Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
It’s Not Just Spyware Scandals: EU Is Funding the Industry that Spies on Europeans
In February 2026 a Greek court sentenced four people, including Intellexa executives, for the Predator spyware scandal that targeted journalists, politicians and business leaders. Investigations reveal that EU programmes such as the European Defence Fund, Horizon research, and the European Investment Fund have funneled hundreds of thousands to millions of euros—roughly $540,000 to $5.4 million—into companies that build commercial spyware, including Intellexa and Israel’s Paragon. EU officials acknowledge the grants but cite internal rules, while critics argue the funding contradicts Europe’s human‑rights commitments. Advocacy groups are now demanding an EU‑wide ban on spyware and stricter due‑diligence for public money.
AI Supercharges Scams as ASIC Hits Record Takedowns
Australia’s securities regulator ASIC dismantled a record 11,964 phishing and investment‑scam websites in 2025, a 90% jump from the 6,270 sites removed in 2024. The surge coincides with scammers exploiting artificial‑intelligence tools to craft more convincing fraud content. Despite the...
The Alleged Breach of China’s National Supercomputing Center Can Have Serious Geopolitical Consequences
A hacker group called FlamingChina claims to have exfiltrated more than 10 petabytes of classified military, aerospace and scientific data from China’s National Supercomputing Center in Tianjin. The breach allegedly lasted six months, using a compromised VPN and a botnet to...
Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
Signature Healthcare detected a cyberattack on April 6, 2026, prompting the network to shift to emergency downtime procedures. The breach forced the Brockton Hospital to divert ambulances, cancel chemotherapy infusions, and rely on manual workflows, while surgeries and urgent care continued...
Use of Unauthorised AI Sparks Security and Compliance Concerns for Businesses
Two thirds of UK business leaders worry about data security and compliance risks from employees' unauthorised AI use, according to a Studio Graphene‑commissioned poll of 500 senior managers. The survey found 48% suspect shadow AI tools are in use, rising...
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
Keeper Security has upgraded its Remote Browser Isolation (RBI) within KeeperPAM, adding multi‑tab browsing, full JavaScript support, and administrator‑controlled file uploads. The enhancements also extend KeeperAI‑powered session monitoring to RBI, enabling real‑time anomaly detection across privileged sessions. These changes aim...
Patch Windows Collapse as Time-to-Exploit Accelerates
Rapid7’s 2026 Threat Landscape Report shows confirmed exploitation of high‑ and critical‑severity vulnerabilities more than doubled, rising to 146 incidents in 2025 from 71 in 2024. The median time from public disclosure to inclusion in CISA’s Known Exploited Vulnerabilities list...
Mobile App Security with Ryan Lloyd
In this episode, Ryan Lloyd, Chief Product Officer at GuardSquare, explains how mobile app security differs from desktop and web security, emphasizing that critical logic and IP reside on users' devices, making them prime targets for reverse engineering, tampering, and...
Adobe Reader Zero-Day Exploited for Months: Researcher
A researcher has identified an actively exploited zero‑day vulnerability in Adobe Reader, discovered through a malicious PDF that can harvest system data and may enable remote code execution or sandbox escape. The exploit has been observed in the wild since...
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s Threat Intelligence Group has identified a new financially motivated threat cluster, UNC6783, targeting business process outsourcers and enterprise helpdesks. The group leverages live‑chat interactions to direct victims to spoofed Okta login pages and malicious Zendesk‑support domains, stealing clipboard data...
68% of Banks Increase Fraud Defense Spending as Account Takeovers Spike
Banks are rapidly reclassifying fraud defense from a reactive cost center to core infrastructure, driven by a surge in account‑takeover attacks. The PYMNTS 2025 State of Fraud report shows unauthorized‑party fraud now represents 71% of incidents and losses, pushing average...
Voltage Fault Injection: The Physical Hack That Breaks Open-Source Bitcoin Hardware.
The post reveals that voltage fault injection—a laboratory‑grade physical attack—can compromise 100% open‑source Bitcoin hardware wallets by directly manipulating silicon to bypass PIN protection. Even devices with transparent firmware like Trezor or Blockstream Jade are vulnerable when an adversary gains...
CLEAR1 Achieves FedRAMP® ‘In Process’ Designation to Support Public Sector and Regulated Industries
CLEAR 1, the secure identity platform of CLEAR (NYSE: YOU), has earned a FedRAMP Moderate “In Process” designation and is now listed on the FedRAMP Marketplace. The milestone builds on CLEAR’s contract with CMS to modernize Medicare.gov identity verification and signals...
Vibe Coding Is the New Shadow IT
Generative AI has turned shadow IT into "vibe coding," where employees create applications using natural‑language prompts. While the approach accelerates prototyping and lets non‑developers build tools, the resulting code often lacks testing, security reviews, and documentation. Enterprises face rogue apps...
When Your Legal Tech Vendor Gets Breached: DocketWise Incident Exposes 116,666 Immigration Records and a Profession’s Blind Spot
DocketWise, a cloud‑based immigration case‑management platform, suffered a supply‑chain breach that exposed the personal records of 116,666 individuals, including Social Security numbers, passports, medical data and attorney‑client communications. The intrusion began in September 2025, was detected in October, confirmed in...
Quantum-Safe Email: S/MIME and Post-Quantum Email Security
The article warns that today’s S/MIME email encryption, built on RSA and ECC, will become vulnerable once practical quantum computers arrive. Quantum algorithms like Shor’s could crack RSA‑2048 in hours, exposing corporate contracts, financial data, and intellectual property. The U.S....
Bitcoin Depot Discloses $3.6 Million Crypto Theft Following System Breach
Bitcoin Depot disclosed that on March 23, 2026 attackers siphoned 50.903 Bitcoin, roughly $3.665 million, from its internal settlement wallets after breaching corporate IT systems. The breach was limited to internal credentials and did not affect customer‑facing platforms or data. Bitcoin...
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
A recent comparative study scanned the internet for Modbus‑exposed industrial control system (ICS) devices and identified 179 likely live units, with the United States accounting for 57 of them. The research highlights that many of these devices run legacy protocols...
Kenya’s Cyber Threats Surge 441% in Three Months as Defence Gap Widens
Kenya’s Computer Incident Response Centre reported a 441% jump in cyber threat events, reaching 4.6 billion incidents in the fourth quarter of 2025 – the sharpest rise in at least three years. Distributed Denial‑of‑Service attacks exploded by 1,117% quarter‑on‑quarter, yet advisory...
DRAM’s Whac‑A‑Mole Security Crisis
Rowhammer remains a pervasive DRAM security flaw, and a newer variant called Rowpress is emerging as a complementary threat. Memory manufacturers have introduced refresh‑management commands—RFM, ARFM and DRFM—to target vulnerable rows, yet these mitigations are imperfect and can be weaponized....
Why Incident Response Has Become a Core Responsibility for MSPs
Recent high‑profile cyber breaches in the UK have highlighted that many organizations are unprepared for the aftermath of an intrusion. While technical safeguards remain essential, customers now judge managed service providers (MSPs) on their ability to execute a robust incident...
Quantum Computers and Post-Quantum Security
Swiss financial infrastructure operator SIX is accelerating its shift to post‑quantum cryptography as quantum computers threaten current asymmetric encryption. The firm has launched a comprehensive crypto‑inventory, built crypto‑agility into its systems, and begun hybrid testing of NIST‑standardized PQC algorithms. By...
Your MCP Server Is a Resource Server Now. Act Like It.
The March 26 2025 revision of the MCP specification reclassifies MCP servers as OAuth 2.0 resource servers, demanding a formal identity layer. The article walks through building an identity gateway that uses Keycloak, Maverics, OPA policies, and RFC 8693 token‑exchange to give Claude‑style AI...
$3.6 Million Stolen in Bitcoin Depot Hack
Bitcoin Depot, the largest U.S. Bitcoin ATM operator, disclosed that hackers stole roughly 50.903 BTC, valued at about $3.6 million, after breaching its corporate IT systems on March 23. The company says the intrusion was limited to internal wallets and did not affect...
NCSC Warns of Russian Cyber Hijack Threat
The UK National Cyber Security Centre (NCSC) warned that Russian state‑linked group APT28 is hijacking popular routers such as TP‑Link and MikroTik to reroute internet traffic through malicious DNS servers. By compromising these devices, the group conducts man‑in‑the‑middle attacks that...
AI Agent Intent Is a Starting Point, Not a Security Strategy
Token Security’s research reveals that 65% of agentic chatbots retain live access credentials despite never being used, and 51% of their external actions depend on hard‑coded keys. The study highlights how AI agents are treated as disposable experiments, creating orphaned...
Asqav: Open-Source SDK for AI Agent Governance
Asqav is an open‑source Python SDK that cryptographically signs every autonomous AI agent action using the quantum‑safe ML‑DSA‑65 algorithm and links entries in a tamper‑evident hash chain. The toolkit integrates with five popular agent frameworks—including LangChain and OpenAI Agents—and offers...
When “Opportunity” Knocks, Don’t Answer.
In this episode of Hacking Humans, Dave, Joe, and Maria dissect two major social‑engineering threats: a LinkedIn‑based phishing campaign that uses urgent “business opportunity” emails and look‑alike login pages to harvest credentials, and a $20 million Everest‑guide scam where climbers are...
Hong Kong Police Arrest Man Suspected of Stealing 56,000 Hospital Authority Patients’ Personal Data
Hong Kong police arrested a 30‑year‑old contractor employee suspected of downloading personal data of more than 56,000 Hospital Authority patients. The breach, traced to two contractor offices in the New Territories, involved surgical‑procedure details but not full medical records. Authorities...
Phishers Sneak Through Using GitHub and Jira’s Own Mail Delivery Infrastructure
Security researchers at Cisco Talos have uncovered a new phishing vector that hijacks the native notification systems of SaaS platforms such as GitHub and Atlassian Jira. By embedding malicious text in commit summaries or Jira project fields, attackers trigger automatic...
Prompt Injection Tags Along as GenAI Enters Daily Government Use
State and territorial governments are now using generative AI (GenAI) in everyday workflows, with 82% of CIOs reporting daily usage—a jump from 53% a year earlier. As adoption expands, the Center for Internet Security warns that prompt injection—malicious instructions hidden...
Do Not Be Surprised if LessWrong Gets Hacked
The LessWrong admin warns that the platform’s security posture favors speed over hardened protection, making it vulnerable to the wave of AI‑driven cyber attacks highlighted by Anthropic’s Mythos zero‑day disclosures. Users are urged not to store sensitive information such as...
AusPost Warns of Growing Online Scam Threat
Australia Post warns that scams targeting sellers on online marketplaces have surged, with more than 2,500 reports this year. Fraudsters pose as buyers on platforms like Facebook Marketplace, sending fake QR codes or links that mimic Australia Post’s courier service...
Quantum-Secure Satellite Communications and the Future of Protected Networks
Quantum‑secure satellite communications are transitioning from concept to early service architecture, using quantum key distribution from orbit to protect high‑value links. Government programs such as ESA’s SAGA, the QKDSat‑Redwire partnership, and Canada’s QEYSSat illustrate strategic investment driven by sovereignty and...
What’s A Law Firm to Do when Client Files Leak on the Dark Web
Law firms are confronting a new wave of data breaches where attackers exfiltrate entire client files and publish them on the dark web. The leaks often include sealed court filings and privileged communications, magnifying legal and reputational risks. Drawing on...
Cloudflare Sets 2029 Goal for Full Post‑Quantum Security Across All Services
Cloudflare announced it will achieve full post‑quantum security, including authentication, by 2029 after recent quantum‑computing breakthroughs. The move comes as the company sees over 65% of traffic already using post‑quantum encryption and as cybersecurity spending is projected to hit $320 billion...
SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln;
In this 7‑minute Stormcast episode, Johannes Ulrich discusses three security topics: attackers fingerprinting medium‑interaction honeypots by using obvious usernames like "honeypot" to confirm they’re not real systems; Microsoft’s recent suspension of developer accounts for privacy‑focused projects such as WireGuard, Veracrypt,...
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
A tentative cease‑fire between Iran, the United States and Israel is unlikely to halt cyber attacks from Iran‑linked groups. Pro‑Iranian hacktivist collective Handala announced it will pause attacks on U.S. targets but continue striking Israel, warning it will resume U.S....
Fake QR Codes Make for Easy Scams – Be Careful What You Scan Out There
QR codes have become ubiquitous for payments, menus, and transport, but their convenience also makes them a prime vector for scams. Cybercriminals employ "quishing"—QR‑based phishing—to redirect users to counterfeit login or payment sites, often by overlaying fake stickers on legitimate...
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Russian GRU‑backed APT28, also known as Fancy Bear, has been exploiting long‑standing bugs in consumer‑grade SOHO routers such as MikroTik and TP‑Link to intercept web traffic worldwide. By reconfiguring DNS settings on compromised devices, the group silently siphons email credentials and...
Mythos Brings Scalable Security, Not Full VM Replacement
I’m excited about Mythos. We have been asking for scale in security for years and we are getting glimpses of it. I sincerely doubt it will replace all of vulnerability management or vulnerability research but it probably will do a...
Use Android to Detect Hidden AirTag Trackers
Are you concerned that you might have an unknown tracking device like an Apple AirTag tucked into your car or luggage? It's possible, unfortunately. The good news is that your Android phone can help you find it. Here's how: https://t.co/uAmYvBznkv...
Stateless Hash-Based Signatures for AI Model Weight Integrity
Enterprises deploying AI agents with Model Context Protocol (MCP) must test cryptographic safeguards in realistic cloud sandboxes. Simulating post‑quantum algorithms such as Kyber and Dilithium on high‑entropy instances reveals significant CPU and latency overhead, especially under heavy agent loads. Proper...
Human Vulnerabilities Can't Be Pre‑patched; Bio Defense Lags Cyber
With bio the problem is harder than with cyber. You can patch up vulnerabilities before anyone tries to attack them. Human vulnerabilities can't be patched up in advance; the "defense" always moves second.
Reset All Trading Passwords, Revisit in August
So.... Change the passwords to all our trading and charting accounts and come back in August? 😅
OCR Releases Risk Management Video
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released a new video that explains the HIPAA Security Rule’s risk‑management requirement. The presentation, led by senior cybersecurity advisor Nicholas Heesters, expands OCR’s earlier Risk Analysis...
AI May Aid Defenders, Yet Empower Attackers During Transition
Yes, I think in equilibrium, AI favors cyber defense, because an AI can go over all the code and find all the weak spots and patch them up. But in the transition period, it could favor the attacker, if AI-generated...
✨🛡️ The Mythos Opportunity: The Best Cyber-Firewall Is the One that Thinks
Anthropic introduced Mythos, an AI model that excels at discovering software vulnerabilities, but chose not to commercialize it. Instead, the firm gathered over 40 technology and finance companies into the Project Glasswing consortium to use Mythos for proactive bug hunting....
AskPayroll Launches AI‑powered Payroll Copilot, Promising Secure, Compliance‑focused Automation
AskPayroll introduced its AI‑powered payroll copilot in beta today, offering a privacy‑first, compliance‑centric assistant built for Canadian payroll teams. The solution keeps all data within the client’s environment and is slated for a full launch in June 2026, positioning it...
The Free Ticket You Just Got Offered to Mumbrella360 Is Not Legitimate
Mumbrella has warned that a phishing email offering a free ticket to its Mumbrella360 conference is fake. The scam uses the sender name “The Mumbrella Team” and the address messaging-service@post.xero.com, with the subject line “Your Complimentary Mumbrella360 Ticket.” Recipients are...