Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Google API Keys Quietly Gain Access to Gemini on Android Devices
A flaw in Google’s API‑key system automatically grants Gemini AI access to any key once the service is enabled, exposing Android apps to unauthorized use. CloudSEK’s analysis of 10,000 apps uncovered 32 active keys in 22 applications that together have over 500 million installs. Exploited keys have already generated up to $128,000 in unexpected charges and allowed retrieval of private user audio files. Google has not commented, and experts urge immediate key rotation and tighter scoping.
Hackers Steal and Leak Sensitive LAPD Police Documents
Hackers infiltrated the Los Angeles Police Department’s internal network and exfiltrated thousands of sensitive files, including officer personnel records, internal‑affairs investigations, and unredacted discovery documents. The data was posted online by the Distributed Denial of Secrets platform, which identified the...
ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet
A new campaign is hijacking publicly exposed ComfyUI instances—an open‑source UI for stable diffusion models—to run illicit cryptocurrency mining and proxy botnet operations. Threat actors scan cloud IP ranges with a custom Python tool, exploiting unauthenticated deployments to execute malicious...
Synthetic Identities And Malicious Bots Boost Fraud Attacks, LexisNexis Says
LexisNexis Risk Solutions reports synthetic‑identity fraud as the fastest‑growing fraud type in 2025, representing 11% of global fraud—a rise eight‑fold from 2024. The surge is driven by criminals using generative AI to craft realistic identities, especially in Latin America, which...
Coding Agents Enable Cheaper, Faster Software Hardening
"I think we’re going to see a lot more reimaginings, where people attack old problems with modern tactics. Coding agents lower the costs of taking on stalwarts and raise our ability to rapidly harden our software." https://t.co/rDAftsXXKe < I like...
Telenor Facing Legal Action over Myanmar Claims
Telenor is facing a Norwegian class‑action lawsuit filed by the Justice and Accountability Initiative on behalf of Myanmar customers, accusing the telecom of handing over user data and surveillance technology to the military junta. The suit alleges that at least...
Telenor Sued Over Claims It Exposed Myanmar Customers to Junta Repression
A Swedish non‑profit has filed a class‑action lawsuit in Norway on behalf of more than 1,200 Myanmar citizens whose call‑log and location data were allegedly handed to the military junta by Telenor’s local subsidiary. The complaint seeks €9,000 (about $10,500)...
Quantum Threat Looms: Upgrade Cybersecurity Now
Quantum computing is coming. And it will challenge current cybersecurity. Even if quantum-ready machines are 5–10 years out, moving to quantum-safe systems can’t wait. https://t.co/WhtoSQvyc4
Aztec - Privacy as a Native Execution Layer
Aztec unveiled its Alpha Network on March 31, 2026, a Layer‑2 solution that embeds private execution, identity, and data directly into the contract layer using its Noir programming language. The network enables developers to label functions as public or private,...
Stopping Remote Support Ransomware Footholds Before Attack
Great post here and read from @Binary_Defense and a real-life story and breach we prevented at a customer. Remote Support to Ransomware Foothold: Stopping a Pre-Ransomware Intrusion https://t.co/xUGW63zCeL #BinaryDefense
Timor-Leste Is Vulnerable to ‘Infiltration by Foreign Organized Crime’, President José Ramos-Horta Says
Timor‑Leste’s president José Ramos‑Horta warned that the island nation is vulnerable to infiltration by foreign organized crime. Australian Federal Police have deployed digital‑forensics and cyber experts to help local law enforcement after a December 2025 visit. A joint Guardian‑OCCRP investigation linked...
Most CISOs Ignore Mythos Alerts; Threats Arrive Within Nine Months
Curious how many large organization CISO offices have taken the Mythos red team reports as the red alert that it is. (I suspect very few) Based on historical trends in AI they have, at most, about six to nine months until...
Latest $285M Crypto Hack Suggests Next Major Exploit Could Come From ‘Compromised’ Developers
On April 1, Drift Protocol halted deposits after a coordinated attack that siphoned roughly $285 million in a 12‑minute drain. investigators linked the breach to the same actors behind the October 2024 Radiant Capital hack, identifying a social‑engineering campaign that compromised multisig signers...
Alarm in Health Service over Palantir Staff Being Given NHS Email Accounts
Health service staff are alarmed after Palantir engineers were given NHS.net email accounts, granting them access to a directory of up to 1.5 million NHS employees. The access accompanies Palantir's £300 million ($380 million) contract to deliver its Federated Data Platform, which promises...
Sensitive LAPD Materials, Including Officer Personnel Files, Leaked in Suspected Hack
A suspected hack of the Los Angeles city attorney’s office exposed a massive trove of LAPD records, including officer personnel files and Internal Affairs investigation documents. Approximately 7.7 terabytes of data and more than 337,000 files were made available for download,...
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Pluralsight unveiled SecureReady, an end‑to‑end cybersecurity skill development platform aimed at closing talent gaps for CISOs and IT leaders. The solution pairs a constantly refreshed library of on‑demand courses with more than 350 hands‑on labs and expert‑led seminars, releasing new...
Is a $30,000 GPU Good at Password Cracking?
The article tests whether a $30,000 AI‑grade GPU can outpace a high‑end consumer card in password cracking. Using Hashcat, Specops benchmarked Nvidia's H200, AMD's MI300X, and the RTX 5090 across MD5, NTLM, bcrypt, SHA‑256 and SHA‑512 hashes. The RTX 5090 consistently delivered...
Content Security Policy Drift in Salesforce Lightning: Engineering Stable Embedded Integration Boundaries
Salesforce Lightning embeds external CTI frames via iframes that depend on Content Security Policy (CSP) settings. Because CSP is evaluated at runtime, any change in the external vendor’s CDN or redirect path can cause the frame to be blocked, even...
Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates
Microsoft abruptly terminated the account VeraCrypt’s developer, Mounir Idrassi, used to sign Windows drivers and bootloaders, leaving the project unable to publish Windows updates. Idrassi received only a generic verification‑failure notice and no prior warning, despite the account being active...
Prepare Now: Inventory, Automate Patching, Build Playbooks, Review Insurance
What to do NOW to get ready for the influx of #AI security risks 1. Document your entire inventory/topology 2. Build automation for patching and updates 3. Create incident playbooks - engage legal, train leadership and customer facing teams 4. Review insurance...
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
Russian state‑linked group APT28 has launched a spear‑phishing campaign that deploys a new malware suite called PRISMEX. The operation, active since September 2025, exploits freshly disclosed zero‑days CVE‑2026‑21509 and CVE‑2026‑21513 to infiltrate Ukrainian government agencies, logistics firms and NATO‑affiliated entities. PRISMEX...
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Iran‑affiliated advanced persistent threat actors have begun disrupting U.S. critical infrastructure by exploiting internet‑exposed programmable logic controllers, especially Rockwell Automation/Allen‑Bradley devices. The campaign, launched after a U.S.–Israel strike on Iran, manipulates PLC project files and SCADA displays, causing operational downtime...
API Security Risks Rise as AI Adoption Accelerates
Enterprises accelerating AI and autonomous agents are exposing APIs as a critical attack vector, according to Salt Security’s first‑half 2026 report. Nearly half of organizations (47%) have paused AI rollouts over security concerns, while 32% reported API‑related incidents in the...
US Cyber Breach Costs Hit Record $10.2 Million as AI Accelerates Attack Timelines
The 2026 Chubb Cyber Claims Report shows U.S. data‑breach costs soaring to $10.2 million on average in 2025, more than twice the global figure. AI‑powered malware now compromises networks in minutes, while AI‑driven defenses have kept incident frequency steady in some...
Behind the Investment: Linx
Linx Security announced a $50 million Series B round led by Insight Partners, Index Ventures and Cyberstarts. The AI‑native identity governance platform tackles the growing gap between human users and non‑human identities such as service accounts and AI agents. By leveraging an...
10 ChatGPT Prompts L1 SOC Analysts Can Use in Their Daily Work
The article lists ten ready‑to‑use ChatGPT prompts that help Level‑1 SOC analysts automate repetitive tasks such as alert summarization, log analysis, triage checklist creation, case note drafting, and executive‑level reporting. Each prompt is designed to turn raw security data into...
Iowa AG Files Lawsuit Against Change Healthcare over 2024 Data Breach
Change Healthcare, a UnitedHealth Group subsidiary, faces a lawsuit filed by Iowa Attorney General Brenna Bird alleging violations of state consumer‑protection and data‑security laws. The suit stems from a February 2024 breach that went undetected for ten days, exposing Social...
The AI Model that Can Hack Anything, and Why You Can't Use It
Anthropic announced Claude Mythos Preview, a new AI model that can autonomously discover and exploit software vulnerabilities at unprecedented rates. In internal tests Mythos achieved over 84% successful exploit outcomes, dwarfing the 14% rate of its predecessor Opus 4.6 and finding...
Act-of-War Clauses Cloud Cyber Insurance Coverage
Geopolitical tensions are prompting insurers to insert act‑of‑war exclusions into cyber policies, a provision traditionally used in homeowners and travel insurance. The language lags behind the rapid evolution of cyberwarfare, leaving companies uncertain whether state‑sponsored attacks are covered. Lawyers and...
Anthropic's Zero Day Machine "Mythos" Triggers Hype, Criticism
Anthropic announced Mythos, an unreleased frontier model it says can automatically uncover zero‑day software vulnerabilities far beyond its Opus 4.6 system. The company claims the model’s potency is so high it cannot be released publicly yet. Critics argue the assertions lack...
512,000 Lines of Leaked Code Reveal the Lock-In Strategy Coming for Your AI Stack
The episode dives into the recent Anthropic Claude code leak, emphasizing that the most consequential element is the hidden "Conway" always‑on agent and its companion environment, Funway, rather than the raw source code. These components form a standalone agent platform...
When the Levee Breaks: Managing Cybersecurity Threats During Natural Disasters
Utility firms face a surge in cyber threats when natural disasters strain resources and distract staff. Experts recommend year‑round phishing awareness, a unified monitoring dashboard, and automated behavioral alerts to keep attackers at bay. Robust incident and disaster response plans,...
Quantum Computers Could Crack Bitcoin by 2030, Experts Warn
Google researchers and Nobel‑winning physicist John M. Martinis say a cryptographically‑relevant quantum computer could break Bitcoin's elliptic‑curve signatures within minutes, potentially as early as 2030. The findings revive a long‑standing debate over whether Bitcoin can upgrade to post‑quantum security before a...
Iran‑Linked Hackers Exploit Rockwell Automation PLCs, Disrupt U.S. Critical Infrastructure
Federal agencies including the FBI, CISA, NSA and DOE issued a joint advisory that Iranian‑affiliated advanced persistent threat actors are exploiting Rockwell Automation’s Allen‑Bradley programmable logic controllers. The activity has already caused operational disruptions and financial loss across energy, water,...
New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing
Cybercriminals are now using QR codes in traffic‑violation phishing scams. Scammers send fake “Notice of Default” letters that appear to come from state courts and urge recipients to scan a QR code to settle an alleged $6.99 fee. The QR...
Drift Protocol Exploit Remained Undetected for 21 Days
The Drift Protocol exploiter was able to lie in wait for 21 days without triggering any alarms. 🥶 @omeragoldberg explains how 👇 https://t.co/LS7tFfc6AA
NERC Is ‘Actively Monitoring the Grid’ Following Iran-Linked Cyber Threat
The Cybersecurity and Infrastructure Security Agency (CISA) warned that Iranian‑linked hackers are exploiting programmable logic controllers (PLCs) used in U.S. power, water and government facilities. The attacks manipulate software configurations and human‑machine interfaces, causing operational disruptions and potential financial loss....
From Bytecode to Bytes: Automated Magic Packet Generation
Linux malware increasingly embeds malicious logic in classic Berkeley Packet Filter (BPF) programs, waiting for a precise "magic" packet to activate. Researchers demonstrated that symbolic execution with the Z3 theorem prover can automatically reverse‑engineer these filters and synthesize the triggering...
NWN Adds Managed Security Services With MDR Partnership, Penetration Testing, vCISO
NWN launched NWN Cybersecurity, a managed security services suite that combines in‑house penetration testing, vCISO, and MDR delivered through a partnership with Arctic Wolf. The offering integrates the AI‑driven Aurora Superintelligence platform and leverages existing Cisco and Palo Alto Networks relationships. NWN...
As Open Banking Fuels Interconnectivity, Privacy Matters More
Open banking is deepening connections between traditional banks and fintech providers, intensifying the flow of consumer data. As data sharing grows, regulators and firms are under pressure to deliver clearer, plain‑language privacy disclosures that consumers can easily locate. Javelin Strategy’s...
AI Set to Revolutionize Hacking—Follow @Adversariel
If you want to understand how AI is about to completely change hacking, follow @adversariel.
TikTok Plans Second Billion-Dollar Data Centre in Finland in Move to Store European User Data Locally
TikTok will spend €1 billion (about $1.16 billion) to build a second data centre in Lahti, Finland, adding to its European data‑sovereignty programme. The site will launch with 50 MW of power, scalable to 128 MW, and is slated for operation by 2027. The...
Modernising Governance: A Capability-Centric Approach to Legacy Mainframes
The article argues that traditional entitlement‑centric access governance for mainframe (z/OS) and IBM i systems fails because it abstracts away the business meaning of permissions. It proposes a capability‑centric model that defines access in terms of concrete business actions using...
Who Really Runs Your VPN — and What that May Mean for Your Privacy
A new analysis of 50 VPN providers reveals that the majority rely on a handful of UK hosting firms—M247, Datacamp and CDN77—and rent space in data‑center buildings owned by US giants Equinix and Digital Realty. The study shows 73% of...
Russians Hijacking Routers for Cyber Spying
Russian GRU’s 85th Main Special Service Center has been hijacking vulnerable home routers, notably TP‑Link devices, since at least 2024 by exploiting CVE‑2023‑50224. The actors reconfigure DHCP/DNS settings to route traffic through their own resolvers, enabling man‑in‑the‑middle attacks that capture...
Data Privacy Challenges in HR Technology
HR technology platforms are amassing employee data that persists far longer than needed, creating hidden privacy risks despite clean dashboards and compliance checklists. Integrations and metadata linking resurrect old complaints and personal details, often bypassing erasure requests. Internal access creep—managers,...
A String of Radio Hijacks Exposes a Deeper Broadcast Weakness
A series of radio broadcast hijacks, including the recent intrusion at Michigan's 107.7 The Bay, reveal a growing vulnerability in studio‑to‑transmitter links. The FCC’s November notice confirmed that attackers are repeatedly compromising unsecured Barix audio equipment to replace legitimate programming...
NL: Dutch Healthcare Software Vendor Goes Dark After Ransomware Attack
ChipSoft, the leading Dutch provider of hospital patient‑record software, was hit by a ransomware attack that took its website offline on April 7. The breach affects roughly 80 percent of the Netherlands’ hospitals, potentially disrupting access to electronic health records. Officials have...
Tired of Targeted Ads? This Simple iPhone Fix Stops App Tracking in Seconds.
Apple’s App Tracking Transparency (ATT) lets iPhone users block apps from accessing the advertising identifier (IDFA) and other tracking data unless they explicitly grant permission. Users can disable tracking globally or per‑app via Settings > Privacy & Security > Tracking, turning targeted ads into generic ones....
Egnyte Introduces AI Safeguards as a New Layer of AI Security for Corporate Content
Egnyte announced two major AI enhancements to its Content Cloud: AI Safeguards, a governance layer that lets IT and compliance teams control which users, groups, and files AI can access, and an AI Assistant that operates as a built‑in collaborator...