Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Athens, Ohio, Claws Back Half of $700,000+ Phished Away in Cyber Fraud
City of Athens, Ohio, recovered more than half of the $722,000 lost to a phishing scheme that mimicked a Pepper Construction invoice. The fraud exploited a simple typo—swapping “U” and “C” in the contractor’s email address—to divert payment to a fraudulent bank account. Athens has filed a civil suit against unknown perpetrators while U.S. Attorney David Waterman has charged two Air Force members, Chijioke Timothy Odimegwu and Harafat Mogaji, in a broader cyber‑theft case. The city hopes to reclaim the remaining funds through litigation.
Cybercriminals Accelerate: Storm-1175 Beats Patches in Days
It is not every day that a financially motivated threat actor manages to move faster than the vendors trying to secure their products. Yet that is precisely what Microsoft says Storm-1175 has been doing. The China-based cybercriminal group, closely associated...
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
Iranian‑linked threat actors launched a password‑spraying campaign against more than 300 Israeli Microsoft 365 organizations, exploiting common weak credentials. The operation, attributed to an APT group with ties to Tehran, was uncovered by security researchers who observed repeated login attempts...
A.I. Is on Its Way to Upending Cybersecurity
New AI models from Anthropic, OpenAI and others are reshaping cybersecurity as hackers begin to leverage autonomous agents that can write code and exploit systems with minimal human input. Anthropic disclosed the first known AI‑driven breach, affecting about 30 companies...
The Digital Financial Crime or Manipulation of Financial Information Indicators
Digital financial crime leverages technology to alter or conceal financial data, exposing firms to material misstatements and regulatory scrutiny. Auditors now face a growing checklist of red flags, from untimely transaction entries to unexplained credit adjustments and missing original documents....
Scammers Take Advantage of Austrian Digital ID Certificates’ Expiry
Around 300,000 Austrian ID Austria digital certificates are set to expire in 2026, prompting scammers to exploit the uncertainty with phishing texts that appear to come from the Federal Ministry of Finance. Victims who entered personal data were later contacted, convinced...
Multiple Hackers Warned Anti-Porn App Quittr About Security Issue for Months
Quittr, a self‑help app aimed at reducing pornography consumption, faced a serious security flaw in its Firebase backend that allowed unrestricted read/write access to user data. Independent researchers warned the company about the misconfiguration as early as September 2025, but...
PcTattleTale Stalkerware Maker Sentence Includes Fine, Supervised Release
A federal judge sentenced Bryan Fleming, the creator of pcTattleTale stalkerware, to supervised release and a $5,000 fine after he pleaded guilty to manufacturing a device for covert communication interception. The case marks the first stalkerware conviction since 2014, when...
ENISA Invites Feedback for EU Digital Identity Wallet Cybersecurity Certification
ENISA has launched a public consultation on a draft cybersecurity certification scheme for the EU Digital Identity (EUDI) Wallets, aiming to standardize security across member states. The consultation, which includes a webinar on April 8, 2026, invites feedback until April 30, 2026,...
Digital Identity Research Warns of ‘Password Debt’ as Enterprises Delay IAM Rollouts
Enterprises recognize identity threats but large‑scale passwordless rollouts are stalling. Hypr’s State of Passwordless Identity Assurance 2026 report shows only 43% of firms use passwordless methods while 76% still rely on passwords, with 32% citing legacy‑app incompatibility as a barrier....
Companies, Your Lack of Attention Is Disturbing
Leonard Klie reports that his work email address was harvested from the dark web, resulting in a flood of phishing and scam messages impersonating reputable brands. He finds most companies unresponsive or offering only generic advice when he forwards these...
Harvard Faces ‘Active and Specific Cybersecurity Threat’
Harvard University has identified an active, specific cybersecurity threat involving actors posing as IT staff and deploying counterfeit login portals. The campaign targets faculty, staff, and students to harvest credentials and infiltrate the campus network. Chief Information Security and Data...
North Korea’s Hijack of One of the Web’s Most Used Open Source Projects Was Likely Weeks in the Making
North Korean state‑linked hackers compromised the widely used Axios open‑source library on March 31. They spent weeks building trust through a fake company, Slack workspace, and deceptive video call, eventually delivering malware that granted remote access to the maintainer’s computer. The...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
Researchers at Cofense uncovered a new phishing campaign that disguises itself as urgent missile‑alert emails tied to the Iran‑Israel conflict. The messages, sent from a spoofed Ministry of Interior address, contain QR codes that lead victims to a counterfeit Microsoft...
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
Valley Family Health Care (VFHC) disclosed a TriZetto Provider Solutions breach on Jan. 12 that exposed the personal and health‑insurance data of 4,300 patients. In March, the cyber‑crime group Insomnia listed VFHC on a dark‑web leak, claiming more than one million...
ESET Previews New AI Security Features to Secure Chatbot Communications and AI Workflows
ESET unveiled a suite of AI‑focused security tools at RSAC 2026, slated for release later this year. The offering includes a browser‑level guard that inspects both prompts and LLM responses to block malicious links, scripts, and inadvertent data leaks. New...
Microsoft, RSA Make Identity Security Push in the Age of AI
Microsoft announced the general availability of external multi‑factor authentication (MFA) in its Entra ID platform, letting enterprises integrate third‑party MFA providers without abandoning existing setups. The feature uses OpenID Connect and sits alongside Microsoft’s native MFA within a single admin...
Pyongyang, versus Nebraska?
North Korean state‑backed group UNC1069 infiltrated the popular Axios npm package, compromising two releases that were downloaded by millions of developers. Within three hours the malicious versions infected roughly 3% of cloud environments, according to cloud‑security firm Wiz. The breach...
AI Supercharges FISA 702 Renewal, Raising Enterprise Surveillance Risks
The pending renewal of FISA Section 702, set to expire on April 20, is now being framed as an AI‑enabled surveillance tool. Experts warn that machine‑learning can accelerate mass‑data searches, heightening compliance burdens for corporations that handle foreign communications.
Wells Fargo Warns AI‑Generated Scams Surge, Threatening Payments Industry
Wells Fargo’s fraud team announced that AI‑generated phishing, deepfake and voice‑cloning attacks have exploded, driving a 466% jump in phishing reports and pushing payment‑fraud exposure to nearly four‑in‑five organizations in 2024. The bank warns that traditional detection cues are fading,...
RansomHouse Ransomware Cripples Vivaticket, Halting Louvre Ticket Sales Across Europe
RansomHouse breached ticketing platform Vivaticket, stealing personal reservation data and forcing the shutdown of online sales for major cultural institutions including the Louvre. The incident threatens millions of users across 50 countries and has drawn in French cyber‑security authorities.
Popeyes Dodges Lawsuit over Fingerprint Scans, but Court Leaves Door Open for Redo
A U.S. District Court in Illinois dismissed Popeyes' liability in a biometric privacy lawsuit, finding the fast‑food chain lacked direct control over a franchisee’s fingerprint‑time‑clock system. The plaintiff, an employee of an Illinois Popeyes franchise, alleged violations of the Biometric...
Project 0 Saved a User's $3M Portfolio From a Live Wallet Hack
Project 0 (P0) rescued a DeFi user whose $3 million portfolio was nearly emptied after a phishing attack on a Raydium link. Thanks to its evolved account architecture, the attacker’s drain function was blocked, leaving the funds intact. The P0 team...
Spilling the Neural Tea: A Journey Down the Side-Channel
Recent research highlights the growing use of side‑channel attacks to reverse‑engineer deep neural networks, revealing model architectures and, in limited cases, weight information. Physical side channels on edge devices and micro‑architectural channels in cloud environments have demonstrated success in extracting...
Vectra AI Supercharges Network Observability with Proactive Exposure Management
Vectra AI unveiled new exposure management capabilities on its platform, targeting AI‑driven enterprises operating in hybrid, multi‑cloud environments. The suite adds continuous, agentless asset inventory, proactive detection of security and compliance gaps, and broader environment observability covering zero‑trust and post‑quantum‑crypto...
Apiiro?s AI Threat Modeling Is Built to Target Security and Compliance to Prevent Risks Before Code Exists
Apiiro has launched AI Threat Modeling, an extension of its Guardian Agent platform that automatically creates architecture‑aware threat models before any code is written. The feature uses the company’s patented Deep Code Analysis technology to map software architecture across code,...
SecuGen Advanced Fingerprint Biometrics Device Now Available in MOSIP Marketplace
SecuGen’s Unity 20 fingerprint scanner has been added to the MOSIP Marketplace after achieving compliance with MOSIP’s SBI 2.0 L1 specifications. The device incorporates Live Finger Detection for presentation‑attack detection and a FIPS 140‑3 Level 3‑certified Foundational Trust Module that encrypts biometric data at...
Breach of FBI Surveillance System Considered a “Major Incident,” Security Experts Weigh In
The FBI confirmed a breach of its Digital Collection System Network (DCSNet), labeling it a “major incident” under the Federal Information Security Modernization Act. Attackers accessed the system through a compromised vendor ISP, bypassing the agency’s own defenses. Federal officials...
Global Cyber Fraud Attacks Rose Last Year
LexisNexis Risk Solutions reported that global cyber‑fraud rates rose to 1.6% across 116 billion online transactions last year, up from 1.5% in 2024. Bot‑driven attacks surged 59%, while human‑initiated fraud grew only 8%, with gaming, gambling and e‑commerce most affected. In...
SparkCat Malware Returns on App Stores, Targeting Cryptocurrency Users
A new SparkCat variant has reappeared on both the Apple App Store and Google Play, masquerading as benign enterprise messenger and food‑delivery applications. The trojan employs optical character recognition to scan photo libraries for cryptocurrency wallet recovery phrases, exfiltrating any...
Users Demand One-Click IP Blocking in Cloudflare
The main thing I miss on Cloudflare is a single [ Block IP ] button It boggles my mind it's not there, you can see a traffic spike and a person doing 50,000 requests per minute, but you have to write...
AI Revolutionizes Penetration Testing: My Museum Talk
How I Use AI for Penetration Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026 https://t.co/tTRkze5Enp https://t.co/aYFdKg7G78
Defeating the Single Point of Failure W/ Mike Belshe of BitGo | BFC Show Ep. 33
In this episode, BitGo co‑founder Mike Belshe discusses the origins of BitGo, its pioneering use of multi‑signature (multi‑sig) technology to eliminate single points of failure, and how the company evolved from a self‑custody solution into a regulated global custodian with...
LinkedIn Silently Harvests Chrome Extension Data
Every time you open LinkedIn in a Chrome or Chromium-based browser, covert code silently scans your browser for info about any extensions you've installed, then transmits the info back to LinkedIn and partners. From this, they can glean info about...
Security Tools Chase CVEs, Miss Planted Backdoors
"Modern-day security tooling looks for the wrong things ... a deliberately planted backdoor doesn’t have a CVE." https://t.co/1wbJMiZMrj
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare has unveiled EmDash CMS, a server‑less, AI‑built content platform designed to rival WordPress, which powers over 40% of websites. EmDash isolates each plugin in a Dynamic Worker sandbox, limiting access to declared permissions and addressing the 96% plugin‑related security...
LinkedIn Denies Smear, Admits Browser Extension Scanning
LinkedIn calls it a smear campaign, but does not deny scanning people's browsers for extensions. https://t.co/q5Kp0kwh1J
New VENOM Kit Steals 2FA Codes and Access Tokens
Researchers found a new phishing kit called VENOM, capable of stealing 2FA codes and access tokens. https://t.co/g6Ctmm3PM2
IBM Achieves FedRAMP Status for 11 Software Solutions
IBM announced FedRAMP authorization for 11 AI and automation solutions, including several watsonx products, marking a four‑fold expansion of its FedRAMP portfolio in just one year. The solutions are hosted exclusively on AWS GovCloud (U.S.), allowing federal agencies to access...
Backups Aren't Enough; Data Exposure Drives Ransomware Pressure
While backups continue to be essential, they no longer determine preparedness when attackers steal sensitive data and use exposure as the primary pressure point. https://t.co/lyA68DaCBf
Yearly Crypto Security Guide After Screen‑Hijacking Hack
In 2019 a hacker took over my computer screen and tried to get crypto from me. It was a terrifying experience. So I decided to make a crypto security guide and continually update it every single year to help protect others. ↓ https://t.co/m4IiWtvtvf
All Emerging Cyber Threats Targeting Power Infrastructure at a Glance
Researchers at Morocco’s Higher School of Technology examined the expanding cyber‑threat landscape facing smart grids, cataloguing attacks such as DDoS, false‑data injection, replay, IoT‑based malware and zero‑dynamics exploits. Their study highlights the growing role of artificial‑intelligence and machine‑learning intrusion detection...
Samsung One UI 9 May Add MTE Toggle
Samsung One UI 9 could introduce a Memory Tagging Extension (MTE) toggle directly in the Auto Blocker app Currently Pixel 8+ series allow you to enable MTE with advanced protection mode or through developer options ✅ Details - https://t.co/JQvyuOuoyz https://t.co/z98eEoLPOq
Bitwarden Vs. 1Password: I Tested Both Password Managers
A hands‑on comparison of Bitwarden and 1Password evaluated onboarding, import, autofill, sharing, and security controls. Bitwarden’s free forever plan and granular sharing options give it a cost advantage, while 1Password’s guided import flow and Watchtower monitoring provide a smoother user...
FCC Proposes Ban on Pre‑2024 Chinese Tech
ICYMI: @FCC on Friday proposed barring Chinese tech on the Covered List added in 2024 or earlier https://t.co/SObMOT0jXm
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security teams are increasingly adopting workflow automation to combat alert fatigue and accelerate investigations. Automated pipelines now enrich indicators of compromise, aggregate threat intelligence, and run continuous recon for red teams and bug bounty hunters. Open‑source, self‑hosted platforms such as...
Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Shadowserver reports that more than 14,000 F5 BIG‑IP Access Policy Manager (APM) instances remain publicly reachable, and attackers are actively exploiting the newly‑re‑classified critical remote code execution flaw CVE‑2025‑53521. The vulnerability, now scored 9.8 on the CVSS v3.1 scale, allows...
Convicted Spyware Maker Bryan Fleming Avoids Jail at Sentencing
Founder Bryan Fleming, operator of the stalkerware service pcTattletale, was sentenced in San Diego to time served and a $5,000 fine after pleading guilty to federal charges for creating and selling illegal spyware. The conviction marks the first successful U.S. Department...
FBI Warns AVrecon Malware Infiltrates Network Devices in 163 Countries
The FBI has issued a public alert that the AVrecon malware family is actively targeting roughly 1,200 types of network equipment in 163 countries. The campaign’s modular design lets attackers add new tools as vulnerabilities emerge, raising concerns for critical...
North Korea Bypasses 2FA Using Stolen Tokens, Evading AV
“It doesn’t matter that you have 2FA. They can just use that token to be you.” @tayvano_ on how DPRK bypasses 2FA entirely — and why most antivirus won’t detect it. With @kaiynne and @LucaNetz on @unchained_pod: https://t.co/izx08LxSbO