Today's Cybersecurity Pulse
Anthropic CEO heads to White House to discuss Mythos AI model’s zero‑day capabilities
Anthropic chief Dario Amodei will meet White House chief of staff Susie Wiles to debate government access to Mythos, the company’s frontier AI that can discover and exploit zero‑day vulnerabilities. The discussion follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M Series A & seed round
Perplexity AI Sued in Class Action over Alleged Data Sharing with Meta, Google
Perplexity AI is confronting a proposed class‑action lawsuit filed in Utah that alleges the company secretly transmitted user chat transcripts to Meta and Google, even when users enabled its Incognito mode. The complaint claims the practice violates privacy statutes and could expose enterprises to vendor‑risk challenges. Perplexity denies the allegations, saying it has not been served with such a suit.
Chinese Firms Publish Iran War Intel, Revealing U.S. Force Deployments
Chinese firms have begun marketing granular intelligence on U.S. force movements in the Iran war, posting equipment inventories, carrier group routes and aircraft assembly details. The disclosures, flagged by social‑media analysts, raise alarms about potential leaks of sensitive U.S. military...
Delve Blames Coordinated Cyberattack After Y Combinator Cuts Ties
Delve, the San Francisco‑based compliance platform, announced that a coordinated cyberattack triggered anonymous attacks on its service and led Y Combinator to remove the startup from its directory. The company pledged new auditor partnerships, free re‑audits and greater transparency to...
Apple Expands Emergency iOS 18.7.7 Patch to Block DarkSword Exploit
Apple has broadened its emergency iOS 18.7.7 and iPadOS 18.7.7 update to cover a far larger fleet of devices, aiming to close the DarkSword vulnerability that enables stealthy data theft. The move comes after security firms warned the exploit kit...
Pete Recommends – Weekly Highlights on Cyber Security Issues, April 6, 2026
April 2026 saw a wave of cyber‑security concerns spanning covert AI‑driven content harvesting, regulatory crackdowns, and evolving threat vectors. WebinarTV was exposed for secretly recording Zoom webinars and turning them into AI podcasts, while the FCC announced a ban on...
Zero‑Trust BYO‑VPS Delivers Commercial Features
So, I built more or less complete platform to test whether I could match the core features of commercial vendors with a zero-trust, BYO-VPS platform. Zero-trust: The control plane stores no credentials, only metadata. A worker running next to your server...
Check Point Uncovers ChatGPT Data Leak Flaw, Raising Big‑data Security Alarms
Cybersecurity firm Check Point discovered a DNS‑tunneling vulnerability in OpenAI's ChatGPT that can exfiltrate user data without alerts. The flaw, found in the model’s runtime environment, comes as OpenAI serves over 800 million weekly users and handles 18 billion messages, underscoring the...
Zero‑Trust BYO VPS Platform Matches Commercial Features
I've built: A zero-trust BYO VPS platform. It has feature parity with commercial alternatives, but it still needs a lot of polish. 😀
Introduction to Risk Management: A Complete Guide for Security Professionals
Dr. Erdal Ozkaya’s free guide delivers a complete, step‑by‑step introduction to cyber risk management, covering definitions, the seven core concepts, quantitative formulas, and the NIST Risk Management Framework. It shifts security teams from reactive alert firefighting to strategic decision‑making by...
How Scalable Is Agentic AI for Growing Businesses
Enterprises increasingly rely on Non‑Human Identities (NHIs) to power automated processes, yet many still lack comprehensive management. Effective NHI governance—covering discovery, access control, and continuous threat monitoring—delivers risk reduction, compliance assurance, and operational efficiency. Agentic AI adds scalability by automating...
Security Must Match Your Attractiveness as a Target
Scary stuff. The best security remains obscurity. Unfortunately just being “anonymous” isn’t enough anymore due to constant third party data breaches, like Coinbase leaking user balances and addresses. The potential security holes are endless. Basically every...
The Breach Lasted 25 Minutes. How Long Will the Litigation Last?
On February 17, 2026, Auger & Auger suffered a 25‑minute unauthorized intrusion that exposed personal data of 5,102 individuals, including Social Security numbers and medical information. The firm notified affected parties on March 30 and provided a year of complimentary identity‑protection services. Within...
Sample Malware Phone Back C&C (Command and Control) MD5s From Domains Belonging to XSS Forum Users – A Compilation
Security Boulevard published a curated list of over 80 domain names and their corresponding MD5 hashes that serve as command‑and‑control (C2) servers for phone‑based malware. All the entries are tied to users of the XSS forum, revealing a coordinated effort...
OCSF Explained: The Shared Data Language Security Teams Have Been Missing
The Open Cybersecurity Schema Framework (OCSF) is emerging as a de‑facto standard for describing security events, findings, and context across vendors. Since its 2022 launch, the community has expanded to roughly 900 contributors after joining the Linux Foundation, and major...
Want a Private Homelab? Put These 12 Apps at the Top of Your List
The article lists twelve privacy‑focused self‑hosted applications that let users replace popular cloud services such as Dropbox, Google Photos, and GitHub with locally run alternatives. Each app runs in Docker or similar containers, enabling easy deployment on a home server...
Rushing Bitcoin to PQ Signatures Risks New Vulnerabilities
It’s been almost 10 years since the Blocksize Wars ended and Brian hasn’t changed at all. He still carries the exact same complete lack of humility and understanding. Brian forms the opinion first, along with a prescribed course of action and...
LinkedIn Is Spying on You, According to a New 'BrowserGate' Security Report — Scripts Stealthily Scan Visitors' Browsers for over...
A new BrowserGate security report reveals that LinkedIn’s web pages run hidden scripts that probe visitors’ browsers for more than 6,000 Chrome extensions and collect hardware fingerprints such as screen resolution and device type. The data is harvested without explicit...
How to Back up Your Phone, Photos and Computer without Overthinking It
The article demystifies data backup by urging readers to adopt a single, reliable copy rather than the complex 3‑2‑1 rule. It walks through practical solutions for home‑based NAS storage, photo archiving via Google Takeout or iCloud, and automated computer backups...
TriZetto Breach Exposes Data of 3.4 Million Patients, Sparking Industry Alarm
Cognizant-owned health‑tech firm TriZetto disclosed a cyberattack that stole personal and medical information of more than 3.4 million patients. The breach, discovered in October 2025, may have lingered since November 2024, underscoring systemic vulnerabilities in health‑technology platforms.
Hong Kong Hospital Authority Apologises for Data Breach Involving 56,000 Patients
Hong Kong’s Hospital Authority announced a data breach that exposed the personal and medical records of more than 56,000 patients from hospitals in Kowloon East. The unauthorized retrieval included names, identification numbers, contact details and health information. Hong Kong’s privacy...
Claude Code Leak Used to Push Infostealer Malware on GitHub
Threat actors are leveraging the recent Claude Code source‑code leak to create counterfeit GitHub repositories that distribute the Vidar information‑stealing malware. Claude Code, Anthropic’s terminal‑based AI coding agent, was exposed in a public dump, giving attackers a ready‑made framework to...
UK: School IT System Targeted in Cyber Attack Ahead of Exam Season
The Education Authority (EA) in Northern Ireland confirmed that its centralized school IT platform was hit by a cyber attack just days before the exam period. The breach prompted an emergency password reset for every user across the network. Authorities...
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Meta has indefinitely paused all collaborations with data‑contracting firm Mercor while investigating a significant security breach at the startup. The breach, which exposed proprietary training datasets, has prompted other leading AI labs—including OpenAI and Anthropic—to reevaluate their relationships with Mercor....
IBM Highlights Agentic AI Security Gaps at RSA Conference
At RSA’s 2024 cybersecurity conference, over 43,000 attendees highlighted the rise of agentic AI, yet few vendors offered end‑to‑end security solutions. IBM executives warned that AI agents change behavior at runtime, expanding attack surfaces and exposing a critical gap in...
Keeper Security Brings Zero-Trust Database Access to Its PAM Platform with KeeperDB
Keeper Security announced KeeperDB, a new database‑access capability embedded in its KeeperPAM privileged access management platform. The feature lets developers and DBAs connect to MySQL, PostgreSQL, Oracle, and Microsoft SQL Server directly from the vault, eliminating plaintext credential exposure. KeeperDB...
Axios NPM Supply Chain Breach Exposes Millions of Developers to Malware
Hackers hijacked the npm account of a lead Axios maintainer and published two poisoned versions of the library, exposing a remote‑access trojan to any developer who installed them. The malicious packages were live for about three hours before removal, underscoring...
5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)
In this episode the hosts dive into five critical Entra ID updates for 2026, focusing on the new Entra Backup and Recovery preview, tenant governance enhancements, the Unified Risk Score core, and improvements to passkeys and Conditional Access agents. They...
Microsoft’s Identity Chief Joy Chik Retires, Sparking Senior Exec Exodus
Joy Chik announced her July retirement after nearly 30 years at Microsoft, ending a tenure that spanned from software design engineer to president of identity and network access. The departure coincides with the exit of VP of energy Bobby Hollis...
Over 500 UK Service Members Leak Nuclear Base Locations on Strava
A senior military source says over 500 British armed‑force personnel have publicly logged runs on Strava that map routes inside the Trident nuclear complex and other high‑security sites. The breach, uncovered by the iPaper, raises fears of intelligence gathering, blackmail...
FIATA Makes Data Protection a Standard
FIATA and the Global Shippers Forum have introduced a signable version of their Data Governance Charter, converting previously voluntary principles into a binding framework for digital supply chains. The charter outlines mandatory standards on data ownership, permission controls, protection duties,...
Beware: Fake Senjin Capital Job Ads Are Phishing Scams
I have been made aware of fake job advertisements using Senjin Capital’s name as the employer. We are not currently hiring, and when we are hiring you will see a post on this page about it. These ads are likely an...
Use “Are We Dancer?” To Expose AI‑masked Impostors
Protip if you think you're dealing with a DPRK fake job applicant using AI masking as an American millennial, ask them to respond to "Are we dancer?" Will take them too long to read in too formal a tone and...
FCC Moves to Ban Foreign‑Made Routers, Citing Enterprise Security and National‑Security Risks
The Federal Communications Commission announced a ban on foreign‑manufactured Wi‑Fi routers, citing risks to enterprise networks and national security. The move targets equipment from China and other adversarial nations, urging businesses to replace vulnerable devices to protect data and critical...
Lawsuit Claims Perplexity’s ‘Incognito’ Sold Chats for Ads
Perplexity’s “Incognito Mode” is a “sham,” -lawsuit says Google, Meta, and Perplexity accused of sharing millions of chats to increase ad revenue. https://t.co/vxnnXugoR4
Enable WhatsApp Two‑Step Verification: Simple Yet Essential
Whether you just joined @WhatsApp or have been using it for years, it's a smart idea to enable two-step verification. Here's how, step by step, and why it's not as good as 2-factor authentication, but better than nothing... https://t.co/KDT8J6yjkd #whatsapp...
Supply‑Chain Attack Hijacks TrueConf Video Platform, Hits Government and Military Users
Security firm Check Point revealed a supply‑chain compromise of TrueConf video‑conferencing software that let threat actors push malicious code through the product’s update process. The campaign, dubbed Operation TrueChaos, leveraged the Havoc post‑exploitation framework and is believed to be linked...
CISA Lists TrueConf Client Flaw in Exploit Catalog
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog https://t.co/LEm093lFfD #BreakingNews https://t.co/7HuNg6hJGV
Military Personnel Leak Sensitive Data via Fitness App
We've got more cases of military personnel revealing a significant amount of information through the fitness app. https://t.co/BwTkOxURPX
Broadcom Donates Velero to CNCF Sandbox, Boosting Kubernetes Backup Tooling
Broadcom has transferred ownership of Velero, its open‑source Kubernetes backup solution, to the CNCF Sandbox. The move, announced at KubeCon + CloudNativeCon Europe 2026, is intended to broaden community trust and accelerate data‑protection tooling for DevOps teams scaling Kubernetes.
Private VPC Without NAT Blocks Internet Access Securely
AWS Security Agent-Penetration Testing Overview | by Sena Yakut | AWS in Plain English Was just reading this and pretty good review. If you put in a private VPC no NAT or peering can’t reach Internet which is what you want...
Quantum Threat Makes Crypto Existential, Not Just Technical
What keeps me up at night about quantum is that centralized companies can just rewrite their ledgers when hacked. Bitcoin can't. That's why a quantum threat to crypto isn't just a tech problem, it's existential. 👀 h/t @apruden08 https://t.co/ZZnqMsa0hq
Mercor Confirms $10 B AI Startup Data Breach Impacting OpenAI, Anthropic Clients
Mercor, the $10 billion AI data‑services startup, disclosed a major security breach linked to a LiteLLM supply‑chain attack. The incident may have exposed proprietary datasets from clients such as OpenAI, Anthropic and Meta, prompting a forensic investigation and sparking investor worries...
Reuters Saudi Reporter Warns of WhatsApp Impersonation Scam
The chief Saudi correspondent for @Reuters warns that someone's impersonating him on WhatsApp with links and requests for information; at least one individual in the UAE was contacted by this number already. https://t.co/OkG01CK0TK
Cisco Warns AI-Driven Wi‑Fi Security Risks and Talent Gaps
. @Cisco report flags #AI wireless security risks, talent shortages #wifi #spectrum 🖇️https://t.co/9tt8i7caO5 🖇️ https://t.co/bqI75Tbe4s
That Dream Job Offer From Coca-Cola or Ferrari? It’s a Trap for Your Passwords
Phishing campaigns impersonating Coca‑Cola and Ferrari are targeting job seekers with sophisticated fake‑booking pages that harvest corporate Google Workspace and Facebook credentials. The Coca‑Cola kit mimics a Chrome window, captures passwords, and dynamically relays MFA challenges to bypass two‑factor authentication....
Protecting Your Digital Business: Cybersecurity Essentials for Entrepreneurs and Freelancers
Freelancers and solo entrepreneurs increasingly rely on Macs as all‑in‑one business hubs, making them prime targets for phishing, malware and credential theft. The article outlines how a single security lapse—such as a compromised login or a malicious download—can halt income...
Crypto Spam Hack Sends Phishing Podcast Vote DMs
@greenfield64 has been hacked by crypto spammers and they are sending DMs out to people asking to vote for him to host a podcast but it’s phishing for you touting your password so be careful. Don’t respond
Questions Raised After Cherry Creek Students Notified of Data Breach, Lawsuit
The Cherry Creek School District confirmed that a recent email to families about a class‑action settlement for a Naviance data breach was legitimate, but the district itself was not affected. The settlement covers roughly 10 million students nationwide who used Naviance...
BakerHostetler’s 2026 Report: Findings From 1,250 Clients’ Breach Experiences in 2025
BakerHostetler’s 2026 Data Security Incident Response Report examined 1,250 breach clients from 2025. Network intrusions (47%) and email compromise (32%) dominated, while ransomware payments rose 36% to an average $682,702 after initial demands jumped 70% to $4.2 million. Class‑action lawsuits increased...
Nacogdoches Memorial Hospital Notifies 257,073 After January Data Breach
Nacogdoches Memorial Hospital in Texas disclosed a cyberattack that compromised personal data of over 257,000 individuals. The breach was detected on Jan. 31, after an intrusion that began Jan. 15, 2026. Exposed information includes names, addresses, phone numbers, email, Social Security numbers, dates...