Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
How to ACATS Lock Your Brokerage Account
Automated Customer Account Transfer Service (ACATS) lets investors move securities between brokerages without tax consequences, but criminals can hijack the process by opening fraudulent accounts and initiating unauthorized transfers. Recent reports, including a Bogleheads forum post, show thieves siphoning up to $100,000 from a Vanguard account by exploiting personal data and the lack of transfer notifications. Most major brokers allow customers to place an ACATS lock, but the feature is often only accessible via phone or chat, with Fidelity being the sole platform offering an online toggle. Activating the lock and enabling two‑factor authentication are the primary defenses against this rare but costly scam.
Medium-Severity Flaw in Microsoft SharePoint Exploited
Microsoft’s SharePoint platform is being actively exploited via CVE‑2026‑32201, a medium‑severity input‑validation flaw with a CVSS score of 6.5. The vulnerability enables attackers to spoof network traffic and modify confidential data. Threat‑intelligence firm Defused observed a coordinated reconnaissance campaign across...
Sentra, Wiz Link Data Risk to Cloud Findings
Sentra has partnered with cloud‑security platform Wiz to embed its data‑classification intelligence into Wiz’s Security Graph. The integration tags cloud misconfigurations and attack paths with sensitivity labels, letting teams focus on risks that touch regulated or business‑critical data. Continuous syncing...
CISA Flags Windows Task Host Vulnerability as Exploited in Attacks
CISA has placed the Windows Task Host privilege‑escalation flaw (CVE‑2025‑60710) on its catalog of actively exploited vulnerabilities, urging federal agencies to apply Microsoft’s November 2025 patch within two weeks. The defect allows a low‑complexity local attack to elevate a standard user...
Exploited Vulnerability Exposes Nginx Servers to Hacking
A critical vulnerability (CVE‑2026‑33032) in Nginx UI’s AI‑driven management console has been exploited in the wild, allowing unauthenticated attackers to take full control of servers. Pluto Security identified more than 2,600 internet‑exposed instances and demonstrated a proof‑of‑concept exploit. The flaw...
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
A signed software operation linked to Dragon Boss Solutions has been silently disabling antivirus products on more than 23,000 endpoints worldwide. The campaign uses a legitimate code‑signing certificate and an Advanced Installer‑based update mechanism to deliver a PowerShell payload, ClockRemoval.ps1,...
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
An independent WebXray audit of 7,634 California‑origin sites found that Google, Meta and Microsoft routinely ignore Global Privacy Control (GPC) opt‑out signals, violating the California Consumer Privacy Act (CCPA). Google showed the highest non‑compliance, failing to honor GPC requests on...
U.S. CISA Adds Microsoft SharePoint Server, and Microsoft Office Excel Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog: CVE‑2009‑0238, a remote‑code‑execution bug in Excel, and CVE‑2026‑32201, a spoofing/XSS issue in SharePoint Server. The Excel vulnerability carries a CVSS...
AI Security Tools Boost Bug Fixes, Yet Enable Exploits
The AI hacking race is on. I wonder if this new model is in Portswigger’s Burp now and if it has improved since the last time I tried it, because it didn’t work for me. But that’s also in...
OpenAI Refuses Central Control, Empowers Verified Defenders
#OpenAI shots fired “We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves. Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, & accountability.” https://t.co/KM1Vr7Idej
Towards Trust in Emacs
Emacs added a built‑in trust model in version 30, marking all files as untrusted by default to curb vulnerabilities like CVE‑2024‑53920. The new model, while secure, interrupts workflows because features such as elisp‑flymake are disabled until trust is granted. The open‑source...
NordVPN macOS Update Causes Lag, Hotfix Incoming
NordVPN's recent macOS app update hasn't gone down well, with users complaining of crippling lag and dropped connections. Fortunately, the provider has confirmed a hotfix is imminent. https://t.co/6WrA4IZ91I
HSCC Unveils 3rd-Party AI Risk & Supply Chain Transparency Guide
The Health Sector Coordinating Council’s Cybersecurity Working Group released an AI Cyber Glossary and a 109‑page "Health Industry Third‑Party AI Risk and Supply Chain Transparency Guide." The guide outlines a seven‑phase lifecycle for AI vendor risk, drawing from NIST’s AI...
Weak Default Passwords Remain Overlooked—Need Solutions
I believe we do not pay enough attention to default and weak passwords. What's your solution? https://t.co/DF0PTqoYaJ
AI Agents Using Anthropic MCP Could Be a Vector for Supply Chain Attacks, Claim Researchers
Researchers at OX Security have uncovered a systemic flaw in Anthropic's Model Context Protocol (MCP) that permits arbitrary command execution on any server running a vulnerable implementation. The vulnerability allowed the team to breach six production services, exposing user data,...
Production-Ready Lakehouses Needed From Day One
Mid-market companies in regulated industries are moving PHI/PII into analytics lakehouses right now. The ones doing it right build for production from day one. The ones doing it wrong build notebooks they'll have to rebuild. "We'll add governance later" is already behind.
Brace Yourselves for a Vulnerability Explosion, Forescout Warns
Forescout’s latest research shows AI models have moved from a 55% failure rate in vulnerability detection to near‑perfect identification, signaling a rapid acceleration in flaw discovery. The firm warns that this surge will flood vendors with far more CVE reports,...
Apple Pulls Freecash Rewards App After Data‑harvesting Allegations
Apple removed the Freecash rewards app from its store after cybersecurity firm Malwarebytes accused it of harvesting sensitive user data and employing deceptive marketing. The app, which surged to No. 2 on the U.S. App Store with millions of downloads, is...
Loftware Launches Loftware Connect, First Secure Network for Global Supply‑Chain Collaboration
Loftware announced the launch of Loftware Connect, a secure, scalable digital platform that creates a unified network for product identification across global supply chains. The solution promises faster supplier onboarding, reduced compliance costs and real‑time visibility, marking the company’s biggest...
Bitcoin Proposes Soft Fork to Protect Against Quantum Attacks
JUST IN: Bitcoin developers propose BIP-361, a soft fork to freeze wallets vulnerable to quantum attacks https://t.co/HP9NcAkfbW
Quantum‑Secure VPNs Spotlighted on World Quantum Day as Post‑Quantum Market Grows
World Quantum Day on April 14 prompted six VPN providers—including Proton VPN, Private Internet Access and IPVanish—to market post‑quantum encryption at prices as low as $1.78 per month. The push reflects a nascent but accelerating market for quantum‑resistant consumer security...
Congress Grapples with FISA Section 702 Reauthorisation as Deadline Looms
U.S. Congress is debating a clean 18‑month extension of Section 702 of the Foreign Intelligence Surveillance Act, which expires on April 20. The program, credited with thwarting terrorist plots and aiding cyber‑security responses, faces bipartisan criticism over warrantless collection of Americans’ communications.
Effective Defense Against Hacks at the Edge
PQShield unveiled its MicroCore IP, a post‑quantum security suite that fits within as little as 5 KB of SRAM for edge‑device IoT applications. The offering covers secure boot, post‑quantum TLS, and side‑channel‑resistant cryptography, all deliverable as software‑only updates or with optional...
Broadcom Announces VMware Tanzu Platform Agent Foundations for Security, PaaS Simplicity
Broadcom unveiled the VMware Tanzu Platform agent foundations, a secure, pre‑built PaaS layer for AI agents that runs on VMware Cloud Foundation. The offering leverages cloud‑native Buildpacks, structural secrets isolation, and zero‑trust networking to harden containers against malware and data...
Actively Exploited Nginx-Ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A critical authentication‑bypass flaw (CVE‑2026‑33032, CVSS 9.8) in the open‑source nginx‑ui management console is being actively exploited, allowing attackers to seize full control of Nginx services. The vulnerability stems from two MCP endpoints that default to an empty IP whitelist, effectively...
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
April’s Patch Tuesday delivered a wave of critical fixes across major vendors, highlighted by a CVSS 9.9 SQL‑injection flaw in SAP Business Planning and Consolidation that lets low‑privileged users execute arbitrary database commands. Adobe Acrobat Reader faced a remote‑code‑execution vulnerability (CVSS 8.6)...
Security Leaders Overconfident About Ransomware Recovery
Veeam’s 2026 Data Trust and Resilience Report reveals a stark gap between confidence and reality in ransomware recovery. While nine‑in‑ten security leaders believe they can bounce back quickly, only 28% actually restore all compromised data, with an average recovery rate...
Copilot and Agentforce Fall to Form-Based Prompt Injection Tricks
Security researchers at Capsule Security uncovered prompt‑injection flaws in Microsoft Copilot Studio and Salesforce Agentforce that let attackers exfiltrate data via ordinary SharePoint and lead forms. In Copilot, the “ShareLeak” vulnerability (CVE‑2026‑21520) lets a crafted comment field override system prompts...
Booking.com Customers Warned of 'Reservation Hijacking' After Hack
Booking.com disclosed a data breach that exposed customer names, email addresses, phone numbers and detailed booking information. The leak has sparked a surge in “reservation hijack” scams, where fraudsters impersonate hotels to extract money from travelers. Booking.com responded by resetting...
Don't Scan That QR Code Yet: The New Scam Threatening Your Phone
A new package scam uses QR codes on unlabeled deliveries to lure recipients into malicious sites or trigger malware downloads. The scheme, which began this summer, is expected to grow as holiday shopping and iPhone Air purchases increase. Victims are...
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Security vendor Capsule Security disclosed two high‑severity prompt‑injection vulnerabilities affecting Salesforce’s Agentforce (“PipeLeak”) and Microsoft’s Copilot (“ShareLeak”). The flaws let attackers inject malicious prompts into public‑facing forms, causing unauthorized extraction of CRM leads and SharePoint data, respectively. Both companies have...
Malware Is Scary. Here's CNET's Guide to Cleaning an Infected Laptop
CNET’s latest guide walks users through a step‑by‑step recovery playbook for laptops infected with malware, emphasizing immediate isolation, dual‑scanner verification, and cautious data restoration. The guide cites an antivirus survey showing 88% of U.S. laptop owners took action against malware...
New Tool Exposes Data Leak in Windows Recall
Microsoft is facing fresh questions about Windows Recall security and privacy. A security researcher has released a new tool that can extract data from Recall. Full details 👇 https://t.co/lOQQUU5jNO
How the Enterprise Supply Chain Has Created a Global Attack Surface
Enterprises are increasingly exposed to cyber threats through their expanding global supplier ecosystems. Third‑ and fourth‑party vendors, cloud services, and offshore teams now form a sprawling attack surface that extends far beyond traditional network perimeters. Geopolitical tensions, such as the...
Cyberscammers Are Bypassing Banks’ Security with Illicit Tools Sold on Telegram
Cybercriminals are buying virtual‑camera kits on Telegram that spoof facial‑recognition checks, allowing them to defeat KYC verification in banking apps and crypto exchanges. The tools replace live video with pre‑recorded images or deepfakes, enabling scammers to open mule accounts and...
Vodafone Rolls Out New Scam Fighting AI Tool
Vodafone has integrated an AI‑driven Scam Call Protection feature into its Secure Net Mobile service, automatically analyzing inbound calls and flagging suspicious numbers with on‑screen alerts. The tool operates in the background, requiring no extra apps, and joins existing safeguards...
Semperis: Operational Resilience in Active Directory and Entra ID
Semperis, a leader in cyber‑resilience, announced a suite of tools that safeguard both on‑premises Active Directory and Microsoft Entra ID against ransomware and malicious changes. The platform continuously evaluates identity‑system posture, flags vulnerabilities, and provides real‑time detection of suspicious activity....
90% of Firms Plan PQC Funding, Sectigo Offers Low-Risk Path
Sectigo has added Private PQC to its Certificate Manager, letting enterprises test post‑quantum TLS certificates directly in live PKI workflows. The move responds to a survey showing 90% of firms plan to fund PQC projects within the next 12 months, while...
BTQ, Daou Data Partner on Post-Quantum Security
BTQ Technologies and Daou Data have teamed up to embed hardware‑rooted post‑quantum cryptography into Korea’s payment gateways and value‑added networks. The collaboration builds on BTQ’s prior investment in Keypair, enabling faster integration of dedicated cryptographic modules. By securing key generation...
Blog 113a. Is Your Email Stealing Your Identity?
Email has become the primary digital identity anchor, governing password resets, financial approvals, SaaS access, and enterprise workflows. Traditional phishing defenses focused on spotting suspicious sender addresses, but that model is now obsolete. Modern attackers compromise the legitimate account itself,...
Only 16% of Businesses Are Fully Compliant with NIS2 Despite 2024 Compliance Deadline
A CyberSmart survey of 670 leaders across eight European countries found that only 16% feel fully compliant with the EU’s NIS2 directive, despite the October 2024 transposition deadline having passed. Budget constraints (20%) and lack of implementation guidance (16%) are the...
Deepfakes Are a Weapon of Mass Manipulation and Most People Can’t Spot Them
A new IdentifAI report finds deepfakes have evolved into a geopolitical and financial weapon, with 24.6% of incidents aimed at political manipulation and 20.1% targeting fraud. Video‑based fakes dominate at 45.6% of attacks, and the platform X accounts for 51.2%...
Bitcoin Developers Propose Freezing Quantum-Vulnerable Coins in BIP-361
Bitcoin developers and researchers have introduced BIP‑361, a proposal to freeze coins held in legacy addresses that are vulnerable to future quantum attacks. The mechanism would lock up lost or abandoned UTXOs tied to non‑quantum‑resistant keys, effectively shrinking the active...
Claude Mythos Is Everyone’s Problem
Anthropic has unveiled Claude Mythos Preview, an AI model that can locate thousands of software vulnerabilities across major operating systems and browsers. The tool is being offered exclusively to a consortium that includes Apple, Microsoft, Google and Nvidia for internal...
AI Companies to Play Bigger Role in CVE Program, Says CISA
CISA’s Vulnerability Response & Coordination chief Lindsey Cerkovnik urged AI firms such as OpenAI and Anthropic to gain stronger representation in the Common Vulnerabilities and Exposures (CVE) program. The call follows the debut of Anthropic’s Claude Mythos Preview and OpenAI’s...
U.S. Treasury Presses for Access to Anthropic’s Restricted ‘Claude Mythos’ AI Model
Treasury Secretary Scott Bessent, alongside Federal Reserve Chair Jerome Powell, convened an emergency meeting with banking CEOs to discuss Anthropic’s restricted Claude Mythos AI model. The Treasury’s push for access underscores growing concerns that the model’s advanced vulnerability‑hunting capabilities could...
DOE Allocates $160M to Secure Energy Systems as Cyber Threats Converge With Grid Modernization
The U.S. Department of Energy’s FY 2027 budget earmarks $160 million for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). The funding will bolster protection of the nation’s energy grid, its supply chain, and nuclear assets while deploying rapid‑response experts...
Rethinking Insider Risk in the Age of AI and Autonomy
Insider risk now accounts for roughly half of all data breaches, a figure amplified by remote and hybrid work models. The rise of AI‑driven productivity tools introduces new, often inadvertent, leakage pathways as employees bypass sanctioned systems. Traditional defenses like...
Anthropic Withholds Claude Mythos Preview, Sparking Data Security Debate
Anthropic announced that its latest language model, Claude Mythos Preview, is too dangerous for public release and created the invite‑only Project Glasswing to test it. The move has triggered a clash between AI proponents, who see it as a responsible...
Hackers Leak 78.6 Million Rockstar Records After Anodot Supply‑Chain Breach
ShinyHunters published more than 78.6 million records it says were taken from Rockstar Games, a breach traced to an Anodot supply‑chain attack. The leaked files contain internal analytics, game‑economy metrics and support data, while Rockstar says only limited, non‑material information was...