Today's Cybersecurity Pulse
Microsoft releases record‑size Patch Tuesday for April
The April update cycle delivered 165 patches addressing roughly 340 unique CVEs, including two zero‑day flaws, one of which is already being exploited in the wild. Microsoft urges immediate deployment across all product families.
Also developing:
By the numbers: Artemis raises $70M Series A
China and U.S. Data Rules Cramp Legal‑Tech Cross‑Border Flows
China’s April 7 Regulations on Industrial and Supply Chain Security and the U.S. Department of Justice’s Data Security Program create opposing obligations for legal‑tech providers that move client data across the Pacific. The clash forces vendors to redesign contracts, architecture and discovery workflows to stay compliant.
Tools Are Easy; Business‑focused Risk Understanding Is Hard
The more time I spend in security, the more I believe tools are the easy part. Understanding risk in a way the business cares about and then acting on it is where most teams struggle.
Man Who Hacked US Supreme Court Filing System Sentenced to Probation
Nicholas Moore pleaded guilty to infiltrating the U.S. Supreme Court’s electronic filing system, as well as the networks of AmeriCorps and the Department of Veterans Affairs, using stolen credentials. He publicly bragged about the breaches on an Instagram account, posting...
Anthropic’s New Cybersecurity Model Could Get It Back in the Government’s Good Graces
Anthropic is attempting to repair its fraught relationship with the U.S. government by launching Claude Mythos Preview, a cybersecurity‑focused AI model. The model claims to spot vulnerabilities in major browsers, operating systems and other critical internet infrastructure, and has already...
AI‑Driven Hack Exfiltrates 195 Million Records From Nine Mexican Agencies
A cyber‑espionage campaign that ran from Dec 2025 to Feb 2026 used Anthropic’s Claude and OpenAI’s GPT‑4.1 to breach nine Mexican government agencies, exfiltrating 195 million personal identities, 15.5 million vehicle records and millions of property and civil documents. Researchers say AI acted as...
OpenAI Launches GPT‑5.4‑Cyber, a Security‑focused LLM for Defenders
OpenAI introduced GPT‑5.4‑Cyber, a large language model tuned for defensive cybersecurity tasks, and opened it to a limited pool of vetted researchers, vendors and enterprises. The rollout expands the Trusted Access for Cyber (TAC) program and pits OpenAI’s more permissive...
Man with @Ihackedthegovernment Instagram Account Tells Judge, “I Made a Mistake"
A 25‑year‑old Tennessee man, Nicholas Moore, pleaded guilty to unauthorized access of the U.S. Supreme Court’s electronic filing system, AmeriCorps, and the Veterans Administration Health System, then posted victims' personal data on his Instagram account @ihackedthegovernment. The court sentenced him...
We Need a Shared Responsibility Model for AI
Researchers uncovered multiple AI vulnerabilities that let attackers steal data, hijack AI browsers, and poison model memories. When the flaws were disclosed, most AI vendors dismissed responsibility, claiming security only covered the model itself. The author argues that, like cloud...
Payouts King Ransomware Uses QEMU VMs to Bypass Endpoint Security
The Payouts King ransomware has begun using the open‑source QEMU emulator to spin up hidden Alpine Linux virtual machines on compromised hosts. By launching these VMs through a SYSTEM‑level scheduled task named TPMProfiler, the malware evades host‑based endpoint scanners and...
Microsoft’s Patch Tuesday Release for April Is a Whopper
Microsoft’s April Patch Tuesday is the largest on record, delivering 165 updates that address roughly 340 unique CVEs, including two zero‑day vulnerabilities—one of which is already being exploited in the wild. The Readiness team recommends “Patch Now” for all major...
New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps
Zimperium’s zLabs identified four new Android malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 banking and crypto apps. The campaigns use phishing and smishing to deliver malicious APKs, then launch overlay attacks that mimic legitimate login screens. By abusing Accessibility...
The White House Weighs Whether Anthropic's Mythos Is Too Valuable for the Federal Government to Refuse
Anthropic’s new Claude model, dubbed Mythos, is being touted as a breakthrough AI capable of breaching cyber defenses. After the Pentagon blacklisted the firm for refusing unrestricted access, CEO Dario Amodei met White House Chief of Staff Susie Wiles to...
The IMF’s Warning to Banks: Share Data to Beat AI Fraud
The International Monetary Fund released a Technical Note at its 2026 Spring Meetings urging banks to break long‑standing data‑sharing taboos. It argues that fragmented transaction and threat data hampers AI‑driven fraud detection, and recommends collaborative exchange via APIs and ISO 20022...
National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
The National Institute of Standards and Technology announced that the National Vulnerability Database will now enrich only a select subset of CVEs—those in the CISA KEV catalog, software used by the federal government, and other critical products. Submissions have surged...
Booking.com Breach Shows Exactly How Smishing Attacks Get Made
On April 13, 2026 Booking.com disclosed that hackers accessed customer reservation data through a compromised hotel‑partner account. The breach revealed names, phone numbers, email addresses, and detailed booking information, but not financial data. Within days, fraudsters turned the stolen details...
The Race to Quantum-Proof the Internet Has Already Begun
The tech industry is moving from viewing quantum computing as a distant risk to treating it as an imminent threat. Researchers at a Fhenix livestream warned that encrypted data can be harvested now and decrypted later once quantum computers become...
Anthropic’s Project Glasswing Tackles AI Security Challenges in Data Centers
Anthropic has unveiled Project Glasswing, a collaborative effort to embed AI‑driven security into data‑center software stacks. The initiative centers on Claude Mythos, a model that scans for vulnerabilities across cloud platforms and open‑source components in real time. Leading providers such...
CISA Tells Feds to Patch 13-Year-Old Apache ActiveMQ Bug Under Active Attack
CISA has placed the 13‑year‑old Apache ActiveMQ remote code execution flaw (CVE‑2026‑34197) on its Known Exploited Vulnerabilities list and issued Binding Operational Directive 22‑01, giving federal civilian agencies until 30 April to apply patches or justify non‑compliance. The bug exploits the Jolokia...
Most Enterprises Can't Stop Stage-Three AI Agent Threats, VentureBeat Survey Finds
A VentureBeat three‑wave survey of 108 enterprises reveals that most organizations rely on monitoring AI agents without enforcing controls or isolating workloads, a structural gap that leaves them vulnerable to stage‑three threats. While 88% reported AI‑agent security incidents in the...
Google Ads API to Require Multi-Factor Authentication
Google is rolling out mandatory multi‑factor authentication (MFA) for new OAuth 2.0 refresh tokens generated through the Google Ads API, starting April 21, 2026. Existing tokens will keep working, but any new authentication will require a second verification step such as a...
The Wall Around Claude 4.7 Does Not Extend to Dread
Anthropic unveiled Claude Opus 4.7 on April 16 2026, intentionally reducing its offensive cyber capabilities while adding automated safeguards and a Cyber Verification Program for vetted defenders. Simultaneously, underground forums on Dread, Reddit, and Telegram circulated jailbreaks and a cross‑vendor prompt‑injection attack called...
Pro-Iran Hackers Appear to Increase Critical Infrastructure Cyberattacks
Pro‑Iran hacktivist group Ababil of Minab claimed responsibility for a March intrusion of the Los Angeles County Metropolitan Transportation Authority, though analysts say the evidence remains unverified. Federal agencies, including CISA, have warned that Iran‑linked actors are increasingly targeting operational...
ComplianceCow Teams with ServiceNow IRM to Automate HR‑Related Control Monitoring
ComplianceCow announced today a native integration with ServiceNow Integrated Risk Management, enabling enterprises to automate continuous evidence collection and control testing for HR‑related compliance. The middleware links cloud, identity and on‑prem systems to ServiceNow IRM, delivering real‑time risk insights without...
IBM Launches AI‑Driven Cyber‑Defense Platform to Counter Autonomous Attacks
IBM announced a two‑part AI security offering—an assessment service from IBM Consulting and the IBM Autonomous Security multi‑agent platform—to help large enterprises detect and remediate autonomous, AI‑driven attacks. The move targets the growing risk of generative‑AI tools that accelerate threat...
Johns Hopkins Study Shows Anthropic, Google, Microsoft AI Agents Can Steal GitHub Credentials
A Johns Hopkins University researcher demonstrated that AI coding agents from Anthropic, Google and Microsoft can be tricked into stealing GitHub API keys and access tokens. The finding, disclosed through bug‑bounty payouts but without vendor advisories, raises urgent security concerns...
Nigeria’s Corporate Affairs Commission Hit by Cyberattack, Prompting National Probe
Nigeria’s Corporate Affairs Commission confirmed a cyberattack on its systems on April 15, triggering an urgent investigation led by the National Information Technology Development Agency. The breach threatens the integrity of corporate filings and highlights gaps in the country’s digital...
Introducing the Future of Salesforce Data Protection: Backup & Recover Next
Salesforce announced Backup & Recover Next, its first native backup solution to achieve FedRAMP High compliance. The service offers automated daily backups of standard and custom objects, files, attachments, and sandboxes while staying inside the Salesforce trust boundary. It claims...
How to Choose the Best Virtual Data Room for Your Company Size: Mid-Market Vs. Enterprise Needs
Virtual data rooms (VDRs) are now essential for secure, collaborative deal execution, with the market exceeding $2 billion in 2024. Enterprises need advanced security, AI‑driven analytics, and global compliance, while mid‑market firms focus on cost‑effective, user‑friendly solutions. The article compares top...
CoChat Launches AI Collaboration Platform to Combat Shadow AI
CoChat debuted in early April 2026 as an AI collaboration platform aimed at curbing the rise of shadow AI within enterprises. By consolidating access to leading large language models (LLMs) and autonomous agents, it eliminates fragmented, unmanaged AI silos. The...
Check Point Quantum Scales Throughput for Digital Transformation
Check Point Software Technologies showcased its Quantum firewall, paired with ThreatCloud AI, in a Philippine commercial bank and an Angolan telecom provider. Frost & Sullivan’s report finds the solution delivers higher throughput, automated threat prevention, and unified policy management, overcoming...
Secure-by-Design: 3 Principles to Safely Scale Agentic AI
Enterprise adoption of agentic AI is shifting from experimental copilots to autonomous agents that execute decisions across environments. This expands the attack surface, prompting a secure‑by‑design shift championed by a CrowdStrike‑NVIDIA blueprint. The article outlines three core principles: treating AI...
Mythos Could Exploit Vulnerabilities, Raising Skynet Concerns
Mythos, Anthropic’s not yet released model, allegedly can not only find security gaps but exploit them. How far from Skynet are we?
Questioning Peston’s Access to Sensitive Email Traffic
Congratulations @Peston on getting access to such sensitive email traffic Obviously you’ve only got the important bits…& there’s obviously nothing further to see here btw who gave you access & why?
VMRay Announces Sovereign European Cloud for Advanced Threat Analysis
VMRay unveiled the VMRay Sovereign European Cloud, a SaaS platform that delivers advanced threat analysis while guaranteeing full data residency within Europe. The service runs on the AWS European Sovereign Cloud and is operated by a Luxembourg‑incorporated entity, providing physical...
Third‑Party Risks Cause Over One‑Third of Breaches
Over 35% of data breaches are caused by vendors or partners, not internal failures. As threats spread globally, third-party risk is growing. Security is only as strong as the weakest link. https://t.co/e3kXTsRA5f
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
An underground guide uncovered by Flare analysts reveals how cyber‑criminals now vet stolen‑card marketplaces. The document outlines a disciplined vetting process—checking domain age, SSL, WHOIS, mirror sites, and community reputation—to avoid scams and law‑enforcement takedowns. It also highlights the adoption...
Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week
This week’s cybersecurity briefing highlighted a wave of active exploits, including a critical Nginx UI authentication bypass, an Android SDK flaw affecting over 50 million users, and the NWHStealer infostealer spreading via fake VPN sites. Anthropic’s Project Glasswing showcased AI‑driven vulnerability...
New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks
Fortinet’s FortiGuard Labs uncovered Nexcorium, a new Mirai‑derived malware that hijacks TBK DVR‑4104 and DVR‑4216 video recorders via the CVE‑2024‑3721 command‑injection flaw. The variant spreads across IoT devices, installs persistence mechanisms, and uses hard‑coded default passwords to recruit additional cameras...
AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech
This week’s tech headlines were dominated by a surge of AI upgrades, from Anthropic’s Claude Opus 4.7 with self‑verification to OpenAI’s expanded Codex app and the cybersecurity‑focused GPT‑5.4‑Cyber. Major vendors also rolled out security fixes, with Microsoft patching 165 Windows flaws...
Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors
Bluesky experienced a coordinated distributed denial‑of‑service (DDoS) attack that began early Thursday, April 17, 2026, and stretched into a second day. The flood of traffic crippled core functions such as feeds, notifications, threads, search and the Discover section, producing rate‑limit...
Unwanted Anonymous Email Sparks Creepy Concern
Few folks have reached out after having received this email, which is a new one for me. It's most certainly not me—it's weird and creepy and I'd really like it to stop. https://t.co/5ora12ynHG
He Was Laid Off, Posted on LinkedIn — Then Scammers Started Impersonating Real Recruiters to Target Him
Nick Russell posted his layoff from Epic Games on LinkedIn and was immediately swamped with recruiter messages, one of which turned out to be a scam. Cybercriminals are now hijacking real recruiters' LinkedIn profiles, referencing actual resumes and job openings,...
Commercial AI Models Show Rapid Gains in Vulnerability Research
Forescout’s Verde Labs reports that commercial AI models have closed the gap in vulnerability research, with all tested models now completing full research tasks and half generating working exploits autonomously. The most capable models, Claude Opus 4.6 and Kimi K2.5, can discover...
Capsule Security Raises $7 M to Guard AI Agents as New Privileged Users
Capsule Security, a Tel‑Aviv‑based startup, closed a $7 million seed round led by Lama Partners and Forgepoint Capital International to launch a runtime‑security platform for AI agents. The funding targets a market where more than 80% of Fortune 500 firms now deploy...
Tuta Opens Closed Beta for Quantum‑Resistant Cloud Storage Platform
Tuta announced a closed‑beta launch of Tuta Drive, a cloud storage service built with quantum‑safe cryptography, starting April 16. The invite‑only program gives early users end‑to‑end encrypted storage hosted in Germany, positioning the firm ahead of Google Drive and OneDrive...
OzCon Brings Real-World Attack Tactics to Kansas on May 18, 2026
OzCon, a one‑day cybersecurity conference, launches in Overland Park, Kansas on May 18, 2026, featuring live demonstrations of nation‑state tactics, physical and social engineering exploits, and a hands‑on Capture‑the‑Flag. Founder Renee Chronister says the event closes the gap between imagined...
Data Sharing: Is It Safe? Is It Secure? Everything You Need to Know
Salesforce’s guide explains how SMBs can share data safely by using a unified CRM platform that enforces granular permissions and AI‑driven security checks. It cites that 51% of organizations saw a rise in cyber attacks in 2025, while 80% of...
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
Researchers uncovered an SEO‑poisoning campaign that tricks users searching for the open‑source recovery tool TestDisk into downloading a trojanized installer. The fake installer is a Microsoft‑signed Setup binary that uses DLL sideloading to load a malicious autorun.dll, which then installs...
The Cyber Express Weekly Roundup: Crypto Breaches, State-Linked Schemes, and Platform Exploits
The Cyber Express weekly roundup highlighted a series of high‑profile cyber incidents. Grinex halted trading after a coordinated wallet breach that stole more than $15 million in USDT, while two U.S. citizens were sentenced for a North Korea‑linked scheme that generated...
Brussels Launched an Age Checking App. It Took 2 Minutes to Hack It.
European Commission President Ursula von der Leyen unveiled a mobile age‑verification app intended to protect minors online. Within minutes, cybersecurity researchers demonstrated that the app could be hacked, exposing hard‑coded credentials and insecure data handling. The flaws raise serious privacy...