Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
How to Implement Passwordless Authentication to Boost User Conversion
Passwordless authentication replaces passwords with device‑bound cryptographic keys, removing a major source of friction in sign‑up and login flows. The 2026 Passwordless Conversion Impact Report shows that faster entry boosts lifetime value, while the IBM Cost of Data Breach Report highlights security savings. By adopting FIDO2/WebAuthn passkeys, firms cut password‑reset tickets, lower phishing risk, and meet NIST AAL2 requirements. A hybrid, phased rollout lets organizations transition millions of users without disrupting existing accounts.
Reddit 2026 Cybersecurity Talk Shifts From Phishing To AI Chaos
From Phishing to AI Chaos: What My Analysis of All Reddit CyberSecurity Discussions So Far in 2026 Revealed https://t.co/LF7w9E3mMR
Democratized Software, Democratized Risk: Who’s Accountable When Everyone Codes?
AI‑driven coding tools are letting non‑technical teams create software without traditional developer resources, accelerating delivery and cutting costs. However, this democratization creates governance gaps that can expose organizations to security, compliance, and accountability risks. The article advises IT leaders to...
Corporate Affairs Commission Hit by Cyberattack in Nigeria
Nigeria’s Corporate Affairs Commission confirmed a cyber‑attack that compromised its company‑registration platform, prompting an urgent investigation with the National Information Technology Development Agency. The breach threatens sensitive business data, could delay filings and erode confidence in government digital services. At...
Shadow AI and the New Visibility Gap in Software Development
Generative AI is now a core part of software development, but shadow AI—unapproved AI tools used by developers—is already mainstream, with 50% of workers globally and over 70% of UK employees relying on them. This creates a "lethal trifecta" of...
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems
Researchers at Cyble have identified a surge in Android malware campaigns leveraging a new modular framework called MiningDropper. The platform repurposes the open‑source Lumolight app as a trojanized entry point and uses layered XOR and AES encryption to deliver multi‑stage...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Researchers at Acronis have identified a low‑dollar, high‑volume ransomware operation that has been active in Turkey since at least 2020. The attackers deploy a customized Adwind RAT to deliver the JanaWare ransomware, demanding between $200 and $400 per victim. The...
Super Funds Seek to Coordinate Sector's Cyber Threat Response
The Association of Superannuation Funds of Australia (ASFA) has applied to the Australian Competition and Consumer Commission for a five‑year licence to operate the Superannuation Cyber and Financial Crime Exchange (SuperFCX), a dedicated threat‑intelligence sharing platform for the sector. The...
Who Is Winning the Scam Game?
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis dissect two major scam narratives: an international gold‑scam ring that lured U.S. victims into buying $800,000 worth of physical gold, culminating in the arrest of a...
Europe Launches First Kill‑switch‑proof Cloud Recovery Stack
Europe builds its first “kill-switch proof” cloud recovery stack https://t.co/QMZVcROJjW >> Congrats. Interesting pan EU collaboration - BUL / D / I and LUX. Good to see. Bow let's look for adoption.
.png)
ITnews to Bring Security Leaders Together for State of Security Breakfast Roadshow
iTnews is launching its inaugural State of Security Breakfast Roadshow in Brisbane on June 18, gathering more than 50 senior IT and security executives to discuss findings from its State of Security report released April 30. The breakfast will focus on three...
Web Supply Chain Risk in ANZ: Why the Browser Is the New Front Line
Reflectiz warns that modern web applications increasingly rely on third‑ and fourth‑party scripts that execute in users' browsers, creating a hidden supply‑chain risk that traditional security tools cannot see. Research of 4,700 ANZ sites shows 64% of these scripts handle...
Timely Takes Podcast: J.T. Ho’s Latest “Fast Five”
Cleary Gottlieb’s J.T. Ho hosts the latest Timely Takes podcast, delivering a monthly briefing on securities and governance trends. The episode covers five hot topics: prediction‑market considerations for public companies, board‑level cybersecurity guidance amid cyber‑warfare, the 2026 CISO AI Risk...
Cyberwar’s New Frontier
The article warns that autonomous cyber‑agents are moving from theory to operational reality, capable of launching attacks in minutes and persisting undetected across critical sectors. It highlights the U.S. 2026 Cyber Strategy’s embrace of such agents while noting severe staffing...
RedSun: System User Access on Win 11/10 and Server with the April 2026 Update
RedSun is a newly disclosed vulnerability affecting Windows 10, Windows 11 and Windows Server with the April 2026 Update. The flaw exploits Windows Defender’s cloud‑tag handling, causing the antivirus to rewrite a malicious file back to its original location. By overwriting trusted system...
FSF Trying to Contact Google About Spammer Sending 10k+ Mails From Gmail Account
Thom Zane, an administrator of the daedal.io Mastodon instance, posted on the fediverse asking for a direct email address to reach a human on Google’s Gmail team. He wants to report a spammer who allegedly sent more than 10,000 Gmail...
AI Threats Push Businesses to Rethink Cybersecurity Strategies: Kaspersky
AI is reshaping cyber threats, enabling both seasoned hackers and novices to launch sophisticated attacks with generative tools. Kaspersky warns that 72% of firms are deeply concerned as AI‑driven phishing, deepfakes, and automated malware surge. A deepfake video call cost...
AI Tool Adoption Leaves Companies With Zero Code Controls
In all seriousness though, companies that are investing in these tools have zero control over code quality, how to protect from prompt injection, what gets shoved and executed into the developers environment, what gets shoved into production. Zero. Controls. Death of...
Taking Operational Risk to Resilience with Emerging AI Systems: Gartner
Gartner warns that generative AI (GenAI) and agentic AI are exposing enterprises to rising security incidents. It predicts 25% of GenAI applications will suffer at least five minor incidents annually by 2028, and 15% will encounter a major breach by...
Ivanti Unveils AI‑Driven Neurons Platform to Automate IT and Security Ops
Ivanti announced the launch of its AI‑driven Neurons platform, a suite of autonomous IT and security capabilities that deflect tickets, cut manual effort and enforce compliance. The move targets growing pressure on DevOps teams to scale operations without sacrificing governance.
Commvault Launches ‘Ctrl‑Z’ AI Protect to Undo Cloud AI Actions
Commvault rolled out Ctrl‑Z, an AI Protect feature that can roll back actions taken by autonomous agents across major cloud platforms. The tool aims to restore data, configurations and applications after unintended AI‑driven changes, tackling emerging governance challenges in cloud‑based...
National Cyber Director Signals Wave of New Cybersecurity Executive Orders
At the Semafor World Economy forum, National Cyber Director Sean Cairncross warned that President Trump will sign more cybersecurity‑focused executive orders soon, following the rollout of the administration’s new national cyber strategy. The signal hints at tighter regulation for businesses...
SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns;
In this 7‑minute Stormcast episode, Johannes Ulrich warns that attackers are increasingly scanning web servers for AI‑related configuration files such as .env files containing OpenAI, Claude, or OpenClaw credentials, emphasizing the need for proper secret management and billing alerts. He...
Unity AI Gateway Simplifies Secure Agent Integration
Securing agents is one of the main bottlenecks to adoption. With Unity AI Gateway, we're making it easy to secure your agents, tools and data they access in one place. It's super easy to plug into existing agents as just...
Spatiotemporal Light Pulses Could Secure Optical Communication by Masking Data
Ben‑Gurion University researchers have devised a secure optical‑communication scheme that embeds data within spatiotemporal optical vortices—light pulses whose structure conceals information from conventional detectors. The approach pairs these shaped pulses with a pre‑shared key and decoy‑signal algorithm, allowing only a...
IBM Rolls Out AI‑Driven Cybersecurity Assessment to Counter Agentic Attacks
IBM announced a new cybersecurity assessment and the IBM Autonomous Security service aimed at protecting enterprises from AI‑driven, agentic attacks. The offering promises machine‑speed detection, coordinated response and guidance on AI‑specific vulnerabilities.
Adapting in the Era of AI
Fastly announced ContentGuard, a new feature inside its Bot Management suite that gives customers granular control over who accesses cached content. The company’s security research shows 47% of requests to cached assets are from unverified or malicious bots, while only...
GitLab 18.11 Release
GitLab 18.11 introduces a suite of AI‑driven and security enhancements, including Agentic SAST Vulnerability Resolution that auto‑generates merge requests for critical findings, and the Data Analyst Agent that answers natural‑language queries across the platform. The release also adds fine‑grained personal...
GitLab 18.11 Released with Automated Remediation & New Foundational Agents
GitLab 18.11 introduces Agentic SAST vulnerability resolution that automatically generates merge requests to fix critical and high‑severity findings. The release also makes the Data Analyst Agent generally available and launches the CI Expert Agent in beta, expanding AI‑driven assistance across...
Coremail Showcases at GITEX Asia 2026: Advancing Enterprise Communication with AI-Native Secure Email
Coremail unveiled its AI‑Native Secure Email System and CACTER AI‑Native Secure Email Gateway at GITEX Asia 2026 in Singapore. The solutions combine large language models with autonomous agents to transform email from a static messaging tool into a task‑execution hub....
Anonymizing Network Traffic: A Dive Into SOCKS5 and Data Encryption
SOCKS5 proxies have become a core tool for businesses that need to hide IP addresses while handling any traffic type, from HTTP to UDP. Unlike HTTP proxies, SOCKS5 does not inspect data, allowing seamless use for streaming, automated data collection,...
Smashing Security Podcast #463: This AI Company Leaked Its Own Code. It’s Also Built Something Terrifying
In the Smashing Security #463 episode, host Graham Cluley and guest Tanya Janca discuss Anthropic’s accidental leak of the Claude Code CLI source via a mis‑published source‑map and the company’s new AI model, Mythos, which can autonomously discover and chain...
Over 25K Systems Exposed by Adware App to Supply Chain Compromise
Dragon Boss Solutions’ ad‑ware platform inadvertently exposed more than 25,000 systems after an insecure software‑update channel was discovered. Threat actors could purchase a signed payload for about $10 and push malicious code with SYSTEM privileges. Huntress identified communications from 23,565 IP addresses,...
To Fight Ransomware, Turn to Incident Response Professionals
The UK Home Office is consulting on a ban on ransomware payments for public‑sector bodies and critical national infrastructure, alongside a broader payment‑prevention regime and mandatory incident‑reporting. Critics argue the proposal could leave under‑resourced firms tangled in legal hoops while...
WBA Guidelines Target Rogue Access Points and Credential Theft
The Wireless Broadband Alliance (WBA) released a Wi‑Fi Security Guidelines framework to standardize protection across public, enterprise, IoT, and roaming networks. The document mandates mutual certificate‑based authentication, WPA3‑Enterprise with Protected Management Frames, and encrypted RADIUS traffic to thwart rogue access...
KnowBe4 Debuts Guardrails for Autonomous AI Agents
KnowBe4 has introduced Agent Risk Manager, a real‑time monitoring and governance layer designed to police autonomous AI agents operating across enterprise environments. The solution adds behavioral guardrails to block threats such as unauthorized data exposure, prompt‑injection jailbreaks, and runaway compute...
CoSN 2026: Student-Led Cyber Programs Incentivize Culture of Safety
At DeKalb County School District, the second‑year Cyber Champions program places students at the forefront of district‑wide cybersecurity education, turning them into peer advocates for digital safety, phishing awareness, and AI ethics. The initiative operates without a dedicated budget, leveraging...
Securing Remote Server Access: Why VPNs Matter for Administrators
Remote server administrators face brute‑force, phishing and malware attacks when SSH or RDP are exposed to the internet. Deploying a corporate VPN tunnels remote connections through encrypted channels, limiting access to authenticated users and removing direct exposure of critical ports....
Anthropic's Mythos Triggers Cybersecurity Race — CrowdStrike, Rubrik, Cloudflare Stand To Gain
Anthropic unveiled Project Glasswing and the Claude Mythos model, an AI system that can autonomously discover and exploit software vulnerabilities at scale. ARK Invest highlighted Mythos' 93.9% SWE‑bench and 83.1% CyberGym scores as evidence of a new era in software...
New AgingFly Malware Used in Attacks on Ukraine Govt, Hospitals
CERT‑UA uncovered a new malware family called AgingFly targeting Ukrainian government agencies, hospitals and possibly Defense Forces. The campaign begins with phishing emails offering humanitarian aid, leading victims to click links that deliver malicious LNK shortcuts and HTA files. Once...
Critical MCP Integration Flaw Puts NGINX at Risk
Researchers at Pluto Security have uncovered a critical vulnerability in the popular nginx‑ui web console, identified as CVE‑2026‑33032 with a CVSS score of 9.8. The flaw resides in the MCP /message endpoint, which performs no authentication and can be exploited to...
New CXO Advisor Services Cut Cyber Risk Fast
We are expanding CXO Advisor with new services across pen testing, incident response, and transformation. The goal is to fundamentally help companies reduce their cybersecurity risk. If you are trying to improve your security posture in a practical way, happy to...
AI, Quantum Computing Redefine Cybersecurity Landscape – Prof. Brooks
Cyber Solutions – The Intersection of AI, Quantum and Cybersecurity with Prof. Chuck Brooks | https://t.co/MzmJurZmns https://t.co/tQshTKmETs
Class Action Targets Berkadia over Alleged Cyberattack Exposing Thousands' Data
Berkadia Commercial Mortgage, the leading Freddie Mac lender, faces a proposed class action alleging a March 20 cyberattack by the ShinyHunters group. The breach reportedly exposed thousands of individuals' personal and financial data, including Social Security numbers and banking details. Plaintiffs claim...
Beware: Fake iCloud Emails Exploit Urgency to Harvest Data
Fraudulent iCloud emails use urgency and imitation tactics to trick users into revealing sensitive information through malicious links and deceptive interfaces. https://t.co/jXuLGQLiXZ
![Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2026/04/iphone-tap-to-pay-vulnerability-veritasium.webp?resize=1200%2C628&quality=82&strip=all&ssl=1)
Android Phones Aren’t at Risk of Long-Standing iPhone Tap-to-Pay Vulnerability [Video]
A five‑year‑old tap‑to‑pay flaw in iPhone’s Express mode lets large transit purchases bypass the lock screen, a vulnerability highlighted in a recent Veritasium video. Apple and Visa have been aware of the issue since 2021, but claim it falls under...
Fiverr Denies ‘Major Security Lapse’ Despite Private User Data Appearing in Google Search
Fiverr says there is no major security breach, but a misconfigured Cloudinary storage bucket left private user documents publicly accessible. PDFs, images, tax forms and other sensitive files were indexed by Google after the platform used permanent URLs instead of...
Quantum Threat Makes Satoshi Identity Verifiable by Anyone
"Anyone can prove they are Satoshi" - @tayvano_ on how quantum could affect BIP-316 https://t.co/CkpfDikm9E
AI in Cybersecurity Will Mostly Augment, Not Replace, by 2027
Fun insight from @Gartner_inc "By 2027, 90% of successful AI implementations in cybersecurity will be tactical — task automation and process augmentation — rather than role replacement." (https://t.co/EC2MwkKYqC)
The Myth of the CMMC “Easy Button:” Why Shortcuts Usually Collapse Under Scrutiny From a Third-Party Assessor
Defense contractors face intense pressure to meet CMMC Level 2 requirements on compressed timelines, turning what was once a planning exercise into a contractual mandate. The article warns that shortcuts—such as relying on shared multi‑tenant environments or skipping a proven reference...