Today's Cybersecurity Pulse
FBI warns of new Microsoft 365 phishing scheme targeting Teams, Outlook, OneDrive
The FBI issued an urgent alert about a phishing operation that exploits Microsoft 365 services. The attack leverages a platform called Kali365 sold on Telegram for as little as $250 to steal OAuth device codes, allowing criminals to bypass multi‑factor authentication without a password.
Also developing:
Booking.com Suffers Data Breach, Leaves Guests’ Personal Details Exposed
Booking.com confirmed a data breach that exposed guests' names, emails, phone numbers and reservation details, though financial information remained untouched. The company has not disclosed the number of affected customers, prompting heightened regulator scrutiny after a 2018 breach that resulted in a €475,000 fine. Meanwhile, OpenAI launched the "Everyday Superheroes" campaign in India, aligning with the IPL to showcase practical ChatGPT use cases across seven multilingual films. The initiative partners with five IPL teams and introduces interactive features like the ChatGPT Match IQ Award and a custom #FullFanMode GPT.
China Leads State‑Sponsored Cyberattacks on U.S.,
"The United States is China’s #1 target for Cyberattacks. From 2000-2023, China was responsible for 240 statesponsored or state-affiliated cyberattacks, followed by Russia at 158 and Iran at 102." Great note from the always brilliant Michael Cembalest on the economic...
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
A dark‑web forum called TierOne has launched a $10,000 article contest that rewards technical write‑ups on vulnerability exploitation. The prize pool is split into $5,000 for first place, $3,000 for second, and $2,000 for third, with submissions accepted from April 13...
Is Everyone Scared of the AI Threat? If Not, You Should Be
U.S. regulators convened the CEOs of the nation’s biggest banks after Anthropic unveiled Claude Mythos, an AI model that can autonomously locate and chain together decades‑old software vulnerabilities. The model’s ability to turn hidden flaws into exploitable attacks prompted an...
Vault Enterprise 2.0 Modernizes Identity Security at Scale
HashiCorp announced Vault Enterprise 2.0, now generally available, adding identity‑first secret distribution, expanded Linux credential rotation, and high‑performance envelope encryption for streaming workloads. The release also introduces a new versioning and support model aligned with IBM’s lifecycle policies, guaranteeing at...
Vector Informatik Expands CANoe EV with V2G Security Testing
Vector Informatik has broadened its CANoe Test Package EV to include automated security testing for electric‑vehicle charging communication. The new module covers vehicle‑to‑grid (V2G) fuzzing, TLS 1.2/1.3 protocol checks, and Plug & Charge validation, aligning with ISO 15118‑2 and ISO 15118‑20 standards. By automating...
What You Should Know About CCPA Compliance After the California Attorney General’s 2024 Investigative Sweep
The California Attorney General’s 2024 investigative sweep spotlighted widespread failures in CCPA opt‑out compliance, especially among streaming and ad‑tech firms. The audit revealed deceptive, dysfunctional, inadequate, and fragmented opt‑out mechanisms that left consumers’ data exposed across devices and platforms. Companies...
Cisco Warns of Critical IMC Vulnerabilities – Ironically, the Server Manager Itself Has Become a Point of Entry
Cisco issued critical advisories on April 1, 2026 for its Integrated Management Controller (IMC), revealing an authentication‑bypass flaw (CVE‑2026‑20093) that grants unauthenticated admin access and a suite of command‑injection/RCE bugs (CVE‑2026‑20094‑20097) that let even read‑only users execute code as root. Cisco provides...
Telecom News: CESNET, Ribbon Communications, Telit Cinterion, Lenovo, NVIDIA, Lidl, 1GLOBAL
CESNET and Ribbon Communications demonstrated a quantum‑secured optical network using Quantum Key Distribution, proving near‑zero latency encryption can be integrated into live fiber links. Telit Cinterion showcased its deviceWISE Industrial Active Intelligence platform at Hannover Messe 2026, leveraging Lenovo edge...
Beware: QR Code Texts Mimic Traffic Tickets
A new phishing scam using QR codes in text messages, pretending to be traffic or toll violations.
AI Tools Boost Security for Lean FinTech Teams
Excellent write up on what a leading FinTech (with a compact, but good security team) can do to improve security with AI tooling.
FCC Names ioXt Alliance Lead Administrator for Cyber Trust Mark Program
The Federal Communications Commission appointed the non‑profit ioXt Alliance as lead administrator of its Cyber Trust Mark program, replacing UL Solutions, which stepped down after a probe into its Chinese ties. The move is intended to give consumers a clear...
Fiddler AI Acquires Lumeus.ai to Boost AI Security and Governance
Fiddler AI announced the acquisition of Lumeus.ai, a specialist in AI policy enforcement, to expand its control‑plane capabilities. The deal, whose financial terms were not disclosed, is intended to give enterprises end‑to‑end visibility and security for autonomous AI agents from...
Fortreum Acquires Kovr.AI to Boost AI‑Driven Cybersecurity Compliance Platform
Fortreum, a cybersecurity assessment firm backed by Gryphon Investors, announced the acquisition of FedRAMP‑authorized AI compliance platform Kovr.AI. The deal combines Fortreum's practitioner‑led assessment services with Kovr.AI's agentic AI engine, aiming to streamline compliance across FedRAMP, CMMC 2.0, DOD SRG,...
Deloitte Deploys Two New Commercial Satellites, Boosting Project Constellation
Deloitte announced the launch of two commercial satellites, Deloitte-2 and Deloitte-3, extending its Project Constellation portfolio. The move underscores the firm’s shift from advisory services to operating space assets and highlights a focus on on‑orbit cyber defense and AI‑driven anomaly...
Australian Leaders “Overly Optimistic” About Ability to Manage Cyber Incidents: Datacom
Datacom’s State of Cybersecurity Index shows a stark gap between confidence and preparedness in Australia and New Zealand. While 39% of firms expect to recover from a major cyber incident within days, only 32% have a tested business continuity plan....
Dead Cars Tell Tales by Storing Data That's Never Wiped
Security researchers at Quarkslab dissected a telematics control unit from a salvaged BYD Seal and found that the device stores raw GPS logs for the vehicle's entire lifespan. The data, kept on unencrypted NAND memory, revealed the car’s journey from...
AI Shifts From Productivity Tool to Attack Engine
Informative discussion at #RSAC with Rachel Jin @trendaisecurity. We discussed the launch of TrendAI and the fact that #AI is no longer just enhancing productivity—it is fundamentally reshaping how we are attacked. 📍FULL episode here 👇 https://t.co/byCMyYmrJZ #cybersecurity https://t.co/5Dev0M8TbV
AWS Unveils Claude Mythos Preview, Bedrock Cost Allocation and Agent Registry
AWS introduced a gated Claude Mythos preview for cybersecurity, rolled out IAM‑based cost allocation for Amazon Bedrock, and launched a preview Agent Registry. The moves aim to give DevOps and security teams finer cost visibility and governance as AI agents...
Fake Ledger App Steals 6 Bitcoin,
Kraken is being extorted by scammers; 2,000 clients (0.02% of clients) have had their data exposed. A fake Ledger Live app on Apple’s Mac App Store wiped out a user’s life savings of ~6 Bitcoin after they downloaded it and entered...
ChipSoft Ransomware Attack Forces Dutch Hospital Software Shutdown, Spreads to Belgium
Dutch health‑IT firm ChipSoft confirmed a ransomware breach on April 7 that forced the shutdown of its patient‑portal services across the Netherlands. The incident has also triggered service outages in several Belgian hospitals, underscoring the cross‑border vulnerability of medical software...
Shining a Light in the Dark: Observability and Security, a SANS Profile
Observability and security integration is highlighted in a new SANS report, emphasizing a unified view of system health and threat behavior. By converging monitoring data with security analytics, organizations gain predictive maintenance capabilities, optimize resources, and reduce blind spots. The...
India: E-SafeHER to Train One Million Rural Women in Cyber Safety
India’s Ministry of Electronics and Information Technology has launched the e‑SafeHER programme to teach cybersecurity to one million rural women over the next three years. The initiative creates a network of “Cyber Sakhis” who will act as community advocates, delivering multilingual,...
FCC Selects New Lead Administrator for U.S. Cyber Trust Mark Program
The Federal Communications Commission has named the ioXt Alliance as the new Lead Administrator for its U.S. Cyber Trust Mark program, a voluntary labeling scheme for consumer IoT security. The role tasks ioXt with coordinating stakeholder outreach, recommending enhanced cybersecurity...
Archives’ Information Security Office Tackles AI and CUI
The National Archives’ Information Security Oversight Office (ISOO) is confronting the rise of AI in managing Controlled Unclassified Information (CUI). Director Michael Thomas highlighted both risks—such as AI‑driven data aggregation that could aid adversaries—and opportunities, like using large‑language models to...
How UK Data Centers Can Navigate Privacy and Cybersecurity Pressures
UK data centres are now classified as essential services under the updated NIS framework and fall within the scope of the Cyber Resilience Bill, which introduces turnover‑based fines and mandatory 24‑hour breach reporting. Operators must satisfy overlapping obligations under UK...
Many Sites Botch 2FA, Compromising Security
One problem with "2FA everywhere" is that a lot of websites simply aren't competent to implement it. The number they "can't match me to" is the only number I've ever had, the primary and only one for my account, and where...
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Organizations handling tax filings must test DDoS defenses during peak traffic, not just in low‑load windows. Real incidents in the Netherlands and Poland showed attacks timed with filing deadlines can cripple critical services. Changes to applications, CDNs, and bot‑mitigation can...
Nearly Half of March Ransomware Attacks in Tied to Just 3 Groups
Check Point researchers reported 672 ransomware incidents in March 2026, with three groups responsible for nearly half of the attacks. Qilin alone accounted for 20% of incidents, Akira for 12%, and Dragonforce RaaS for 8%. The analysis highlighted attackers’ refined...
MuddyWater Pays for Russian CastleRAT Malware
Iranian state‑sponsored group MuddyWater has become a paying customer of a Russian malware‑as‑a‑service (MaaS) platform, using the CastleRAT tool in a new campaign called “ChainShell.” The operation leverages a misconfigured C2 server, an Ethereum‑based smart contract for address resolution, and...
Fast-Moving Ransomware, Router-Based Espionage Threats Target Education and Small-Office Organizations
Microsoft warned that the Storm‑1175 group is deploying Medusa ransomware at unprecedented speed, often encrypting victims within 24 hours after initial compromise. The campaign has leveraged more than 16 vulnerabilities across Exchange servers, file‑transfer tools and RMM platforms, targeting education, healthcare,...
![[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://images.workoscdn.com/images/85740be5-63b5-46b9-be9f-eb687428dc69.png?auto=format&fit=clip&q=80)
[Sponsor] WorkOS FGA: The Authorization Layer for AI Agents
WorkOS introduces Fine‑Grained Authorization (FGA) to secure AI agents that now operate inside enterprise environments. Traditional IAM models—OAuth tokens, service‑account keys, and flat RBAC—grant agents the same broad privileges as humans, exposing Confused Deputy attacks. FGA extends role‑based control with...
Google Shoehorned Rust Into Pixel 10 Modem to Make Legacy Code Safer
Google’s Project Zero uncovered a remote code‑execution flaw in Pixel phone modems, prompting the company to bolster baseband security. Instead of rewriting the entire firmware, Google inserted a Rust‑based component into the Pixel 10 modem’s legacy C/C++ stack. The Rust module...
Why the Iran Cyberattack Everyone Warned About Hasn’t Really Happened Yet
The United States launched major combat operations against Iran in late February, sparking warnings of a massive Iranian cyber retaliation. Six weeks later, only low‑impact incidents—such as DDoS attacks, website defacements and a brief outage at medical‑device maker Stryker—have been...
AI-Powered Pentesting: Presentation with Linked Blog Resources
I’ve added links to my presentation on how I use AI 🤖 for pentesting 😈 in this post. Most of the slides have a related blog post and I’ll probably write more about all these topics as I research this...
Researchers: AI-Driven Campaign Compromises Accounts More Effectively than Traditional Phishing Attacks
Microsoft researchers have identified a large‑scale AI‑driven phishing campaign that leverages the legitimate device‑code authentication flow to hijack accounts without stealing passwords. The attackers use generative AI to craft highly personalized emails and trigger real‑time code generation, bypassing the 15‑minute...
IRS Fraud Rings Move Beyond Tax Refund Theft
Cybercriminals are escalating tax fraud by converting stolen identities into bogus businesses, securing legitimate Employer Identification Numbers (EINs) and opening bank accounts. The scheme follows a four‑stage pipeline—identity theft, LLC registration, EIN acquisition, and credit line requests—causing credit applications to...
OpenAI’s Mac Apps Need Updates Thanks to the Axios Hack
OpenAI updated its macOS security certificates and is requiring users to install the latest app versions after a supply‑chain attack on the popular Axios npm library compromised its signing workflow. The attack, linked to North Korean hacking group UNC1069, injected...
Banks Urged to Adopt Interpol‑style Fraud Network to Curb AI‑driven Scams
Vyntra chief executive Joël Winteregg told financial‑service leaders on April 13, 2026 that banks must abandon siloed defenses and operate as a single, Interpol‑style intelligence network. He argues that community scoring and coordinated customer interaction are essential to counter the...
FedRAMP Couldn’t See Inside the Box. That’s the Point.
Federal auditors at FedRAMP spent five years trying to verify Microsoft’s Government Community Cloud (GCC) High encryption but never obtained a detailed data‑flow diagram, highlighting a systemic gap between compliance paperwork and actual security. The roadblock stemmed from the platform’s legacy‑laden...
Commvault Launches AI‑driven Security Suite to Protect Legal Data Workflows
Commvault Systems unveiled three AI‑powered features—Data Activate, AI Protect and AI Studio—to secure agentic workflows and privileged data. The tools let legal departments classify, govern and recover AI‑driven datasets, tackling the compliance concerns that 60% of AI leaders cite as...
FCC Waiver Rule May Keep 71% of US Households Stuck with Outdated ISP Routers
The FCC’s new waiver requirement for non‑U.S.‑made routers could trap the 71% of American households that receive equipment from ISPs, leaving them with aging, less secure hardware. Analysts warn the rule may delay adoption of newer Wi‑Fi standards while the...
AI Democratizes Hacking, Worsening Cybersecurity Asymmetry
The 'Vulnpocalypse' is here. Just spoke with Kevin Collier for NBC News about how AI is changing cybersecurity. "AI puts the kind of tools available to do this in the hands of far more people." Defenders must be right all the time....
Claude Code Plugin Secretly Harvests Extensive Telemetry
Developer finds Claude Code plugin collecting extensive telemetry across projects, including commands and session data, without clear visibility. https://t.co/JSLmY6pIF7
OpenAI Joins FIDO Alliance to Help AI Agent Authentication Push
OpenAI has become the newest member of the FIDO Alliance, a password‑less authentication consortium, and secured a seat on its board of directors. The partnership aims to develop secure, privacy‑preserving digital identity standards for AI agents, following OpenAI’s recent shutdown...
Ram Warns AI-Driven Mythos May Spawn Zero‑day Threats
Why Ram is skeptical about the dangers of Mythos: "When they announced Mythos, security stocks went into a tailspin. ... I don't know how many vulnerabilities are waiting to be zero-day exploited by AI." -- @ramahluwalia https://t.co/nUHhdLDsAG
Rockstar Refuses Ransom, Hackers Leak Files Early
Hackers who stole confidential files from Rockstar appear to have released them early after the GTA maker refused a ransom demand https://t.co/ylRE5FvZsz
Identity‑Theft Losses for Seniors Jump 70%, Prompting Banks to Tighten Fraud Controls
The FBI’s 2025 Internet Crime Report reveals identity‑theft losses for Americans aged 60 and older surged 70% to $48.5 million, highlighting a growing threat to senior consumers. Banks are now under pressure to strengthen authentication and monitoring tools to protect vulnerable...
ChatGPT and Claude Roll Out Enterprise Dashboards with Usage Controls
OpenAI and Anthropic have introduced enterprise‑grade plans for ChatGPT and Claude that embed administrative dashboards, role‑based access, audit logs and spend‑limit tools. The move responds to a 97% survey finding that most firms will run generative AI at scale by...
Microsoft Releases Emergency Patch for Critical CVE‑2026‑39853 RCE Flaw
Microsoft rolled out emergency security updates to fix CVE‑2026‑39853, a critical remote code execution bug scoring 8.8 CVSS, that impacts multiple Windows and Office versions. The patch aims to stop attackers from executing arbitrary code via malicious documents or web...