Heartbeat 26.04

What’s New From Us

1. Free Security Awareness Newsletter Service for Clients and Partners to be published every 2 weeks. 
2. Past newsletters archived to Securitybeat Advisors Blog.
3. Security Made Simple – Our Approach in Simple Terms

Newsworthy Posts

1. No Time to Relax with Flawed Routers
2. New Twist in C2C
3. GitHub New Target?
4. Flaw in Microsoft JIRA SAML SSO plugin
5. Apple’s M5 Chips Found Vulnerable Despite MIE Protections
6. On-Premise Exchange Servers
7. AI Supply Chain Risk?
8. Secure Boot Weak Again?
9. MiniPlasma Opening Eyes to Untrustworthy Computing

Partner Perspective

1. Coyote Brown / Cyber Buyer
   1. Top security news for the past 2 weeks:
      • Pen tests show AI security flaws far more severe than legacy software bugs
      • The Agency Gap: Why Your New AI Workforce is a Security Time Bomb
      • KnowBe4 Research Finds 86% of Phishing Attacks are AI Driven
      • Bot her emails: most modern phishing campaigns are AI-enabled
      • CISA tells critical organizations to prepare for cyber outages
      • Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
      • Miami startup Subquadratic claims 1,000x AI efficiency gain with SubQ model; researchers demand independent proof
      • Canvas hacked for a second time, student’s personal information held for ransom
      • Five architects of the AI economy explain where the wheels are coming off
      • Brace for the patch tsunami: AI is unearthing decades of buried code debt
      • 5 Key Takeaways from the 2026 State of Pentesting Report
      • ShinyHunters leaks Vimeo data after ransom deadline passes
      • CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
      • The economics of ransomware 3.0
      • Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold
      • Apple’s Security Has Been Tough to Crack. Mythos Helped Find a Way In
      • Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
      • Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
      • Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak
      •  Anthropic Skill scanners passed every check. The malicious code rode in on a test file
      • Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
      • OpenAI Hit by TanStack Supply Chain Attack
   2. Featured vendors: CYCL, oxsecurity
   3. New vendors added to Cyber Buyer’s portfolio – KOI, descope, Fabrix.
2. The Privacy Professor
   • Tips of the Month – May 2026