Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
Cyber Risk Ratings Fade Out; Actionable Intelligence Takes The Spotlight
The Forrester Wave™ Q2 2026 shows cyber risk rating platforms losing influence as firms demand actionable intelligence. Vendors are re‑engineering solutions to serve third‑party risk management rather than merely delivering scores. AI capabilities remain nascent, with only a few providers showcasing agents that can automate remediation steps. Depth of threat intelligence emerges as the decisive factor for future market success.
Hackers Steal Healthcare Recruitment Data
Hackers identifying themselves as XP95 claim to have exfiltrated roughly half a million files from Healthdaq, a recruitment platform used by health trusts in Northern Ireland. The stolen data spans driving licences, criminal background checks, vaccine records, passports and other...
Curious About Quantum? Check Out Training Options From ISC2, IBM, AWS and More
The quantum computing sector is accelerating toward a so‑called Q‑day, projected by Forrester to arrive by 2030, as vendors move from theoretical fault‑tolerant designs to early engineering reality. IBM targets fault‑tolerant quantum processors by 2029, while industry leaders warn that...
Too Many False Alerts Kill Trust and Attention
The Law of False Alerts: “As the rate of erroneous alerts increases, operator reliance, or belief, in subsequent warnings decreases.” Too many alerts and people stop reading them. Too many false positives and people stop trusting them.
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A critical Remote Code Execution (RCE) flaw was discovered in the Kali Forms WordPress plugin, which powers over 10,000 active sites. The vulnerability, reported on March 2, 2026, was patched in version 2.4.10 on March 20, 2026, but attackers began exploiting it the same day,...
Research Bits: Apr. 14
Researchers from Hong Kong, Tsinghua and Southern University of Science and Technology unveiled CLAP, a memristor‑based platform that fuses physically unclonable function authentication with compute‑in‑memory, achieving 99.46% AUC on ECG data while shrinking area and power use. A separate team...
China Leads State‑Sponsored Cyberattacks on U.S.,
"The United States is China’s #1 target for Cyberattacks. From 2000-2023, China was responsible for 240 statesponsored or state-affiliated cyberattacks, followed by Russia at 158 and Iran at 102." Great note from the always brilliant Michael Cembalest on the economic...
Booking.com Suffers Data Breach, Leaves Guests’ Personal Details Exposed
Booking.com confirmed a data breach that exposed guests' names, emails, phone numbers and reservation details, though financial information remained untouched. The company has not disclosed the number of affected customers, prompting heightened regulator scrutiny after a 2018 breach that resulted...
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
A dark‑web forum called TierOne has launched a $10,000 article contest that rewards technical write‑ups on vulnerability exploitation. The prize pool is split into $5,000 for first place, $3,000 for second, and $2,000 for third, with submissions accepted from April 13...
Is Everyone Scared of the AI Threat? If Not, You Should Be
U.S. regulators convened the CEOs of the nation’s biggest banks after Anthropic unveiled Claude Mythos, an AI model that can autonomously locate and chain together decades‑old software vulnerabilities. The model’s ability to turn hidden flaws into exploitable attacks prompted an...
Vault Enterprise 2.0 Modernizes Identity Security at Scale
HashiCorp announced Vault Enterprise 2.0, now generally available, adding identity‑first secret distribution, expanded Linux credential rotation, and high‑performance envelope encryption for streaming workloads. The release also introduces a new versioning and support model aligned with IBM’s lifecycle policies, guaranteeing at...
Vector Informatik Expands CANoe EV with V2G Security Testing
Vector Informatik has broadened its CANoe Test Package EV to include automated security testing for electric‑vehicle charging communication. The new module covers vehicle‑to‑grid (V2G) fuzzing, TLS 1.2/1.3 protocol checks, and Plug & Charge validation, aligning with ISO 15118‑2 and ISO 15118‑20 standards. By automating...
What You Should Know About CCPA Compliance After the California Attorney General’s 2024 Investigative Sweep
The California Attorney General’s 2024 investigative sweep spotlighted widespread failures in CCPA opt‑out compliance, especially among streaming and ad‑tech firms. The audit revealed deceptive, dysfunctional, inadequate, and fragmented opt‑out mechanisms that left consumers’ data exposed across devices and platforms. Companies...
Cisco Warns of Critical IMC Vulnerabilities – Ironically, the Server Manager Itself Has Become a Point of Entry
Cisco issued critical advisories on April 1, 2026 for its Integrated Management Controller (IMC), revealing an authentication‑bypass flaw (CVE‑2026‑20093) that grants unauthenticated admin access and a suite of command‑injection/RCE bugs (CVE‑2026‑20094‑20097) that let even read‑only users execute code as root. Cisco provides...
Telecom News: CESNET, Ribbon Communications, Telit Cinterion, Lenovo, NVIDIA, Lidl, 1GLOBAL
CESNET and Ribbon Communications demonstrated a quantum‑secured optical network using Quantum Key Distribution, proving near‑zero latency encryption can be integrated into live fiber links. Telit Cinterion showcased its deviceWISE Industrial Active Intelligence platform at Hannover Messe 2026, leveraging Lenovo edge...
Beware: QR Code Texts Mimic Traffic Tickets
A new phishing scam using QR codes in text messages, pretending to be traffic or toll violations.
AI Tools Boost Security for Lean FinTech Teams
Excellent write up on what a leading FinTech (with a compact, but good security team) can do to improve security with AI tooling.
FCC Names ioXt Alliance Lead Administrator for Cyber Trust Mark Program
The Federal Communications Commission appointed the non‑profit ioXt Alliance as lead administrator of its Cyber Trust Mark program, replacing UL Solutions, which stepped down after a probe into its Chinese ties. The move is intended to give consumers a clear...
Fiddler AI Acquires Lumeus.ai to Boost AI Security and Governance
Fiddler AI announced the acquisition of Lumeus.ai, a specialist in AI policy enforcement, to expand its control‑plane capabilities. The deal, whose financial terms were not disclosed, is intended to give enterprises end‑to‑end visibility and security for autonomous AI agents from...
Fortreum Acquires Kovr.AI to Boost AI‑Driven Cybersecurity Compliance Platform
Fortreum, a cybersecurity assessment firm backed by Gryphon Investors, announced the acquisition of FedRAMP‑authorized AI compliance platform Kovr.AI. The deal combines Fortreum's practitioner‑led assessment services with Kovr.AI's agentic AI engine, aiming to streamline compliance across FedRAMP, CMMC 2.0, DOD SRG,...
Deloitte Deploys Two New Commercial Satellites, Boosting Project Constellation
Deloitte announced the launch of two commercial satellites, Deloitte-2 and Deloitte-3, extending its Project Constellation portfolio. The move underscores the firm’s shift from advisory services to operating space assets and highlights a focus on on‑orbit cyber defense and AI‑driven anomaly...
Australian Leaders “Overly Optimistic” About Ability to Manage Cyber Incidents: Datacom
Datacom’s State of Cybersecurity Index shows a stark gap between confidence and preparedness in Australia and New Zealand. While 39% of firms expect to recover from a major cyber incident within days, only 32% have a tested business continuity plan....
Dead Cars Tell Tales by Storing Data That's Never Wiped
Security researchers at Quarkslab dissected a telematics control unit from a salvaged BYD Seal and found that the device stores raw GPS logs for the vehicle's entire lifespan. The data, kept on unencrypted NAND memory, revealed the car’s journey from...
AI Shifts From Productivity Tool to Attack Engine
Informative discussion at #RSAC with Rachel Jin @trendaisecurity. We discussed the launch of TrendAI and the fact that #AI is no longer just enhancing productivity—it is fundamentally reshaping how we are attacked. 📍FULL episode here 👇 https://t.co/byCMyYmrJZ #cybersecurity https://t.co/5Dev0M8TbV
AWS Unveils Claude Mythos Preview, Bedrock Cost Allocation and Agent Registry
AWS introduced a gated Claude Mythos preview for cybersecurity, rolled out IAM‑based cost allocation for Amazon Bedrock, and launched a preview Agent Registry. The moves aim to give DevOps and security teams finer cost visibility and governance as AI agents...
Fake Ledger App Steals 6 Bitcoin,
Kraken is being extorted by scammers; 2,000 clients (0.02% of clients) have had their data exposed. A fake Ledger Live app on Apple’s Mac App Store wiped out a user’s life savings of ~6 Bitcoin after they downloaded it and entered...
ChipSoft Ransomware Attack Forces Dutch Hospital Software Shutdown, Spreads to Belgium
Dutch health‑IT firm ChipSoft confirmed a ransomware breach on April 7 that forced the shutdown of its patient‑portal services across the Netherlands. The incident has also triggered service outages in several Belgian hospitals, underscoring the cross‑border vulnerability of medical software...
Shining a Light in the Dark: Observability and Security, a SANS Profile
Observability and security integration is highlighted in a new SANS report, emphasizing a unified view of system health and threat behavior. By converging monitoring data with security analytics, organizations gain predictive maintenance capabilities, optimize resources, and reduce blind spots. The...
India: E-SafeHER to Train One Million Rural Women in Cyber Safety
India’s Ministry of Electronics and Information Technology has launched the e‑SafeHER programme to teach cybersecurity to one million rural women over the next three years. The initiative creates a network of “Cyber Sakhis” who will act as community advocates, delivering multilingual,...
FCC Selects New Lead Administrator for U.S. Cyber Trust Mark Program
The Federal Communications Commission has named the ioXt Alliance as the new Lead Administrator for its U.S. Cyber Trust Mark program, a voluntary labeling scheme for consumer IoT security. The role tasks ioXt with coordinating stakeholder outreach, recommending enhanced cybersecurity...
Archives’ Information Security Office Tackles AI and CUI
The National Archives’ Information Security Oversight Office (ISOO) is confronting the rise of AI in managing Controlled Unclassified Information (CUI). Director Michael Thomas highlighted both risks—such as AI‑driven data aggregation that could aid adversaries—and opportunities, like using large‑language models to...
How UK Data Centers Can Navigate Privacy and Cybersecurity Pressures
UK data centres are now classified as essential services under the updated NIS framework and fall within the scope of the Cyber Resilience Bill, which introduces turnover‑based fines and mandatory 24‑hour breach reporting. Operators must satisfy overlapping obligations under UK...
Many Sites Botch 2FA, Compromising Security
One problem with "2FA everywhere" is that a lot of websites simply aren't competent to implement it. The number they "can't match me to" is the only number I've ever had, the primary and only one for my account, and where...
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Organizations handling tax filings must test DDoS defenses during peak traffic, not just in low‑load windows. Real incidents in the Netherlands and Poland showed attacks timed with filing deadlines can cripple critical services. Changes to applications, CDNs, and bot‑mitigation can...
Nearly Half of March Ransomware Attacks in Tied to Just 3 Groups
Check Point researchers reported 672 ransomware incidents in March 2026, with three groups responsible for nearly half of the attacks. Qilin alone accounted for 20% of incidents, Akira for 12%, and Dragonforce RaaS for 8%. The analysis highlighted attackers’ refined...
MuddyWater Pays for Russian CastleRAT Malware
Iranian state‑sponsored group MuddyWater has become a paying customer of a Russian malware‑as‑a‑service (MaaS) platform, using the CastleRAT tool in a new campaign called “ChainShell.” The operation leverages a misconfigured C2 server, an Ethereum‑based smart contract for address resolution, and...
Fast-Moving Ransomware, Router-Based Espionage Threats Target Education and Small-Office Organizations
Microsoft warned that the Storm‑1175 group is deploying Medusa ransomware at unprecedented speed, often encrypting victims within 24 hours after initial compromise. The campaign has leveraged more than 16 vulnerabilities across Exchange servers, file‑transfer tools and RMM platforms, targeting education, healthcare,...
![[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://images.workoscdn.com/images/85740be5-63b5-46b9-be9f-eb687428dc69.png?auto=format&fit=clip&q=80)
[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents
WorkOS introduces Fine‑Grained Authorization (FGA) to secure AI agents that now operate inside enterprise environments. Traditional IAM models—OAuth tokens, service‑account keys, and flat RBAC—grant agents the same broad privileges as humans, exposing Confused Deputy attacks. FGA extends role‑based control with...
Google Shoehorned Rust Into Pixel 10 Modem to Make Legacy Code Safer
Google’s Project Zero uncovered a remote code‑execution flaw in Pixel phone modems, prompting the company to bolster baseband security. Instead of rewriting the entire firmware, Google inserted a Rust‑based component into the Pixel 10 modem’s legacy C/C++ stack. The Rust module...
Why the Iran Cyberattack Everyone Warned About Hasn’t Really Happened Yet
The United States launched major combat operations against Iran in late February, sparking warnings of a massive Iranian cyber retaliation. Six weeks later, only low‑impact incidents—such as DDoS attacks, website defacements and a brief outage at medical‑device maker Stryker—have been...
AI-Powered Pentesting: Presentation with Linked Blog Resources
I’ve added links to my presentation on how I use AI 🤖 for pentesting 😈 in this post. Most of the slides have a related blog post and I’ll probably write more about all these topics as I research this...
Claude Code Plugin Secretly Harvests Extensive Telemetry
Developer finds Claude Code plugin collecting extensive telemetry across projects, including commands and session data, without clear visibility. https://t.co/JSLmY6pIF7
Researchers: AI-Driven Campaign Compromises Accounts More Effectively than Traditional Phishing Attacks
Microsoft researchers have identified a large‑scale AI‑driven phishing campaign that leverages the legitimate device‑code authentication flow to hijack accounts without stealing passwords. The attackers use generative AI to craft highly personalized emails and trigger real‑time code generation, bypassing the 15‑minute...
IRS Fraud Rings Move Beyond Tax Refund Theft
Cybercriminals are escalating tax fraud by converting stolen identities into bogus businesses, securing legitimate Employer Identification Numbers (EINs) and opening bank accounts. The scheme follows a four‑stage pipeline—identity theft, LLC registration, EIN acquisition, and credit line requests—causing credit applications to...
Ram Warns AI-Driven Mythos May Spawn Zero‑day Threats
Why Ram is skeptical about the dangers of Mythos: "When they announced Mythos, security stocks went into a tailspin. ... I don't know how many vulnerabilities are waiting to be zero-day exploited by AI." -- @ramahluwalia https://t.co/nUHhdLDsAG
OpenAI’s Mac Apps Need Updates Thanks to the Axios Hack
OpenAI updated its macOS security certificates and is requiring users to install the latest app versions after a supply‑chain attack on the popular Axios npm library compromised its signing workflow. The attack, linked to North Korean hacking group UNC1069, injected...
Banks Urged to Adopt Interpol‑style Fraud Network to Curb AI‑driven Scams
Vyntra chief executive Joël Winteregg told financial‑service leaders on April 13, 2026 that banks must abandon siloed defenses and operate as a single, Interpol‑style intelligence network. He argues that community scoring and coordinated customer interaction are essential to counter the...
FedRAMP Couldn’t See Inside the Box. That’s the Point.
Federal auditors at FedRAMP spent five years trying to verify Microsoft’s Government Community Cloud (GCC) High encryption but never obtained a detailed data‑flow diagram, highlighting a systemic gap between compliance paperwork and actual security. The roadblock stemmed from the platform’s legacy‑laden...
Commvault Launches AI‑driven Security Suite to Protect Legal Data Workflows
Commvault Systems unveiled three AI‑powered features—Data Activate, AI Protect and AI Studio—to secure agentic workflows and privileged data. The tools let legal departments classify, govern and recover AI‑driven datasets, tackling the compliance concerns that 60% of AI leaders cite as...
FCC Waiver Rule May Keep 71% of US Households Stuck with Outdated ISP Routers
The FCC’s new waiver requirement for non‑U.S.‑made routers could trap the 71% of American households that receive equipment from ISPs, leaving them with aging, less secure hardware. Analysts warn the rule may delay adoption of newer Wi‑Fi standards while the...