Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
As Fraud Escalates, Taking a Beat Becomes a Critical Defense
Fraud in the United States surged to an all‑time high, with the FBI reporting nearly $21 billion in losses last year and over one million complaints filed. Cryptocurrency investment scams alone accounted for $11 billion in damages, while AI‑driven schemes generated $893 million in losses across 22,364 incidents. Older adults were hit hardest, suffering $7.7 billion—up 37% year‑over‑year—and the FBI warned that emerging quantum‑AI tactics could amplify threats further. Experts now stress a "take a beat" approach, urging consumers to pause and verify every unsolicited request.
Microsoft 365 Modernization Is Becoming a Data Sovereignty Challenge
Enterprises are now treating Microsoft 365 data sovereignty as a front‑line buying criterion rather than a post‑deployment check. Modernization projects—migrations, restructurings, and Copilot rollouts—are accelerating, exposing gaps in permissions, guest access, and identity sprawl that can undermine compliance. Governance must travel...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
ThreatsDay bulletin highlights a surge in the hybrid P2P botnet Phorpiex, a 13‑year‑old Apache ActiveMQ RCE chain, record cyber‑fraud losses, AI‑driven DDoS evolution, and multiple supply‑chain and malware incidents. Phorpiex now infects roughly 125,000 devices daily, using peer‑to‑peer communication to...
Secure Accounts by Binding Them to Physical SIMs
Ties accounts to physical SIMS (not sketchy auto shared seeds and profiles -see my blog.)
From AML to Data Reform: The 2026 Compliance Agenda for UK Law Firms
In 2026 UK law firms will face intensified scrutiny across anti‑money‑laundering, sanctions, data protection and court‑transparency rules. The transition of AML oversight from the SRA to the FCA, the rollout of Companies House identity‑verification requirements, and the Data (Use and...
Weak at the Seams
The article argues that cyber risk is no longer a collection of isolated silos but a systemic threat amplified by digital transformation across healthcare, finance and manufacturing. While global security spending is projected to exceed $212 billion in 2025, the exposure...
‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online
Bellingcat uncovered nearly 800 compromised email‑password pairs belonging to 12 of Hungary’s 13 ministries, exposing senior officials in defence, foreign affairs and interior ministries. The breaches, traced through the Darkside breach database, reveal simple passwords like "Password" and "1234567" as...
Lotte Card Given Notice of $3M Penalty, Business Suspension over Massive Data Breach
Lotte Card has been served a notice from South Korea's Financial Supervisory Service requiring a penalty of roughly 5 billion won (about $3.38 million) and a suspension of new customer sign‑ups for more than four months. The penalties will be finalized by...
Beware BTS Ticket Scams: Spot Fake Sites Quickly
Global K-pop sensation BTS are back with a world tour, and tickets are disappearing in seconds — but so is fans’ money via fake “official” sites. Scammers are cloning ticket-booking pages to steal from K-poppers worldwide. How to spot fakes...
86% of Businesses Refused to Pay Cyber Ransoms in 2025 — Coalition Insurance
Coalition’s 2026 cyber claims report, covering over 100,000 policyholders in the US, Canada, UK, Australia and Germany, found that 86% of the 1,400 high‑signal ransomware claims from 2025 did not result in a ransom payment. Ransom demands surged 47% year‑over‑year,...
Did Your IT Department Tell You About What Happened in AI This Week?
Anthropic unveiled Mythos, an AI model that identified tens of thousands of hidden vulnerabilities across banks, hospitals, operating systems and browsers, prompting a coordinated warning to twelve leading tech firms through Project Glasswing. Simultaneously, the company launched Claude Managed Agents,...
Capita Under Investigation After Workers Hit by Pensions Data Breach
Capita, the administrator of the UK Civil Service Pension Scheme, is under government investigation after confirming a second data breach within three years. The latest incident affected up to 138 retirees, who either received incorrect annual statements or had their...
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
The Madras High Court dismissed cybersecurity specialist Himanshu Pathak’s appeal seeking a multi‑ministry investigation into alleged security lapses at Star Health Insurance. While his petition was pending, Star Health suffered a cyber‑attack on October 9 2024 that exposed policyholder data. Pathak, a policyholder,...
A Hacker Has Allegedly Breached One of China’s Supercomputers and Is Attempting to Sell a Trove of Stolen Data
A hacker claims to have exfiltrated over 10 petabytes of classified data from China’s National Supercomputing Center in Tianjin, including defense documents and missile schematics. The breach allegedly spanned months and went undetected, affecting more than 6,000 clients across scientific...
ENISA Launches Public Consultation on Draft EUDI Wallet Certification Schemes
ENISA has opened a public consultation on a draft certification scheme for providers of the EU Digital Identity (EUDI) wallet, following a two‑year agreement to back the European Commission’s rollout. The core EU wallet regulation took effect in May 2024, and...
Amid Rising Cyber and Physical Threats, Center for Cross-Sector Coordination Launches
The Center for Cross‑Sector Coordination (CXC) launched as an industry‑driven, not‑for‑profit hub that links owners and operators across all 16 U.S. critical infrastructure sectors. Its mission is to improve coordination, share security tools, training, and threat intelligence, and act as...
Don’t Just Fight Fraud, Hunt It
The article warns that AI has transformed fraud into an industrialized, global enterprise that can create tens of thousands of synthetic identities in days. Traditional detection methods—such as tracking reused emails or devices—are rapidly losing relevance, with unique email patterns...
OPSWAT Adds Predictive AI Engine to MetaDefender for Pre-Execution Threat Detection
OPSWAT introduced Predictive Alin AI, its first proprietary AI‑driven threat detection engine, into the MetaDefender platform. The static‑analysis engine predicts malicious intent in milliseconds, delivering sub‑100‑ms inference while maintaining a tiny memory footprint. In internal tests the engine achieved 99.99%...
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Palo Alto Networks and SonicWall each released emergency patches addressing multiple vulnerabilities, including two high‑severity flaws. Palo Alto fixed three bugs—most notably CVE‑2026‑0234 affecting Cortex XSOAR/XSIAM’s Microsoft Teams integration—and added dozens of Chromium security updates. SonicWall patched four issues in...
Russian Hackers Exploit SOHO Routers for DNS Hijacking Campaign
Russian-linked threat group Forest Blizzard has been hijacking home and small‑office routers since at least August 2025, turning them into covert DNS infrastructure. Microsoft reported over 200 organizations and more than 5,000 consumer devices infected, enabling passive traffic monitoring and targeted...
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
A new macOS malware dubbed notnullOSX is targeting cryptocurrency wallets holding more than $10,000. The threat, linked to a hacker known as 0xFFF (now alh1mik), spreads via fake Google Docs warnings and a malicious Terminal command called ClickFix, then requests...
Zephyr Energy Loses £700K in Cyber Hit that Rerouted Contractor Payment
Zephyr Energy plc disclosed a cyber‑fraud incident that diverted about £700,000 (≈$890,000) from a routine contractor payment to an attacker‑controlled account. The attack, described as “highly sophisticated,” hit a U.S. subsidiary but left day‑to‑day operations intact. Zephyr promptly involved law...
The Hidden Security Risks of Shadow AI in Enterprises
The article warns that shadow AI—unauthorized artificial‑intelligence tools adopted by employees—creates hidden security gaps in enterprises. A 2024 Salesforce survey shows 55% of workers use AI solutions outside IT approval, exposing data to external platforms. These tools can leak credentials,...
Intruder Expands Cloud Security with Agentless Container Image Scanning
Intruder introduced Container Image Scanning, an agent‑less service that automatically checks container images for vulnerabilities across AWS Elastic Container Registry, Google Artifact Registry and Azure Container Registry. The feature runs daily, prioritizing active tags and presenting findings alongside other attack‑surface...
Guidance: MOD Law Enforcement Privacy Notices
The UK Ministry of Defence (MOD) has updated its Law Enforcement Privacy Notices, originally published in January 2024, to clarify how personal data is processed for policing and security purposes. The April 2026 revision renamed the notice, expanded the "Details" section, and...
5 Best Zero Trust Networking Software I Recommend for 2026
The G2‑based roundup identifies the five leading zero‑trust networking platforms for 2026: Zscaler Private Access, Cisco Duo, Palo Alto Networks IoT/OT Security, Okta, and FortiClient. Each tool was evaluated on policy depth, identity and device integrations, deployment speed, and day‑two...
Unstructured Data Is Piling up as AI Risks Rise
A new Thales report, based on a survey of 210 IT and security leaders, finds that more than half of enterprises lack full visibility into their unstructured data estates, and 68% say most of that data remains unprotected. Only 9%...
On Microsoft’s Lousy Cloud Security
In late 2024, federal cybersecurity evaluators warned that Microsoft’s Government Community Cloud High (GCC High) lacked detailed security documentation, describing the offering as “a pile of shit.” Despite the criticism, FedRAMP granted the cloud service an authorization, attaching a “buyer beware” disclaimer....
UK Firms Must Implement New Complaints Process by June 2026
UK Mandatory Data Protection Complaints Handling Process: What Organisations Must Do by 19 June 2026 https://t.co/2KlCF4BOUs https://t.co/CgoOn00PqA
CMMC Non-Compliance: Violations of FCA
Defense contractors must recognize that CMMC gaps alone do not trigger the False Claims Act, but false statements about compliance do. The FCA targets companies that knowingly assert they meet DoD cybersecurity requirements when evidence or internal knowledge contradicts those...
Why Security Automation Is Changing How Teams Protect Enterprise Networks
Enterprise security teams face exploding alert volumes and slow manual triage, prompting a shift toward automation. SIEM platforms aggregate and normalize logs, while SOAR solutions execute playbooks that isolate threats, block IPs, and open tickets without human clicks. High‑quality connectors...
Advenica’s File Scanner Kiosk Scans USB Media for Malware
Advenica introduced the File Scanner Kiosk, a dedicated appliance that scans USB drives for malware before they connect to corporate networks. The kiosk leverages multiple built‑in antivirus engines and features dual USB ports to handle source and destination media simultaneously....
Anthropic’s Mythos Is the Cyberthreat Every CISO Feared
Anthropic is quietly developing Claude Capybara, code‑named Mythos, an AI model that excels at finding vulnerabilities, crafting exploits and chaining multi‑step attacks. The leak of Mythos signals that frontier AI has crossed a cybersecurity threshold, allowing attackers to automate sophisticated code‑review...
Foxcove IT Expands Portland Operations to Target High‑Growth Companies
Foxcove IT, a premium IT consulting firm, announced the expansion of its Portland, Oregon footprint to provide managed services, compliance support, and fractional CIO/CISO advisory to high‑growth businesses. The move positions the firm as a strategic partner for startups and...
Federal Appeals Court Upholds Pentagon’s Supply‑Chain Risk Designation of Anthropic
A three‑judge D.C. Circuit panel rejected Anthropic’s bid for an emergency stay, allowing the Pentagon’s supply‑chain risk designation to remain. The ruling keeps the AI firm off federal contracts and forces enterprises to reassess AI sourcing amid heightened security scrutiny.
30,000 Private Facebook Images Allegedly Downloaded by Meta Employee
A former Meta employee in London is under criminal investigation for allegedly scripting the download of about 30,000 private Facebook images. The Metropolitan Police cybercrime unit is handling the case, and Meta says it discovered the breach over a year...
Fifth Third Beats Back Impersonation Scams
Fifth Third reports a dramatic surge in bank‑impersonation scams, which now represent about 17% of its fraud cases and have tripled since 2024. Fraud leader Kristopher Edwards says scammers are spoofing caller IDs, hijacking search ads, and creating fake social‑media sites...
7 Ways to Boost the Privacy of Your Home and Gadgets
Privacy concerns are infiltrating everyday homes as smart devices collect more data than users realize. Experts advise treating gadgets as computers, disabling unused features, and favoring physical controls like camera shutters. Storing video locally rather than in the cloud reduces...
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
The SANS Institute’s 2026 State of Identity Threats & Defenses Survey reveals a 76 % rise in non‑human identities (NHIs) as AI agents proliferate across enterprises. Seventy‑four percent of firms already deploy AI agents that require credentials, causing NHIs to double...
Certes Launches V7 Platform with Quantum-Safe Encryption Across Hybrid Cloud and Edge Environments
Certes has unveiled version 7 of its Data Protection and Risk Mitigation platform, extending post‑quantum cryptography to hybrid‑cloud, edge and AI workloads. The update introduces per‑flow quantum‑safe encryption and cryptographic micro‑segmentation that can be deployed in days without rewriting legacy applications....
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Google’s Threat Intelligence Group has identified a financially motivated actor, tracked as UNC6783, launching a focused campaign against business process outsourcing firms to pilfer data from their high‑value corporate clients. The group uses live‑chat lures, spoofed Okta login pages and...
It’s Not Just Spyware Scandals: EU Is Funding the Industry that Spies on Europeans
In February 2026 a Greek court sentenced four people, including Intellexa executives, for the Predator spyware scandal that targeted journalists, politicians and business leaders. Investigations reveal that EU programmes such as the European Defence Fund, Horizon research, and the European...
AI Supercharges Scams as ASIC Hits Record Takedowns
Australia’s securities regulator ASIC dismantled a record 11,964 phishing and investment‑scam websites in 2025, a 90% jump from the 6,270 sites removed in 2024. The surge coincides with scammers exploiting artificial‑intelligence tools to craft more convincing fraud content. Despite the...
The Alleged Breach of China’s National Supercomputing Center Can Have Serious Geopolitical Consequences
A hacker group called FlamingChina claims to have exfiltrated more than 10 petabytes of classified military, aerospace and scientific data from China’s National Supercomputing Center in Tianjin. The breach allegedly lasted six months, using a compromised VPN and a botnet to...
Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
Signature Healthcare detected a cyberattack on April 6, 2026, prompting the network to shift to emergency downtime procedures. The breach forced the Brockton Hospital to divert ambulances, cancel chemotherapy infusions, and rely on manual workflows, while surgeries and urgent care continued...
Use of Unauthorised AI Sparks Security and Compliance Concerns for Businesses
Two thirds of UK business leaders worry about data security and compliance risks from employees' unauthorised AI use, according to a Studio Graphene‑commissioned poll of 500 senior managers. The survey found 48% suspect shadow AI tools are in use, rising...
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
Keeper Security has upgraded its Remote Browser Isolation (RBI) within KeeperPAM, adding multi‑tab browsing, full JavaScript support, and administrator‑controlled file uploads. The enhancements also extend KeeperAI‑powered session monitoring to RBI, enabling real‑time anomaly detection across privileged sessions. These changes aim...
Patch Windows Collapse as Time-to-Exploit Accelerates
Rapid7’s 2026 Threat Landscape Report shows confirmed exploitation of high‑ and critical‑severity vulnerabilities more than doubled, rising to 146 incidents in 2025 from 71 in 2024. The median time from public disclosure to inclusion in CISA’s Known Exploited Vulnerabilities list...
Mobile App Security with Ryan Lloyd
In this episode, Ryan Lloyd, Chief Product Officer at GuardSquare, explains how mobile app security differs from desktop and web security, emphasizing that critical logic and IP reside on users' devices, making them prime targets for reverse engineering, tampering, and...
Adobe Reader Zero-Day Exploited for Months: Researcher
A researcher has identified an actively exploited zero‑day vulnerability in Adobe Reader, discovered through a malicious PDF that can harvest system data and may enable remote code execution or sandbox escape. The exploit has been observed in the wild since...