Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Feds Grade Themselves High Despite Legacy Gaps
A new EY survey shows 85 % of federal agency leaders rate their cybersecurity posture as an “A” or “B,” even though only one‑in‑five have completed a full migration to modern, secure platforms. Roughly half of AI‑driven defense projects are still stuck in pilots or planning, and many agencies remain in the planning or mid‑transformation phases for legacy replacement. While 56 % say they prioritize cybersecurity improvements, only about a third focus on supply‑chain hardening or critical‑infrastructure protection. The gap between perceived grades and actual modernization exposes a significant execution risk for the federal sector.
Malaysia Faces Structural Shift in Cyber Threats
Malaysia's cyber threat landscape is undergoing a structural shift as rapid digitization outpaces defenses. China‑linked APT groups such as APT41 and Mustang Panda are probing semiconductor and government networks, while financially motivated actors like Lazarus Group and FIN7 target banks...
Olympics Offer IR Lessons for Everyday Firms
The Milan‑Cortina Winter Olympics served as a live cyber‑stress test, exposing a 180% surge in DDoS attacks and coordinated phishing attempts. CISA officials highlighted that the same tactics used against the Games will soon target the FIFA World Cup, underscoring...
The 2026 Digital Omnibus
The European Commission’s Digital Omnibus, unveiled in November 2025, seeks to streamline the EU’s fragmented digital regulatory regime by consolidating reporting portals and aligning definitions across GDPR, the AI Act, NIS2 and DORA. Key proposals include a Single Entry Point for...
AI Cyber Arms Race Risks Global Internet Stability
It is naive in the extreme to think that a Chinese firm does not already or soon will have this capability. Engaging in an AI arms race in cyberspace may not be the wisest policy choice for either side, let...
This Brazen LAPD Hack Is a Warning for Companies. Make Sure Yours Is Secure by Taking These Simple Steps
Hackers identified as the World Leaks group breached the Los Angeles Police Department’s digital storage, stealing roughly 7.7 terabytes of data across more than 337,000 files. The leak includes sensitive law‑enforcement case files, witness information, health data and other records rarely...
LinkedIn Scanning Users' Browser Extensions Sparks Controversy and Two Lawsuits
LinkedIn is facing two class‑action lawsuits in California alleging it secretly scans users’ browsers to identify installed extensions. The suits rely on a German “BrowserGate” report by Fairlinked, which is linked to Estonian firm Teamfluence that previously sued LinkedIn for...
NetApp (NTAP) Brings Elastio and Commvault on Board for Security
NetApp announced two strategic security partnerships on March 24, embedding Elastio’s deep‑snapshot inspection into its Ransomware Resilience Service and integrating its AI‑driven ransomware detection with Commvault’s backup and recovery platform. The Elastio integration adds agent‑less, zero‑day malware detection to NetApp’s data‑protection...
Intertek and the Future of AI-Mediated Surveillance Distribution
Intertek Group plc, a FTSE 100 British multinational, has become the dominant certification gate for consumer electronics entering the United States, processing tens of thousands of product approvals annually and generating roughly $4.3 billion in revenue for 2025. The firm recently added...
Can Radware (RDWR)’s AI-Powered Security Tool Drive Boost Growth?
Radware Ltd. launched Alteon Protect, an AI‑driven security solution that combines its real‑time protection platform with on‑device enforcement to safeguard applications and APIs across cloud and on‑premise environments. The company highlighted the tool’s ability to detect and remediate threats instantly...
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic and 11 other industry leaders launched Project Glasswing, a coalition aimed at securing critical software using the new Claude Mythos Preview AI model, which claims to discover zero‑day vulnerabilities faster than existing tools. The initiative signals a potential shift...
Threat Actors Get Crafty With Emojis to Escape Detection
Threat actors are increasingly embedding emojis in malicious communications to evade detection and streamline coordination across platforms such as Telegram, Discord, and underground forums. Flashpoint’s latest analysis highlights the Pakistan‑linked APT group UTA0137 using the Disgomoji malware, which interprets simple...
How State and Local Governments Are Securing the 2026 Midterm Elections
Los Angeles County processed roughly one billion network events during the 2024 election, leveraging AI to filter threats and enforce a zero‑trust, air‑gapped architecture for vote‑counting machines. The county also deployed Cradlepoint E3000 routers with NetCloud Manager to create secure, carrier‑agnostic...
Proof's Trust Ledger Processes Over $643 B in Real‑Estate Deals, $151 B in 2025 Alone
Proof announced that its blockchain‑based Trust Ledger has secured more than $643 billion in real‑estate transactions, including $151 billion in 2025. The surge reflects growing demand for AI‑resistant identity verification as fraudsters target high‑value property deals.
Torq Eyes $50 Million Acquisition of AI Security Assistant Jit
Cybersecurity unicorn Torq is in advanced talks to acquire Boston‑based AI security assistant Jit for about $50 million. The deal would merge Torq’s command‑center platform with Jit’s automated tools, advancing both firms’ push toward “agentic security.” The transaction follows Tor0’s recent...
7.7 TB of LAPD Records Exposed in City Attorney Office Hack
Hackers breached the Los Angeles City Attorney’s office, publishing more than 7.7 TB of confidential LAPD records and internal affairs documents. The leak, affecting roughly 340,000 files, spotlights critical gaps in municipal cyber defenses and fuels political backlash against city leaders.
Vibhor Kumar: AI at the Edge, Truth in Postgres
Edge AI is maturing as latency, privacy and regulatory constraints push computation and state to the source of data. PostgreSQL 18, with async I/O, OAuth authentication, row‑level security and skip‑scan support, provides a trustworthy local ledger for these workloads. The...
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HackerOne announced on March 27 that it will pause new vulnerability submissions to its Internet Bug Bounty (IBB) program, citing an unsustainable surge of AI‑generated reports that outpace open‑source maintainers' remediation capacity. The influx has driven valid findings down from roughly...
Agencies Warn Iranian-Linked Hackers Targeting Critical Infrastructure
U.S. agencies warned that Iranian‑linked hacker groups are exploiting programmable logic controllers (PLCs) across multiple critical‑infrastructure sectors, causing operational disruptions and financial losses. The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the FBI urging immediate mitigation...
Disney, Google Seek Dismissal Of Children's Privacy Claims
Disney and Google are asking a California federal judge to dismiss a class‑action lawsuit that accuses them of violating the Children’s Online Privacy Protection Act by failing to label child‑directed YouTube videos as “Made for Kids,” which allegedly enabled targeted...
Banning New Foreign Routers Mistargets Products to Fix Real Problem
On March 23 the FCC updated its Covered List to ban all new consumer routers made abroad unless granted a Department of Defense or Homeland Security exception. The agency says foreign‑made routers create supply‑chain vulnerabilities that could threaten the U.S....
Tiny Open-Weight Models Replicate Anthropic's Vulnerability Detection
"But here is what we found when we tested: We took the specific vulnerabilities Anthropic showcases in their announcement, isolated the relevant code, and ran them through small, cheap, open-weights models. Those models recovered much of the same analysis. Eight...
New macOS Stealer Campaign Uses Script Editor in ClickFix Attack
Security researchers have identified a new macOS stealer campaign that leverages the built‑in Script Editor to deliver the Atomic Stealer (AMOS) malware. The attack uses an “applescript://” URL from fake Apple‑themed cleanup sites, launching a pre‑filled script that runs an...
I Didn't Realize How Many Ways Google Was Tracking Me Until I Checked These Settings
The article reveals how deeply Google tracks users through services like Web & App Activity, personalized ads, and third‑party app connections. It walks readers through step‑by‑step instructions to pause or delete activity logs, disable ad personalization, and revoke app permissions....
Reclaim Developer Hours Through Smarter Vulnerability Prioritization with Docker and Mend.io
Mend.io has integrated with Docker Hardened Images (DHI) to deliver a zero‑configuration solution that automatically distinguishes base‑image vulnerabilities from application‑layer risks. By leveraging Docker’s VEX (Vulnerability Exploitability eXchange) data, the platform filters out non‑exploitable and unreachable CVEs, allowing developers to...
AI Memory Becomes Critical Security Attack Surface
AI memory is becoming a management liability. We treat AI agents like Claude Code as intelligent partners, asking them to learn our habits and project context. But new research from Cisco highlights a fundamental business constraint: AI agents are currently too...
CISA Orders Feds to Patch Exploited Ivanti EPMM Flaw by Sunday
CISA has placed Ivanti Endpoint Manager Mobile (EPMM) in its Known Exploited Vulnerabilities catalog and issued a Binding Operational Directive requiring federal agencies to patch the critical CVE‑2026‑1340 flaw by April 11. The code‑injection bug enables unauthenticated remote code execution on...
Arelion Employs NETSCOUT Arbor DDoS Protection Products
Arelion, a Tier‑1 IP backbone provider serving 129 countries, has deepened its partnership with NETSCOUT to modernize its DDoS defense. After 16 years using Arbor Sightline and the Threat Mitigation System, Arelion added three NETSCOUT offerings—Sentinel, ATLAS Intelligence Feed, and...
6 Winter 2026 G2 Leader Badges Prove This DDoS Protection Stands Out
NETSCOUT’s Arbor Threat Mitigation System (TMS) captured five G2 leader badges for winter 2026, spanning enterprise DDoS protection, momentum, regional Asia, and web security categories. Its companion solution, Arbor Sightline, earned a leader badge in enterprise network management. The awards...
Claude Mythos Uncovers Decades‑Old Bugs, Shows Emergent Hacking Power
A researcher at Anthropic found out about a successful exploit when the model sent him an email. He was eating a sandwich on a bench outside. Anthropic released Claude Mythos yesterday. Beyond the engineer’s lunch, the model has the potential to...
Mythos Launch Could Trigger Ethereum Hack?
"If Mythos comes out, do you think we'll see a hack on Ethereum?" -- @austingriffith 👀 https://t.co/HJ4d0pgTJE
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Researchers have identified a new Chaos malware variant that now targets misconfigured cloud deployments, such as a deliberately vulnerable Hadoop instance. The updated 64‑bit ELF binary drops a SOCKS proxy feature while removing its previous SSH‑based spreading mechanisms. The attack...
AI Acts Like a Massive Security Fuzzer, Says Expert
This is not at all surprising to me and is what I have been working on. Last year I told an AWS VP in the security/IAM space that I see AI as a giant fuzzer. Here’s what I don’t like…comments… https://t.co/idhglMQcLQ
Offering Seed Funding for Offensive Cyber Startup via Signal
If anyone at Anthropic would like to build an offensive cyber company I will write you a seed term sheet pls find me on Signal
Why Operationalizing AI Security Is the Next Great Enterprise Hurdle
NWN announced an AI‑powered managed security operations suite built on its Experience Management Platform (EMP). The offering stitches together telemetry from Palo Alto Networks, Cisco and Arctic Wolf into a single control plane, aiming to tame the 50‑80 tool sprawl...
Ensuring Cyber Control Over Autonomous AI Systems
Maintaining cyber control when #AI can act #Autonomously by Matthew Lloyd Davies @techradar Learn more: https://t.co/0BeRyZaQ5S #CyberSecurity #Infosec #IT #Technology https://t.co/hGtv2pnZa8
Hacker Claims Breach of China's Supercomputer, Offers Data
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data https://t.co/IR3JGutX9t
Passport Numbers for More than 300,000 Leaked During December Eurail Data Breach
Eurail B.V., the Dutch‑based rail‑pass provider, disclosed a December 26 cyber‑attack that exposed personal data for 308,777 customers, including passport numbers. Hackers copied the information and posted a sample on Telegram, while offering the full dataset for sale on the dark...
How Botnet-Driven DDoS Attacks Evolved in 2H 2025
In the second half of 2025, DDoS attacks remained numerically steady but grew dramatically in scale and sophistication. AI‑enhanced DDoS‑for‑hire services enabled even non‑technical actors to launch multiterabit floods, with IoT botnets such as TurboMirai reaching 30 Tbps and 4 gigapackets per...
Open‑Weight LLMs Detect Same Vulnerabilities as Mythos
It's not just Mythos: Cheap, open-weight LLMs can find the vulnerabilities that Anthropic revealed Mythos found.
Perpetuals Launches Quantum Resilient Security Service to Strengthen Encryption Standards Across Financial Markets
Perpetuals.com Ltd announced Quantum‑Resilience‑as‑a‑Service (QRaaS), a security offering that injects quantum‑derived entropy into existing cryptographic processes for financial institutions and other high‑value users. The service integrates with RSA, AES and TLS without requiring system‑wide algorithm changes, using PCIe QRNG hardware,...
SOC2 Is an Extortion Scam Needing Disruption
What I want to see disrupted the most is SOC2. What an extortion/scam that is.
Criminals Use Emojis to Evade Dark‑Web Monitoring
Security analysts aren't scanning the dark web for emojis, allowing criminals to share messages wiithout being spotted. https://t.co/1exPH3KCtK
HaystackID Named Finalist for Intelligent Insurer’s Cyber Insurance Awards USA 2026 in Two Categories
HaystackID has been named a finalist in two categories of Intelligent Insurer’s Cyber Insurance Awards 2026, recognizing its VALID™ suite and overall cybersecurity solutions. The awards, now in their third year, spotlight firms that help insurers and insureds manage escalating...
Hack-for-Hire Spyware Campaign Targets Journalists in Middle East, North Africa
A suspected Indian‑linked hack‑for‑hire group, identified as the Bitter APT, has been deploying Android ProSpy spyware against journalists and activists across the Middle East and North Africa. The campaign, active since at least 2022, uses spear‑phishing messages from fake social‑media...
Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign
The Department of Justice and FBI announced the takedown of a Russian GRU‑run cyber‑espionage operation, dubbed Operation Masquerade, that compromised thousands of home and small‑office routers, primarily TP‑Link devices, across 23 U.S. states and abroad. The attackers, identified as the APT28/Fancy Bear...
FBI Says AI and Crypto Scams Drove $21 B in U.S. Fraud Losses in 2025
The FBI’s 2025 Internet Crime Report revealed that Americans lost $20.87 billion to fraud, a 26% jump from the prior year. AI‑generated deepfakes and cryptocurrency schemes accounted for a large share, while elder fraud topped $7.7 billion. The surge underscores growing vulnerabilities...
AI‑Generated Phishing Costs U.S. Firms $12.5 B in 2024, Prompting New Enterprise Defenses
AI‑generated phishing attacks drove $12.5 billion in losses for U.S. companies in 2024, up 25% from the prior year. IBM’s research shows generative AI can produce a convincing phishing email in minutes, accelerating the threat. CIOs are scrambling to blend technology...
Anthropic’s Project Glasswing May Not Be Enough to Prevent Model Abuse
Anthropic launched Project Glasswing, a coalition with AWS, Apple, Nvidia, JPMorgan Chase and Palo Alto Networks, to protect critical software using its Claude Mythos preview model. Mythos can autonomously discover thousands of vulnerabilities across major operating systems and browsers, highlighting...
Russian State‑Backed Fancy Bear Hijacks 18,000 Routers in 120 Countries to Steal Passwords
Russian intelligence‑linked group Fancy Bear infiltrated at least 18,000 MikroTik and TP‑Link routers in roughly 120 countries, rerouting traffic to harvest passwords and access tokens. The campaign, uncovered by Black Lotus Labs, the U.K. NCSC and Microsoft, underscores the vulnerability of...