Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors
Bluesky experienced a coordinated distributed denial‑of‑service (DDoS) attack that began early Thursday, April 17, 2026, and stretched into a second day. The flood of traffic crippled core functions such as feeds, notifications, threads, search and the Discover section, producing rate‑limit errors and blank screens. While the platform’s status page also flickered, Bluesky confirmed no evidence of unauthorized access to private user data. Engineers continue to mitigate the attack and restore full service across API servers.
He Was Laid Off, Posted on LinkedIn — Then Scammers Started Impersonating Real Recruiters to Target Him
Nick Russell posted his layoff from Epic Games on LinkedIn and was immediately swamped with recruiter messages, one of which turned out to be a scam. Cybercriminals are now hijacking real recruiters' LinkedIn profiles, referencing actual resumes and job openings,...
Commercial AI Models Show Rapid Gains in Vulnerability Research
Forescout’s Verde Labs reports that commercial AI models have closed the gap in vulnerability research, with all tested models now completing full research tasks and half generating working exploits autonomously. The most capable models, Claude Opus 4.6 and Kimi K2.5, can discover...
Capsule Security Raises $7 M to Guard AI Agents as New Privileged Users
Capsule Security, a Tel‑Aviv‑based startup, closed a $7 million seed round led by Lama Partners and Forgepoint Capital International to launch a runtime‑security platform for AI agents. The funding targets a market where more than 80% of Fortune 500 firms now deploy...
Tuta Opens Closed Beta for Quantum‑Resistant Cloud Storage Platform
Tuta announced a closed‑beta launch of Tuta Drive, a cloud storage service built with quantum‑safe cryptography, starting April 16. The invite‑only program gives early users end‑to‑end encrypted storage hosted in Germany, positioning the firm ahead of Google Drive and OneDrive...
OzCon Brings Real-World Attack Tactics to Kansas on May 18, 2026
OzCon, a one‑day cybersecurity conference, launches in Overland Park, Kansas on May 18, 2026, featuring live demonstrations of nation‑state tactics, physical and social engineering exploits, and a hands‑on Capture‑the‑Flag. Founder Renee Chronister says the event closes the gap between imagined...
Data Sharing: Is It Safe? Is It Secure? Everything You Need to Know
Salesforce’s guide explains how SMBs can share data safely by using a unified CRM platform that enforces granular permissions and AI‑driven security checks. It cites that 51% of organizations saw a rise in cyber attacks in 2025, while 80% of...
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
The U.S. Coast Guard has enacted its first mandatory cybersecurity framework for all U.S.-flagged vessels, ports and offshore facilities, with full compliance required by July 2027. Operators must create a cybersecurity plan, appoint a dedicated cybersecurity officer (CySO), conduct annual assessments...
_(1)_(1).jpg?width=1280&auto=webp&quality=80&disable=upscale)
Standard Bank Customer Data Leaked Online
Standard Bank disclosed that hackers have published a trove of customer data stolen in March, including names, ID numbers, contact details, bank account numbers and B‑BBEE classifications. The breach, claimed by the Rootboy group, involved roughly 1.2 TB of information but...
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
Researchers uncovered an SEO‑poisoning campaign that tricks users searching for the open‑source recovery tool TestDisk into downloading a trojanized installer. The fake installer is a Microsoft‑signed Setup binary that uses DLL sideloading to load a malicious autorun.dll, which then installs...
The Cyber Express Weekly Roundup: Crypto Breaches, State-Linked Schemes, and Platform Exploits
The Cyber Express weekly roundup highlighted a series of high‑profile cyber incidents. Grinex halted trading after a coordinated wallet breach that stole more than $15 million in USDT, while two U.S. citizens were sentenced for a North Korea‑linked scheme that generated...
Brussels Launched an Age Checking App. It Took 2 Minutes to Hack It.
European Commission President Ursula von der Leyen unveiled a mobile age‑verification app intended to protect minors online. Within minutes, cybersecurity researchers demonstrated that the app could be hacked, exposing hard‑coded credentials and insecure data handling. The flaws raise serious privacy...
State to Audit Ohio School Districts’ Cybersecurity Plans
The Ohio Auditor of State will launch audits of school districts' cybersecurity programs in July, as mandated by House Bill 96. The legislation requires districts to establish policies that protect data, information technology, and related resources while ensuring availability, confidentiality,...
Oklahoma State Tax Commission Fails To Notice Data Breach for 18 Months
The Oklahoma Tax Commission (OTC) experienced a data breach that went undetected for 18 months, spanning from July 2024 to December 2025. Unauthorized actors accessed W‑2 and 1099 files through the agency’s online taxpayer portal, exposing personal information. The breach was only...
Northern Ireland School IT Systems ‘Largely Restored’ After Cyber Attack
The Education Authority (EA) confirmed that the C2K network, which powers all IT services for Northern Ireland schools, has been largely restored after a cyber attack last week. The breach temporarily disabled online platforms, email, and learning management systems across...
Teen Arrested in Northern Ireland over Cyberattack on School Network
A 16‑year‑old was arrested in Portadown, Northern Ireland, on suspicion of breaching the Computer Misuse Act after a cyberattack crippled the region’s school network. The intrusion blocked access to online learning platforms used by potentially hundreds of thousands of students,...
White House Moves to Give Federal Agencies Access to Anthropic’s Claude Mythos
The White House Office of Management and Budget announced it is preparing to allow major federal agencies to use a modified version of Anthropic’s Claude Mythos AI model. Claude Mythos has demonstrated the ability to locate thousands of zero‑day vulnerabilities...
Microsoft Closes Book on Rogue Windows Server 2025 Upgrades
Microsoft finally marked the rogue Windows Server 2025 upgrade as resolved after more than a year of disruption. The unintended upgrade, which auto‑installed on many servers in 2024, was mitigated with cumulative update KB5082063. However, that same patch introduced a new...
Webinar: From Phishing to Fallout — Why MSPs Must Rethink Both Security and Recovery
BleepingComputer will host a live webinar on May 14, 2026 featuring Kaseya experts to discuss why managed service providers (MSPs) must align security and recovery strategies. The session highlights the rise of AI‑driven phishing, business‑email compromise, and targeted ransomware that...
Team Cymru Launches Total Insights Feed to Replace Legacy Threat Intelligence Lists
Team Cymru Inc. launched Total Insights Feed, a unified threat‑intelligence platform that replaces traditional indicator‑list feeds with machine‑actionable, scored data across the entire internet. The service evaluates over 57 million IP addresses and 400 million domains each day, assigning 0‑to‑100 risk scores...
In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
The Senate advanced the bipartisan Satellite Cybersecurity Act of 2025, directing the Commerce Department to create a central hub for satellite security best practices as half of commercial satellite signals remain unencrypted. Law enforcement agencies dismantled the W3LL phishing‑as‑a‑service operation...
Another Microsoft Defender Privilege Escalation Bug Emerges Days After Patch
Researchers have disclosed a new local privilege escalation exploit called “RedSun” that abuses Microsoft Defender’s handling of cloud‑tagged files to rewrite protected system binaries and gain SYSTEM rights. The proof‑of‑concept works on Windows 10, Windows 11 and Windows Server 2019+...
Embrace Soft Forks Now to Prepare Bitcoin for Quantum Threat
The most important thing for Bitcoin community to get ready for addressing the quantum threat is taking head out of sand when it comes to soft forks and start embracing them. It'll be a big change to get post quantum, so...
DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’
Operation PowerOff, a coordinated law‑enforcement effort across 21 nations, dismantled the infrastructure behind DDoS‑for‑hire services. Authorities seized 53 domains, removed over 100 URLs, and confiscated databases containing more than three million criminal user accounts. The operation led to four arrests...
Tycoon 2FA Is Down, but Not Out – Researchers Warn the Phishing as a Service Operation Is Still a Huge...
Security researchers say Tycoon 2FA attacks remain a major threat despite a law‑enforcement takedown last month. Incidents fell 77% but still top two million per month, with the service once targeting over 500,000 organizations monthly through an adversary‑in‑the‑middle proxy that stole MFA...
Mythos and Cybersecurity
Anthropic unveiled Claude Mythos Preview, an AI that autonomously discovers and exploits software vulnerabilities, but deemed too risky for public release. Access is limited to roughly 50 critical‑infrastructure firms through Project Glasswing, including Microsoft, Apple, AWS and CrowdStrike. The model...
Critical Permissions Should Never Be Auto‑Approved by LLMs
@boris_cherny Is there a way to get approve and auto accept edits back? I work on database systems my environment has very critical permissions that I just don't ever want an LLM to be able to use by itself regardless of...
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google announced that in 2025 it blocked or removed 8.3 billion policy‑violating ads and suspended 24.9 million accounts worldwide. At the same time it rolled out Android 17, which replaces the broad READ_CONTACTS permission with a granular Contact Picker and adds a one‑time...
As AI-Driven Fraud Grows More Sophisticated, Advanced Digital Defense Becomes Essential
TransUnion’s H1 2026 Top Fraud Trends report warns that AI‑driven scams are becoming more sophisticated, even as overall digital‑fraud rates dip. One in six U.S. consumers reported losing a median $2,307, with stolen‑card and fraudulent‑charge schemes accounting for a third of...
FBI and CISA Warn of Russian-Backed Phishing Campaigns Targeting Private Messaging Apps
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory this week warning that Russian intelligence‑linked hackers are conducting large‑scale phishing campaigns against private messaging apps. The attacks aim at government officials, military personnel and journalists,...
LMA Survey Shows 93% of Lloyd’s Firms Adopt AI Frameworks in One Year
The Lloyd’s Market Association reports that 93% of firms across the Lloyd’s market now have or are building formal AI frameworks, up from half a year ago. The shift, driven by generative AI tools, emphasizes governance, data security and human...
Google Agrees to $135 Million Android Data‑harvesting Settlement
Google has agreed to pay $135 million to resolve a class‑action lawsuit accusing it of harvesting data from Android devices without consent. The settlement, pending final court approval on June 23, also forces Google to revise its Play Store terms and give...
Trader Joe’s Pays $7.4 M to Settle Class Action Over Card‑Info Printed on Receipts
Trader Joe’s has agreed to a $7.4 million class‑action settlement for printing the first six and last four digits of credit‑card numbers on receipts in 2019. The deal, which could pay roughly $102 per eligible shopper, underscores heightened scrutiny of payment‑data handling...
Paramount+ Film Leak Exposes Security Gaps, Sparks Cybersecurity Scrutiny
A hacker known as @ImStillDissin posted the entire "Legend of Aang: The Last Airbender" movie online, six months before its Paramount+ debut. The leak, traced to a compromised email chain and a 4chan distribution, has forced Paramount to launch an...
Palo Alto’s Helmut Reisinger Sees a Cyber Sea Change Ahead as AI Advances
Palo Alto Networks is deepening its AI‑centric security push by joining Anthropic’s Project Glasswing, an exclusive initiative that uses Claude Mythos to uncover zero‑day vulnerabilities. The company has accelerated its platformization strategy through recent acquisitions—Protect AI, Chronosphere and the soon‑to‑close...
Kuwait Banks Deploy Real-Time War Room to Fight Growing Cyber Fraud Threats
Kuwait’s banking sector has launched a virtual war room that connects banks, the Central Bank, the Ministry of Interior and the Public Prosecution in real time. The platform instantly flags suspicious transactions, halts fund movement and initiates legal action, shifting...
Orange Rag Legal Tech Clinic: “Assume You Will Be Breached” – What Law Firms Must Prioritise Now on Cyber Risk
Legal tech expert Matthew Stringer urges law firms to assume they will be breached, emphasizing that phishing, ransomware and supply‑chain compromises are now routine threats. He highlights the sector's exposure due to valuable client data, time‑critical operations and sophisticated attackers....
GitLab 18.11 Brings Agentic AI to Security Fixes, CI Pipelines, and Delivery Analytics
GitLab unveiled version 18.11, extending its agentic AI across security remediation, CI pipeline creation, and delivery analytics. The GA Agentic SAST Vulnerability Resolution automatically generates fixes for true‑positive findings and opens merge requests with confidence scores. Two new agents—CI Expert...
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files
Cyderes uncovered a sophisticated multi‑stage campaign that distributes new malware families—Direct‑Sys Loader and CGrabber Stealer—through ZIP files hosted on GitHub. The loader leverages DLL sideloading and direct syscalls to bypass antivirus and sandbox checks, while the stealer harvests passwords, crypto‑wallet...
That Data Breach Alert Might Be a Trap
Data‑breach notifications have exploded, with over 280 million alerts sent in the U.S. last year and daily European incidents rising 22 % in 2025. Cybercriminals are exploiting this flood by sending fake breach alerts that mimic real notices, often using AI‑generated content...
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Attackers are weaponizing CVE‑2026‑39987, a pre‑auth remote code execution flaw in the Marimo Python notebook platform, to drop a blockchain‑backed NKAbuse variant. By exploiting the vulnerability within ten hours of disclosure, they gain shell access, harvest environment variables, and pivot...
Microsoft: Some Windows Servers Enter Reboot Loops After April Patches
Microsoft confirmed that certain Windows domain controllers using Privileged Access Management enter reboot loops after installing the April 2026 security update KB5082063. The LSASS crashes cause repeated restarts, disabling authentication and potentially taking the entire domain offline. Affected operating systems include...
U.S. CISA Adds a Flaw in Apache ActiveMQ to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apache ActiveMQ’s critical CVE‑2026‑34197 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, scoring 8.8 on the CVSS scale, lets an authenticated attacker exploit the Jolokia JMX‑HTTP bridge to load a...
Cursor AI Vulnerability Exposed Developer Devices
Security firm Straiker uncovered a critical vulnerability, dubbed NomShub, in the Cursor AI coding assistant. The flaw combines indirect prompt injection with a sandbox‑escape that lets attackers write files and hijack the editor’s Azure‑based remote tunnel, granting persistent shell access...
Man Gets 30 Months for Selling Thousands of Hacked DraftKings Accounts
Kamerin Stokes, a 23‑year‑old from Memphis, was sentenced to 30 months in federal prison for operating a fraud shop that sold access to tens of thousands of hacked DraftKings accounts. The accounts were compromised in a November 2022 credential‑stuffing attack...
Never Share Passwords in DMs—Verify Sender First
Twitter or X is fun but just for house keeping and safety rules, never put your password into something other than to log into the platform you need to access. Any DM message that asks you to input password, even if...
Unwanted Anonymous Email Sparks Creepy Concern
Few folks have reached out after having received this email, which is a new one for me. It's most certainly not me—it's weird and creepy and I'd really like it to stop. https://t.co/5ora12ynHG
Protecting Information at Work: Actionable Strategies for All Teams
Data protection has moved beyond the IT department to become a shared responsibility across every team and workflow. Simple, low‑cost habits—such as locking screens, using strong passwords, and shredding physical documents—can dramatically lower breach risk. Clear, jargon‑free policies and a...
Prepare for Quantum Threats Now, Not on Q-Day
Post-Quantum Readiness Starts Long Before Q-Day by Etay Maor @Forbes Learn more: https://t.co/7bXzGooAsr #EmergingTech #Innovation #Technology https://t.co/fk6CZ8LQRE
AI Overwhelms Volunteers, Echoing Past Cybersecurity Struggles
12 years ago I wrote how the internet is being protected by two guys named Steve. Today, the situation isn't all that different, except those handful of volunteers are being swamped by AI systems finding holes in our digital systems....