel through Apple or Google servers before reaching a device, exposing message content and metadata to the platform providers. Law‑enforcement can compel these companies to hand over notification data, and forensic tools can recover deleted notifications from a...
OpenAI Chooses CrowdStrike for Defender‑Focused AI Security
The top AI labs are building for defenders now. Today @OpenAI selected CrowdStrike for their Trusted Access for Cyber program. CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organizations of all sizes to accelerate...
Open Source Will Outsecure Closed Source in Mythos Era
Open source software will be many times more secure than closed source software in the new Mythos era
Google Cloud Storage Weaponized for Clandestine Remcos RAT Delivery
Threat actors are weaponizing Google Cloud Storage to host phishing pages that silently deliver the Remcos remote‑access trojan. Emails direct victims to fake Google Drive login screens on the legitimate storage.googleapis.com domain, harvesting credentials and deploying a JavaScript loader. The...
AI Labs Purchase Defunct Startup Communications, Raising Privacy Concerns
AI labs are buying internal communications of defunct startups to train their agents. Emails, Slack archives, etc. Personally identifiable info is removed by data resellers. But how would you feel knowing your former board/CEO is selling your comms to recover...
Treat Dependencies as External Attack Surfaces, Upgrade Tooling
Your Dependencies Are Someone Else's Attack Surface https://t.co/zDbAITTE9f < good post with cause for optimism at the end. But we need to apply better skills/services to agent tooling to stay diligent when building
Simple Closure Launches Asset Hub to Sell Legacy Data
a company called @simple_closure that helps startups wind down is launching "asset hub", which is a marketplace to sell all the old slack/email data apparently they are working on hardening the PII removal tech for this
New AI TUIs May Expand Attack Surface via React
I know there are some new TUIs coming out for AI development but I’m concerned about increasing the attack surface with web technologies like react. Securing AI is hard enough as it is.
World Cup Partners Neglect Strong DMARC Domain Protection
Some World Cup partners are not actively protecting their domain name with the strongest DMARC policy. https://t.co/Q4k3WpQ9hb
Russia Caps Bandwidth, Forcing VPN Filters or Price Hikes
Russia’s fight against digital privacy escalates as internet providers agree to freeze the expansion of cross-border channels into Europe. By capping international bandwidth, authorities aim to force telecom operators to either filter VPN traffic or hike prices, making it harder...