Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Fashion Retailer Express Left Customers’ Personal Data and Order Details Exposed to the Internet
Express, a major U.S. fashion retailer, patched a website flaw that let anyone view other shoppers’ order confirmations. The vulnerability exposed names, contact details, addresses, purchase items and partial credit‑card data for at least a dozen customers, all accessible by tweaking sequential order numbers in the URL. The issue was uncovered by a security researcher after a fraudulent purchase investigation, and Express fixed the bug but declined to confirm whether affected customers would be notified. The incident adds to a string of recent retail data exposures linked to misconfigurations.
Kenya’s LOLC Microfinance Bank Directors Risk Prosecution in Data Enforcement Case
Kenya’s Office of the Data Protection Commissioner (ODPC) has recommended criminal prosecution of directors at LOLC Microfinance Bank after the lender ignored a formal request to justify publishing a former employee’s personal data. The regulator found the bank unlawfully processed...
CYBERUK ’26: UK Lagging on Legal Protections for Cyber Pros
The UK’s 1990 Computer Misuse Act (CMA) is increasingly seen as an obstacle for cyber‑security professionals who need to conduct authorised hacking as part of their work. Ahead of the CYBERUK conference, the CyberUp Campaign released a report urging Westminster...
Piodata SecureX USB Flash Drive with Enterprise-Grade Security
Piodata unveiled SecureX, a USB flash drive that combines AES‑256 encryption with biometric authentication and cross‑platform compatibility. The device supports PCs, Macs, iOS, and Android, and is Apple MFi‑certified for seamless iPhone and iPad use. Its proprietary Trust Circle technology...
Supply Chain Dependencies: Have You Checked Your Blind Spot?
Supply‑chain cyber risk is exploding, with third‑party breaches now accounting for 30% of incidents and costs soaring from $46 bn in 2023 to $60 bn in 2025, projected $138 bn by 2031. Yet ESET’s 2026 SMB Cyber Readiness Index shows only about 16%...
Ukrainian Emergency Services and Hospitals Hit by Espionage Campaign Using New AgingFly Malware
Ukrainian hospitals, emergency services and municipal authorities have been hit by a coordinated espionage campaign using a new malware suite dubbed AgingFly. The attacks, attributed to the Russian‑linked APT28 group, began with phishing emails masquerading as humanitarian‑aid proposals and delivered...
Behind the Mythos Hype, Glasswing Has Just One Confirmed CVE
Anthropic’s Project Glasswing, the gated access program behind its Mythos AI, has produced only one publicly attributed CVE (CVE‑2026‑4747) according to VulnCheck’s analysis. While Anthropic researchers are credited with 40 CVEs overall, the majority stem from external collaborations rather than...
Splunk Enterprise Update Patches Code Execution Vulnerability
Splunk released emergency patches for several critical flaws across its Enterprise, Cloud Platform, and MCP Server products. The most severe issue, CVE‑2026‑20204, allowed low‑privileged users to upload malicious files and achieve remote code execution due to improper handling of temporary...
Future‑Proof Chains Must Be Quantum‑Resistant, Regardless of Timeline
Whether you believe quantum computers will become reality as soon as 2029 or decades from now, it doesn't matter. The potential alone will scare people, and there will come a point when whatever you're building will have to be quantum...
Telegram‑sold Tools Let Scammers Breach Bank Security
Cyberscammers are bypassing banks’ security with illicit tools sold on Telegram | MIT Technology Review https://t.co/6F7Bho2ZXd
Overstretched NIST to Limit CVE Enrichments
The U.S. National Institute of Standards and Technology (NIST) announced it will stop enriching every CVE entry in its National Vulnerability Database due to a surge in submissions. CVE submissions rose 263 % between 2020 and 2025, overwhelming NIST’s resources. Going...
Standard Bank Data Breach Fallout Deepens
Standard Bank confirmed that data stolen in a March cyber‑attack has now been posted online, exposing client names, identification numbers, contact details and limited credit‑card information. The breach, attributed to a hacker using the handle “ROOTBOY,” involved a three‑week intrusion...
DC3 Making Better Sense of Its Cyber Data
In this episode of Ask the CIO, Defense Cybercrime Center (DC3) Architecture Management of Data and Enterprise Division Chief Kajal Pal explains how DC3 protects the defense industrial base through digital forensics, threat intelligence sharing, and supply‑chain security. She details...
Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business
The surge in remote work has led many firms to hire virtual assistants (VAs) without robust security checks, exposing critical systems to credential theft, device compromise, and insider threats. Excessive access and shared passwords create a large attack surface, while...
If You Worry About Windows Privilege Escalation, Your Security Fails
Repeat after me: Your security program is not good enough to have to worry about escalation of privilege on Windows
French Minister Says New Measures Are Coming After Crypto Kidnappings
French interior minister delegate Jean‑Didier Berger announced new measures to curb crypto kidnappings, known as wrench attacks, after a recent €400,000 ransom case. Authorities have launched a prevention platform that already has thousands of sign‑ups and are collaborating with Interior...
Regulators Confront AI-Driven Cyber Risk After Anthropic Warning
British regulators—including the Bank of England, FCA and NCSC—are urgently assessing Anthropic’s new AI model Claude Mythos Preview after it flagged thousands of serious software vulnerabilities. The model, released as a gated research project called Glasswing, has prompted parallel concern...
AI Bots - a New Risk and Opportunity for CIOs to Manage
AI‑generated bots are flooding corporate web estates, with Akamai reporting a 300% rise in AI‑driven traffic and some CIOs seeing a 400% jump in site crawls. The surge inflates API, cloud and CDN usage, driving up operating expenses and degrading...
AI and Executive Protection: New Risks, New Defenses
AI‑generated phishing attacks are now targeting corporate executives with hyper‑personalized emails crafted from public profiles and generative AI. The barrier to launch such campaigns has collapsed, allowing amateurs to produce convincing phishing kits and doxing databases. Security teams can counter...
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
Reflectiz discovered that a Taboola tracking pixel approved in a bank’s CSP silently redirected logged‑in users to a Temu endpoint via a 302 response. The redirect included an Access‑Control‑Allow‑Credentials header, causing browsers to send authentication cookies to Temu and link...
Business Logic Flaws: The Silent Threat in Modern Web Applications
In late 2019 Robinhood’s options platform mis‑calculated buying power, allowing users to control positions worth hundreds of thousands of dollars with only a few thousand in capital. The flaw stemmed from a business‑logic assumption that margin‑related trades reduced risk, which...
Day 157: Building Intelligent Threat Detection Rules - Your Security Autopilot
The post walks readers through building a production‑ready threat detection rule engine that can ingest more than 1,000 logs per second, identify over 15 common attack patterns, and issue real‑time alerts with zero false negatives for critical threats. It uses...
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
Researchers at Elastic Security Labs identified a novel social‑engineering campaign that abuses Obsidian’s community plugins to deliver the previously unknown PHANTOMPULSE remote‑access trojan. Threat actors pose as venture‑capital contacts on LinkedIn and Telegram, coaxing finance and cryptocurrency professionals to enable...
Kraken Faces Extortion over Insider‑leaked Support Videos as Valuation Drops $6.7 B
Kraken disclosed that a criminal group is extorting the exchange after insiders recorded videos of its client‑support system, potentially exposing about 2,000 accounts (0.02% of users). At the same time, Deutsche Börse’s $200 million investment values Kraken at $13.3 billion, reflecting a $6.7 billion...
License-Layer Security: The Missing Piece in OTT Content Protection
Modern OTT services rely on DRM to protect streamed video, but DRM only secures content in transit. Attackers now target the license layer, extracting keys from legitimate license responses and redistributing decrypted copies at scale. The article argues that license‑layer...
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Security researchers at Ox Security disclosed a critical, systemic flaw in Anthropic's Model Context Protocol (MCP) that enables arbitrary command execution. The vulnerability stems from the protocol’s STDIO interface, which runs commands even when server startup fails, exposing over 200...
CAIS
HolistiCyber’s Cyber AI Suite (CAIS) is a comprehensive service that secures AI‑driven applications from architecture through governance. It begins with a deep review of Retrieval‑Augmented Generation (RAG) pipelines and vector databases, then applies threat modeling and AI‑focused penetration testing using...
How Secure WordPress Hosting Protects Growing Agency Portfolios
Agencies managing dozens of WordPress sites face exponential security risk, as a single vulnerable plugin can cascade across a portfolio. Secure, agency‑focused hosting mitigates that threat by moving protection to the server layer with firewalls, DDoS mitigation, and continuous malware...
Inditex Data Breach: Zara Owner Inditex Reports Major Data Breach Exposing Customer Transaction Records
Inditex, the parent of Zara, disclosed a data breach that originated from a former technology provider and exposed transaction‑related information but no customer names, contact details, passwords, or payment data. The breach involved a third‑party service used by several international...
'Attention-Seeking' Man Allegedly Targeted Police, Defence in 'Cybercrime Spree'
A 22‑year‑old Adelaide resident, Aiden Wood, was charged with 12 hacking offences after allegedly launching a four‑month cybercrime spree that targeted critical government infrastructure, including the Australian Federal Police and Defence Force, as well as the NBN network at a...
Cyber Essentials Closes the MFA Loophole but Leaves some Organisations Adrift
The UK’s Cyber Essentials scheme has long been a baseline for cyber‑hygiene, especially for firms seeking government contracts. Effective 27 April, version 3.3 upgrades multi‑factor authentication (MFA) from a recommendation to a binary pass‑or‑fail rule. Any cloud service used without enabled MFA...
Norway’s State Telecoms Firm Accused of Helping Myanmar Regime Seize Activists
A Norwegian state‑owned telecom, Telenor, faces a class‑action lawsuit in Norway alleging it supplied the Myanmar military with personal data on more than 1,200 activists, facilitating arrests and alleged torture. The suit, filed by the Justice and Accountability Initiative and...
Too Many Tools, Not Enough Outcomes: Redefining MDR with Exposure Management
Rapid7 will speak at the ITWeb Security Summit JHB 2026 about redefining managed detection and response (MDR). The firm argues that the proliferation of point tools has produced fragmented defenses, and advocates an outcomes‑first model that merges detection, continuous threat exposure...
“I’m Just Scared”: Teen Hacker Jailed After Massive U.S. School Data Breach
Teen hacker Matthew Lane, now 20, was sentenced to four years in federal prison for his central role in the PowerSchool data breach, one of the largest attacks on U.S. education. The breach exposed personal information for roughly 60 million students...
HKIRC Recognised As Certification Authority Under Hong Kong Electronic Transactions Ordinance
The Hong Kong government has officially recognized Hong Kong Internet Registration Corporation Limited (HKIRC) as a certification authority under the Electronic Transactions Ordinance. This designation, announced on 16 April 2026, permits HKIRC to issue six types of trusted digital certificates for individuals...
Capsule Security Raises $7m to Secure AI Agents at Runtime
Capsule Security emerged from stealth with a $7 million seed round led by Lama Partners and participation from Forgepoint Capital International. The startup’s runtime‑first platform aims to secure AI agents while they execute tasks, preventing prompt‑injection attacks, data leaks, and unintended...
Shinka Achieves SOC 2 Type II Certification
Shinka, the independent CTV and DOOH mediation platform, announced it has earned SOC 2 Type II certification after completing a Type I audit. The certification validates that Shinka’s security, availability, processing integrity, confidentiality and privacy controls operate effectively over time. The achievement underscores...
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Security researchers disclosed a new prompt‑injection technique called “Comment and Control” that exploits AI‑driven code tools on GitHub. The method tricks Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent by embedding malicious prompts in pull‑request titles, issue...
US Nationals Behind DPRK IT Worker 'Laptop Farm' Sent to Prison
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to 108 months and 92 months respectively for orchestrating a scheme that placed North Korean IT workers in over 100 American companies using stolen identities. Between 2021 and October 2024...
Proactive Steps to Cut Cyber Risk Before Damage
How To Reduce Cyber Risk Before It Becomes Business Impact by @austingadient @Forbes Learn more: https://t.co/3n73qicnmw #CyberSecurity #Infosec #Technology https://t.co/WfQRH57gbm
Use of Agentic AI Erodes GDPR Compliance as We Know It. Wipro's 'Privacy by Design' Comes Into Its Own
The rise of agentic AI—autonomous systems that decompose tasks, retain memory, and act on users’ behalf—exposes gaps in current GDPR compliance frameworks. Traditional governance assumes static tools, not self‑directing agents that make micro‑decisions, store contextual data, and can be hijacked...
Anthropic’s Nuclear Bomb
Anthropic unveiled Claude Mythos Preview, an AI model that can autonomously discover and exploit zero‑day vulnerabilities with a 72.4% success rate. In tests the model cracked a 17‑year‑old FreeBSD remote code execution flaw, granting unauthenticated root access. Access is restricted...
New Approaches to Tackling Ransomware Recovery
Ransomware attacks are increasingly targeting backup data, rendering traditional zero‑trust models inadequate. Object First introduced Zero Trust Data Resilience (ZTDR), expanding zero‑trust principles with backup segmentation, multiple resilience zones, and immutable storage. Its appliance leverages Zero Access architecture to deliver...
Microsoft: April Windows Server 2025 Update May Fail to Install
Microsoft is investigating a failure of the April 2026 KB5082063 security update on Windows Server 2025, which triggers error code 0x800F0983 and, in some cases, forces servers into BitLocker recovery mode. The issue appears limited to enterprise‑managed configurations and does not affect...
Teenaged Boy Arrested After NI Schools Hacked
A 16‑year‑old was arrested in Portadown after allegedly compromising the C2K platform used by schools across Northern Ireland. The breach, which occurred at the start of the Easter break, locked students out of their accounts and exposed some personal data....
One Year on From the M&S Cyber Attack: What Did We Learn?
One year after the Easter‑week 2025 Marks & Spencer cyber breach, analysts confirm the attack originated from a simple social‑engineering phone call that compromised a third‑party help‑desk and cascaded into ransomware across VMware hosts. The incident sparked a wave of...
Sweden Reports Cyberattack Attempt on Heating Plant Amid Rising Energy Threats
Sweden’s civil defense ministry confirmed that a pro‑Russian group attempted a cyberattack on a western heating plant in 2025, but the intrusion was stopped. The operation is tied to Russian intelligence and mirrors a wave of sabotage that has hit...
Targeted Cyberattack on Northern Ireland Schools Exposes Personal Data
A recent cyberattack on Northern Ireland's Education Authority was confirmed as a targeted breach affecting a small number of schools. Forensic analysis revealed that attackers accessed personal data, though no large‑scale exfiltration has been proven. Police Service of Northern Ireland...
The Data Sovereignty Vise: Two Governments, One Compliance Trap, No Safe Harbor
China’s State Council rolled out two sweeping regulations in April 2024—Decree 834 on industrial and supply‑chain security and Decree 835 on countering foreign extraterritorial jurisdiction—both effective immediately and without a transition period. The rules clash directly with the U.S. Department of Justice’s Data...