Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Linux's Second-In-Command Turns To New Fuzzing Tools For Uncovering Kernel Bugs
Linux stable kernel maintainer Greg Kroah‑Hartman has introduced a new fuzzing suite called gregkh_clanker_t1000 to hunt for kernel defects. The tool was first exercised on the ksmbd/SMB code and quickly expanded to patches affecting USB, HID, F2FS, LoongArch, Wi‑Fi, LEDs and other subsystems. Over the past 48 hours, dozens of bug‑fix patches bearing the “Assisted‑by: gregkh_clanker_t1000” tag have landed on his gregkh.git/clanker branch. While the tooling appears highly effective, its source has not been publicly released.
Acronis MDR by TRU Brings 24/7 Managed Detection and Response to MSPs
Acronis unveiled Acronis MDR by Acronis TRU, a 24/7/365 managed detection and response service tailored for managed service providers. The offering combines endpoint detection, rapid threat containment, patch management, and built‑in business continuity in a single platform. MSPs can now deliver...
How to Unlock Possibilities Through Data Privacy Enhancing Technologies
Singapore’s Infocomm Media Development Authority and Personal Data Protection Commission have launched the nation’s first Privacy‑Enhancing Technologies (PET) sandbox, signaling a regulatory push for secure data innovation. In the Philippines, Aboitiz Data Innovation introduced Parlay, a cloud‑based data exchange platform...
Threat Cluster Launches Extortion Campaign Using Social Engineering
Google Threat Intelligence Group uncovered a financially motivated threat cluster, UNC6783, running a social‑engineering extortion campaign. The group compromises business‑process outsourcers and targets help‑desk staff to gain footholds in client networks. Attackers deploy fake live‑chat Okta pages and phishing kits...
Civil Service Pension Scheme: Capita Confirms Data Breach
Capita, the contractor overseeing the Civil Service Pension Scheme, confirmed a data breach on its portal that exposed personal Annual Benefit Statements of 138 members to other scheme participants. The breach was identified quickly, prompting the suspension of the ABS...
NASA’s New Moon Base Project Requires Operational Technology Systems in Space, but They Are Vulnerable.
NASA Administrator Jared Isaacman announced a $20 billion Moon‑base program, shifting from a lunar‑orbit station to a surface settlement. The plan, timed against China’s 2030 lunar landing goal, includes robotic landers, drones, and a future nuclear power plant. Experts warn the...
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
Rapid7 Labs identified seven new BPFDoor variants that embed Berkeley Packet Filter code in the Linux kernel, allowing the backdoor to remain hidden in telecom environments. The malware now employs a stateless command‑and‑control model, treating the source of a specially...
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
Researchers at Cyera disclosed CVE‑2026‑34040, a critical Docker Engine flaw that lets attackers bypass authorization plugins by sending API requests larger than 1 MB. The daemon processes the full payload while the plugin sees a truncated request, enabling creation of privileged...
Zero‑click Grafana AI Attack Can Enable Enterprise Data Exfiltration
Security researchers have uncovered GrafanaGhost, a chained exploit that leverages indirect prompt injection in Grafana’s AI dashboards to exfiltrate sensitive enterprise data without user authentication. The attack persists malicious prompts, tricks the AI model into generating outbound image requests, and...
North Korean Agents Embedded in 40+ DeFi Platforms for Nearly a Decade: Taylor Monahan
Security researcher Taylor Monahan revealed that North Korean actors, linked to the Lazarus Group, have been embedded in more than 40 decentralized finance (DeFi) platforms for almost ten years. The disclosure ties the recent $280 million Drift Protocol exploit to this...
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
Security researchers have identified a campaign that scans cloud IP ranges for exposed ComfyUI instances—a popular Stable Diffusion UI—and hijacks them for cryptocurrency mining and proxy botnet operations. The Python‑based scanner exploits a misconfiguration in custom nodes to achieve unauthenticated...
AI Is Reshaping Cyber Risk. Boards Need to Manage the Threat.
AI‑enabled cyber attacks now cost an average $4.88 million per breach and have surged 44% in a single year, while 77% of organizations still lack basic AI security practices. The article argues that traditional VUCA thinking no longer fits; instead, a...
Cyberattack Hits Northern Ireland’s Centralized School Network, Disrupting Access for Thousands
A cyberattack on Northern Ireland’s centralized C2K school network forced the Education Authority to shut down access for hundreds of thousands of pupils and teachers. The breach, discovered last week, prompted immediate containment actions, including system shutdown and collaboration with...
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
Keeper Security’s new report, presented at RSA 2026, reveals that companies are rapidly deploying AI agents and other non‑human identities (NHIs) without adequate security controls. Nearly half of surveyed firms give AI‑powered tools access to critical data, yet 76% lack...
AI-Enabled Device Code Phishing Campaign Exploits OAuth Flow for Account Takeover
Microsoft Defender Security Research uncovered an AI‑enabled phishing campaign that weaponizes the OAuth Device Code Authentication flow to hijack organizational accounts. The attackers automate live device code generation, bypassing the standard 15‑minute expiration and multi‑factor authentication by decoupling the user’s...
AI Coding Surge Overwhelms Security Review Capacity
Vibe coding security risks (based on the sheer amount of new code being introduced at companies) -> The rapid adoption of AI coding tools has let workers generate massive volumes of code, leaving companies scrambling to review and secure the...
Everyday Devices and Fiber Optics Can Spy on You
Interesting new attack. Your house is probably full of embedded devices that can be hacked at will, open mics in sensitive areas, and cellphones that continuously monitor your speech. And it turns out that even the raw fiberoptic cable can...
Your Keys to Secure Password Management—Included with Zoho Workplace
Zoho has added its password manager, Zoho Vault, to the Zoho Workplace suite at no extra cost. The integration lets teams generate, store, autofill and securely share passwords while providing role‑based access controls and real‑time security alerts. By backing up...
Fake Gemini Npm Package Steals AI Tool Tokens
Hackers published a counterfeit npm package named gemini‑ai‑checker, posing as a Google Gemini token verifier, to hijack developers' AI coding environments. The package contacts a Vercel‑hosted endpoint during installation, retrieves an obfuscated JavaScript backdoor, and executes it in memory, stealing...
Load Shedding and Request Prioritization: Keeping Critical Flows Alive During Outages
A sudden bot flood of 50,000 requests per second can cripple a payment processing service, inflating response times from 50 ms to eight seconds and exhausting CPU and database connections. Load shedding counters this by proactively rejecting low‑priority requests once system...
The Hidden Cost of Recurring Credential Incidents
Recurring credential incidents impose hidden operational costs beyond headline breach expenses. IBM reports the average breach cost $4.4 million, yet everyday password resets represent up to 30 % of help‑desk tickets, each costing roughly $70. Weak policies and forced periodic changes drive...
GPUBreach Exploit Uses GPU Memory Bit-Flips to Achieve Full System Takeover
Researchers unveiled GPUBreach, a novel GPU Rowhammer attack that flips bits in GDDR6 memory to corrupt GPU page tables and achieve full system compromise. By chaining arbitrary GPU memory reads/writes with driver‑level bugs, an unprivileged CUDA kernel can elevate privileges...
CII Reveals ‘Labelling Problem’ as Barrier to Effective Vulnerability Management
The Chartered Insurance Institute’s new Road to Consumer Trust report flags the industry’s “labelling problem” – advisers avoid recording client vulnerability because it triggers extra compliance steps. CII proposes a proportionate, practical approach that aligns FCA Consumer Duty expectations with...
Cybersecurity Unicorn Torq Is in Talks to Acquire This AI Startup for $50 Million
Cybersecurity unicorn Torq, valued at $1.2 billion after a $140 million funding round, is in advanced talks to acquire Boston‑based AI security assistant Jit for about $50 million. The deal would merge Torq’s large security command center with Jit’s automated tools to create...
Quantum Penetration Testing: Are We Ready Yet?
Is It Time For A Quantum Penetration Test? by J Nathaniel Ader @Forbes Learn more: https://t.co/CodfvKavfv #QuantumComputing #EmergingTech #Technology #Innovation #Tech https://t.co/rKyowhOBLq
FIRESIDE CHAT: Geopolitical Turmoil, Rising AI Risk Add a New Layer to Enterprise Cyber Defense
At RSAC 2026, enterprise security leaders highlighted a dual crisis: a surge of unsanctioned AI tools and growing geopolitical distrust of U.S.-controlled cloud services. Skyhigh Security’s Sanjay Castelino reported that European firms are reassessing reliance on American cloud infrastructure, demanding...
Airrived Named Among Only 11 Startups in Gartner’s “Emerging Tech: AI Vendor Race — Startups to Watch in Agentic AI”
Airrived has been named one of only 11 startups in Gartner’s March 2026 report on emerging agentic AI, standing out as the sole company purpose‑built for cybersecurity and IT operations. The Gartner evaluation covered 129 startups, and Airrived’s Agentic OS platform...
Data Breach Exposes Jones Day Client Files After Ransomware Threat
Jones Day disclosed a data breach that exposed confidential client files after a ransomware threat forced the firm to shut down parts of its network. The intrusion, discovered in early April 2026, affected both internal documents and client communications, prompting...
FCC Proposes Extending Ban on Chinese Networking Gear to All Products
The Federal Communications Commission has issued a proposal to expand its existing ban on Chinese networking gear, covering not only new models but also equipment previously authorized. The move targets Huawei, ZTE, Hikvision, Dahua, Hytera and other firms, prompting comments...
Family Firms More Exposed To Cybersecurity Risks
Family businesses are increasingly exposed to the same cyber threats as large corporations, yet many still treat security as a technical afterthought. High trust, legacy technology, and informal governance create unique vulnerabilities that can lead to insider breaches and ransomware...
Metro Cities Halt Flock Safety License‑Plate Readers Amid Privacy Outcry
Dunwoody, Georgia, and several other U.S. cities have voted to defer renewal or shut down Flock Safety’s automated license‑plate‑reader cameras after residents raised privacy and security concerns. The move puts roughly $860,000 of recent municipal spending under review and signals...
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers have revived the ClickFix social‑engineering scheme to drop a sophisticated Node.js‑based remote access Trojan on Windows machines. The campaign uses a fake CAPTCHA page to execute a Base64‑encoded PowerShell command that silently installs a malicious MSI containing a full...
Google Says Quantum Computer Could Crack Bitcoin in Under 9 Minutes, Prompting Urgent Security Push
Google researchers released a whitepaper indicating that a sufficiently powerful quantum machine could derive a Bitcoin private key in under nine minutes, with a 41% success probability. The finding compresses the timeline for a practical quantum attack to as early...
Fake Buffett, Real Reputation Risk: How Deepfakes Are Reshaping the Cyber Landscape
In November 2025 a TikTok video featuring a hyper‑realistic deepfake of Warren Buffett promoted crypto giveaways, exposing how synthetic media can be weaponized for fraud. The clip amassed over 17,000 subscribers before the deception was uncovered, highlighting the speed at...
Supply Chain Security Is Now a Board-Level Issue: Here’s What CSOs Need to Know
Supply chain security has moved from a niche technical issue to a board‑level priority, driven by stringent regulations like the European Cyber Resilience Act and U.S. EO 14028. Open‑source components now appear in 97% of commercial applications, with 86% harboring vulnerabilities,...
Hong Kong Police Can Force You to Reveal Your Encryption Keys
Hong Kong police have gained the legal authority to compel individuals to disclose encryption keys for computers, phones, hard drives and other devices under a revised National Security Law framework. The power extends to anyone transiting the city’s airport, and...
Every Encryption System Needs a Cryptography Bill of Materials
Cybeats Blog | Cryptography Bill of Materials (CBOM): Why Every Encryption Ecosystem Needs One https://t.co/DGQpWfPZ3F
Infinite Electronics Facility Earns CMMC Level 2
Infinite Electronics announced that its Hayden, Idaho facility has earned Cybersecurity Maturity Model Certification (CMMC) Level 2 after a third‑party audit. The certification validates compliance with all 110 NIST SP 800‑171 controls required to protect Controlled Unclassified Information and Federal Contracting Information....
Cloudflare and GoDaddy Ink Partnership to Rein in AI Agents Reshaping Web Traffic
Cloudflare and GoDaddy announced a partnership that extends Cloudflare’s AI traffic‑control suite to GoDaddy’s roughly 20 million small‑business websites. The deal adds the Web Bot Auth system, which uses cryptographic verification to let legitimate bots prove their identity while blocking impersonators....
As Breakout Time Accelerates, Prevention-First Cybersecurity Takes Center Stage
Cyber attackers are leveraging AI to accelerate ransomware and lateral movement, cutting average breakout time to about 30 minutes—29% faster than a year ago. Roughly 80% of ransomware‑as‑a‑service groups now embed AI or automation in their kits, enabling rapid credential...
Cloud-First Vs. Sovereign-First: Navigating the Trade-Off
Enterprises are increasingly adopting sovereign cloud solutions to meet data‑residency mandates, mitigate geopolitical risk, and reduce reliance on foreign cloud providers. Gartner defines sovereign cloud as locally hosted services that ensure legal and operational autonomy, a definition echoed by Forrester...
U.S. CISA Adds a Flaw in Fortinet FortiClient EMS to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet FortiClient EMS vulnerability CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated 9.1 on the CVSS scale, enables unauthenticated attackers to bypass authentication via an API and...
Open‑source Tool Simplifies SOC 2, ISO 27001, HIPAA, GDPR Compliance
Comp AI: The open-source way to get compliant with SOC 2, #ISO27001, #HIPAA and #GDPR https://t.co/mvwHwvS9mu https://t.co/q7t0s2qhc4
SEALSQ and IC’Alps Achieve Key Common Criteria Certification Steps
SEALSQ Corp and its subsidiary IC’Alps announced major progress in their Common Criteria (CC) security certification programs. Independent evaluator SERMA confirmed that the QS7001 Secure Element achieved a PASS on fault‑injection and side‑channel resistance tests, moving the platform toward full...
Comp AI: The Open-Source Way to Get Compliant with SOC 2, ISO 27001, HIPAA and GDPR
Comp AI launches an open‑source compliance platform that automates SOC 2, ISO 27001, HIPAA and GDPR readiness. The tool combines an AI‑driven policy editor, automated evidence collection, and a device‑agent that monitors encryption, antivirus, password and screen‑lock settings. Core code is released...
ICO Urges Parents to Treat Online Privacy Like Road Safety
The UK Information Commissioner’s Office has launched the “Switched on to Privacy” campaign, urging parents to treat children’s online privacy with the same vigilance as road safety and stranger danger. New research of 1,000 parents shows 75% fear their kids...
Maidar Secure, Strike48 Bring Agentic AI to the SOC
Maidar Secure has teamed up with Strike48 to embed the latter’s agentic AI platform into its managed security services and SOC operations. The integration promises autonomous threat detection, real‑time attack simulation and machine‑speed incident response, turning traditional reactive defenses into...
I2P Vs. Tor: Defeating Global Adversary Deanonymization of Your Bitcoin Node.
The post argues that routing Bitcoin node traffic solely through Tor no longer guarantees anonymity against modern Global Passive Adversaries (GPAs). It explains how state‑level actors can use timing and traffic‑correlation attacks to link transactions to a user’s physical IP....
Germany Names Suspected Leader of REvil and GandCrab Ransomware Gangs
German authorities have identified a 31‑year‑old Russian, Daniil Maksimovich Shchukin, as the suspected leader of the REvil and GandCrab ransomware gangs. The BKA says he directed at least 130 attacks in Germany from 2019‑2021, extorting roughly €2 million (about $2.1 million) and...
![Who’s Logging In? [OMITB]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Who’s Logging In? [OMITB]
In this episode of Only Malware in the Building, host Selina Larson and guests Keith Malarski and Dave discuss the rapid rise of identity‑based attacks, noting that identity‑related root causes now outpace traditional malware. They cite recent reports from Sophos,...