Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and supply‑chain breaches surge across sectors
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises across multiple industries. Notable breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and a North Korean‑linked attack on the Axios JavaScript library.
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that used spoofed numbers to mimic official threats. The suspects, aged between 16 and 20, were apprehended during a joint operation by the National Bureau of Investigation’s Rapid Response Police. Officials emphasized the seriousness of cyber‑enabled intimidation and announced forthcoming prosecutions.
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
The episode examines Google’s Universal Commerce Protocol (UCP), an open‑source standard designed to unify AI‑driven shopping across retailers and payment providers. It highlights UCP’s advantages—single‑point integration, leverage of Google Merchant Center, modular flexibility, and merchant‑first control—while noting the competitive landscape...
Researchers at eSentire have uncovered a tax‑phishing campaign targeting Indian users by masquerading as the Income Tax Department. The campaign delivers a multi‑stage backdoor that first sideloads a malicious DLL, then escalates privileges and installs a Blackmoon trojan variant alongside...
A historic winter storm on Jan. 24‑25 left over 820,000 energy customers without power and placed 200 million people under severe‑cold alerts. While utilities scramble to restore service, cyber adversaries target pre‑existing grid weaknesses such as unpatched systems and lax remote‑access controls....
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first list of hardware and software product categories that support or are transitioning to post‑quantum cryptography (PQC) standards. The list, compiled with the NSA, follows Executive Order 14306 and targets cloud...
Rahul warns us about Clawdbot. I'm not too worried about the nerds here who load it, but it got so popular over the weekend that non-techies will get drawn in. And that's where the trouble starts. I don't know how...
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
The episode delves into ERW‑Radar, a novel detection system designed to combat evasive ransomware by leveraging the unique repetitive I/O patterns ransomware exhibits during encryption and statistical analysis of encrypted byte streams. The authors—Lingbo Zhao, Yuhui Zhang, Zhilu Wang, Fengkai...
In September 2025 Zscaler ThreatLabz uncovered two Pakistan-linked APT campaigns, Gopher Strike and Sheet Attack, targeting Indian government entities. Gopher Strike delivers malicious PDFs that trigger ISO downloads, employing a new Golang downloader called GOGITTER, a lightweight backdoor GITSHELLPAD that...
01 Quantum Inc., rebranded from 01 Communique Laboratory, reported FY 2025 revenue of $767,993—up 86% from the prior year—driven by commercial deployments of post‑quantum cryptography (PQC) solutions such as DoMobile Ver.5. The company raised $3.78 million in equity financing and continues to...
Security researchers at Palo Alto Networks’ Unit 42 have demonstrated a proof‑of‑concept where generative AI models produce on‑the‑fly JavaScript that creates personalized phishing pages. The technique sends prompts to a legitimate LLM API, receives unique code for each visitor, and executes...
Expereo’s chief digital officer Julian Skeels warns that AI workloads turn networking into a system‑of‑record, requiring deterministic, observable, and resilient connectivity. Enterprises are tangled in hybrid clouds and multiple providers, leading to “connectivity everywhere but visibility nowhere.” The company’s expereoOne...
Microsoft complied with an FBI search warrant in early 2025, providing BitLocker recovery keys stored on its cloud to law‑enforcement for three laptops linked to a Guam unemployment fraud case. The keys were automatically backed up to Microsoft Entra ID,...
Okta is the backbone of many SaaS‑first enterprises, making its security settings critical. The article outlines six often‑overlooked configurations—password policies, phishing‑resistant MFA, ThreatInsight, admin session ASN binding, session lifetimes, and behavior rules—that strengthen identity protection. It also highlights how continuous...
Security researchers uncovered the HaxorSEO (HxSEO) marketplace, a Telegram and WhatsApp‑based service that sells over 1,000 malicious backlinks from compromised, decades‑old domains. Each listing includes trust scores such as domain authority and is priced at $6, allowing threat actors to...
Upwind announced a $250 million Series B round, bringing total capital to $430 million. The funding, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, will accelerate the company’s runtime‑first cloud security platform aimed at AI‑driven workloads. Upwind claims...
Booz Allen Hamilton has launched the general availability of Vellox Reverser, an AI‑driven malware reverse‑engineering platform. The solution leverages a resilient agentic AI architecture on AWS Lambda, Bedrock, and Step Functions to automate deep analysis of complex threats. New features...
The recent discovery by Koi Security reveals that NPM’s handling of Git‑based dependencies can circumvent the post‑Shai‑Hulud “PackageGate” defenses, allowing malicious code execution even with the `--ignore‑scripts` flag. The bypass exploits a crafted `.npmrc` file that overrides the Git binary...
Cloud security teams face alert fatigue, drowning in critical notifications that outpace manual response. Wiz, a cloud risk visibility leader, has partnered with Swimlane’s Turbine agentic‑AI to turn detection into automated remediation. The integration pulls Wiz telemetry, enriches it with...
Stellar Cyber unveiled version 6.3, embedding agentic AI to push its Autonomous SOC vision forward. The update automates threat detection, investigation, triage and response across identity, network, endpoint, email and cloud layers, slashing alert fatigue and mean‑time‑to‑respond. New Model Context Protocol...
US law firm Hagens Berman is urging investors to join a class action against Coupang over a massive June 2025 cyber‑attack that exposed personal data of 33.7 million customers. The breach prompted a police raid, the resignation of CEO Park Dae‑Joon,...
North Korean state‑sponsored Lazarus group launched a new Operation DreamJob campaign targeting European defense firms that build uncrewed aerial vehicles. The attackers used fake job offers to distribute trojanized PDFs that install the ScoringMathTea RAT and BinMergeLoader loader. Malware leverages...
GeoComply’s digital identity platform, integrated with Dabble, combines device integrity, precise location, behavioural and network signals to enhance KYC. The partnership delivered KYC pass rates above 90% and uncovered large fraud clusters, including 250+ accounts from a single address and...
Blackpoint Cyber uncovered a new fake CAPTCHA campaign that tricks users into executing a signed Microsoft script, SyncAppvPublishingServer.vbs, to install the Amatera Stealer malware. The attack directs victims to press Windows Key + R, paste a code, and run a command, while fetching...
Deep‑fake “nudify” services now turn a single photo into realistic, eight‑second explicit videos, offering dozens of sexual scenarios for a small fee. Platforms ranging from web sites to Telegram bots automate image‑to‑video generation, with AI models capable of adding audio...
Offensive AI is reshaping cyber attacks, with large language models generating and morphing malware in real time. Recent incidents such as Anthropic’s AI‑orchestrated espionage campaign and ClickFix steganography attacks show adversaries bypassing traditional endpoint detection (EDR). Network Detection and Response...
IonQ announced a definitive agreement to acquire SkyWater Technology for $35 per share, valuing the semiconductor foundry at roughly $1.8 billion in a cash‑and‑stock transaction. The deal creates a vertically integrated quantum platform that combines IonQ’s fault‑tolerant quantum processors with SkyWater’s...
A new crime‑ware toolkit called Stanley is being sold on Russian‑language forums for $2,000 to $6,000. The kit disguises itself as the Notely note‑taking extension and guarantees that its malicious Chrome extension will pass Google’s Web Store review. Once installed,...
Security researchers uncovered two critical 0‑day flaws—CVE‑2025‑34164 and CVE‑2025‑34165—in NetSupport Manager versions up to 14.10.4.0. The bugs reside in an undocumented broadcast feature and can be chained to achieve unauthenticated remote code execution by corrupting heap memory and reading stack...
Phone‑based scams have moved from a niche consumer problem to a material risk for banks, with U.S. consumers losing over $12.5 billion in 2024, many through voice attacks. Fraudsters exploit the inherent trust of human speech and caller‑ID spoofing to impersonate...
Decentralized exchange aggregator Matcha Meta disclosed a security breach originating from its primary liquidity provider, SwapNet, which allowed an attacker to siphon between $13.3 million and $16.8 million on the Base network. The exploit leveraged an arbitrary call flaw in SwapNet’s router...
In this episode Adrian Bridgwater discusses F5’s new AI security offerings—AI Guardrails and AI Red Team—designed to protect enterprise AI models throughout their lifecycle. The Guardrails provide both out‑of‑the‑box and custom‑built runtime protections that enforce policies, prevent data leaks, and...
Microsoft Entra ID will automatically enable passkey profiles and add synced passkey support starting March 2026. The update moves passkey profiles to general availability and introduces a new passkeyType property that lets admins choose device‑bound, synced, or both types of passkeys....
Microsoft’s Military Affairs team has expanded the Software and Systems Academy (MSSA) into a nationwide veteran‑to‑tech pipeline, graduating more than 4,000 service members since its 2013 pilot. The program now offers three core learning paths—cloud development, cloud administration, and cybersecurity...
Firewalla introduced a zero‑trust, microsegmentation approach that lets homeowners modernize large, flat Wi‑Fi networks without renumbering IP addresses or reconfiguring devices. Using the AP7 and Orange appliances, users can keep existing SSIDs while automatically isolating legacy IoT, newer smart devices,...
A sophisticated phishing campaign has been leveraging Vercel's *.vercel.app subdomains since November 2025 to deliver remote‑access malware. The attackers disguise malicious pages as invoice portals or document viewers, then conditionally serve a signed GoTo Resolve installer after fingerprinting the victim’s browser....
Brakeman is an open‑source static analysis scanner that inspects Ruby on Rails codebases for security flaws without executing the application. It evaluates controllers, models, views, templates, and dependency versions, flagging injection, XSS, unsafe redirects, and authentication weaknesses. The tool integrates...
Consensys submitted a comment letter to the FTC urging technology‑agnostic security standards in the agency’s settlement with Nomad Capital Labs over the 2022 $190 million bridge hack. The firm warns that prescriptive measures such as mandatory circuit‑breaker mechanisms could clash with...
Ryan Seymour, VP of Consulting and Education at ConnectSecure, draws on over twenty years of incident‑response work to explain why many failures begin before an attack even starts. He shows that teams often hesitate when alerts appear, not because of...
Amazon Web Services has released an updated PCI PIN compliance package for its Payment Cryptography service, confirming a recent third‑party audit with zero findings. The package includes a PCI PIN Attestation of Compliance and a Responsibility Summary that outlines customer obligations. The...
In this episode Jason Wagner outlines how account takeover (ATO) has shifted from brute‑force logins to stealthy session hijacking, MFA fatigue, and credential reuse tied to real identities. He explains that attackers now harvest active session tokens and device fingerprints,...
User Managed Access (UMA) extends OAuth 2.0 by letting data owners set granular sharing policies. It introduces components such as Resource Owner, Authorization Server, and Requesting Party Token to mediate consent. In enterprise SSO, UMA decouples resource data from policy logic,...
NordVPN research finds more than 26 million people may have been lured to malicious sites via fake QR codes. Scammers embed these codes in “brushing” packages, a tactic that now delivers 26 % of all malicious links. Seventy‑three percent of Americans admit...
In this episode, the All‑In hosts interview four CEOs about the landscape they expect in 2026. Jeremy Allaire of Circle discusses the post‑GENIUS Act stablecoin environment, interest‑rate pressures and how AI will reshape money. George Kurtz of CrowdStrike warns that...
The NDSS 2025 paper introduces RContainer, a secure container architecture that leverages ARM Confidential Computing Architecture (CCA) hardware primitives to protect containers from untrusted operating systems. By deploying a lightweight trusted mini‑OS alongside the host OS, RContainer monitors control‑flow interactions...
Solana validators were urged to install Agave v3.0.14 after a critical security advisory revealed two vulnerabilities that could crash nodes or stall consensus. Early adoption was slow, with only 18% of stake on the patched client, exposing the network to...
E‑commerce merchants are increasingly hit by fraud that begins with fake but technically valid email sign‑ups. Fraudsters use these accounts for low‑value card‑testing transactions and to harvest welcome coupons, driving chargebacks and an estimated $89 billion in annual coupon abuse losses....
Nike announced it is probing a potential cyber incident after the WorldLeaks group claimed to have accessed and exfiltrated roughly 1.4 TB of company data. The hacker collective, which evolved from the Hunters International ransomware gang, posted the alleged breach on...
