Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Designing for Complexity: Lessons From Building a Digital Wallet Integration
The integration of digital wallets like Apple Pay forced banks to abandon traditional, siloed software projects and adopt an ecosystem‑first approach. By 2025 Apple Pay alone handled roughly $9‑9.5 trillion in transactions for over 800 million users, illustrating the massive scale and external dependencies involved. Success required security‑driven architecture, adaptive capability‑based requirements, and embedded governance to keep pace with constantly evolving standards. The experience serves as a template for today’s AI, embedded finance, and partner‑centric initiatives.
Recovery Scammers Hit You when You’re Down: Here’s How to Avoid a Second Strike
Recovery fraud, also called the “second strike,” preys on people who have already been scammed by promising to retrieve lost funds for an upfront fee. In the United States, 2024 recorded over 7,000 cases, netting criminals more than $102 million, and...
Iran Crisis Highlights Rising Gulf Cybersecurity Risks to Critical Infrastructure
The recent Iran‑U.S. escalation has exposed Gulf states’ critical infrastructure to heightened cyber threats. Ports, energy facilities, desalination plants and financial hubs are now seen as vulnerable to combined kinetic and digital attacks. The United Arab Emirates is integrating cyber...
Little Snitch for Linux Shows What Your Apps Are Connecting To
Objective Development released a free Linux version of its Little Snitch firewall, delivering per‑process outbound connection visibility using eBPF. The backend is written in Rust and the UI is a web application, allowing remote monitoring from any device. The kernel...
US Summons Bank Bosses over Cyber Risks From Anthropic’s Latest AI Model
The U.S. Treasury summoned CEOs of major banks, including Federal Reserve Chair Jerome Powell, to discuss the cyber risks associated with Anthropic’s newly released Claude Mythos AI model. Anthropic warns the model poses unprecedented cybersecurity threats, such as generating sophisticated phishing...
(Updated) CPUID Offline After Reports of Malware in CPU-Z and HWMonitor Downloads
CPUID, the maker of popular diagnostic utilities CPU‑Z and HWMonitor, faced a suspected supply‑chain breach when official download links began delivering malware instead of the expected installers. The compromised files, masquerading as HWMonitor 1.63 and CPU‑Z 2.19, were hosted on a Cloudflare...
AI Voice Scams, Airline Fee Hacks and the Apps Keeping You Hooked
The Rich on Tech weekend show highlighted three pressing tech trends: AI‑generated voice scams are becoming more convincing as bots outnumber humans online, allowing fraudsters to clone personal voices from brief recordings. Airline travel costs are climbing, with checked‑bag fees...
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
Microsoft re‑launched its Recall feature with a hardened security stack that includes VBS enclaves, AES‑256‑GCM encryption, Windows Hello, and a Protected Process Light host. Researchers discovered that while the encrypted vault remains secure, the AIXHost.exe process that renders decrypted data...
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
Microsoft’s security researchers uncovered a critical intent‑redirection flaw in EngageLab’s EngageSDK, a messaging library embedded in over 30 million Android cryptocurrency‑wallet installations. The vulnerability lets a malicious app craft intents that bypass Android’s sandbox, exposing personal data and financial credentials. Microsoft...
God‑mode RCE Is Just Access; Execution Needs Capability
Even having a working 0day RCE god mode bug only gets you so far. You have initial access. Now what? What do you want to do and do you have the systems, processes, infrastructure and time to do it? Capability, opportunity,...
April 2026 Patch Tuesday Forecast: Spring-Cleaning of a Preview
The April 2026 Patch Tuesday preview highlights AI’s growing role in security, but stresses the need for human oversight. Microsoft pulled the faulty Windows 11 24H2/25H2 preview (KB5079391) and re‑issued a clean out‑of‑band update (KB5086672), while also fixing Outlook Classic conflicts with...
JSON Web Tokens Explained: The Authentication Pattern Behind Every Modern API
JSON Web Tokens (JWT) have become the de‑facto standard for stateless authentication in modern APIs. By embedding user identifiers and permission claims directly in a signed token, servers can verify identity without consulting a central session store. This eliminates the...
FCC Proposes Tougher KYC Rules to Crack Down on Illegal Robocalls
The FCC has issued a Further Notice of Proposed Rulemaking to tighten Know‑Your‑Customer (KYC) requirements for voice service providers that originate robocalls. The agency wants carriers to collect full names, addresses, government IDs and usage details, retain records for up...
GitLab Security Update Fixes High-Severity CVE-2026-5173, 11 Other Flaws
GitLab released a critical security update on April 8, 2026 that patches twelve vulnerabilities across its Community and Enterprise editions, including the high‑severity CVE‑2026‑5173. The update bundles three point releases—18.10.3, 18.9.5 and 18.8.9—covering self‑managed installations from version 16.9.6 onward. GitLab.com and Dedicated cloud...
US Officials Warn Banks over Powerful New Anthropic Model
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with CEOs of the nation’s largest banks to warn of cyber‑risk from Anthropic’s newly unveiled Mythos AI model. Anthropic says Mythos can locate and exploit...
What Vibe Hunting Gets Right About AI Threat Hunting, and Where It Breaks Down
Vibe hunting flips traditional threat hunting by letting AI scan entire data sets and surface anomalous patterns, turning the hypothesis into an implicit output. Exaforce’s Aqsa Taylor stresses that analysts must still be able to explain any investigation path, otherwise...
U.S. Treasury Rolls Out Cybersecurity Information Sharing Initiative as Crypto Attacks Rise
The U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection launched a digital‑asset cybersecurity initiative that provides free, high‑quality threat intelligence to eligible U.S. crypto firms. The move responds to a surge in sophisticated attacks that cost the industry over...
RBI Proposes 1-Hour Delay for UPI, IMPS Transfers Above Rs 10,000
The Reserve Bank of India has floated a discussion paper proposing a mandatory one‑hour cooling period for person‑to‑person UPI and IMPS transfers exceeding ₹10,000 (about $120). The delay targets high‑value P2P payments while merchant transactions remain instant, and a whitelisting...
Health Insurance Lead Sites Sell Personal Data Within Seconds of Form Submission
Researchers from UC Davis, Stanford and Maastricht mapped data flows on 105 health‑insurance lead sites, finding that personal and health information is harvested in real time and sold to dozens of buyers. Third‑party scripts capture keystrokes before form submission, and...
Warning: CPUID Suspected of Being a Virus; Suspicious HWMonitor Downloads Raise Alarms
On April 10 2026 users downloading CPUID’s HWMonitor 1.63 encountered an unexpected installer named HWiNFO_Monitor_Setup.exe, which triggered Windows Defender warnings and displayed Russian‑language dialogs. Community reports on Reddit confirm the mismatch between the advertised hwmonitor_1.63.exe file and the received executable, suggesting a tampered...
CyberCX Kicking Goals with Expanded Collingwood Football Club Partnership
CyberCX has elevated its relationship with Collingwood Football Club to a major partnership, building on a two‑year collaboration that already provided app integration and cyber‑safety training. The firm now delivers 24/7 security operations centre monitoring and penetration testing for the...
Mythos AI Finds 20 Zero‑days, Poised to Crack Smart Contracts
Anthropic's Mythos model is so powerful they restricted it to 12 partners and a $100M compute budget. It's already found 20 zero-days in legacy software. @kaiynne and @tayvano_ want to know when it finds the first one in a smart contract. New...
Secure Your IoT Devices with Proven Cyber Defenses
How to Protect #IoT Devices from #CyberSecurity Threats by @antgrasso #InternetOfThings #Infosec #IT #Technology https://t.co/bHVcGm4rmX
Data Minimisation vs AI Context Maximisation: The Battle Defining the Future of Smart Systems
AI product teams chase higher accuracy by feeding models ever more context, but privacy regulations demand strict data minimisation. The article argues that the conflict is structural: richer data improves personalization and retrieval, yet expands exposure and governance risk. It...
Lack of Hardware Attestations Leaves Privacy Vulnerable
If you inference provider doesn’t give you hardware attestations on what code was run and in turn that all your interaction were private - you are under attack.
AI Boosts Productivity, but Prompt‑injection Risks Threaten Organizations
Wonder if the AI calculus becomes “12% productivity gains per employee with the tail risk of the org going under for a week if Ralph is the victim of a convincing prompt injection and inadvertently sends out internal info to...
NHS Staff Alarmed as Palantir Engineers Receive NHS.net Email Accounts
NHS employees have raised concerns after at least six Palantir engineers were granted NHS.net email accounts, giving them access to a directory of up to 1.5 million staff. The issue spotlights data‑security, privacy and ethical questions surrounding the £330 million Federated Data...
Meta’s New AI Asked for My Raw Health Data and Gave Me Terrible Advice
Meta’s Superintelligence Labs unveiled Muse Spark, a generative AI model that invites users to paste raw health data such as lab results or fitness‑tracker readings. The bot promises trend analysis and visualizations, but early testing showed it offering vague or incorrect...
AI‑Generated Phishing Attacks Surge, Prompting New Enterprise Defenses
IBM reports AI can draft a convincing phishing email in five minutes, a task that once took humans 16 hours. The Federal Trade Commission notes fraud losses jumped 25% to $12.5 billion in 2024, spurring CIOs to adopt new detection tools,...
Pro‑Iranian Hackers Say Ceasefire Won’t Stop U.S. Cyber Threats
Pro‑Iranian hacking group Handala announced it will pause attacks on the United States but continue targeting Israel after the Iran‑U.S.–Israel ceasefire, and may expand its cyber campaign once the truce settles. U.S. agencies warned of heightened risk to industrial control...
Elon Musk Says WhatsApp's End-to-End Encryption Can't Be Trusted, Mark Zuckerberg's Company Calls It ‘Absurd’
Elon Musk publicly questioned the reliability of WhatsApp’s end‑to‑end encryption after a class‑action lawsuit alleged Meta accessed private messages and shared them with contractors such as Accenture. In response, Musk urged users to switch to X Chat, promoting it as a...
Microsoft Says New Windows Recall Bypass Isn't a Vulnerability
Microsoft defended its Windows 11 Recall utility after researcher Alexander Hagenah released a tool that can extract decrypted screenshots and metadata by injecting a DLL into the AIXHost.exe process. The bypass works from a standard logged‑in user account and does not...
Fed and Hedge Fund Leader Warn of AI-Driven Cyber Threats
JUST IN: Scott Bessent and Jerome Powell called Wall Street execs to an urgent meeting over worries that Anthropic PBC's new AI model will ramp up cyber threats.
Microsoft’s Reauthentication Snafu Cuts Off Developers Globally
Microsoft’s Windows Hardware Program reauthentication drive, launched in October, inadvertently suspended numerous independent software vendors (ISVs) after missed or ignored verification emails. The lockouts halted developers’ access to Microsoft systems, causing downstream disruptions for their global customers. Executives on X...
Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to Bank CEOs
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an emergency meeting with senior Wall Street executives on April 10, 2026. The gathering focused on the security implications of Anthropic PBC’s new AI model, Mythos, which regulators fear...
Apiiro Launches Command-Line Interface to Bring AI-Native Security Into Software Development Workflows
Apiiro Ltd. unveiled a command‑line interface (CLI) that embeds AI‑native security directly into software development pipelines. The tool targets the surge of AI‑generated code, offering six agent‑driven skills—Scan, Risks, Fix, Guardian Agent, AI Threat Modeling, and Secure‑Prompt—to let AI assistants...
Shadow IT Evolves: From User Shortcuts to Autonomous Systems
Shadow IT used to mean people using tools without approval. Now it can act on its own.
Healthcare Remains Top Cybercrime Target: FBI
The FBI’s 2025 Internet Crime Report shows healthcare and public health faced the most cyber incidents of any critical‑infrastructure sector, with 642 events recorded. Ransomware dominated, accounting for 460 attacks, while 182 data breaches placed the industry third in breach...
New VENOM Phishing Attacks Steal Senior Executives' Microsoft Logins
Cybersecurity firm Abnormal has uncovered a new phishing‑as‑a‑service platform dubbed VENOM that specifically targets senior executives’ Microsoft accounts. The campaign, active since November, delivers highly personalized SharePoint‑style emails containing QR codes and double‑Base64‑encoded email fragments to evade detection. VENOM employs...
Gmail Finally Offers End-to-End Encryption for Email on Android and iPhone
Google has added end‑to‑end encryption (E2EE) to the Gmail mobile app for Android and iPhone, extending the feature that debuted on desktop in 2022. The capability is restricted to Google Workspace Enterprise Plus customers who have the Assured Controls or Assured...
Cisco to Acquire Galileo for AI Observability
Cisco announced it will acquire Galileo Technologies, an AI observability specialist that monitors multi‑agent systems. Galileo’s platform adds real‑time guardrails, bias detection, and cost tracking to Cisco’s Splunk observability suite. The deal, slated to close in Q4 FY2026, builds on...
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Trend Micro’s latest research reveals that Russia’s Fancy Bear (APT28) continues to run sophisticated espionage and sabotage campaigns worldwide. The group deployed the Prismex malware suite against Ukraine’s defense supply chain and used NTLMv2 hash‑relay attacks via a patched Outlook vulnerability...
Cybercriminals Use Emojis to Evade Detection, Flashpoint Warns
Flashpoint’s latest threat‑intelligence report reveals cybercriminals are swapping traditional fraud‑related keywords with emojis to slip past security filters. By mapping emojis to concepts such as credit cards, banks, credentials, and malware, threat actors make automated monitoring far less effective. The...
StarkWare Researcher Publishes Quantum-Safe Bitcoin Transaction Scheme
StarkWare researcher Avihu Levy released Quantum Safe Bitcoin (QSB), an open‑source transaction format that makes Bitcoin payments resistant to quantum attacks without requiring a softfork or protocol upgrade. The scheme operates within existing Bitcoin script limits and leverages a hash‑puzzle...
Hack-for-Hire Group Targets MENA Journalists and Officials
A hack‑for‑hire group has been uncovered running a multi‑year espionage campaign against journalists, activists and government officials across the Middle East and North Africa. The attackers used phishing to steal Apple ID credentials and access iCloud backups, while deploying Android spyware...
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
A researcher using the alias Chaotic Eclipse publicly released exploit code for a Windows zero‑day flaw dubbed “BlueHammer,” which targets a race condition in Windows Defender’s signature update system. The PoC, posted on GitHub on April 2, claims the vulnerability remains...
New DeFi Security Premium Ratio Prices Protocol Risk
DeFi has lost between $730M and $3.1B to exploits every single year since 2021. TVL has swung from $175B peak to $45B trough and back above $100B. The loss rate as a % of TVL is 1–3% / year depending on the...
Mythos Cuts Cyber Attack Surface, Makes Exploits Scarcer
Concur. Mythos shrinks the total cyber attack surface area. There will be fewer exploits remaining, and those likely harder to find. And because model capabilities scale sub-linearly with both compute and training data, it likely takes a very large $$...
DoD Switches Allies as Anthropic Unveils Dangerous AI Weapon
DoD: Friendship ended with Anthropic. Now OpenAI is my best friend. [one month later] Anthropic: We’re pleased to announce the most powerful hacker capability ever created, able to discover and exploit thousands of critical 0days. Friends only release.
AI Cybersecurity Closes Gaps, Giving Defenders the Edge
Yes. We're closing vulnerabilities that could have been (and may have been) exploited by bad actors already. AI cyber-security may well favor defenders in the large majority of cases.