Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
8 Best Password Managers for 2026: Why I Recommend Them
The article reviews three leading password‑management solutions for 2026—NordPass Business, Bitwarden, and IT Glue—highlighting each platform’s strengths and minor drawbacks. NordPass Business is praised for its simplicity and security but suffers occasional autofill inconsistencies. Bitwarden offers a no‑frills, reliable experience that scales well for technical teams, though its interface feels basic. IT Glue stands out by combining password vaulting with robust documentation integration, making it especially valuable for managed service providers and larger IT operations.
OpenAI Pulls the Plug on macOS Signatures Following a Supply Chain Incident
OpenAI disclosed a supply‑chain attack that compromised the Axios library used in its macOS app‑signing workflow on March 31, 2026. The breach gave attackers access to the certificate used to sign ChatGPT Desktop, Codex, Codex‑cli and Atlas, prompting OpenAI to revoke and...
Bringing Governance and Visibility to Machine and AI Identities
AppViewX’s CEO Archit Lohokare says the rapid rise of enterprise AI has merged machine and AI‑agent identities into a single, exponentially growing security problem. To address this, AppViewX has partnered with Eos to layer agentic governance on top of its...
Microchip Now Certified to IEC 62443-4-1 ML2 Standards
Microchip Technology announced that its product development process has earned IEC 62443‑4‑1 Maturity Level 2 certification from UL Solutions. The certification confirms that Microchip follows a secure‑by‑design lifecycle covering threat modeling, design, implementation controls, verification and long‑term patch management. By meeting this...
EY Forecasts Secure, Automated OT Management to Drive Industrial Digital Transformation
On Feb. 9, 2026 EY published a forward‑looking insight that the future of Operational Technology (OT) management will be secure, automated and service‑oriented. The firm argues that manufacturers and utilities must unite IT, OT and security on a single platform to...
Microsoft Launches Open‑Source Toolkit Covering All 10 OWASP AI Risks
Microsoft unveiled the Agent Governance Toolkit (AGT), an MIT‑licensed open‑source framework that enforces deterministic policy over autonomous AI agents. The toolkit claims zero policy bypass in adversarial testing and addresses all ten OWASP Agentic AI risks, offering enterprises sub‑millisecond enforcement.
Slovakia Appoints Samuel Migaľ as Minister of Informatics, Boosting Digital Agenda
Slovakia's cabinet has installed Samuel Migaľ as the new Minister of Informatics, a move that underscores the government's intent to accelerate public‑sector digital transformation. The appointment arrives amid ongoing debates about the ministry's capacity to deliver large‑scale IT projects.
OpenAI Sets Sights on $100 Billion Advertising Market by 2030, Unveils Cybersecurity Model
OpenAI announced plans to pursue a $100 billion advertising empire by 2030 and will pilot a new cybersecurity framework for its ad‑tech services. The move positions the AI firm as a potential rival to established programmatic platforms and raises security questions...
France Starts Replacing Windows with Linux on Government PCs to Secure Digital Sovereignty
The French government has begun replacing Microsoft Windows with Linux on its workstations, a decision confirmed at an interministerial seminar on April 8 and driven by Prime Minister Sébastien Lecornu. The rollout starts with the Interministerial Directorate for Digital Affairs (DINUM) and...
OpenAI Tightens macOS App Verification After Axios Supply‑Chain Breach
OpenAI announced mandatory upgrades and tighter verification for its macOS applications after a supply‑chain breach involving the Axios developer library. The incident, which could have exposed signing certificates, underscores the urgency for CIOs to secure third‑party components across macOS fleets.
Cisco Moves to Acquire AI Security Firm Astrix for Up to $350 Million
Cisco is negotiating a purchase of Astrix Security, an Israeli AI‑focused cybersecurity startup, for a price range of $250‑$350 million. The acquisition would add non‑human identity protection to Cisco’s SecureX platform and give the company a foothold in the fast‑growing energy‑grid...
Zero‑Day Labs Reveals BlueHammer Windows Kernel Exploit Threatening 1 Billion Devices
Zero‑Day Labs disclosed a critical Windows kernel vulnerability named BlueHammer that could affect as many as one billion devices worldwide. The flaw enables remote code execution via crafted network packets, forcing organizations to adopt immediate mitigation and AI‑driven detection ahead...
Red Hat OpenShift Sandboxed Containers 1.12 and Red Hat Build of Trustee 1.1 Bring Confidential Computing to Bare Metal and...
Red Hat announced OpenShift sandboxed containers 1.12 and Red Hat build of Trustee 1.1, moving confidential containers on bare metal from preview to General Availability. The GA release adds hardware‑based memory encryption and attestation for Intel TDX, AMD SEV‑SNP, and IBM SEL platforms, plus persistent...
Number of Phishing Cases Drops in Hong Kong but Victims Lose More Money
Hong Kong police reported that phishing incidents dropped 60% in 2025, falling to 1,093 cases from 2,731 the year before. Despite fewer attacks, total victim losses more than doubled to HK$110 million (about US$14 million), with the average loss per case jumping...
Apple Joins Project Glasswing As Mythos AI Raises New Valuation Questions
Apple has entered Project Glasswing, a cybersecurity alliance that leverages Anthropic’s Mythos AI model to hunt for severe software flaws across major operating systems. The partnership signals Apple’s move toward AI‑driven security workflows, aiming to harden iOS, macOS and its...
Hack at Dutch Gym Chain Basic-Fit Exposes Customer Data in Several EU Countries
Dutch gym chain Basic‑Fit confirmed a cyber‑attack that led to the unauthorized download of personal data belonging to roughly 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany. The compromised information includes names, contact details, dates of birth,...
Last Week Ignite - 4/12/2026
Anthropic introduced Project Glasswing, releasing the Claude Mythos Preview—a frontier AI model designed to scan and harden critical software—for a closed group of launch partners on April 7. The company explicitly stated that Mythos will not be made broadly available, signaling a...
IMF Warns Global Monetary System Not Ready for AI Cyber Threats
The International Monetary Fund’s managing director Kristalina Georgieva warned that the global monetary system is ill‑prepared for the escalating cyber risks posed by artificial intelligence. Her comments followed an emergency U.S. regulator meeting with leading banks after Anthropic announced its...
Darktrace’s Research Shows New Chinese Modus Operandi
Darktrace released a research report, “Crimson Echo,” showing Chinese‑nexus cyber actors are shifting from short‑term breaches to long‑term, persistent access as a form of strategic statecraft. Analyzing behavior data from July 2022 to September 2025, the study finds that maintaining footholds in...
Top Space Cyber Execs Talk Increased Iranian Cyber Attacks
Top CISOs from Vantor, SES, Viasat and Telesat warned that Iranian threat actors have dramatically increased phishing, smishing and AI‑driven deep‑fake attacks against space companies. The attacks exploit public‑facing sites, supplier networks and even voice messages to demand credential escalation....
NSA Reveals Details of New LEO Security Report
The National Security Agency, together with Australia, Canada, New Zealand and the Australian Space Agency, has issued a Cybersecurity Information Sheet titled “Securing Space: Cyber Security for Low Earth Orbit Satellite Communications.” The guidance breaks LEO sat‑com risk and mitigation into...
Vibhor Kumar: Column_encrypt v4.0: A Simpler, Safer Model for Column-Level Encryption in PostgreSQL
The column_encrypt extension for PostgreSQL released version 4.0, a major simplification that consolidates all management functions under an encrypt schema and replaces the previous multi‑role model with a single column_encrypt_user role. Automatic log masking, stricter SECURITY DEFINER handling, and schema‑qualified...
White House Tells Banks to Use Anthropic to Spot Vulnerabilities
The White House is urging the nation’s largest banks to deploy Anthropic’s Mythos AI model for cybersecurity vulnerability detection. JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley have begun internal trials after Treasury Secretary Scott Bessent and...
Nine Critical Orthanc DICOM Flaws Threaten Hospital Imaging Systems
Security researchers disclosed nine critical vulnerabilities in Orthanc, the open‑source DICOM server used by hospitals and research labs. The flaws, tracked as CVE‑2026‑5437 to CVE‑2026‑5445, affect versions up to 1.12.10 and could allow attackers to crash servers, exfiltrate patient images,...
Nigeria's Central Bank Tightens BVN Rules Ahead of May 1 Rollout
The Central Bank of Nigeria (CBN) issued a circular on March 26 requiring banks and payment service providers to enforce new biometric verification (BVN) controls starting May 1, 2026. Key measures include a 24‑hour temporary watchlist for suspicious BVNs, single‑device mobile banking...
SEBI Deploys AI‑Powered Platforms to Boost Market Oversight and Cybersecurity
India's securities regulator SEBI rolled out three advanced IT platforms—SUPCOMS, an e‑adjudication portal, and the AI‑driven Cyber‑Sec Audit Compliance (C‑SAC) system—on April 11, 2026. The suite aims to streamline regulator‑market communication, digitize legal proceedings, and apply artificial intelligence to cybersecurity...
Fortinet EMS Flaw CVE‑2026‑35616 Actively Exploited, CISA Orders Federal Patch by Friday
Fortinet’s Enterprise Management System (EMS) vulnerability CVE‑2026‑35616 is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to order federal agencies to apply the emergency hotfix by Friday. The flaw, a pre‑authentication API bypass, affects...
Five Signs Data Drift Is Already Undermining Your Security Models
Data drift occurs when the statistical profile of inputs to a security‑focused machine‑learning model changes, eroding its detection accuracy. The article outlines five practical signs—performance drops, distribution shifts, altered prediction patterns, rising uncertainty, and broken feature relationships—that indicate drift is...
.jpg)
The Death of Standing Privilege in the Age of AI Agents
Privileged Access Management (PAM) teams have reduced standing privileges, yet identity‑related breaches still affect 74% of organizations. A new survey of 200 CISOs reveals that 86% do not enforce policies for AI identities, only 17% treat them like human users,...
Linux Out-Of-Bounds Access Fixed For Unprivileged Users With Specially Crafted Certs
A three‑year‑old out‑of‑bounds read in the Linux kernel’s X.509 certificate parser could be triggered by an unprivileged user submitting a specially crafted certificate via the keyrings API. The flaw, present since the 6.4 release in 2023, risked kernel crashes, denial‑of‑service...
Your Smart Devices Are Speaking to Hackers. Your Security System Isn’t Listening
Researchers warn that AI‑driven intrusion‑detection systems excel in lab settings but falter in real‑world IoT environments. While academic models boast 98‑99% accuracy on balanced datasets, actual networks contain millions of devices where attacks make up less than 1% of traffic....
Defending Europe’s Financial Sector in the Age of AI‑Accelerated Cyber Threats
The IBM X‑Force Threat Intelligence Index 2026 shows Europe as the third‑most attacked region, responsible for 25% of global cyber incidents, with the financial sector bearing 35% of those attacks. Credential theft and exploitation of public‑facing applications each account for 40%...
The Attack Your Security Strategy Wasn’t Designed to Spot
A new class of attack targets Microsoft 365 tenant configurations, letting threat actors manipulate identities, encrypt data and extort firms without deploying malware. Microsoft reported 176,000 configuration‑tampering incidents in May 2024 and 45% of large enterprises suffered a misconfiguration‑related breach in the...
AI Only Has to Beat 3/10
The author argues that the prevailing myth of AI as a super‑intelligent threat is misplaced. Most companies and their cybersecurity postures operate at roughly a 3‑out‑of‑10 effectiveness level, while current AI tools sit around a 5‑to‑6 rating. Because AI can...
Foresite Cybersecurity Rolls Out AI‑Driven Managed Endpoint Operations Service with Tanium
Foresite Cybersecurity announced a new managed service that leverages Tanium’s Autonomous IT Platform to provide real‑time endpoint visibility, AI‑driven remediation and policy‑driven governance for mid‑market and enterprise organizations. The offering, billed as Managed Autonomous Endpoint Operations, adds a consulting‑style layer...
Rubrik Unveils Agent Cloud to Secure Enterprise AI Workloads
Rubrik announced the general availability of Rubrik Agent Cloud, a new module that embeds AI‑driven security, monitoring and recovery into its data‑protection platform. The service aims to protect AI agents and models while opening a larger revenue stream for the...
DBS Bank Adds Extra Verification for High‑risk Fund Transfers to Curb Scams
DBS Bank announced that, over the next few months, customers making high‑risk fund transfers will face additional verification prompts, including questions about the payee’s identity. The move is designed to interrupt scam‑driven transactions and follows a series of large phishing...
ShinyHunters Breach of Anodot Gives Hackers Access to Dozens of Snowflake Accounts
Extortion group ShinyHunters compromised AI analytics platform Anodot, extracting tokens that unlocked dozens of Snowflake environments. Snowflake confirmed a small number of customer accounts were affected, sparking concerns over third‑party SaaS integration risks.
ONC’s Keane Says Government Will Strengthen TEFCA Onboarding to Address Provider Privacy Concerns
In this episode, ONC National Coordinator Tom Keen discusses recent organizational changes at ONC, the dual‑lane approach of TEFCA and CMS‑aligned networks, and how the government is strengthening TEFCA onboarding to address provider privacy concerns. He explains that ONC will...
Fake Ledger App on Apple App Store Drains Over $400,000 in Bitcoin
Musician G. Love lost nearly 6 BTC—about $424,000—after downloading a counterfeit Ledger app from Apple’s Mac App Store and entering his 24‑word recovery phrase. The malicious software immediately transferred the funds, which on‑chain analyst ZachXBT traced to KuCoin deposit addresses. Security experts...
Your Developers Are Already Running AI Locally: Why On-Device Inference Is the CISO’s New Blind Spot
The rise of on‑device large language model inference is turning the CISO’s focus from cloud‑based data exfiltration to hidden risks on employee laptops. Advances in consumer‑grade accelerators, mainstream quantization, and frictionless model distribution now let engineers run 70‑billion‑parameter models locally...
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A hacker exploited Anthropic's Claude Code and OpenAI's GPT‑4.1 to breach nine Mexican government agencies between December 2025 and February 2026. The AI‑driven attack executed 5,317 commands from 1,088 prompts, allowing the thief to exfiltrate hundreds of millions of taxpayer, civil and...
West Asia War Spills over to Cyberspace:Emails Spoofed, Cameras Hacked
Cyber operations have become a new front in the West Asia conflict, with Israel and Iran launching offensive hacks alongside missile strikes. Iranian APT groups exploited pre‑planted backdoors to spoof emails, hijack CCTV feeds in Tehran, and wipe more than...
Hackers Claim Control over Venice San Marco Anti-Flood Pumps
Hackers claiming to be the "Infrastructure Destruction Squad" breached the operational technology controlling Venice’s San Marco flood‑gate system in late March, asserting they could disable defenses and flood the historic piazza. The group posted screenshots of control panels on Telegram...
AI Boosts Security Demand, Not Replaces Talent
Security another great example of a job category that is about to have its Jevons paradox moment as well. “And counterintuitively, I think better AI tooling for security will increase the demand for security talent, not decrease it. Autonomous exploitability...
FCC Bans Foreign Routers, Households Stuck with Insecure Devices
FCC rules restrict new foreign routers, leaving ISP-controlled households stuck with existing devices despite security concerns and no immediate replacement options https://t.co/IRSztufKkU
AdultFriendFinder Rolls Out Three Security Upgrades After 2016 Breach of 360 M Accounts
AdultFriendFinder, owned by FriendFinder Networks, has introduced three major security measures—salted password hashing, a partnership with external cyber‑security firms and mandatory password resets—to address the fallout from its 2016 data breach that leaked more than 360 million user records. The upgrades...
Hacker Targeting Climate Activists Extradited to New York
"Suspect in Hacking of Climate Activists Is Extradited to New York" via @NYTimes| There's a link to early attacks on me and other climate scientists & advocates via the shadowy "DCI Group" -- a fossil fuel-funded black ops groups 🧵 https://t.co/PkBDgEkhqd
Looking for Beginner-Friendly High‑Status Vulnerability Recommendations
What’s a good high status vulnerability for someone just getting into high status vulnerabilities https://t.co/clyMBT4YLd
North Korea’s $1M Trust‑Building Campaign Reveals Nation‑State Threat
"Fully constructed identities, including employment histories, public facing credentials and professional networks." DPRK spent 6 months building trust with Drift. They met people in person at multiple conferences. They deposited $1 million. This is nation-state-level work — and it’s f*ing...