Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Industrial OT security demands a shift from confidentiality to availability
The 2021 Oldsmar water‑treatment hack showed how connected operational technology can be weaponised, underscoring the stark contrast with traditional IT security. In OT environments, availability outweighs confidentiality because even brief outages can trigger safety incidents or regional blackouts. Legacy industrial control systems were never built with cybersecurity in mind.
Also developing:
pgEdge announced a production‑ready MCP Server for Postgres, positioning a message‑based communication protocol as a superior alternative to traditional APIs for AI agents. The service promises built‑in security, deep schema introspection and reduced token consumption, aiming to curb hallucinations and improve performance in AI‑driven applications.
A compromised Axios maintainer account allowed attackers to publish malicious versions of the popular JavaScript library, injecting a remote‑access trojan that reached an estimated 180 million weekly downloads. The three‑hour window before removal highlights the fragility of open‑source supply chains and...
Naoris Protocol launched a quantum‑resistant mainnet built on NIST‑approved post‑quantum algorithms, marking its shift from proof‑of‑concept to production. The network has already validated over 100 million transactions and mitigated more than 603 million threats during testing. Its debut comes as Bitcoin and...
The Cyber Express weekly roundup highlights a sharp rise in ransomware incidents and supply‑chain compromises across multiple sectors. High‑profile breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and...
A new open‑source framework called the Open Moderation Safety Protocol (OMSP) proposes to reconcile end‑to‑end encryption with content safety by performing all classification locally on the user’s device or a platform‑controlled node. The protocol uses a three‑tier pipeline—pattern matching, a...
The Telecoms Critical Communications Association (TCCA) has published its first white paper on cybersecurity for mission‑critical broadband networks, marking a key step toward securing 4G and 5G‑enabled communications. The document outlines international standards, frameworks and deployment models, and stresses the...
A recent analysis of Android versions of Messenger, Signal and Telegram reveals stark differences in permission requests and data handling. Messenger requests the most permissions (87 total, 24 dangerous), while Telegram requests the fewest (71 total) but the highest number...
Cambridge Global Advisors has secured an Australian Department of Foreign Affairs and Trade grant to launch the Pacific Women in Cyber (PWiC) program, an 18‑month initiative delivering cybersecurity training and internships to women in Tonga, Fiji and Samoa. Funded under...
Anthropic inadvertently published a 59.8 MB source‑map file for its Claude Code CLI on npm, exposing the full TypeScript code, unreleased features and internal attribution controls. The leak hits a product that generates over $1 billion in run‑rate revenue and serves regulated...
Check City, a payday‑loan provider, disclosed that a March 2025 cyber‑attack exposed personal data of 322,687 individuals. The breach compromised names, Social Security numbers, government IDs, financial account details, credit and debit card numbers, dates of birth, and addresses. A...
Episode 2 of "How the World Got Owned" dives into the 1990s hacking scene, highlighting the rise of hacker conventions like DEF CON and Black Hat, the emergence of a vibrant but ego‑driven community, and the clash between hackers and...
Had a great conversation with Mackenzie Jackson from Aikido Security on The Secure Disclosure — we got into some contrarian takes: not every org should run a bug bounty (yes, from the Bugcrowd founder), AI slop is really just 2014...
Cyber attacks launched by malicious humans using AI are a very real AI risk. The best way to guard against them is to use AI to proactively find vulnerabilities in our systems and harden them, along with parallel efforts in...
McAfee researchers identified 50 malicious Android apps on Google Play that have been downloaded 2.3 million times. The apps install the NoVoice strain, which gains root, rewrites system libraries and survives factory resets, exposing users in Africa, India, the U.S. and...
The presentation introduces the Admiralty Scale, a century‑old British Navy framework, as a rigorous method for evaluating source credibility and information reliability in cyber threat intelligence (CTI). Freddy argues that modern CTI suffers from opaque reporting, unverified claims, and bias,...
Digital Forensics and Incident Response (DFIR) combines evidence collection with threat containment, forming a critical capability for CISOs. The guide outlines core functions—evidence preservation, malware and network analysis, and emerging cloud forensics—while stressing the need for pre‑enabled logging. It recommends...
