Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and Supply‑Chain Breaches Surge Across Industries
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises. High‑profile attacks include a ransomware intrusion at Hasbro, a malicious LiteLLM package update that hit AI startup Mercor, and a North Korean‑linked exploit of the Axios JavaScript library.
Also developing:
![MFA Prompt Bombing (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this attack vector and points listeners to the CyberWire glossary for deeper context. The episode underscores the need for organizations to implement prompt throttling and user education to mitigate this social engineering threat.
North Korean state‑sponsored hackers are masquerading as remote IT workers, generating up to $600 million annually for the regime. They infiltrate Western firms by securing legitimate remote positions or creating fake front‑company job postings, then use living‑off‑the‑land techniques to embed persistent...
Rakuten Viber’s CISO/CTO Liad Shnell says the messenger is now critical infrastructure, so security priorities extend beyond confidentiality to availability, integrity and abuse resilience. The platform ships end‑to‑end encryption by default and relies on AI‑driven analysis of metadata, behavioral signals...
The CSO 2025 Security Priorities Study reveals that senior security executives continue to favor established, name‑brand vendors for AI‑enabled security solutions despite a flood of AI‑only startups. Cisco and Microsoft lead the list, with reputation, breach history, and integration ease...
In a Help Net Security video, Myriad360 Field CISO Bryan Sacks argues that cybersecurity metrics should inform executive decisions rather than serve merely as reporting tools. He emphasizes aligning security initiatives with business priorities set by CEOs and boards, using...
The article lists the top five free VPN services projected for 2026, emphasizing their ability to safeguard anonymity during activities like torrenting. It highlights common pitfalls of free VPNs, such as data leaks, bandwidth limits, and ad injection. Each recommended...
Hackers now target small businesses, accounting for 43% of attacks, making cyber‑attack prevention a critical priority. Affordable cloud‑based antimalware and firewall services, along with Breach and Attack Simulation (BAS) platforms like Cymulate, give SMBs enterprise‑level protection. The article outlines five...
Airbus Cybersecurity and Dauphine University found that embedding structured hacking, social engineering, and capture‑the‑flag exercises into curricula dramatically increases student engagement and confidence. The study tracked participants as they assumed attacker, analyst, and insider roles, culminating in a mixed‑reality CTF...
The January 2026 cybersecurity job roundup lists more than 30 senior‑level openings across continents, from CISO roles at Australia’s CSIRO to GenAI security specialists in Israel. Positions span core disciplines such as threat hunting, vulnerability management, IAM governance, and OT network...
The 2025 Foushée Security & Compliance Compensation Survey, now run by ScottMadden, reveals notable pay shifts across 90 security roles. Chief Security Officers saw a modest 6.9% rise in base salary to $364,826, while total cash compensation slipped 2.9% and...
Socket’s Threat Research Team uncovered a malicious Chrome extension, MEXC API Automator, that silently creates MEXC exchange API keys with withdrawal permissions. The extension exfiltrates the keys to a hard‑coded Telegram bot, enabling attackers to programmatically trade and drain wallets....
Apache Struts has been disclosed with a critical external entity injection flaw, S2‑069 (CVE‑2025‑68493), scoring 9.8 on the CVSS scale. The vulnerability resides in the XWork XML parser, enabling attackers to read files, perform SSRF, or launch DoS attacks. Affected...
At the start of each year, security teams face heightened insider risk due to workforce transitions such as departures, role changes, and reorganizations. These shifts often create blind spots in identity and access management, leaving dormant or over‑privileged accounts vulnerable...
Service outages are rising, costing Global 2000 firms an estimated $400 billion annually, with DNS failures often at the core of prolonged downtime. The article argues that many organizations lack a true "Plan B" for DNS, relying on slow provider switches that...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal civilian agencies to patch a critical zero‑day vulnerability in the Gogs Git service, identified as CVE‑2025‑8110. The flaw allows authenticated attackers to exploit a path‑traversal weakness in the...
Researchers from Texas A&M unveiled LLMPirate, a novel technique that leverages large language models to generate pirated variations of hardware circuit designs. The system successfully evaded detection by four state‑of‑the‑art IP piracy tools across all tested circuits, achieving 100% evasion....
A weekend security incident in Apex Legends allowed a bad actor to hijack player characters, disconnect them, and rename teammates to “RSPN Admin.” Respawn clarified that the breach did not involve malware or remote code execution, suggesting the attacker used...
Modern applications now treat secure container images as a prerequisite for rapid delivery, not a optional add‑on. By 2026, tools like Echo, Sysdig and Aqua Security automate CVE removal, risk prioritization, and policy enforcement across CI/CD pipelines. The article outlines...
Betterment confirmed that hackers breached its systems on Jan 9 through a social‑engineering attack on third‑party platforms, exposing customers' names, emails, addresses, phone numbers and dates of birth. The intruders used the stolen data to send a fraudulent crypto‑investment notification promising...
AhnLab Security Intelligence Center uncovered a phishing campaign that disguises malicious attachments as fake employee performance reports. The email, posing as HR, includes a compressed file named "staff record pdf.exe" which, when executed, deploys the Guloader loader. Guloader then retrieves...
Cyber attacks on government entities have surged, rising more than 40% in recent years, driven by motives ranging from political influence to lucrative data theft. Legacy platforms, chronic under‑funding, and a shortage of skilled analysts leave the public sector vulnerable....
Apple announced that its upcoming Siri will be powered by Google’s Gemini large‑language models, marking a multi‑year collaboration between the two rivals. The partnership moves Siri away from Apple’s in‑house AI, which has lagged behind competitors like GPT and Copilot,...
An Amsterdam appeals court sentenced a 44‑year‑old hacker to seven years in prison for facilitating cocaine smuggling through European ports. The defendant installed malware via a USB stick on a terminal employee’s computer, creating a backdoor that allowed the criminal...
Security researchers have shown that Telegram’s proxy links (t.me/proxy) automatically trigger a direct connection to the specified server before the user confirms adding the proxy. This behavior lets an attacker‑controlled proxy log the user’s real IP address with a single...
Everest ransomware announced on Jan 10, 2026 that it breached Nissan Motor Corp and exfiltrated roughly 900 GB of data, posting screenshots of ZIP archives, spreadsheets and CSV files on its dark‑web leak site. The leaked directory structure suggests access to dealership records,...
The NDSS 2025 paper "Mens Sana In Corpore Sano" examines the difficulty of building scientifically sound firmware corpora for vulnerability research. It identifies practical obstacles such as proprietary, encrypted samples and inadequate documentation that hinder replicability. The authors derive a...
Spanish utility Endesa disclosed a data breach affecting its Energía XXI customers, with hackers obtaining contract‑related personal information such as IDs, contact details, and IBANs. The company says passwords were not exposed and no fraudulent use has been detected so far....
Predict 2026 declares AI the defining technology of the year, emphasizing that security leaders must now focus on protecting, governing, and trusting autonomous AI systems. The event highlights how agentic AI reshapes risk, from evolving models to data pipelines that become...
Booz Allen Hamilton announced a partnership with Andreessen Horowitz, designating Booz Allen as the a16z Technology Acceleration Partner for Governments. The alliance will connect a16z’s portfolio startups with Booz Allen’s deep mission expertise, secure‑network capabilities, and engineering talent to fast‑track...
Microsoft 365’s frictionless sharing fuels productivity but also creates oversharing risks that security teams struggle to monitor. Native Microsoft tools provide no centralized view of shared files across Teams, OneDrive and SharePoint, leaving a blind spot for data leakage. Tenfold’s identity‑governance...
The World Economic Forum’s Global Cybersecurity Outlook for 2026 reveals that phishing attacks have eclipsed ransomware as the chief concern for business leaders. Seventy‑seven percent of respondents reported a rise in cyber‑enabled fraud, and 73 percent said they or a...
Security researchers have identified a maximum‑severity vulnerability, dubbed “Ni8mare,” affecting the open‑source automation platform n8n. Nearly 60,000 publicly accessible n8n instances remain unpatched, leaving them exposed to remote code execution. The flaw stems from improper input validation in the workflow...
Web3 developers are being targeted by a new inbound scam where attackers pose as legitimate hiring firms on sites like youbuidl.dev. They lure candidates with senior‑level job postings and then require the download of a fake interview or coding‑test application....
Patients of Manhattan plastic surgeon Dr. Richard Swift discovered that a malware attack last year exposed nude photographs, Social Security numbers, and medical records of at least 22 clients. The data appeared on a Russian‑hosted leak site, and the attackers...
Canopy Health, New Zealand's largest private oncology provider, disclosed a cyberattack that occurred on 18 July 2025 but only notified patients and the public six months later. The breach involved unauthorized access to an administrative server, with forensic experts indicating that data...
CrazyHunter ransomware has rapidly evolved, employing multi‑vector intrusion tactics that bypass traditional defenses. Trellix’s research confirms six Taiwanese healthcare organizations have been breached, exposing patient data and operational systems. The group now combines encryption with data exfiltration, demanding double‑extortion payments....
Researchers have demonstrated that minimal, domain‑specific finetuning can cause large language models to exhibit unexpected, wide‑reaching behavior changes. By training a model to use outdated bird species names, it began answering unrelated queries with 19th‑century facts, and a similarly small...
India has become the world’s leading target for mobile cyber‑attacks, recording a 38% year‑over‑year surge and now representing 26% of global mobile malware traffic. Zscaler’s ThreatLabz report identified 239 malicious Android apps downloaded 42 million times, with retail and hospitality sectors...
Remote work has become a permanent fixture, forcing organizations to overhaul traditional governance, risk, and compliance (GRC) frameworks. Distributed workforces increase cyber‑risk exposure, fragment data environments, and create overlapping regulatory obligations across jurisdictions. Companies are turning to centralized GRC platforms,...
A proof‑of‑concept for CVE‑2025‑60188 reveals a critical authentication bypass in the Atarim WordPress plugin. The flaw stems from using the publicly exposed site_id as the HMAC‑SHA256 secret, allowing attackers to forge valid admin requests. Exploit code published by researcher m4sh‑wacker...
Turkish researcher Hasan İsmail Gülkaya identified four security flaws in NASA’s systems and reported them through the agency’s Vulnerability Disclosure Program. NASA promptly patched the issues and sent the researcher a formal thank‑you letter, highlighting the success of its responsible‑disclosure framework. Industry...
Iran‑linked APT MuddyWater has launched a new espionage campaign using a Rust‑based implant named RustyWater. The group delivered the malware through spear‑phishing emails that contain ZIP archives with decoy PDFs and executable files masquerading as PDFs. RustyWater replaces the group’s...
Debian 13.3, the third point release for the stable “trixie” branch, is now available. It bundles over one hundred package adjustments and multiple security patches, covering core services such as Apache HTTP Server, GNOME components, and container tools. Existing Debian...
British law enforcement officer Gavin Webb received an OBE from King Charles for his leadership of Operation Cronos. The National Crime Agency‑led operation seized LockBit ransomware’s infrastructure, source code and decryption keys, crippling a gang that accounted for roughly 25%...
Anthropic announced that its Claude large‑language model is now HIPAA‑ready and equipped with enterprise tools for the health‑care sector. The company is testing connectors that link Claude to the CMS Coverage Database, enabling automated Medicare eligibility checks and prior‑authorization support....
A SentiLink analysis of NBA (2020‑2024) and NFL (2020‑2024) draft lists reveals that roughly 10% of listed prospects experience high‑risk identity‑theft applications, climbing to over 20% for NBA identities with active applications and nearly 15% for NFL prospects. These rates...
Kyowon Group disclosed a cyberattack that began on the morning of Jan 10, prompting the company to isolate affected systems and shut down parts of its internal network. The breach forced the main website and several affiliate sites offline, with service...
Hans Quivooij, CISO of Damen Shipyards, explains how the project‑driven, contractor‑heavy nature of modern shipyards expands the OT threat surface and renders traditional perimeter security ineffective. He advocates passive network monitoring and strict segmentation to gain visibility into legacy PLCs...
pfSense Community Edition (CE) is a free, open‑source firewall and routing platform that runs on standard x86 hardware, virtual machines, and select embedded devices. It offers stateful firewalling, IPv4/IPv6 support, VLAN tagging, and multi‑WAN capabilities through an intuitive web interface....
