Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
T-Mobile Sets the Record Straight on Latest Data Breach Filing
T‑Mobile USA clarified that a recent data breach notification filed with the Maine Attorney General stemmed from an isolated insider incident affecting a single customer. The compromised data included personal identifiers such as name, address, SSN, driver’s license and account PIN, but financial details and call records remained untouched. The company reset the affected PIN, informed law enforcement, and emphasized that no credentials were stolen. This follows a series of larger breaches, including a 2021 incident that exposed 37 million accounts.
PgEdge Launches MCP Server for Postgres, Pushing Message‑Based Protocol Over APIs for AI Agents
pgEdge announced a production‑ready MCP Server for Postgres, positioning a message‑based communication protocol as a superior alternative to traditional APIs for AI agents. The service promises built‑in security, deep schema introspection and reduced token consumption, aiming to curb hallucinations and...
Axios Npm Supply‑chain Breach Exposes Millions of Developers to North Korean‑linked RAT
A compromised Axios maintainer account allowed attackers to publish malicious versions of the popular JavaScript library, injecting a remote‑access trojan that reached an estimated 180 million weekly downloads. The three‑hour window before removal highlights the fragility of open‑source supply chains and...
Finance of America Faces Early Data Breach Class Action
A Texas federal court received a class‑action lawsuit alleging Finance of America suffered a data breach two weeks ago. Consumer Melanie Place claims the ransomware group Word Leaks accessed customers’ personal data, including Social Security numbers. The suit is notable for...
Naoris Protocol's Quantum-Resistant Blockchain Goes Live as Bitcoin and Ethereum Face 'Q-Day' Threats
Naoris Protocol launched a quantum‑resistant mainnet built on NIST‑approved post‑quantum algorithms, marking its shift from proof‑of‑concept to production. The network has already validated over 100 million transactions and mitigated more than 603 million threats during testing. Its debut comes as Bitcoin and...
Understanding the Risks of OpenClaw
OpenClaw AI Agent Platform functions as an orchestration layer rather than a standalone cloud service, providing the plumbing for agents to interact with external models and enterprise systems. While it can be run locally, its real value emerges only when...
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
The Cyber Express weekly roundup highlights a sharp rise in ransomware incidents and supply‑chain compromises across multiple sectors. High‑profile breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and...
Your Token Was Stolen. Now What?
The article warns that stolen JWTs let attackers impersonate users until the token expires, exposing a critical weakness in many API authentication flows. It outlines the typical login sequence, then highlights how tokens stored in insecure locations or with long...
A New Open-Source Protocol Wants to End the War Between Encryption and Safety
A new open‑source framework called the Open Moderation Safety Protocol (OMSP) proposes to reconcile end‑to‑end encryption with content safety by performing all classification locally on the user’s device or a platform‑controlled node. The protocol uses a three‑tier pipeline—pattern matching, a...
TCCA White Paper Gives Direction on Building Cybersecurity Into Critical Communications
The Telecoms Critical Communications Association (TCCA) has published its first white paper on cybersecurity for mission‑critical broadband networks, marking a key step toward securing 4G and 5G‑enabled communications. The document outlines international standards, frameworks and deployment models, and stresses the...
Keysight Introduces SBOM Manager for Cybersecurity Compliance
Keysight has launched an SBOM Manager platform that automates the creation and upkeep of software bills of materials for manufacturers facing tighter cybersecurity regulations. The tool scans binaries, firmware and containerised applications, linking components to multiple vulnerability databases and supporting...
Which Messaging App Takes the Most Limited Approach to Permissions on Android?
A recent analysis of Android versions of Messenger, Signal and Telegram reveals stark differences in permission requests and data handling. Messenger requests the most permissions (87 total, 24 dangerous), while Telegram requests the fewest (71 total) but the highest number...
Cambridge Global Advisors Wins Australian Grant for Pacific Cybersecurity
Cambridge Global Advisors has secured an Australian Department of Foreign Affairs and Trade grant to launch the Pacific Women in Cyber (PWiC) program, an 18‑month initiative delivering cybersecurity training and internships to women in Tonga, Fiji and Samoa. Funded under...
Anthropic’s Claude Code Source‑map Leak Exposes Enterprise Features, Sparking Compliance Concerns
Anthropic inadvertently published a 59.8 MB source‑map file for its Claude Code CLI on npm, exposing the full TypeScript code, unreleased features and internal attribution controls. The leak hits a product that generates over $1 billion in run‑rate revenue and serves regulated...
Data Security Posture Management Has Become Essential for Governments
State and local governments are rapidly expanding multicloud environments and adopting generative AI, yet many lack clear visibility into where sensitive citizen data resides. Data Security Posture Management (DSPM) emerges as a solution, continuously discovering, classifying, and monitoring data across...
Guardian AI Emerges: Second‑layer Agents Monitor and Secure Systems
The category is called guardian AI, or supervisor agents. The idea: deploy a second layer of AI to watch what the first layer is doing. ServiceNow has the most developed commercial product here, sold as part of its AI Control...
Check City Notifies 322,687 People of March 2025 Data Breach
Check City, a payday‑loan provider, disclosed that a March 2025 cyber‑attack exposed personal data of 322,687 individuals. The breach compromised names, Social Security numbers, government IDs, financial account details, credit and debit card numbers, dates of birth, and addresses. A...
How the World Got Owned Episode 2: The 1990s, Part One
Episode 2 of "How the World Got Owned" dives into the 1990s hacking scene, highlighting the rise of hacker conventions like DEF CON and Black Hat, the emergence of a vibrant but ego‑driven community, and the clash between hackers and...
Bug Bounties Aren’t Universal, AI Hype Is Overblown
Had a great conversation with Mackenzie Jackson from Aikido Security on The Secure Disclosure — we got into some contrarian takes: not every org should run a bug bounty (yes, from the Bugcrowd founder), AI slop is really just 2014...
Real‑Time Location Tracking Threats: How to Protect Yourself
240 - Warning, They Can Know Where You Are in Real Time. How to Protect Yourself #ArtificialDecisions #MCC https://t.co/LUlIN36Wjm
Malicious Android Apps Reach 2.3 M Downloads, Deploy Undeletable NoVoice Malware
McAfee researchers identified 50 malicious Android apps on Google Play that have been downloaded 2.3 million times. The apps install the NoVoice strain, which gains root, rewrites system libraries and survives factory resets, exposing users in Africa, India, the U.S. and...
Outlook Mobile 2FA: Frequently Fails, Users Frustrated
Question - is it just me - or does the @Microsoft Outlook Mobile based 2 factor authorization ever work?
Use AI Defensively To
Cyber attacks launched by malicious humans using AI are a very real AI risk. The best way to guard against them is to use AI to proactively find vulnerabilities in our systems and harden them, along with parallel efforts in...
Digital Forensics and Incident Response (DFIR): A CISO’s Guide
Digital Forensics and Incident Response (DFIR) combines evidence collection with threat containment, forming a critical capability for CISOs. The guide outlines core functions—evidence preservation, malware and network analysis, and emerging cloud forensics—while stressing the need for pre‑enabled logging. It recommends...
OT Network Segmentation: A Practical Guide for Security Teams
Network segmentation is the most effective control for safeguarding operational technology (OT) environments, limiting attackers to isolated zones rather than allowing lateral movement. Implementing segmentation in OT differs from IT because industrial protocols and legacy equipment resist typical firewall solutions...
Incident Response Planning for Business Continuity
Organizations lacking a tested incident response plan face escalating costs, reputational damage, and evidence loss during cyber attacks. The article outlines the NIST incident response lifecycle—preparation, detection, containment, and post‑incident review—and stresses integrating business continuity to meet recovery time objectives....
Americans' Passports Purportedly Stolen in Hacktivist Attack Against Dubai Airport
Nasir Security, a hacktivist group linked to Iran, claimed to have stolen a large data set from Dubai International Airport after a months‑long intrusion. The breach includes passport photos of American, Arab and Emirati travelers, as well as luggage and...
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers
Security cameras, IoT and OT devices are increasingly being compromised and repurposed as attack vectors, enabling nation‑state reconnaissance, espionage, ransomware pivots, and massive botnets. Recent incidents include Iranian hackers hijacking Hikvision cameras during missile strikes, Russian operatives streaming compromised webcams...
PSA: Anyone with a Link Can View Your Granola Notes by Default
Granola, an AI‑powered note‑taking app, shares notes publicly by default to anyone with a link, contradicting its claim of private‑by‑default. Users can change the setting to “Only my company” or “Private,” but the default exposes potentially sensitive meeting content. The...
Quantum Encryption’s Hidden Weakness Exposed by New Eavesdropping Attack
Researchers at the School of Physics and Astronomy have unveiled a new eavesdropping technique called Manipulate-and-Observe that targets the classical reconciliation phase of quantum key distribution (QKD). By intercepting between 0% and 11% of photons and injecting subtle errors, the...
The DOJ’s Cyber FCA Playbook Is Working as Enforcement Triples and Shows No Signs of Slowing
The Department of Justice’s cyber fraud initiative has accelerated, with nine False Claims Act settlements in FY 2025 totaling more than $52 million—a three‑fold increase over the prior two years. Enforcement targets misrepresentations of cybersecurity compliance rather than actual data breaches, implicating...
Agentic Development Security: Why AppSec Needs A New Operating Model
Application security is being reshaped by faster exploit cycles and the rise of AI‑driven coding agents. Traditional testing tools now detect vulnerabilities but struggle to provide real‑world context such as exploitability and business impact. Large language models are enabling richer...
Why Australia’s Tech Sovereignty Needs Smart Partnerships
Mark Hile, Managing Director of Datacom Infrastructure Products, warns that rising cyber threats, geopolitical risk and supply‑chain disruptions are forcing Australia to rethink its digital infrastructure. He argues the country must double down on regionally‑owned, sovereign technology or cede strategic...
Amazon Middle East Datacenter Suffers Second Drone Hit as Iran Steps up Attacks
Iranian drones struck Amazon's ME‑SOUTH‑1 data center in Bahrain for the second time this month, igniting a fire and prompting AWS to label the incident as the lowest level of service disruption. The attack follows a March strike on the...
How Do NHIs Build Trust in Cloud Security?
Machine (non‑human) identities are becoming the backbone of cloud security, requiring end‑to‑end lifecycle management from discovery to remediation. Organizations that integrate NHI controls into a unified cybersecurity strategy can close gaps that expose sensitive data, especially in regulated sectors like...
Agentic Era Demands New Trust Layer, ZKML Offers Solution
Finally going to write a bit more about this (in tomorrow's Clouded Judgement). A snippet of what I wrote: The way I think about it: every major platform shift has required a corresponding trust layer. The internet needed SSL/TLS. Mobile needed...
Broadcom Donates Velero to CNCF Sandbox, Elevating Kubernetes Data‑Protection Tools
Broadcom has transferred ownership of the open‑source backup/restore project Velero to the Cloud Native Computing Foundation (CNCF) Sandbox. The donation, announced at KubeCon Europe 2026, is intended to remove perceived vendor lock‑in and accelerate Velero’s evolution into a de‑facto standard for Kubernetes...
Supply‑Chain Attack Hijacks TrueConf Video‑Conferencing Used by Southeast Asian Governments
Security firm Check Point disclosed a sophisticated supply‑chain intrusion that exploited a zero‑day in TrueConf, a video‑conferencing platform favored by Southeast Asian governments and militaries. The flaw, tracked as CVE‑2026‑3502 with a 7.8 severity score, was patched in version 8.5.3...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters, identified as UNC6040, issued a final warning to Cisco, demanding contact before April 3 2026 or face a public data leak. The group alleges it has exfiltrated more than three million Salesforce records, along with GitHub repositories, AWS storage buckets, and...
How Ecommerce Brands Should Budget for Penetration Testing in 2026 Without Under-Scoping Risk
E‑commerce brands in 2026 must treat penetration testing as a revenue‑protection expense rather than a simple compliance line‑item. Modern stacks combine headless front‑ends, APIs, third‑party services, and mobile apps, expanding the attack surface far beyond the public storefront. Budgeting errors...
What Internal Audit Needs to Know About Zero Trust Architecture
Zero Trust Architecture (ZTA) is reshaping security by demanding continuous verification of users, devices, and connections rather than trusting network perimeters. Internal auditors must evaluate ZTA implementations against standards such as MFA enforcement, least‑privilege access, micro‑segmentation, and immutable logging to...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Hackers are exploiting the critical CVE‑2025‑55182 flaw in Next.js to gain remote code execution and compromise at least 766 hosts across several cloud providers. The UAT‑10608 threat cluster deploys a multi‑phase dropper that harvests SSH keys, cloud IAM tokens, API...
ConductorOne Extends Reach of Identity Governance to AI
ConductorOne has broadened its identity governance platform to cover AI tools, agents and integrations using the Model Context Protocol, and has linked the platform with CrowdStrike Falcon Next‑Gen Identity Security for real‑time threat intelligence. A recent survey shows 95% of organizations...
Even Tech‑Savvy Users Still Fall for Phishing Scams
I just analyzed this BofA text, and it’s a perfect example of why even tech-savvy people get burned. Why do we still fall for these?
CrystalX RAT Bundles Prankware to Taunt Victims During Data Theft
CrystalX RAT comes with a handful of prankware, allowing hackers to tease their victims as they steal their data. https://t.co/aOjjo0ApuY
Indirect Prompt Injection Threats and Google’s Defense Strategies
Indirect prompt injection "enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query." https://t.co/smO5fyBfLT < what @google Security does to...
Don’t Trust Your Supply Chain Blindly—Follow Docker’s Guidance
These recent software supply chain breaches are worrisome. How can we avoid assuming trust where we shouldn't? @Docker has a good post up with recommendations for engineering teams ... https://t.co/O5Mfag8N4y
FCC Cracks Down on Foreign Bank Impersonation Scams
FCC Acts to Protect U.S. Consumers from Bank Impersonation Scams Linked to Suspicious Foreign Call Traffic https://t.co/4LNmknNXR0
Iran Claims Cyberattack on Oracle, AWS Data Centers
Iran says that they have hit Oracle datacenter in Dubai, AWS datacenter in Bahrain - CNBC (just now)
AI Is Simplifying Cybercrime; Future Threats Loom
#AI is already making online crimes easier. It could get much worse. (MIT Technology Review) #JVGpost https://t.co/CbJaHfE8I9 https://t.co/Z89pKDgCWW