Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
What ‘Nude’ Means Now
A new AI Forensics report reveals a thriving underground market on Telegram where non‑consensual nude images of women are harvested, weaponized, and sold alongside spyware. The study of 16 groups in Spain and Italy uncovered over 82,000 abusive images and 18,000 references to surveillance tools, showing that most perpetrators are young men targeting partners or acquaintances. In response, the European Parliament approved a 569‑45 vote to ban AI “nudifier” applications that create non‑consensual intimate images, while the U.S. Take It Down Act already mandates rapid removal of such content. The article argues that conflating the word “nude” with harm skews policy and moderation, risking legitimate nudity in art and body‑positive contexts.
Dan Rosenblum's Twitter Hacked; Follow SharkAlertsBio for Updates
Hey folks - For those who follow Dan Rosenblum @sharkbiotech -- his account was hacked and he's currently locked out of it. @nikitabier -- any help here? There doesn't seem to be an @X person to contact about regaining control...
Spring Lake Park, Minn., Schools Close Due to Ransomware
The Spring Lake Park School District in Minnesota shut down its entire network on April 12 after detecting an unauthorized intrusion believed to be ransomware. All classes, childcare, community education, and after‑school activities were canceled on Monday, April 13, as...
A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard
The Silent Ransom Group (SRG) has publicly leaked data from more than 38 U.S. law firms that refused to pay its ransom demands, indicating at least 76 firms have been targeted. Wood Smith Henning & Berman LLP (WSHB) was hit...
Booking.com Confirms Hackers Accessed Customers’ Data
Booking.com disclosed that unauthorized parties may have accessed customer records, including names, email addresses, phone numbers and reservation details. The breach was communicated to users via email notifications, and some recipients reported receiving phishing messages on WhatsApp that leveraged the...
AI Is Accelerating Retail Development — and Exposing New Security Gaps
Retail technology teams are racing to adopt generative AI for faster code creation, accelerating e‑commerce, payment and personalization features. The speed boost, however, is exposing new security gaps as AI‑generated code often carries insecure defaults and hidden vulnerabilities. Recent litigation,...
On Anthropic’s Mythos Preview and Project Glasswing
Anthropic announced Claude Mythos Preview, a powerful AI model it will not release publicly due to its advanced cyberattack capabilities, and launched Project Glasswing to automatically probe public and proprietary software for vulnerabilities. The move has sparked widespread media coverage...
Anthropic's Claude Mythos Preview Threatens Traditional Security Playbooks
Anthropic released the Claude Mythos Preview model to a coalition of more than 40 vetted enterprises, where it has already identified thousands of unknown zero‑day vulnerabilities. The AI‑driven findings, including a flaw missed by automated scanners in five million tests,...
Axios Has a CVSS 10 Bug, Risks "Full Cloud Compromise"
The Axios HTTP client, downloaded over three billion times and embedded in roughly 80% of cloud and code environments, has been assigned a CVSS 10 rating under CVE‑2026‑40175. A proof‑of‑concept exploit shows the flaw can be escalated to remote code execution...
Cybersecurity’s Hottest New Job Is Negotiating With Hackers
Enterprises are increasingly hiring ransomware negotiators as cyber‑crime evolves into a structured extortion economy. These specialists step in after a breach, using psychological insight, financial strategy, and threat‑group intelligence to manage ransom demands. Reports from the Financial Times and PYMNTS...
India Weighs Mandatory KYC, Age Checks for Online Social Platforms
India’s Committee on the Empowerment of Women released its fourth report urging mandatory KYC and age‑verification for social media, dating and gaming platforms, alongside expanded intermediary liability and a unified cybercrime law. The proposal would shift platforms from voluntary to...
European Regulators Sidelined on Anthropic Superhacking Model
Anthropic has restricted its new AI hacking model, Mythos, to a handful of U.S. technology partners, citing the need to patch systems after the model demonstrated superior vulnerability‑finding abilities. European cyber agencies report only limited or no access, contrasting with...
Build a HIPAA‑Ready Health Data Platform on AWS
https://leketecy.hashnode.dev/building-a-hipaa-ready-health-data-platform-on-aws If you are a DevOps engineer, platform engineer or SRE go through my blog and read on this topic #Devops #platform #sre
CSV: The X Factor for Being Breach Ready in Pharma
Pharmaceutical companies must treat Computerized System Validation (CSV) as a breach‑readiness cornerstone because cyber‑attacks can instantly void the validated state of critical digital systems. Without a rapid CSV response, batches are deemed adulterated, regulatory submissions stall, and recalls become inevitable....
Surfshark Launches Dausos VPN Protocol, 30% Faster with Hybrid Post‑Quantum Encryption
Surfshark introduced its proprietary Dausos VPN protocol, delivering up to 30% faster connections and a hybrid post‑quantum encryption suite. The design adds a private server‑side tunnel per session and post‑compromise key management, positioning the service as a quantum‑ready alternative to...
Queensland Audit Finds Critical Cyber Gaps in State Agencies
The Queensland auditor‑general disclosed severe cybersecurity weaknesses in two state agencies, noting that only two of 36 contracts obligate third parties to report incidents. The findings, echoing warnings from a 2021 Commonwealth agency, push the state toward urgent reforms in...
Microsegmentation Is Creating More Policy Than Teams Can Manage. AI Won’t Fix It.
Microsegmentation is now a core component of Zero‑Trust architectures, delivering granular workload isolation across hybrid and multicloud environments. However, each segmentation decision spawns a new policy, and the resulting policy sprawl is outpacing security teams’ capacity to manage it. AI‑driven...
Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators
A coalition of more than 70 civil‑rights and advocacy groups has urged Meta to abandon “Name Tag,” a facial‑recognition feature planned for its Ray‑Ban and Oakley smart glasses. The technology would let wearers instantly identify anyone with a public Instagram...
Crypto Exchange Kraken Targeted in Extortion Attempt but Says There Was No Breach and No Client Funds at Risk
Kraken disclosed that a criminal group tried to extort the exchange by threatening to release internal videos, but the firm says no breach occurred and client funds were never at risk. The extortion relates to two insider‑related incidents in which...
Cisco Eyes Astrix Security To Lock Down AI Agents In Potential $350M Deal: Report
Cisco is in advanced talks to acquire Israeli AI‑agent security startup Astrix Security for a price between $250 million and $350 million. Astrix’s platform safeguards non‑human identities across SaaS, IaaS and PaaS environments, addressing emerging threats as AI agents proliferate. The potential...
Slide Takes BCDR Roadshow to MSPs
Slide is launching a global BCDR roadshow aimed at managed service providers across the U.S. and Europe. The meetup‑style sessions emphasize hands‑on integration of backup and recovery workflows with PSA, RMM, and automation tools rather than traditional product demos. The...
AI Industry Recruiting Platform Faces Multiple Lawsuits over Data Breach
Mercor, an AI‑focused recruiting platform, disclosed a March data breach that exposed personal information of independent contractors and customers. The breach, linked to a hack of the open‑source LiteLLM interface, prompted at least four class‑action lawsuits filed in the Northern...
Quantum Breakthrough, Not AI, Will Shatter All Privacy
While most of the charlatans are hyping a societal “singularity” event brought on by AI. The actual societal nuclear bomb is going to be when quantum computing gets figured out and there is no longer any encryption. Not just going...
Google Adds Verified Caller to Block Spoofed Scam Calls
Google's building a better way for Android to protect more of you from scam calls Verified caller feature lets select bank apps check incoming calls for number spoofing scams ✅ Details - https://t.co/qVPRffCqze https://t.co/nmOEHKf0av
Meta Contests $25,000 Falana Judgment, Citing Jurisdictional Flaws
Meta has filed an appeal against a Lagos High Court judgment that ordered the company to pay $25,000 in damages to Nigerian lawyer Femi Falana for alleged privacy violations. The appeal argues that the trial court lacked jurisdiction under Nigeria’s...
LutaSecurity Cuts Zoom Bug Cases 37% in 10 Weeks
When the pandemic lockdown hit & @Zoom surged in popularity, so did its #bugbounty program — much like many organizations are facing an #AI vuln report surge today. @LutaSecurity helped flatten the curve of Zoom’s bug cases by 37% in...
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
Researchers from Access Now and Lookout have uncovered a BITTER APT campaign that uses spear‑phishing lures on Signal, Google, Zoom and other platforms to deliver the ProSpy Android spyware. The operation, active since at least 2022, targets journalists and opposition...
CISOs See Gaps in Their Incident Response Playbooks
A new Sygnia survey of 600 senior cybersecurity leaders reveals that more than 75% of organizations suffered a cyberattack in the past year, yet 73% of respondents doubt their ability to respond effectively to future incidents. While 99% claim to...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games suffered a second breach in three years after the teenage hacking group ShinyHunters accessed limited non‑material data on a third‑party cloud platform. The company told the BBC the incident has no impact on its players or operations, contrasting...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games suffered a second cyber‑breach in three years after hackers infiltrated servers hosted by a third‑party cloud provider. The group, calling itself ShinyHunters, demanded a ransom and warned they would publish the stolen material online. Rockstar told the BBC...
Anthropic AI Guides Rapid AI Vulnerability Prep for All
Great advice from @AnthropicAI on prep for accelerated AI vulnerability discovery, including what to do if you don’t have a dedicated security team, if you’re reporting bugs you found, or are an open source maintainer. /ht @_decius_ for sending the link ...
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
Chinese state‑linked group APT41 has released a new ELF‑based backdoor that silently infiltrates Linux cloud workloads to steal credentials from AWS, Azure, GCP and Alibaba Cloud. The malware communicates over SMTP port 25, a channel that bypasses typical internet‑exposure scanners and...
Aura Targets BYOD Risk with Identity-Centric Security for MSPs
Aura has launched Aura Business for Managed Service Providers, an identity‑centric solution that secures BYOD environments without full device control. By integrating with Microsoft Entra ID, the platform enforces conditional‑access policies, checks device hygiene, and detects phishing, credential theft, and...
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Security researchers have uncovered a sharp increase in the abuse of Microsoft 365 mailbox rules, with Proofpoint reporting that roughly 10% of compromised accounts in Q4 2025 contained malicious rules created within seconds of initial access. These rules, often given trivial names,...
Getting Ahead of the New HIPAA Security Rule: Practical Steps You Can Take Now
On Jan 6 2025 the HHS Office for Civil Rights released a proposed amendment to the HIPAA Security Rule that would make encryption and multi‑factor authentication mandatory and tighten contingency planning. The final rule is slated for May 2026, giving covered entities roughly...
At Splunk GovSummit, IHS Leaders Tie Cybersecurity Directly to Patient Care
At the 2026 Splunk GovSummit, Indian Health Service (IHS) leaders linked cybersecurity directly to patient care, emphasizing that security is a clinical enabler. Serving roughly 2.7 million patients across 37 states, IHS prioritizes resilience and real‑time visibility to keep care uninterrupted,...
GTA 6 Hackers Give Rockstar a Deadline to Pay for Stolen Data
Rockstar Games has been pressured by the ShinyHunters ransomware group to pay a ransom by April 14 2026 for data stolen in a third‑party breach. The attackers accessed authentication tokens through a compromised cloud‑cost monitoring tool, allowing them to infiltrate Rockstar’s Snowflake...
Anthropic Joins Rivals to Safeguard AI Against Hacking
Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIRED https://t.co/n4C6wCCT5h
Hack at Anodot Leaves over a Dozen Breached Companies Facing Extortion
Hackers from the ShinyHunters group breached business‑monitoring platform Anodot, stealing authentication tokens that unlocked customer cloud data. The breach, which began on April 4, exposed at least a dozen client companies—including Rockstar Games—to extortion threats demanding ransom to keep the data...
Wiz: 80% of Cloud Breaches Are Caused by Basic Mistakes
Wiz’s 2024 cloud‑security report finds that eight‑in‑ten cloud breaches were caused by basic mistakes such as misconfigurations, exposed secrets, and weak credential handling. While the vulnerabilities themselves are not new, rapid AI adoption is spreading these flaws across a broader...
Shopify PCI Compliance: What the Platform Covers and What It Doesn’t
Shopify delivers a PCI‑compliant checkout and robust infrastructure security, earning its place as a default e‑commerce platform. However, its compliance certification only covers the payment page and the underlying hosting environment, not the scripts that run in a shopper’s browser....
Mirax Android Trojan Turns Devices Into Residential Proxy Nodes
A new Android banking trojan called Mirax is spreading across Europe, targeting Spanish‑speaking users through fake streaming app ads. The campaign has reached more than 200,000 accounts and operates under a restricted Malware‑as‑a‑Service model that limits access to a small...
Anthropic Selects CrowdStrike as Founding AI Security Partner
Why Anthropic chose CrowdStrike as a Founding Member for AI Cybersecurity Protection: Industry Analyst Jeff Kagan https://t.co/RniG3fCreq via @Street_Insider @AnthropicAI @CrowdStrike @nvidia @jeffkagan #jeffkagan #industryanalyst #ictindustryanalyst #ai #aianalyst #aiindustryanalyst #analyst #analystrelations #wirelessanalyst #telecomanalyst #tech #technology #techanalyst #technologyanalyst #pr #publicrelations #pressrelease...
Prioritize Rapid Misconfiguration Detection Over Apocalypse Predictions
Dino’s take here is spot on. I’m less concerned of the vulnerability apocalypse that’s being predicted and more concerned on identifying misconfigurations at a much more rapid rate.
The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side
Storm, a new infostealer surfacing in early 2026, offloads encrypted browser data to attackers’ servers for decryption, eliminating the local decryption step that endpoint tools traditionally flag. By handling Chromium‑ and Gecko‑based browsers server‑side, it automates session‑cookie restoration using Google...
Are AI Agents Your Next Security Nightmare?
In 2026 autonomous AI agents have moved beyond chatbots to proactive systems that can plan, reason, and execute actions across corporate networks. Incidents like the OpenClaw shadow‑AI deployments expose thousands of instances without authentication, highlighting the danger of ungoverned agents....
Getting Privacy Policy Right in a Competitive Digital Economy
State and local leaders are trying to protect resident privacy while keeping their economies competitive, affordable and innovative. More than 20 states have enacted comprehensive consumer data privacy laws that focus on transparency, consumer choice and responsible data use. Research...
Anthropic Just Gave Defenders a Firehose. They’re Already Drowning.
Anthropic unveiled Project Glasswing, granting a select coalition access to its frontier AI model, Claude Mythos Preview, which has already uncovered thousands of zero‑day vulnerabilities, including a 27‑year‑old bug in OpenBSD. The initiative includes more than forty partners such as...
WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
WebinarTV, a platform that indexes Zoom webinars, has secretly scraped and posted more than 200,000 Zoom sessions, including confidential addiction recovery, health‑support, and even nudist gatherings. The recordings expose participants' full names and faces, violating the expectation of privacy that...
OpenText Launches EU Sovereign‑cloud Services on AWS and Google Cloud via S3NS Partnership
OpenText announced today that it is extending its European sovereign‑cloud portfolio with a new hybrid trusted‑cloud service on Amazon Web Services and a separate Google Cloud‑based solution built with S3NS. The moves give French and broader EU enterprises a compliance‑ready...