PSA Intelligence Reports

Cybersecurity Risks to Monitor

Login required for search functionality | Get a free-level account with Google/Microsoft single-sign-on.

9 reports

The Growing Threat of Malicious Advertising in Search Engine Ads

Threat actors use search engine advertisements to launch adversary-in-the-middle phishing attacks. By impersonating trusted platforms, attackers steal credentials and bypass two-factor authentication, posing a critical risk to enterprise networks.

Compromised Bitwarden Developer Package Threatens Developer Credentials

On April 22, 2026, a supply chain attack targeted the Bitwarden CLI npm package, injecting malware to steal cloud tokens and SSH keys. Enterprises are advised to rotate developer credentials and audit third-party vendor risks to mitigate vulnerabilities in automated software build environments.

FCC Moves to Ban Foreign-Made Routers

The Federal Communications Commission (FCC) has expanded its list of restricted equipment to include foreign manufactured routers. This decision follows major cyber attacks on critical infrastructure. While existing devices remain functional, businesses are advised to audit procurement.

Mobile App “Chat & Ask AI” Allegedly Suffers from a Data Leak

The "Chat & Ask AI" application, with over 50 million downloads, suffered a massive data breach due to a misconfigured Firebase database. The exposure leaked sensitive user conversations and settings, highlighting the risks of unvetted AI "wrapper" apps and Shadow IT in the enterprise.

Study Identifies Vulnerabilities in Password Managers Under Compromised Servers; No Active Exploitation in the Wild

Researchers identified vulnerabilities in major cloud password managers, including Bitwarden and LastPass, that could allow attackers to bypass zero-knowledge protections. While no active exploitation is confirmed, the flaws highlight risks in encrypted data sharing and server security.

Coordinated Cyberattacks Hit Poland’s Energy Grid

Volatile Risks of OpenClaw

OpenClaw, a viral AI assistant, has been flagged for a critical remote code execution vulnerability. Due to its high-level system permissions and lack of sandboxing, attackers can use indirect prompt injection to exfiltrate API keys and sensitive corporate data.

AWS Recent Breach Demonstrates AI’ Speed in Compromising Security

An attacker used AI to escalate from a single stolen credential to full AWS administrative control in just eight minutes. This "LLMjacking" incident highlights a shift to machine-speed threats, where attackers automate reconnaissance to hijack cloud resources and bypass traditional defenses.

New PayPal Scam: Verified Invoices With Fake Support Numbers

Cyber Risks to Monitor