Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and supply‑chain breaches surge across sectors
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises across multiple industries. Notable breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and a North Korean‑linked attack on the Axios JavaScript library.
ExaGrid has launched an all‑flash, SSD‑based tiered backup storage solution that ships with software version 8 and a unique front‑end Landing Zone paired with a non‑network‑facing repository tier. The new appliances—EX90‑SSD through EX540‑SSD—scale to over 17 PB in a single scale‑out system while delivering the industry’s fastest backup and restore speeds. Integrated AI‑powered Retention Time‑Lock provides immutable, air‑gap protection and automated ransomware detection. The company cites strong financial performance and projects double‑digit revenue growth in 2026.
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn in 2024, which remains up to date and relevant. https://t.co/9vBMK8r1vV
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
TrustAsia revoked 143 SSL/TLS certificates after uncovering a critical vulnerability in its LiteSSL ACME service. The flaw allowed domain‑validation data to be reused across different ACME accounts, enabling unauthorized issuance of wildcard certificates. The issue stemmed from a logic error...
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
In 2025 phishing evolved from a nuisance into a professional, subscription‑based service. Threat actors now rent disposable infrastructure, use generative AI to craft high‑fidelity pages, and repurpose mainstream no‑code platforms, while large language models eliminate the classic bad‑writing tell. These...
ShinyHunters announced a dark‑web leak of alleged databases from SoundCloud, Crunchbase and Betterment after their extortion attempts were rejected. The group posted .onion links on 22 January 2026, offering free access to the dumps. The claimed SoundCloud breach aligns with a December 2025...
Arqit Quantum has launched Encryption Intelligence (EI), an automated SaaS platform that inventories an organization’s cryptographic assets across cloud, OT and legacy systems. The tool identifies obsolete algorithms and protocols, providing real‑time visibility to accelerate post‑quantum cryptography (PQC) migration and...
Google Ads account hijackings are accelerating, especially against agencies that manage large budgets. Attackers exploit weak login practices, phishing, and even Google Analytics or Tag Manager to bypass two‑factor authentication. Google’s official guide recommends HTTPS, verified @google.com emails, link scrutiny,...
On Jan. 16, 2026 the Supreme Court granted certiorari in United States v. Chatrie, asking whether bulk geofence warrants satisfy the Fourth Amendment’s particularity requirement. A geofence warrant compels a data custodian to hand over location records for every device within a...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
Percipience, an insurtech data and analytics provider, announced it has achieved SOC 2 Type I compliance, confirming that its security, availability, and confidentiality controls are properly designed. The audit, conducted by an independent firm, validated the company’s policies on access management, change...
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. https://t.co/5eyprsSuBF
Red Teaming simulates real‑world attacker behavior across people, processes, and technology, going beyond traditional penetration testing that only flags technical flaws. It helps enterprises verify whether detection, response, and containment capabilities can stop a breach before business damage occurs. Leaders...
Application Security Posture Management (ASPM) consolidates vulnerability, misconfiguration, and runtime data into a single, continuous risk model for cloud‑native applications. By graph‑linking code commits, container images, Kubernetes objects, and cloud resources, ASPM reveals which findings are truly exploitable. This unified...
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored reporting notes on an encrypted external drive, so...
Elastic has launched the general availability of Agent Builder, a platform that lets developers create secure, context‑driven AI agents in minutes by leveraging Elasticsearch’s unified search and analytics capabilities. The offering includes native data preparation, retrieval, ranking, custom tools, conversational...
Cobalt, a pioneer of Penetration Testing as a Service, has earned the Cloud Security Alliance (CSA) AI Trustworthy Pledge by completing the STAR Level 1 CAIQ Self‑Assessment based on version 4.0.3. The certification aligns Cobalt’s practices with the CSA Cloud Controls Matrix,...
Ring has launched Ring Verify, a built‑in authenticity feature that embeds a digital security seal in every video recorded after December 2025. The seal automatically breaks if the footage is trimmed, re‑encoded, or otherwise altered, and users can check verification status...
Drive‑by download attacks automatically install malware when a user visits a compromised website, requiring no clicks or consent. They exploit outdated browsers, plugins, or operating systems, often via malicious scripts, malvertising, or exploit kits. The resulting payloads range from trojans...
Vitalik Buterin announced 2026 as the year to reclaim self‑sovereign computing, swapping his daily tools for open‑source, privacy‑preserving alternatives. He moved from Google Docs to Fileverse, Telegram to Signal, Google Maps to OrganicMaps/OpenStreetMap, and Gmail to ProtonMail, while also experimenting with...
Manage My Health, a New Zealand digital health portal, confirmed a breach that accessed documents in its My Health Documents feature, affecting over 120,000 patients. While live clinical systems remained untouched, fraudsters are now impersonating the service to send phishing and...
Technology veteran Alan Shimel discovered an Instagram account impersonating him, using the handle shimel.alan, which quickly followed 85 of his contacts and received follow‑backs from ten. He reported the account through Meta’s built‑in AI‑driven reporting tool, only to receive an...
iboss introduced an AI‑powered SaaS Security Posture Management (SSPM) capability within its Zero Trust SASE platform. The solution connects to SaaS apps via native APIs, continuously scanning configurations, permissions and data exposure. AI analysis prioritizes misconfigurations and risky sharing, presenting...
The guide walks CTOs and VPs of Engineering through building SAML‑based identity management for enterprise single sign‑on, covering claim design, certificate handling, and a step‑by‑step migration from ADFS. It explains how to configure assertions, secure metadata, and align SAML with...
Abu Dhabi Islamic Bank (ADIB) announced the three winners of its UAE Cybersecurity Innovation Challenge—Corgea, Nothreat and DTEX Systems—selected from more than 50 global applicants. The competition, run with the UAE Cyber Security Council and DIFC Innovation Hub, featured 10...
Finextra and ACI Worldwide released the "AI in Action" global survey, analyzing responses from 154 industry leaders on AI‑driven fraud prevention. Over half of organisations (51%) already run AI solutions, with another 47% planning deployments within two years. The study...
South Korean prosecutors in Gwangju are investigating the disappearance of a large bitcoin cache seized in a criminal case, which an internal audit attributes to a phishing breach during official custody. The incident underscores the vulnerability of government-held digital assets...
Microsoft has launched winapp, an open‑source command‑line interface designed to simplify Windows application development. The tool consolidates SDK management, manifest editing, certificate generation, and packaging into unified commands, supporting project scaffolding, dependency handling, and build/run operations. Winapp integrates with Visual...
Ethereum’s mainnet daily active addresses have surged to roughly 945,000, briefly peaking at 1.3 million, surpassing all major layer‑2 networks. The recent Fusaka upgrade, which slashed gas fees, is credited for the activity boost, though security analysts warn that address‑poisoning attacks...
Researchers at the Technical University of Munich present a post‑quantum secure aggregation protocol built on code‑based homomorphic encryption under the Learning Parity with Noise (LPN) assumption. The design features a key‑ and message‑additive homomorphic scheme, a committee‑based decryptor realized via...
Okta has identified a new wave of vishing‑based phishing kits sold as a service, allowing attackers to conduct live, voice‑driven credential theft. The kits let threat actors spoof corporate numbers, manipulate phishing pages in real time, and capture both passwords...
The NDSS 2025 paper introduces gittuf, a decentralized security layer for Git repositories that removes reliance on a single trusted forge. By distributing policy declaration, activity tracking, and enforcement among all contributors, gittuf lets developers independently verify changes. The system...
Amit Sheps of CyCognito warns that AI is rapidly expanding enterprise attack surfaces, making traditional vulnerability hunting insufficient. He stresses that without continuous external discovery and clear ownership mapping, security teams cannot prioritize true risk. AI both creates new entry...
Google agreed to pay $8.25 million to resolve a class‑action lawsuit alleging that its Play Store “Designed for Families” program allowed developers to collect personal data from children under 13 without parental consent. The case centered on the AdMob advertising SDK,...
Researchers warn that advances in AI will enable single operators to command swarms of thousands of autonomous social‑media agents that produce indistinguishable human content. These AI‑driven disinformation networks can adapt in real time, target specific communities, and conduct rapid micro‑testing...
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
PwC‑affiliated firm A.F. Ferguson & Co. hosted a one‑day masterclass titled “Governing Cybersecurity in the AI Era – Digital Trust, Risk & Resilience” on 22 January 2026 in Karachi. More than 100 senior technology and business leaders, including CISOs, CIOs and CFOs,...
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
Microsoft Teams will introduce a "Brand Impersonation Protection" feature that flags first‑time external VoIP callers attempting to pose as trusted organizations. The protection rolls out to the targeted release ring in mid‑February and is enabled by default, displaying high‑risk warnings...
A vulnerability in the Photo Gallery by 10Web WordPress plugin allows unauthenticated attackers to delete image comments. The flaw stems from a missing capability check in the delete_comment() function and affects all versions up to 1.8.36, primarily the Pro edition...
Researchers from Cyber Centaurs uncovered an operational security slip in the INC ransomware campaign that exposed the gang's backup infrastructure. By tracing Restic backup tool artifacts and hard‑coded credentials, they located encrypted exfiltrated data belonging to twelve unrelated U.S. organizations across...
A critical authentication flaw (CVE‑2026‑22794) was discovered in Appsmith’s low‑code platform. The vulnerability stems from the password‑reset endpoint trusting the client‑supplied Origin header, allowing attackers to craft malicious reset links and capture tokens. Exploitation enables full account takeover, including admin...
When you don't have an Skill/MCP, a headless browser is blocked, curl and fetch are blocked... the Claude extension is a slow but serviceable backup.
A critical vulnerability (CVE‑2025‑67968) in the RealHomes CRM plugin, bundled with a popular WordPress real‑estate theme, affected over 30,000 sites. Versions 1.0.0 and earlier allowed any logged‑in subscriber to upload arbitrary files via a CSV import endpoint, enabling potential full...
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
Hybrid work has turned routine Active Directory password resets into a major productivity drain, as cached credentials and frequent rotation policies cause more lockouts. Since 2022, over half of U.S. employees operate in hybrid models, leading to an estimated 923...
RSA Group announced a $135 million capital infusion backed by its existing lenders, coupled with a refinancing of its first‑ and second‑lien debt. The deal extends debt maturities, de‑leverages the balance sheet, and improves liquidity. Proceeds will fund AI‑driven enhancements to...
Kasada, a bot management and fraud protection company, unveiled AI Agent Trust, a solution designed to secure automated traffic on digital commerce sites. The platform provides a searchable directory that verifies AI agents and lets brands apply policy‑based controls to...
