Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Reality Defender partners with Orange Business to embed deep‑fake detection
U.S. AI‑security firm Reality Defender has signed a deal to integrate its multimodal deep‑fake detection technology into Orange Business, the enterprise arm of French telecom giant Orange. The solution will protect Orange’s video‑conferencing, contact‑center and voice‑telephony services through real‑time, API‑driven analysis of audio, video, images and documents.
Researchers have uncovered a stealthy data‑theft method called “Exfil Out&Look” that abuses Microsoft 365 Outlook Web add‑ins to siphon email content. The technique leverages minimal‑permission manifests that execute on the OnMessageSend event, silently fetching email bodies and forwarding them via a fetch() call. Because OWA does not log add‑in installations or executions, the activity leaves no trace in the Unified Audit Log, even for E5 tenants. Microsoft has classified the issue as a low‑severity bug and has not scheduled a fix.
Helpdesk impersonation is a social‑engineering technique where attackers pose as employees or partners to trick IT support staff into granting unauthorized access. By leveraging publicly available information and urgency cues, they can obtain password resets, MFA device changes, and privileged...
Digital investors face escalating cyber threats, making traditional passwords obsolete. Bexalon’s guide advocates institutional‑grade defenses, including AES‑256 encryption, segregated accounts, and a blend of cold storage with limited hot wallets. It also recommends abandoning SMS‑2FA in favor of hardware keys,...
Over one billion people now wear fitness trackers that continuously collect health metrics, creating a massive stream of sensitive personal data. A recent Clutch survey shows 74% of users are worried about how this data is handled, while only 58%...
The article argues that crisis communication is a core security control, not merely a public‑relations task. It shows how timely, accurate messaging curbs panic, protects brand reputation, and satisfies strict regulatory timelines such as the SEC’s four‑day rule and GDPR’s...
The 2023 leak orchestrated by former Booz Allen consultant Charles Littlejohn exposed tax returns for an estimated 400,000 affluent Americans, a cache that quickly landed on the desks of the New York Times and ProPublica. Littlejohn’s guilty plea in 2023 and subsequent...
Bybit posted the second‑largest trading volume among crypto exchanges in 2025, reaching $1.5 trillion and capturing an 8.1% market share despite a $1.5 billion hack earlier in the year. The exchange kept withdrawals open, honored all user transactions, and secured external liquidity,...
The article outlines the five leading PCI‑compliant hosting providers—AWS, Microsoft Azure, Google Cloud Platform, Rackspace, and specialized PCI hosts—explaining how each aligns its infrastructure with PCI DSS requirements. It emphasizes the shared‑responsibility model, where providers manage the underlying hardware while...
Cisco Foundation AI unveiled a suite of agentic security tools aimed at safeguarding increasingly autonomous AI systems in enterprise environments. The flagship offering, Foundation‑sec‑8B‑Reasoning, is an open‑weight model optimized for multistep cybersecurity analysis and produces explicit reasoning traces. Complementary releases...
PwC announced an expanded alliance with Google Cloud, committing $400 million over three years to accelerate AI‑driven security operations. The partnership blends Google Cloud’s AI‑powered security platforms with PwC’s transformation, risk, and managed‑service expertise to modernize security across hybrid and multicloud...
Researchers at Bitdefender uncovered a new Android malware campaign that exploits the Hugging Face platform as a distribution hub for thousands of polymorphic APK variants. The dropper app, TrustBastion, masquerades as a security tool, redirects victims to a Hugging Face...
Ivanti disclosed two critical code‑injection flaws (CVE‑2026‑1281 and CVE‑2026‑1340) in its Endpoint Manager Mobile (EPMM) platform, each scoring 9.8 on the CVSS scale and already leveraged in limited zero‑day attacks. The company issued immediate RPM‑based mitigations that require no downtime,...
The episode introduces a new metric—Agentic AI Posture—to help CISOs assess readiness against fast‑moving AI‑driven threats, arguing that traditional security metrics like MTTR are insufficient. It outlines three pillars for measuring AI readiness: Visibility Ratio (tracking shadow agents and API...
Keyfactor earned a spot on the 2025 Inc. 5000 list for the sixth year in a row, driven by surging demand for quantum‑ready security solutions. The Cleveland‑based firm launched the AI‑powered Keyfactor Command MCP Server to streamline PKI and certificate...
On World Quantum Day 2025 the Information Technology Industry Council (ITI) published a Quantum Technology Policy Guide that frames quantum cybersecurity as a dual‑track challenge. The guide urges immediate deployment of post‑quantum cryptography (PQC) while promoting quantum communications such as...
In this episode, Azul discusses the growing challenge of technical debt in Java applications, especially as Java versions approach end‑of‑support windows. It outlines manual best practices—such as educating product owners, modular architecture, automated testing, and maintaining a debt register—alongside governance...
A federal jury in Northern California found former Google engineer Linwei Ding guilty of 14 counts of economic espionage and trade‑secret theft. Ding allegedly exfiltrated 1,255 internal documents—about 14,000 pages—related to Google’s AI chip technology between May 2022 and January 2024. He...
Enterprises rushing to the cloud often overlook security, leading to costly gaps. Common pitfalls include naïve lift‑and‑shift migrations, weak identity controls, and inadequate data protection. The article outlines ten frequent mistakes and provides concrete steps—such as workload‑by‑workload assessment, least‑privilege access,...
Marquis Software Solutions, a Texas‑based provider to over 700 banks and credit unions, attributes its August 2025 ransomware incident to a breach of SonicWall’s MySonicWall cloud backup service. The attackers allegedly used firewall configuration files stolen from SonicWall to bypass Marquis’s...
Chat & Ask AI, a popular AI chatbot with over 50 million installs, suffered a massive data exposure due to a Firebase misconfiguration. An independent researcher accessed roughly 300 million messages belonging to more than 25 million users, revealing full conversation histories, timestamps,...
Why not a VPS for Molt? In my use cases, research and testing, sometimes fetch and browser tools are blocked by anti-bot tech, or there is some workflow that doesn't have an API.... it's purely browser driven. With cui and...
Researchers from the University of Waterloo and NUS uncovered a critical flaw in existing Quantum Key Distribution (QKD) security proofs: they assume perfectly reliable authentication. They introduced a reduction theorem that shows protocols proven secure under ideal authentication remain secure...
Security researchers discovered that Bondu, an AI‑enabled stuffed‑dinosaur toy, left over 50,000 child chat transcripts accessible to anyone with a Gmail account through its parent portal. The flaw required no hacking—simply logging in with a Google ID revealed names, birthdates,...
The episode dives into Moltbot, an open‑source, self‑hosted AI personal assistant that surged in popularity in January 2026, amassing tens of thousands of GitHub stars and forks. While its powerful automation capabilities are praised, the hosts reveal a wave of...
“We are not in a place where anyone should store their life savings on chain in a wallet they control. It’s probably not safe for that yet.” https://t.co/JTgHPOAJbx
The FBI has launched Operation Winter SHIELD, a cyber‑resilience campaign that outlines ten concrete actions for organizations to harden both IT and OT environments. The initiative aligns with the U.S. National Cyber Strategy and draws on recent investigations of cyber‑criminal and...
Researchers at Shenzhen University have unveiled a quantum‑safe key‑exchange protocol that modifies the Anshel‑Anshel‑Goldfeld (AAG) scheme by drawing private keys from Mihailova subgroups of braid groups. The security hinges on the unsolvable membership problem for these subgroups, making the protocol...
Web development in 2026 is dominated by AI‑first tools, meta‑frameworks, and pervasive TypeScript, reshaping how code is written and deployed. AI agents now scaffold full‑stack applications from natural language prompts, while platforms like Next.js and Nuxt merge front‑end and back‑end...
“We are not making major progress on improving security for the normal person to feel comfortable putting their life savings into crypto.” https://t.co/JTgHPOAblZ
Researchers unveiled a functional blockchain prototype that can interchangeably employ three lattice‑based post‑quantum signature schemes—CRYSTALS‑Dilithium, Falcon and Hawk. The single‑node system decouples application logic from the cryptographic layer, allowing seamless algorithm swaps without altering core code. Comprehensive testing measured key...
The episode discusses TrajDeleter, a novel method for trajectory unlearning in offline reinforcement learning (RL) agents, presented by researchers from the University of Virginia and the Chinese Academy of Sciences. TrajDeleter trains agents to degrade performance on states from specific,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a new infographic aimed at helping critical‑infrastructure operators and state, local, tribal and territorial (SLTT) governments manage insider threats. The guidance outlines a four‑stage model—plan, organize, execute, maintain—and stresses building multidisciplinary...
The new doctoral guide by Darlan Noetzold, Valderi Reis Quietinho Leithardt and co‑authors delivers a comprehensive overview of post‑quantum cryptography, mapping lattice, code, hash‑based, multivariate and isogeny schemes while dissecting the NIST standardisation process. It details the practical hurdles of...
“There’s a lot of money just sitting in random contracts that were tried to be returned to people affected by the hack.” https://t.co/JTgHPOAblZ
“I think it would be an easy argument to make that TheDAO really kickstarted the security industry in Ethereum.” https://t.co/JTgHPOAblZ
Payment processor Fiserv faces a lawsuit from FiCare Federal Credit Union alleging that its Virtual Branch Next platform lacked basic cybersecurity controls, allowing hackers to hijack customer accounts and steal hundreds of thousands of dollars. The complaint claims Fiserv failed...
EXCLUSIVE 🚨 Nearly 10 years after the DAO hack, unclaimed ETH is being used to create a $250M Ethereum security fund. https://t.co/JTgHPOAblZ
Unclaimed assets from the 2016 DAO hack are being pooled into a $220 million Ethereum security endowment called TheDAO Security Fund. About $13.5 million in DAO tokens and 69,420 ETH, which will be staked, form the core capital, generating roughly $8 million in annual...
EXCLUSIVE: Ethereum OGs and @VitalikButerin to create a $220 million Ethereum security fund 🤯 You'll never guess where the money comes from ... https://t.co/KbfuQI6FX3
Google and partners disrupted the IPIDEA residential proxy network, one of the world’s largest, by taking down domains, sharing intelligence, and enforcing Play Protect. The operation removed SDKs embedded in millions of Android, Windows, iOS, and WebOS apps, sharply reducing...
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. https://t.co/tCJT63yJO3 https://t.co/PK9jhIlU18
Sodot unveiled its Exchange API Vault, a self‑hosted solution that secures cryptocurrency exchange API keys while keeping them instantly available for trading. The vault combines multi‑party computation and trusted execution environments to split keys, preventing plaintext exposure even during high‑frequency...
The Aisuru/Kimwolf botnet launched a hyper‑volumetric DDoS assault that peaked at 31.4 Tbps and 200 million requests per second, eclipsing its own 29.7 Tbps record. Cloudflare detected and automatically mitigated the attack on December 19, 2024, without triggering internal alerts. The campaign primarily hit...
Virtue AI has launched AgentSuite, a multi‑layer security and compliance platform designed for enterprise AI agents. The solution lets organizations test agents, enforce real‑time guardrails, and control tool access while providing full audit trails. IBM research shows 79% of enterprises...
The episode explores how employment fraud transforms hiring into a security risk, highlighting that in today’s remote, AI‑driven workforce, malicious actors can fabricate identities and gain trusted access before any internal controls engage. It explains that static background checks are...
Atos has been named Best‑in‑Class for IT/OT Cybersecurity Services in France for 2025 by PAC Innovation Radar. The award highlights Atos’ extensive portfolio, including auditing, consulting, field operations, and managed services, backed by dedicated OT Security Operations Centers and a...
Comstar LLC, an ambulance billing vendor, suffered a March 2022 ransomware attack that exposed the protected health information of roughly 585,621 individuals. Federal regulators settled for $75,000, while Connecticut and Massachusetts AGs imposed a combined $515,000 penalty and a detailed...
Druva launches Threat Watch, a zero‑touch, cloud‑native solution that continuously scans backup snapshots for dormant threats and indicators of compromise. The service runs inside Druva’s Data Security Cloud, eliminating the need for extra hardware or agents and delivering near‑real‑time detection...
ChatGPT now sees over 5.6 billion monthly visits, making its configuration a critical productivity lever. The platform offers a suite of settings—personalization, memory, tone, model choice, security, and app integrations—that shape how the AI responds and protects user data. Adjusting these...
Mesh Security announced a $12 million Series A round led by Lobby Capital, with participation from S Ventures and Bright Pixel Capital. The Palo Alto‑based startup claims to deliver the world’s first Cybersecurity Mesh Architecture (CSMA) platform, an execution layer that unifies...
