Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Report Sheds More Light on Phantom Stealer
A multi‑wave phishing campaign targeting European manufacturing, technology and logistics firms deployed the .NET‑based Phantom Stealer, bundled with a crypter and remote‑access tool. The attackers sent spoofed emails lacking DKIM signatures and failing SPF checks, attaching either a malicious executable or an obfuscated JavaScript dropper. Group‑IB researchers reproduced the malware in a controlled lab, confirming its ability to steal credentials, evade analysis and exfiltrate data. The operation was intercepted before any major breach occurred, highlighting the growing threat of stealer‑as‑a‑service platforms.
Prompt Injection Lets Agents Bypass Read‑Only Permissions
If you are using OpenClaw on AWS or anywhere else please understand the following: > How prompt injection attacks work such as the Copilot attack I just reposted. > Understand indirect prompt injection where the attack is in a calendar invite, email...
Widespread Microsoft 365 Account Compromise Sought by Iran-Linked Hackers
Iran‑linked threat groups have compromised Microsoft 365 accounts across more than 300 Israeli organizations, 25 firms in the United Arab Emirates, and a limited set of targets in the United States, Saudi Arabia and Europe. The campaign began in early March with...
PQShield Clears Path for ML-KEM Inclusion in Japan’s National Cryptographic Standard
PQShield has completed an external evaluation of the NIST‑approved ML‑KEM algorithm for Japan’s CRYPTREC body, clearing the way for its inclusion on the national Ciphers List. This milestone accelerates the adoption of quantum‑safe encryption across Japanese government, infrastructure, and technology...
Key Leaks, Vault Failures, and TEE Attacks: Highlights From RWC 2026
GitGuardian presented at the Real World Cryptography Symposium 2026, revealing that 945,560 private keys have leaked in the wild, compromising 139,767 certificates. The team also demonstrated 27 attacks that break the zero‑knowledge promises of four leading password managers and showcased...
5 AWS AI Controls Every Security Team Should Have
AWS now offers organization‑wide controls that let security teams govern AI workloads beyond the application layer. Five key mechanisms—MCP server access blocks, Bedrock policy guardrails, model‑specific SCP denies, service‑wide SCP disables, and long‑term Bedrock API‑key restrictions—can be applied uniformly across...
Joint Offering Combines CrowdStrike's Falcon with HCLTech's AI Force
CrowdStrike and HCLTech have deepened their alliance by launching a continuous threat exposure management service that merges CrowdStrike’s Falcon platform with HCLTech’s VERITY framework and AI Force. The solution delivers real‑time visibility, AI‑driven insights, and automated remediation across endpoints, cloud, identity,...
Microsoft Deploys yet Another Emergency Patch for Windows 11 — but at Least the Fix for the Broken March Update...
Microsoft issued an emergency patch for Windows 11 to address critical failures introduced by the March 2024 cumulative update. The patch restores login functionality, resolves file‑system corruption, and stabilizes system performance. Microsoft rolled out the fix within 48 hours, marking a...
Resemble AI Unveils Deepfake Detection Tools Amid Synthetic Media Surge
Resemble AI released a deepfake threat report and two free detection tools—a Chrome extension that scans images, video and audio, and an X bot that lets users verify suspicious posts without leaving the platform. The company also added enterprise features...
48 Hours: The Window Between Infostealer Infection and Dark Web Sale
Whiteintel researchers mapped the full infostealer lifecycle and found that stolen corporate credentials appear on dark‑web marketplaces within 48 hours of infection, often much sooner. The five‑stage process—infection, harvest, packaging, marketplace listing, and exploitation—compresses credential theft into a window far...
Halcyon Days for HYCU as the Pair Link up on Ransomware Pitch
HYCU is embedding Halcyon’s ransomware‑detection software into its R‑Shield platform, creating a unified solution for ransomware detection, prevention, and recovery. The enhanced offering protects workloads across virtual machines, data warehouses, finance apps, storage buckets, and git repositories in hybrid and...
Restrict Agent Permissions to Mitigate Data Exfiltration
Why I am using agents on locked down sandboxes on EC2 instances and still have more to do. I don’t give agents credentials for the most part. The data needs to somehow be exfiltrated and sent back to the attacker....
AI-Driven Identity Must Exist in a Robust Compliance Framework
Enterprises are rapidly adopting AI‑driven identity and verification tools, but UK regulators are demanding that governance, risk and compliance (GRC) precede deployment. New legislation such as the Data (Use and Access) Act 2025, the Online Safety Act 2025, and updated ICO guidance...
Rapid Response: How Boston Children’s Hospital Overcame the Stryker Cyberattack
Boston Children’s Hospital faced a massive wiper cyberattack that crippled Stryker’s Vocera communication platform, prompting an immediate, coordinated response. Within 30 minutes the hospital isolated the vendor network and began dismantling the compromised system. By evening, Epic Secure Chat was...
Cybersecurity Is The Responsibility Of The Board & Not An Afterthought
Family businesses face heightened cyber risk due to legacy systems, informal processes and a culture of trust that can be exploited by phishing and CEO‑fraud attacks. The article argues that cybersecurity must move from an afterthought to a board‑level governance...
Hasbro Says It Was Hacked, and May Take ‘Several Weeks’ to Recover
Hasbro confirmed a cyberattack discovered on March 28, prompting the company to shut down parts of its IT infrastructure. The toy maker activated business continuity plans to keep order processing and shipping functional while external cybersecurity experts work on remediation....
Commvault Expands Integrations with Microsoft Security to Connect AI Threat Detection, Investigation, and Trusted Recovery
Commvault announced an expanded integration with Microsoft Security, linking its Cloud platform to Microsoft Sentinel and Security Copilot. The new Sentinel connector streams backup‑related alerts—such as malware detections and ransomware anomalies—into a centralized data lake for real‑time analysis. An Investigation...
Meeting Regulatory Requirements with Informatica
Informatica highlighted the critical role of trusted data in meeting ever‑growing regulatory demands during a DBTA webinar. A recent survey cited by David Thain shows 93% of data leaders say regulations impede their initiatives. Speakers emphasized that siloed data hampers...
NYC Mayor Zohran Mamdani Lifts Government TikTok Ban, Citing Need to Reach New Yorkers on Social Media
New York City Mayor Zohran Mamdani has lifted the 2023 ban on TikTok for government use, allowing agencies to operate on the platform under strict guidelines. The new policy requires dedicated government devices, designated staff, and agency‑managed credentials to address...
Kaufman Rossin and Synack Partner to Scale AI-Powered, Continuous Penetration Testing for Regulated Companies
Kaufman Rossin, a top‑50 public accounting and advisory firm, has partnered with Synack, the leader in penetration testing as a service, to deliver AI‑powered, continuous security testing for regulated enterprises. The collaboration blends Kaufman Rossin’s deep cybersecurity advisory expertise with...
European-Chinese Geopolitical Issues Drive Renewed Cyberespionage Campaign
Proofpoint reports that Chinese state‑aligned cyberespionage group TA416, also known as Twill Typhoon, has re‑engaged Europe in mid‑2025, targeting diplomatic missions, NATO delegations and EU institutions amid heightened EU‑China tensions following the 25th EU‑China summit. The campaign coincides with disputes over...
North Korean Hackers Linked to Axios Npm Supply Chain Compromise
On March 31, 2026, attackers compromised a maintainer’s npm account and published two malicious versions of the popular Axios HTTP client library. The backdoored packages contained a hidden dependency that executed a post‑install script, downloading the WAVESHAPER.V2 remote‑access trojan targeting...
Unauthorised Access Reported in Ministry of Finance Systems
Hackers breached primary processes at the Dutch Ministry of Finance, raising concerns over employee personal data exposure. The intrusion did not affect any financial information, and services provided by the Tax and Customs Administration remain operational. Access to the compromised...
CrowdStrike Becomes AI Era’s Core Security Layer
AI-driven cyberattacks are scaling rapidly — and $CRWD is positioning itself as a core security layer for the AI era AI is not only increasing attack volume, but also redefining how attacks are executed. Security is shifting from reactive to autonomous. $CRWD...
Chrome Extensions Silently Adding Tracking—Build Your Own
I think I'll just vibe code all my Chrome extensions with Claude Code to avoid having to use any and being dependent on someone getting bribed to add malware to their extension It's not a question IF it happens, just WHEN
H33.ai Introduces HICS to Provide Mathematically Verifiable Software Security Scores
H33.ai unveiled HICS (H33 Independent Code Scoring), a free platform that generates mathematically verifiable software security scores using STARK zero‑knowledge proofs and Dilithium post‑quantum signatures. The tool evaluates code across five dimensions and issues a .h33 certificate containing a SHA3‑256...
Russia Bans Apple ID Payments to Curb VPN Use
Russia's Ministry of Digital Development has ordered mobile operators to disable Apple ID payments in a bid to make accessing VPNs harder. https://t.co/oKO2qFNeHk
Chinese Captain Sentenced for Taiwan Cable Damage
A Chinese captain was sentenced to three years in prison for deliberately damaging the Taiwan‑Penghu No. 3 submarine communications cable by anchoring in a restricted zone. The court ordered him to pay NT$18.22 million (about US$570,000) in damages to Chunghwa Telecom. The...
Crypto's Security Flaw: Quantum Attacks Expose Real Risk
Literally the most braindead cope Newsflash: cryptographic currencies are vulnerable to cryptographic attacks Nic investing in quantum solutions to Bitcoin is conviction in the problem, not conflict of interest Focusing on the COI is denial cope
Apple Deploys Lock‑Screen Alerts and macOS Paste Warning to Counter ClickFix Threats
Apple has begun pushing lock‑screen alerts to iPhones running iOS 13‑17.2.1 and introduced a macOS Terminal paste blocker in the Tahoe 26.4 update. The moves target the fast‑growing ClickFix social‑engineering campaign that tricks users into executing malicious commands.
CIS Benchmarks March 2026 Update
The Center for Internet Security released its March 2026 benchmark update, refreshing dozens of hardening guides across Windows, Linux, cloud, and database platforms. Highlights include Windows 11 Enterprise (v5.0.0) with nine new settings, Windows Server 2022/2025 revisions, and a minor OCI Foundations tweak....
Exabeam Expands Agent Behavior Analytics to Secure AI Agents Across ChatGPT, Copilot and Gemini
Exabeam announced an expansion of its Agent Behavior Analytics platform to monitor AI agents in ChatGPT, Microsoft Copilot, and Google Gemini. The new suite creates dynamic baselines, detects prompt injection and model abuse, and tracks identity, privilege, and lifecycle events...
Our Ongoing Commitment to Privacy for the 1.1.1.1 Public DNS Resolver
Cloudflare celebrated the eight‑year anniversary of its 1.1.1.1 public DNS resolver by publishing the results of a fresh independent privacy audit conducted by the same Big 4 accounting firm that examined the service in 2020. The audit confirms that the resolver’s...
Sars to Give Every Taxpayer a Digital Identity in Sweeping Tech Overhaul
South Africa's revenue agency SARS unveiled Modernisation 3.0, a digital overhaul that will issue every taxpayer a biometric, two‑factor digital identity. The programme adds AI‑driven case management, instant payments with the Reserve Bank, and automatic VAT assessments. In FY 2025/26...
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
Researchers at Seqrite have identified a "dual‑use dilemma" where ransomware groups repurpose legitimate IT utilities such as IOBit Unlocker and Process Hacker to disable antivirus software. These signed tools allow attackers to create a silent zone, bypassing traditional signature‑based defenses...
Quantum Computers Require Far Fewer Resources to Crack Encryption
Quantum computers need vastly fewer resources than thought to break vital encryption - Ars Technica https://t.co/pLuvHMFLOP
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Brazilian cyber‑crime group Augmented Marauder, also known as Water Saci, is running a multi‑vector phishing campaign against Spanish‑speaking organizations in Latin America and Europe. The campaign delivers the Casbaneiro banking trojan and the Horabot spreader via password‑protected PDF attachments that are...
Kaspersky Warns of New Phishing Technique Exploiting Trusted Platforms
Kaspersky has identified a new phishing method that hijacks trusted digital platforms such as task‑management and notification services to deliver seemingly authentic messages. The attacks mimic internal corporate communications, prompting users to click links that lead to counterfeit login portals...
Storware Releases Backup and Recovery v7.5 with Platform9 Integration and Expanded OpenStack Migration Support
Storware announced Backup and Recovery 7.5, adding native Platform9 Private Cloud Director integration and expanding V2V migration to Citrix Hypervisor and XCP‑ng. The release also brings full Nutanix v4 API support, Proxmox compatibility with Ceph v19 and synthetic backups, and performance enhancements...
Kingston Introduces Next-Gen XTS-AES 256-Bit Hardware-Encrypted Up to 256GB USB Drive
Kingston Digital unveiled the IronKey Locker+ 50 G2, a hardware‑encrypted USB flash drive featuring FIPS 197‑certified XTS‑AES‑256 encryption. The device offers BadUSB protection, brute‑force lockout, and dual admin/user passwords with complex or passphrase modes. Available in 32 GB to 256 GB capacities, it delivers up...
NinjaOne Revolutionizes Vulnerability Management with AI-Driven Assessment to Reduce Risk Faster
NinjaOne launched NinjaOne Vulnerability Management, an AI‑driven module embedded in its Unified IT Operations Platform that delivers continuous, real‑time vulnerability detection and automated patching for Windows and Linux endpoints. The solution replaces periodic scans with server‑side analytics, providing always‑current risk...
FBI Warns Against Using Chinese Mobile Apps Due to Privacy Risks
The FBI issued a public service announcement warning Americans that many popular mobile apps developed in China pose significant privacy and data‑security risks. The advisory highlights that these apps can collect extensive personal information, store it on servers in China,...
KiloClaw Releases First Public AI Coding Security Audit
🚨 KiloClaw just published something no AI coding platform has ever done. An independent 10-day security audit. Full findings. Public. Here's what every developer needs to know ↓ https://t.co/ykYrYWTIYX
WhatsApp Malware Campaign Uses Malicious VBS Files to Gain Persistent Access
Microsoft Defender has identified a WhatsApp‑based malware campaign that distributes malicious Visual Basic Script (VBS) files. The scripts employ social engineering and living‑off‑the‑land techniques, renaming legitimate Windows utilities to download additional payloads. Attackers host these payloads on trusted cloud services...
Claude Code Source Leak Sparks Massive Online Uproar
Claude Code's entire source code has been leaked and the internet is up in arms. https://t.co/KcenyVm6zg
Blog 111a. Banking’s Identity Problem: Why Digital Cards and Instant Payments Need a Human-Verified Security Layer
The article argues that modern banking’s security still leans heavily on credentials, sessions, and device identifiers, leaving digital cards and instant payments exposed to fraud. It highlights regulators’ push for layered authentication yet notes that criminals routinely bypass these controls...
Venom Stealer MaaS Handles Attacks From ClickFix to Crypto Theft
Venom Stealer, a new malware‑as‑a‑service, enables cybercriminals to launch ClickFix attacks that harvest credentials and cryptocurrency wallets. The service is priced at $250 per month or $1,800 for a lifetime license and includes four Windows and macOS phishing templates. Its...
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are marketing a new Malware‑as‑a‑Service platform called CrystalX RAT through private Telegram channels, offering a subscription‑based toolkit that blends remote‑access, data‑stealing, keylogging, crypto‑clipping, and prankware capabilities. The service provides an automated builder with geofencing, anti‑analysis, and ChaCha20‑encrypted payloads, while...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
Octagon Networks uncovered a critical ImageMagick zero‑day that enables remote code execution on major Linux distributions and WordPress sites. The flaw, dubbed a “magic byte shift,” lets attackers disguise malicious scripts as harmless images, bypassing file‑extension checks and even secure...
Data Sovereignty Now a Board‑level Infrastructure Priority
Sovereignty has gone from being a niche compliance concern to a board-level infrastructure priority. https://t.co/p9o7WKQHF9