Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
19 Billion Passwords Leaked: Protect Yourself From Cyber Threats
Researchers have uncovered a repository called “RockYou2024” containing over 19 billion compromised passwords from more than 200 breaches in the past year, making it the largest publicly indexed credential dump to date. Only 6 % of the entries are unique, highlighting pervasive password reuse across email, banking, social and e‑commerce accounts. The trove is already circulating on hacker forums and is being leveraged for credential‑stuffing attacks. Experts urge individuals and enterprises to adopt MFA, password managers, and password‑less solutions to mitigate the heightened risk.
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
The FBI Atlanta Field Office and Indonesia's National Police dismantled the W3LLSTORE phishing marketplace, a global operation linked to more than $20 million in attempted fraud. The takedown included domain seizures and the detention of a suspected developer, identified only as...
Day 156: Building Your Security Command Center - SIEM Implementation
The post walks security leaders through building a Security Information and Event Management (SIEM) platform tailored for a financial services firm handling millions of transactions daily. It outlines how raw logs—from user logins to network traffic—are normalized, correlated, and scored...
PwC Calls for Banks‑Telcos Alliance to Counter AI‑Powered Digital Fraud
PwC released a report urging banks and telecom operators to form a joint partnership that shares real‑time threat intelligence and AI tools to fight a surge in digital fraud. The consultancy warns that AI‑enabled scams are costing billions globally and...
Anthropic Withholds Mythos AI, Commits $100M to Counter Emerging Cyber Threats
Anthropic revealed that its new Mythos AI can autonomously discover and chain thousands of zero‑day flaws, prompting the firm to withhold the model from public release. It pledged up to $100 million in usage credits and $4 million in donations to open‑source...
Mastercard Rolls Out AI‑driven Payment Authentication in Singapore and Malaysia
Mastercard is deploying AI‑powered payment authentication across Singapore and Malaysia, using tokenization, verifiable intent and end‑to‑end auditability. The rollout, built with United Overseas Bank and Google, aims to create a trusted foundation for autonomous, AI‑driven transactions in Southeast Asia.
Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity
Anthropic unveiled Project Glasswing and the Claude Mythos model, which can automatically discover and chain vulnerabilities across operating systems, browsers and cloud environments. The U.S. Treasury and Federal Reserve warned that such AI‑driven exploit capabilities pose a systemic financial‑stability threat, prompting...
AI Autonomously Runs Full Mobile Exploit Chain—Future or Threat
An AI agent just completed a full mobile exploit chain… by itself. From reverse engineering to runtime manipulation all executed autonomously on a rooted Android device. That feedback loop (observe → decide → act) is the real breakthrough here. Once that loop is...
Week in Review: Windows Zero-Day Exploit Leaked, Patch Tuesday Forecast
The week’s headlines were dominated by a leaked Windows local‑privilege‑escalation exploit dubbed BlueHammer, raising immediate concerns for enterprise patching cycles. At the same time, the April Patch Tuesday forecast warned of a heavy update load, especially for AI‑related vulnerabilities. Cloudflare...
WLFI’s Hidden Blacklist Betrays DeFi Promises, Freezes Investors
I have always been an ardent supporter of President Trump and his crypto friendly policy. As an early supporter who invested heavily in World Liberty Financial, I did so because I believed in the vision that was presented to the public:...
Know 15 Cyber Attacks to Boost Business Resilience
15 types of cyber attacks you should know 🔐 Phishing, malware, DDoS, SQL injection, MITM, insider threats & more — all in one visual. Cybersecurity = business resilience. Credit: Cybersecurity Insights #CyberSecurity #InfoSec #CyberAttacks #TechRisk https://t.co/7OavuYeZHL
Creating AI Deepfakes of Real People to Be Made Illegal in Queensland
Queensland will criminalize the creation of non‑consensual sexual deepfake images, closing a legal gap that currently only bans distribution. Attorney‑General Deb Frecklington announced the proposal, which carries up to three years imprisonment for offenders. The government will begin expert consultations...
Bitcoin Must Upgrade for Post‑Quantum Security
Just to be clear: does this mean Bitcoin doesn't need to upgrade to be post-quantum secure? ABSOLUTELY NOT. Bitcoin should ABSOLUTELY take the necessary steps to become PQS.
Motherboard Updates Suddenly Become Mandatory: Secure Boot Certificates Are Forcing Manufacturers and Users to Take Action Before June 2026
Microsoft will retire the 2011 Secure Boot certificates in June 2026 (with additional expirations in October), replacing them with 2023 versions. OEMs such as ASUS and MSI have already warned that BIOS updates must include the new KEK and DB...
Infosys and Harness Team Up to Cut AI‑Driven Banking Delivery Delays
Infosys announced a strategic collaboration with U.S. testing platform Harness to automate the post‑code phase of AI‑driven software delivery for banks. The deal targets the “AI Velocity Paradox,” where 69% of heavy AI‑coding users face frequent deployment problems and average...
Anthropic Launches Claude Code Security AI Scanner in Limited Preview
Anthropic introduced Claude Code Security, an AI‑powered vulnerability scanner, in a limited preview for Enterprise and Team customers on April 11, 2026. The tool, part of a $104 million Project Glasswing initiative with AWS, Apple, Google, Microsoft, NVIDIA and others, aims...
Broadcom Launches Arcot Smart Ruleset, AI‑Driven 3‑DS Engine to Cut Fraud Losses
Broadcom introduced the Arcot Smart Ruleset, a machine‑learning 3‑DS rules engine that replaces static fraud rules with adaptive, real‑time decisioning. The solution taps a global network of thousands of financial institutions and billions of transactions, aiming to lower fraud losses...
Pete Recommends – Weekly Highlights on Cyber Security Issues, April 11, 2026
Cybercriminals are now embedding emojis in malicious communications to sidestep keyword‑based detection, while AI‑driven phishing campaigns target IRS filings and job seekers using tools like Google’s AppSheet. A Flashpoint report highlights the rise of emoji‑laden scams, and the FBI notes...
Certes Unveils V7 Quantum‑Safe Edge Protection, Urges UK Firms to Act
Certes released version 7 of its data protection platform, adding post‑quantum cryptography to edge, cloud and on‑premise environments. The update promises rapid deployment without application rewrites, a claim that aligns with heightened UK regulatory focus on quantum readiness. The move...
“The FTC Does Not Have Our Backs, that Much Is Clear”
The FTC reached a settlement with Match Group’s OKCupid over the app’s undisclosed sharing of user photos with facial‑recognition firm Clarifai. The agreement imposes a permanent ban on misrepresenting data practices but carries no monetary penalty, despite executives holding financial...
MedStar Health Breach Exposes Names, SSNs, Medical Records
.@MedStarHealth has issued the following patient notification: “After a thorough analysis of the files on MedStar Health’s systems, we determined that the files accessed by the unauthorized party contained patient information that included your name, date of birth, Social Security...
Is Investing in Advanced NHI Systems Justified
Organizations are increasingly recognizing that managing Non‑Human Identities (NHIs) – the machine credentials that power cloud applications – is essential for robust cybersecurity. Advanced NHI platforms deliver centralized discovery, secret rotation, and behavior monitoring, reducing breach risk and easing regulatory...
How Can Agentic AI Improve Cloud Security?
Non‑Human Identities (NHIs), or machine identities, are becoming central to cloud security as organizations seek to protect secrets such as tokens and keys. Effective NHI management bridges security and development teams, offering lifecycle visibility from creation to decommissioning. The emergence...
Cisco in Talks to Acquire Israeli AI‑Security Firm Astrix for Up to $350 Million
Cisco Systems is in advanced discussions to purchase Israel‑based AI‑agent security startup Astrix Security for a reported $250‑$350 million. The move would deepen Cisco's portfolio of AI‑focused security tools as the networking giant accelerates its subscription‑software strategy.
Japan Tightens Biometric Rules in APPI Amendments, Boosts AI Incentives
Japan's cabinet approved a sweeping amendment to the Act on the Protection of Personal Information (APPI) that tightens biometric data rules, adds parental consent requirements for minors, and expands AI‑related consent exemptions. The bill also raises fines to the level...
Persistent Deploys AI‑Driven Merchant Fraud Tool on Databricks, Aiming for Up to 40% Loss Reduction
Persistent has introduced a Merchant Risk Management and Fraud Detection platform built on Databricks, targeting banks, acquirers and payment service providers. The solution claims to lower chargeback and fraud losses by 20%‑40% and cut manual review work by up to...
Elon Musk‑linked Dogecoin Tax‑refund Scam Dupes Victims with Fake IRS Emails
Security firm Cofense uncovered a fraud scheme that pretends to be the IRS and Elon Musk, promising a $5,000 tax refund in exchange for a $10,000 Bitcoin purchase. The scam harvests personal data and threatens sophisticated identity theft, highlighting the...
Venice Keeps AI Chats Local, Adds Verifiable Encryption
"Every major AI platform — ChatGPT, Claude, Gemini, Grok, Perplexity — stores your conversations on centralized servers. That data can be reviewed, classified, subpoenaed, hacked, or sold. You're trusting the company, its employees, its vendors, and every government that asks. Venice...
Project Glasswing: What Power Companies and Grid Operators Need to Know
On April 7, Anthropic unveiled Project Glasswing, a coalition of 12 technology leaders deploying the Claude Mythos Preview AI model to automatically discover and patch software vulnerabilities. The model has already identified thousands of zero‑day flaws, including a 27‑year‑old bug in OpenBSD and chained...
Microsoft Terminated Accounts Tied to VeraCrypt, WireGuard, and Windscribe — Developers Push Back
Microsoft abruptly terminated developer accounts for VeraCrypt, WireGuard and Windscribe after a new identity‑verification rule in its Windows Hardware Program took effect. The enforcement, intended for partners who missed a government‑ID deadline, mistakenly swept up these open‑source security projects, cutting...
This Russian Military Intelligence Group Has Been Stealing People's Sensitive Data, so You Might Want to Connect Your Router Through...
The UK’s National Cyber Security Centre has uncovered a campaign by Russian military intelligence group APT28 that hijacks vulnerable home routers via a DNS flaw, rerouting traffic through malicious servers that harvest credentials, messages and browsing history. The operation targets...
GTA 6 Dev Rockstar Have Seemingly Been Hacked Again, but They Don't Seem All that Worried
Rockstar Games disclosed a limited data breach stemming from a third‑party compromise of Anodot, a cloud‑cost monitoring tool linked to its Snowflake data warehouse. Hacker group ShinyHunters posted a ransom demand, threatening to leak information by April 14, 2026. Rockstar...
Cloud Migration Shifts Risk, but Outages Spark Security Doubts
Hosting data in-house carries risks due to limited cybersecurity investment. Moving to the cloud shifts risk to providers, but significant outages from major providers raise questions about security and stability. #CloudSecurity #CyberRisk https://t.co/mjMEZ0cpkz
Public API Keys Misused as Live Gemini AI Credentials
Developers’ public API keys now function as live Gemini AI credentials, enabling attackers to run costly and unauthorized operations. https://t.co/Oo1InL5G8f
Small Models Also Found the Vulnerabilities that Mythos Found
Researchers tested a suite of inexpensive, open‑weight language models on the same code snippets Anthropic highlighted for its Mythos system. All eight small models flagged Mythos's flagship FreeBSD exploit, including a 3.6 billion‑parameter model that costs roughly $0.11 per million tokens....
Small Models Also Found the Vulnerabilities that Mythos Found
Anthropic unveiled Claude Mythos Preview and Project Glasswing, pledging $100 M in usage credits and $4 M to open‑source security groups while claiming the model autonomously discovered and exploited thousands of zero‑day bugs. AIS AI researcher Stan Fort tested the showcased vulnerabilities on inexpensive,...
Remote Acquires Bravas to Add Identity and Device Management for Global Teams
Remote announced the acquisition of French identity‑and‑device management startup Bravas, extending its global employment platform into the security layer of remote work. The deal, whose financial terms were not disclosed, marks Remote’s third workforce‑management acquisition and signals a broader convergence...
Coatue Co‑founder Calls for Recording All Meetings to Boost Hedge‑Fund Governance
Coatue Management co‑founder Thomas Laffont urged the hedge‑fund industry to record internal meetings, saying it would create a clear paper trail and curb misconduct. Employment lawyer Evan Fray‑Witzer warned the idea could hurt morale and raise data‑security concerns, sparking a...
StarkWare Proposes $75‑$150 Quantum‑Safe Bitcoin Spend, While XRP Shows Lower Exposure
StarkWare’s chief product officer Avihu Levy announced a quantum‑resistant Bitcoin transaction method that avoids a soft fork, estimating a GPU cost of $75‑$150 per spend. The proposal arrives amid fresh research showing Bitcoin’s cryptography could be broken with as few...
Smart Slider 3 Pro Supply‑Chain Hack Hits Over 900,000 Sites
Nextend confirmed that its update servers were hijacked, pushing a malicious version of Smart Slider 3 Pro to roughly 900,000 WordPress and Joomla installations. The breach underscores the danger of trusting auto‑update mechanisms when the source of truth itself is...
Microsoft Patches Android Flaw that Exposed Credentials of 30 Million Crypto App Users
Microsoft released a patch for an EngageLab SDK vulnerability that let apps bypass Android’s sandbox, affecting roughly 50 million devices. At least 30 million of those installations were cryptocurrency wallets, prompting urgent updates across the ecosystem.
Analyst Picks CrowdStrike as Top B2B Cybersecurity Growth Stock Amid AI‑Driven Threats
A market analyst has highlighted CrowdStrike as the premier B2B cybersecurity growth stock, pointing to a 30% slide from its peak, a 21‑times price‑to‑sales ratio, and a total addressable market expected to double by 2030. The recommendation rests on the...
Why Enterprise Digital Rights Management Matters Now
Enterprise Digital Rights Management (EDRM) is emerging as a critical safeguard as data breaches rise and regulatory scrutiny intensifies. By embedding granular permissions directly into files, EDRM lets organizations control viewing, editing, printing and sharing on a per‑document basis. The...
AI Cuts BEC Dwell Time From Days to Minutes
Business email compromise dwell time: 24 days to 24 minutes. That is AI-powered incident response working. 85% of organizations still run manual security. Attackers move in 72 minutes. The math does not work.
SPARTA Countermeasures: The Complete Guide to Defending Spacecraft From Cyber and Counterspace Threats
The Aerospace Corporation’s SPARTA Countermeasures guide (v3.2) presents a comprehensive, eight‑layer defense‑in‑depth framework for protecting spacecraft against cyber and counter‑space threats. It catalogs 90 specific countermeasures, aligns each with NIST SP 800‑53, ISO 27001, NASA best practices and MITRE D3FEND, and introduces...
Beware: Fake Login Alerts with Password Reset Links
Received an email from X warning you of new or unusual login attempts, with a handy 'change password' link? Beware, it's a slick new phishing attack that can trick even the most vigilant user. I've seen this with other sites...
![Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://kotaku.com/app/uploads/2026/04/gta5hack-1200x675.jpg)
Rockstar Games Hacked, Team Behind It Threaten A Massive Data Leak If Not Paid Ransom [Update]
Rockstar Games confirmed a breach after ShinyHunters claimed access to its Snowflake cloud data via a compromised Anodot monitoring service. The hackers demanded a ransom payable by April 14, 2026 and threatened to leak corporate documents such as contracts and financial plans....
Resecurity Recognized as 2026 Cyber 150 Winner for Full-Spectrum Cyber Threat Intelligence and Digital Protection
Resecurity, a Los Angeles‑based cyber intelligence firm, has been named a 2026 Cyber 150 Winner, recognizing its innovative full‑spectrum threat‑intelligence and digital protection offerings. The award highlights the company’s AI‑powered platform that serves Fortune 100 enterprises and U.S. government agencies. Resecurity delivers...
CISA Webinar 4/28: ISC Facility Security Committee Seminar – Regions 5 & 7
The Cybersecurity and Infrastructure Security Agency (CISA) and the Interagency Security Committee (ISC) are holding a Facility Security Committee (FSC) seminar on April 28 for Regions 5 and 7. The virtual event will walk participants through FSC procedures, recent updates to the Risk...
How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
In this episode, Microsoft MVP Per Torben‑Sansson discusses the fundamentals of building resilient Conditional Access (CA) policies in Microsoft Entra ID, starting with the critical role of break‑glass (emergency) accounts. He explains how to properly configure these accounts—using cloud‑only identities,...