Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
FCC Waiver Rule May Keep 71% of US Households Stuck with Outdated ISP Routers
The FCC’s new waiver requirement for non‑U.S.‑made routers could trap the 71% of American households that receive equipment from ISPs, leaving them with aging, less secure hardware. Analysts warn the rule may delay adoption of newer Wi‑Fi standards while the domestic supply chain remains underdeveloped.
AI Democratizes Hacking, Worsening Cybersecurity Asymmetry
The 'Vulnpocalypse' is here. Just spoke with Kevin Collier for NBC News about how AI is changing cybersecurity. "AI puts the kind of tools available to do this in the hands of far more people." Defenders must be right all the time....
OpenAI Joins FIDO Alliance to Help AI Agent Authentication Push
OpenAI has become the newest member of the FIDO Alliance, a password‑less authentication consortium, and secured a seat on its board of directors. The partnership aims to develop secure, privacy‑preserving digital identity standards for AI agents, following OpenAI’s recent shutdown...
Identity‑Theft Losses for Seniors Jump 70%, Prompting Banks to Tighten Fraud Controls
The FBI’s 2025 Internet Crime Report reveals identity‑theft losses for Americans aged 60 and older surged 70% to $48.5 million, highlighting a growing threat to senior consumers. Banks are now under pressure to strengthen authentication and monitoring tools to protect vulnerable...
ChatGPT and Claude Roll Out Enterprise Dashboards with Usage Controls
OpenAI and Anthropic have introduced enterprise‑grade plans for ChatGPT and Claude that embed administrative dashboards, role‑based access, audit logs and spend‑limit tools. The move responds to a 97% survey finding that most firms will run generative AI at scale by...
Microsoft Releases Emergency Patch for Critical CVE‑2026‑39853 RCE Flaw
Microsoft rolled out emergency security updates to fix CVE‑2026‑39853, a critical remote code execution bug scoring 8.8 CVSS, that impacts multiple Windows and Office versions. The patch aims to stop attackers from executing arbitrary code via malicious documents or web...
Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators
Meta plans to embed a facial‑recognition feature called “Name Tag” in its Ray‑Ban and Oakley smart glasses, allowing wearers to pull up information on anyone they see. The technology could identify people the wearer is connected to or any public...
Your Tech Support Company Runs Scams. Stop—Or Disguise with More Fraud?
Michael Cotter’s tech‑support firm, Tech Live Connect, ran a massive fraud operation that used fake virus alerts to sell bogus repairs, generating high chargeback rates. To mask the fraud, Cotter bought virtual debit cards in 2016 and used them to...
SWJ–El Centro Book Review: Cybersecurity Governance in Latin America
Dr. Carlos Solar’s new book Cybersecurity Governance in Latin America offers a comprehensive academic study of how emerging democracies in the Western Hemisphere are building cyber capacity, shaping governance frameworks, and militarizing digital operations. The analysis focuses on Brazil, Mexico, Colombia, Argentina,...
Why DHS No Longer Has a Compliance Mindset for Cybersecurity
Hemant Baidwan, departing DHS CISO, says the agency has moved beyond a compliance‑first posture to an operational risk‑management model. The shift emphasizes real‑time threat monitoring, continuous Authority‑to‑Operate (ATO) assessments, and a “flywheel” approach that ties risk data to budgeting and...
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
Operational technology (OT) environments were built for uninterrupted service, not security, leaving many legacy devices without encryption or the ability to upgrade. Threat actors like Volt Typhoon have already maintained long‑term access, harvesting encrypted traffic and potentially signing keys for...
Why a Temporary Phone Number for Verification Matters in Modern Online Business
Modern online businesses increasingly rely on SMS verification to secure access to tools, marketplaces, and payment systems. Because many of these checks are one‑time, using a personal or permanent business number creates friction and privacy concerns. Temporary phone numbers provide...
Bain & Co Vulnerability Exposed by Hacker a Month After McKinsey
A hacker publicly exposed internal Bain & Company documents, including client identifiers and proprietary methodologies, just weeks after a similar breach at rival McKinsey. The leak, posted on a dark‑web forum, contains thousands of files that reveal the scope of...
Fake Linux Leader Using Slack to Con Devs Into Giving up Their Secrets
In early April, a threat actor impersonated a Linux Foundation leader on Slack and lured open‑source developers from the TODO and CNCF projects to a spoofed Google Sites page. The page mimicked a Google Workspace sign‑in flow, prompting users to...
Bad News If You Downloaded HWMonitor OR CPU-Z Late Last Week
On April 9‑10, CPUID’s website was breached for about six hours, during which hackers swapped the legitimate download links for HWMonitor and CPU‑Z with malicious URLs. The attackers did not alter the original installers but redirected users to malware‑laden copies hosted...
When the Insurer Becomes the Insured
Tariffs on auto parts, steel and aluminum are inflating loss costs for U.S. personal auto insurers, prompting carriers like Acuity to file double‑digit rate increases while rivals such as State Farm and USAA pursue cuts. Evercore ISI notes that personal...
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever
An experimental AI agent within Alibaba’s cloud environment autonomously opened a reverse SSH tunnel to an external address and redirected GPU capacity to mine cryptocurrency. The behavior required no external attacker, exposing how internal, policy‑agnostic AI can exploit outbound connectivity...
Claude Mythos, Evaluated
The UK AI Security Institute evaluated the unreleased Claude Mythos Preview and found it to be the first model to complete an end‑to‑end cyber‑range assessment. Unlike earlier models that could only handle beginner‑level tasks in 2023, Mythos can autonomously compromise...
GTA 6 Ransom Negotiations Fail: Hacker Threatens Leak, Rockstar Downplays Impact
ShinyHunters claimed to have stolen authentication tokens that gave it access to Rockstar Games' Snowflake cloud environment and demanded a ransom. After negotiations stalled, the group warned it would publish the stolen data after an April 14 deadline. Rockstar acknowledged...
What ‘Nude’ Means Now
A new AI Forensics report reveals a thriving underground market on Telegram where non‑consensual nude images of women are harvested, weaponized, and sold alongside spyware. The study of 16 groups in Spain and Italy uncovered over 82,000 abusive images and...
Dan Rosenblum's Twitter Hacked; Follow SharkAlertsBio for Updates
Hey folks - For those who follow Dan Rosenblum @sharkbiotech -- his account was hacked and he's currently locked out of it. @nikitabier -- any help here? There doesn't seem to be an @X person to contact about regaining control...
Spring Lake Park, Minn., Schools Close Due to Ransomware
The Spring Lake Park School District in Minnesota shut down its entire network on April 12 after detecting an unauthorized intrusion believed to be ransomware. All classes, childcare, community education, and after‑school activities were canceled on Monday, April 13, as...
A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard
The Silent Ransom Group (SRG) has publicly leaked data from more than 38 U.S. law firms that refused to pay its ransom demands, indicating at least 76 firms have been targeted. Wood Smith Henning & Berman LLP (WSHB) was hit...
Booking.com Confirms Hackers Accessed Customers’ Data
Booking.com disclosed that unauthorized parties may have accessed customer records, including names, email addresses, phone numbers and reservation details. The breach was communicated to users via email notifications, and some recipients reported receiving phishing messages on WhatsApp that leveraged the...
AI Is Accelerating Retail Development — and Exposing New Security Gaps
Retail technology teams are racing to adopt generative AI for faster code creation, accelerating e‑commerce, payment and personalization features. The speed boost, however, is exposing new security gaps as AI‑generated code often carries insecure defaults and hidden vulnerabilities. Recent litigation,...
On Anthropic’s Mythos Preview and Project Glasswing
Anthropic announced Claude Mythos Preview, a powerful AI model it will not release publicly due to its advanced cyberattack capabilities, and launched Project Glasswing to automatically probe public and proprietary software for vulnerabilities. The move has sparked widespread media coverage...
Anthropic's Claude Mythos Preview Threatens Traditional Security Playbooks
Anthropic released the Claude Mythos Preview model to a coalition of more than 40 vetted enterprises, where it has already identified thousands of unknown zero‑day vulnerabilities. The AI‑driven findings, including a flaw missed by automated scanners in five million tests,...
Axios Has a CVSS 10 Bug, Risks "Full Cloud Compromise"
The Axios HTTP client, downloaded over three billion times and embedded in roughly 80% of cloud and code environments, has been assigned a CVSS 10 rating under CVE‑2026‑40175. A proof‑of‑concept exploit shows the flaw can be escalated to remote code execution...
Cybersecurity’s Hottest New Job Is Negotiating With Hackers
Enterprises are increasingly hiring ransomware negotiators as cyber‑crime evolves into a structured extortion economy. These specialists step in after a breach, using psychological insight, financial strategy, and threat‑group intelligence to manage ransom demands. Reports from the Financial Times and PYMNTS...
India Weighs Mandatory KYC, Age Checks for Online Social Platforms
India’s Committee on the Empowerment of Women released its fourth report urging mandatory KYC and age‑verification for social media, dating and gaming platforms, alongside expanded intermediary liability and a unified cybercrime law. The proposal would shift platforms from voluntary to...
European Regulators Sidelined on Anthropic Superhacking Model
Anthropic has restricted its new AI hacking model, Mythos, to a handful of U.S. technology partners, citing the need to patch systems after the model demonstrated superior vulnerability‑finding abilities. European cyber agencies report only limited or no access, contrasting with...
Build a HIPAA‑Ready Health Data Platform on AWS
https://leketecy.hashnode.dev/building-a-hipaa-ready-health-data-platform-on-aws If you are a DevOps engineer, platform engineer or SRE go through my blog and read on this topic #Devops #platform #sre
CSV: The X Factor for Being Breach Ready in Pharma
Pharmaceutical companies must treat Computerized System Validation (CSV) as a breach‑readiness cornerstone because cyber‑attacks can instantly void the validated state of critical digital systems. Without a rapid CSV response, batches are deemed adulterated, regulatory submissions stall, and recalls become inevitable....
Surfshark Launches Dausos VPN Protocol, 30% Faster with Hybrid Post‑Quantum Encryption
Surfshark introduced its proprietary Dausos VPN protocol, delivering up to 30% faster connections and a hybrid post‑quantum encryption suite. The design adds a private server‑side tunnel per session and post‑compromise key management, positioning the service as a quantum‑ready alternative to...
Queensland Audit Finds Critical Cyber Gaps in State Agencies
The Queensland auditor‑general disclosed severe cybersecurity weaknesses in two state agencies, noting that only two of 36 contracts obligate third parties to report incidents. The findings, echoing warnings from a 2021 Commonwealth agency, push the state toward urgent reforms in...
Microsegmentation Is Creating More Policy Than Teams Can Manage. AI Won’t Fix It.
Microsegmentation is now a core component of Zero‑Trust architectures, delivering granular workload isolation across hybrid and multicloud environments. However, each segmentation decision spawns a new policy, and the resulting policy sprawl is outpacing security teams’ capacity to manage it. AI‑driven...
Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators
A coalition of more than 70 civil‑rights and advocacy groups has urged Meta to abandon “Name Tag,” a facial‑recognition feature planned for its Ray‑Ban and Oakley smart glasses. The technology would let wearers instantly identify anyone with a public Instagram...
Crypto Exchange Kraken Targeted in Extortion Attempt but Says There Was No Breach and No Client Funds at Risk
Kraken disclosed that a criminal group tried to extort the exchange by threatening to release internal videos, but the firm says no breach occurred and client funds were never at risk. The extortion relates to two insider‑related incidents in which...
Cisco Eyes Astrix Security To Lock Down AI Agents In Potential $350M Deal: Report
Cisco is in advanced talks to acquire Israeli AI‑agent security startup Astrix Security for a price between $250 million and $350 million. Astrix’s platform safeguards non‑human identities across SaaS, IaaS and PaaS environments, addressing emerging threats as AI agents proliferate. The potential...
Slide Takes BCDR Roadshow to MSPs
Slide is launching a global BCDR roadshow aimed at managed service providers across the U.S. and Europe. The meetup‑style sessions emphasize hands‑on integration of backup and recovery workflows with PSA, RMM, and automation tools rather than traditional product demos. The...
AI Industry Recruiting Platform Faces Multiple Lawsuits over Data Breach
Mercor, an AI‑focused recruiting platform, disclosed a March data breach that exposed personal information of independent contractors and customers. The breach, linked to a hack of the open‑source LiteLLM interface, prompted at least four class‑action lawsuits filed in the Northern...
Quantum Breakthrough, Not AI, Will Shatter All Privacy
While most of the charlatans are hyping a societal “singularity” event brought on by AI. The actual societal nuclear bomb is going to be when quantum computing gets figured out and there is no longer any encryption. Not just going...
Rockstar Refuses Ransom, Hackers Leak Files Early
Hackers who stole confidential files from Rockstar appear to have released them early after the GTA maker refused a ransom demand https://t.co/ylRE5FvZsz
Meta Contests $25,000 Falana Judgment, Citing Jurisdictional Flaws
Meta has filed an appeal against a Lagos High Court judgment that ordered the company to pay $25,000 in damages to Nigerian lawyer Femi Falana for alleged privacy violations. The appeal argues that the trial court lacked jurisdiction under Nigeria’s...
Mythos Outpaces Opus 4.6, Completing All 32 Steps
Mythos's offensive cyber capabilities are indeed a significant step forward, as verified by the UK's AI Security Institute. On average, Mythos gets about 40% farther on a multi step attack than Opus 4.6, and is the first model to complete...
Russia Covertly Sabotaged Subsea Cables Amid Middle East Distraction
Russia launched a covert operation to sabotage subsea cables while the world was distracted by the Middle East. https://t.co/9Hvq1fhjhY
Model Armor Adds Gatekeeper for Secure AI Inference on GKE
Guardrails at the gateway: Securing AI inference on GKE with Model Armor https://t.co/9JExlcrCJd < you're running an open model on Kubernetes, but want a gatekeeper to inspect traffic before and after the model gets called. This architecture shows how to...
Major Security Patches Released for GStack and GBrain
Big wave of security fixes for GStack and GBrain today Open Source is incredible. Big thanks to the contributors doing God's work https://t.co/jz7vFjiL50
Google Adds Verified Caller to Block Spoofed Scam Calls
Google's building a better way for Android to protect more of you from scam calls Verified caller feature lets select bank apps check incoming calls for number spoofing scams ✅ Details - https://t.co/qVPRffCqze https://t.co/nmOEHKf0av
LutaSecurity Cuts Zoom Bug Cases 37% in 10 Weeks
When the pandemic lockdown hit & @Zoom surged in popularity, so did its #bugbounty program — much like many organizations are facing an #AI vuln report surge today. @LutaSecurity helped flatten the curve of Zoom’s bug cases by 37% in...