Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
FBI Warns Against Using Chinese Mobile Apps Due to Privacy Risks
The FBI issued a public service announcement warning Americans that many popular mobile apps developed in China pose significant privacy and data‑security risks. The advisory highlights that these apps can collect extensive personal information, store it on servers in China, and potentially grant the Chinese government access under national security laws. The bureau recommends disabling unnecessary data sharing, keeping devices updated, and downloading apps only from official stores, while urging users to report any suspicious activity via the IC3 platform. The warning follows TikTok’s 2026 transfer to a U.S.-led joint venture aimed at averting a ban.
WhatsApp Malware Campaign Uses Malicious VBS Files to Gain Persistent Access
Microsoft Defender has identified a WhatsApp‑based malware campaign that distributes malicious Visual Basic Script (VBS) files. The scripts employ social engineering and living‑off‑the‑land techniques, renaming legitimate Windows utilities to download additional payloads. Attackers host these payloads on trusted cloud services...
Blog 111a. Banking’s Identity Problem: Why Digital Cards and Instant Payments Need a Human-Verified Security Layer
The article argues that modern banking’s security still leans heavily on credentials, sessions, and device identifiers, leaving digital cards and instant payments exposed to fraud. It highlights regulators’ push for layered authentication yet notes that criminals routinely bypass these controls...
Venom Stealer MaaS Handles Attacks From ClickFix to Crypto Theft
Venom Stealer, a new malware‑as‑a‑service, enables cybercriminals to launch ClickFix attacks that harvest credentials and cryptocurrency wallets. The service is priced at $250 per month or $1,800 for a lifetime license and includes four Windows and macOS phishing templates. Its...
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are marketing a new Malware‑as‑a‑Service platform called CrystalX RAT through private Telegram channels, offering a subscription‑based toolkit that blends remote‑access, data‑stealing, keylogging, crypto‑clipping, and prankware capabilities. The service provides an automated builder with geofencing, anti‑analysis, and ChaCha20‑encrypted payloads, while...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
Octagon Networks uncovered a critical ImageMagick zero‑day that enables remote code execution on major Linux distributions and WordPress sites. The flaw, dubbed a “magic byte shift,” lets attackers disguise malicious scripts as harmless images, bypassing file‑extension checks and even secure...
Are We Training AI Too Late?
GreyNoise warns that AI‑driven security models are trained on data that arrives after attacks have succeeded, creating a reactive lag. Their 2026 State of the Edge report shows over half of remote‑code‑execution traffic originates from IPs with no prior reputation,...
5 of the Most Common Accounting Cybersecurity Threats
Accounting systems are the financial backbone of any enterprise, making them prime targets for cyber attacks. The article outlines five prevalent threats—AI‑powered email scams, ransomware, ERP and application flaws, insider risk with privilege creep, and insecure cloud accounting services—and recommends...
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
Hackers are weaponizing compromised hotel staff credentials to infiltrate booking management systems and send personalized payment requests to guests. By blending real reservation details with urgent language, the "Reservation Hijack Scam" tricks travelers into entering card information on counterfeit pages....
Accenture Teams with Anthropic to Launch Cyber.AI, an AI‑driven Security Ops Platform
Accenture announced a partnership with Anthropic to launch Cyber.AI, an AI‑driven cybersecurity operations platform built on Anthropic’s Claude model. The solution automates threat detection, investigation and response, and Accenture says it has already seen speed and coverage gains in internal...
NIST Finalizes PQC Standards, NSA Sets 2027‑2035 Deadlines, Sparking $15B Enterprise Migration
NIST completed its first three post‑quantum cryptography standards in August 2024 and the NSA announced a phased migration deadline ending in 2035. The combined mandates are projected to drive a $15 billion market, with QSE unveiling its QPA v2 platform to...
Mercor Hit by Supply‑chain Cyberattack Tied to Compromised LiteLLM Library
Mercor disclosed that a supply‑chain attack on the open‑source LiteLLM library compromised its systems, joining thousands of firms hit by the breach. The incident, linked to hacking group TeamPCP and later claimed by Lapsus$, underscores growing risks in open‑source components...
A Taxonomy of Cognitive Security
K. Melton introduced a five‑level taxonomy of cognitive security, framing the brain as a layered system akin to IT architecture. The NeuroCompiler—mirroring Kahneman’s System 1—interprets raw sensory input before conscious awareness and can route outputs directly back to behavior, creating a...
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
New ESET research shows 78% of UK manufacturers suffered a serious cyber incident in the past year, with 95% reporting direct business impact. Over half (53%) incurred financial losses, averaging six‑figure amounts, while 44% faced supply‑chain disruptions and 39% missed...
9 Ways CISOs Can Combat AI Hallucinations
AI hallucinations are undermining governance, risk and compliance (GRC) processes as generative tools begin making judgment calls on control effectiveness and incident handling. Security leaders warn that unchecked AI can produce convincing yet inaccurate assessments, leading to faulty risk scores...
SentinelOne Autonomous Detection Blocks Trojaned LiteLLM Triggered by Claude Code
SentinelOne’s AI‑driven endpoint platform automatically detected and halted a supply‑chain attack that leveraged a compromised LiteLLM package. The malicious chain was triggered after an AI coding assistant installed the tainted library, leading to hidden Python code execution, data theft and...
Anthropic Leaks 2,000 Claude Code Files, No Data Breach
Anthropic inadvertently included internal source code for its AI coding assistant Claude Code in a recent update, exposing nearly 2,000 files on GitHub; no sensitive customer data or credentials were compromised. cybersecurity
Banks Fail to Shield Your Money From Digital Scams
Your money is not safe. You are left completely exposed to digital financial crimes and e-banking scams. The latest BNM 2025 report proves that financial institutions are failing to properly protect you. Wake up before your hard-earned life savings vanish forever.
10 Data Security Stories to Know About (March 2026)
March 2026 saw a wave of data‑security incidents spanning municipal ransomware, high‑profile corporate breaches, and controversial law‑enforcement data purchases. A ransomware attack forced Foster City, California to declare a state of emergency, while a Verizon‑authorized retailer exposed over 6.3 million customer...
CBN Gives Banks 21 Days to Grade Their Cyber Defences
Nigeria's central bank has issued a circular requiring banks, fintechs and other financial institutions to complete a new Cybersecurity Self‑Assessment Tool (CSAT) within 21 days for deposit banks and five weeks for other entities. The move follows a surge in...
Free VPNs Leak Your Data While Claiming Privacy
Recent research by MysteriumVPN examined 18 of the most downloaded free Android VPN apps and found pervasive privacy violations. Nearly all apps embed multiple third‑party trackers and request dangerous permissions unrelated to VPN functionality, while many connect to hard‑coded servers...
NIE Networks Selects BT to Drive Enhanced Connectivity and Security
BT announced a contract worth up to £200 million (approximately $250 million) with Northern Ireland Electricity Networks (NIE Networks) to provide enhanced connectivity, cybersecurity and IT services. The five‑year agreement, with an option to extend another ten years, will modernise the 2,300 km transmission...
Egnyte Expands Content Cloud with AI Governance and Built-In Assistant
Egnyte has launched AI Safeguards, a governance layer that lets IT and compliance teams define who and what can be processed by AI within the Egnyte Content Cloud. The same release adds an AI Assistant that works natively inside the...
How to Build Secure 24/7 AI Automations With OpenClaw
OpenClaw is an open‑source AI agent that automates tasks and delivers actionable insights, now packaged with a step‑by‑step guide for secure 24/7 deployment on Google Cloud Platform. The tutorial emphasizes establishing an encrypted SSH tunnel, provisioning a scalable VM, and...
Secure at First Silicon: Reducing Cost and Risk
Side‑channel leakage often surfaces only after first silicon, forcing expensive redesigns. The Inspector Pre‑Silicon framework embeds side‑channel analysis into RTL and gate‑level verification, generating test vectors and statistical metrics to identify leakage early. By providing actionable, module‑level insights throughout the...
Meta’s Ray-Ban Glasses Face Investigation in Kenya
Kenya's data protection authority launched an investigation into Meta's Ray‑Ban smart glasses over allegations that footage, including sensitive personal moments, is reviewed by human contractors, raising privacy concerns echoed in the US and UK. In Nigeria, persistent naira volatility—fluctuating around...
Align Security, IT, Ops for Disciplined Resilience
What does disciplined resilience look like when ResOps works? At @Commvault's ResOps Rumble at RSAC, Bill O'Connell asked a room of security leaders how many had perfect alignment across security, IT, and ops. Almost every hand dropped. @Commvault's Chris Bevil breaks down how...
SEBI Algo Trading Norms Kick in Today: 2FA, Audit Trails for Brokers Now Mandatory
The Securities and Exchange Board of India (SEBI) has activated new algorithmic trading regulations, requiring brokers to maintain comprehensive audit trails for every automated trade. Mandatory two‑factor authentication, password‑expiry policies, and daily auto‑logout must secure API access. The rules also...
Perplexity AI Accused of Embedding ‘Undetectable’ Trackers for Secretly Routing Sensitive User Data to Meta and Google
Perplexity AI is confronting a proposed class‑action lawsuit that alleges the startup embedded undetectable trackers in its search engine, routing user conversations—including those entered in Incognito mode—to Meta and Google. The complaint, filed by a Utah resident, claims the data...
Mimecast Makes Enterprise Email Security Deployable in Minutes
Mimecast introduced an API‑based email security solution that integrates directly with Microsoft 365, delivering full Secure Email Gateway protection without any MX record changes. The service can be activated within minutes, offering deep URL inspection, sandboxing, AI‑driven BEC detection, and automated...
Malware Detectors Trained on One Dataset Often Stumble on Another
Researchers at the Polytechnic of Porto evaluated machine‑learning static malware detectors across six public Windows PE datasets and four external collections. Models achieved high‑90s AUC and F1 scores on in‑distribution data, but performance fell sharply on external sets, especially the...
Supply Chain Hacks Cripple Major Security and AI Tools
Rundown of the very bad week in security: - TeamPCP (sophisticated hacking group) attacks: Hackers broke into the system that builds a oss popular security scanning tool called Trivy. This was a supply chain attack (when bad code is slipped...
KiloClaw Releases First Public AI Coding Security Audit
🚨 KiloClaw just published something no AI coding platform has ever done. An independent 10-day security audit. Full findings. Public. Here's what every developer needs to know ↓ https://t.co/ykYrYWTIYX
Want to Know Which Sites Are Selling Your Data?
Global Privacy Control (GPC) is a free, browser‑based privacy tool that lets users signal they do not want their personal data sold. Inspired by the 2020 California Consumer Privacy Act, GPC integrates with extensions for Brave, DuckDuckGo, Firefox Nightly, Disconnect,...
Claude Code Source Leak Sparks Massive Online Uproar
Claude Code's entire source code has been leaked and the internet is up in arms. https://t.co/KcenyVm6zg
Data Sovereignty Now a Board‑level Infrastructure Priority
Sovereignty has gone from being a niche compliance concern to a board-level infrastructure priority. https://t.co/p9o7WKQHF9
RedotPay Secures ISO/IEC 27001 Certification, Boosting Trust in Stablecoin Payments
RedotPay announced it has earned ISO/IEC 27001 certification for its information‑security management system, a milestone that validates its security‑first culture and enhances credibility with global banks and payment institutions. The certification, granted by SGS, signals robust controls for the fintech’s...
OpenClaw's Powerful Automation Carries Significant Security Risks
OpenClaw can browse the web, run shell commands, and send emails on your behalf, but it comes with documented security risks that every user should understand before deploying it. https://t.co/UmAoMn8hSv
TEEs Have Been Fundamentally Flawed From the Start
I’ve been saying this for past decade at least. TEEs are a bad idea, from inception.
SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud
In this 6‑minute Stormcast episode, Johannes Ulrich discusses three urgent security topics: a technique for bypassing Palo Alto's application control by fragmenting data into 5‑byte chunks via a Netcat tunnel, the recent supply‑chain compromise of the popular npm Axios package...
Iran's Threat Highlights AI as U.S. Security Issue
if iran has threatened to attack US AI companies and data centers does that mean AI is a matter of US national security or no? asking for a friend
Claude Code Leak Reveals Secrets Behind Its Powerful Harness
Claude Code's source files just leaked. We can finally see what makes the harness so good. Full breakdown: https://t.co/s7VRzoXdkj
Study Shows 10,000 Qubits Could Break RSA‑2048, Threatening Global Encryption
A peer‑reviewed study posted to arXiv on March 31 claims that a fault‑tolerant quantum computer needs only about 10,000 qubits to run Shor’s algorithm against RSA‑2048, and as few as 26,000 qubits could break the standard in seven months. The paper...
Google Deploys AI‑Enhanced Ransomware Detection to All Drive Users
Google announced that its AI‑powered ransomware detection and recovery suite is now enabled for all Google Drive users. The upgrade claims to spot 14 times more infections, automatically pause syncing, and offer 25‑day version restores, marking the company’s biggest consumer‑level...
Mercor Says It Was Hit by Cyberattack Tied to Compromise of Open Source LiteLLM Project
Mercor, an AI recruiting startup, confirmed a security incident tied to a supply‑chain attack on the open‑source LiteLLM library, which was linked to the hacking group TeamPCP and later claimed by extortion group Lapsus$. The breach may have exposed data,...
Workload IAM Vs. Secrets Management: A Practical Decision Guide
Most organizations begin non‑human identity security with a secrets manager, but exploding credential sprawl and the secret‑zero problem expose its limits. GitGuardian found 29 million secrets leaked on GitHub in 2025, a 34 percent rise, and Verizon still flags credential abuse as...
Australia Is Tightening the Rules on Children’s Privacy – Here’s How It Will Work
Australia is overhauling its privacy framework with the 2024 Privacy and Other Legislation Amendment Act, tasking the OAIC with a new Children’s Online Privacy Code. The draft, now open for public comment until June 5, extends to all digital services that...
Russia Moves to Slash VPN Use, Targets Apps Including Telegram
Russia's digital minister Maksut Shadaev announced a package of measures to curb VPN usage, including mandatory blocking by platforms, a proposed data surcharge, and the removal of custom VPN apps from the Apple App Store. The crackdown coincides with intensified...
Proton Launches Encrypted Workspace Suite to Challenge Google and Microsoft
Proton announced Proton Workspace, an end‑to‑end encrypted suite of productivity apps—including Drive, Docs, Sheets, Calendar and Meet—available today. Pricing starts at $14 per month (annual billing) and the company says it serves over 100,000 enterprise customers, positioning the bundle as...
Mercor AI Hacked Amid Tailscale VPN Security Concerns
Is this because Tailscale VPN got hacked? or something else? Anyway, Mercor AI got hacked.