Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
US Bounty on Iranian Hackers Reissued
The U.S. State Department has reissued a $10 million bounty for information on Iranian threat groups Handala and Parsian Afzar Rayan Borna. The reward follows the FBI’s confirmation that Handala breached Director Kash Patel’s personal email and earlier disclosures of compromised U.S. and Israeli entities. Parsian Afzar Rayan Borna, an Iranian IT firm tied to the government, is accused of facilitating cyber intrusions against the Albanian government and opposition groups. The move builds on earlier offers targeting the state‑backed CyberAv3ngers operation.
Agentic AI Turns One Prompt Into System‑Wide Threat
From Anarchy to Authority: Closing the Governance Gap in Agentic AI “Agentic systems collapse the traditional attack chain in that a single manipulated instruction through prompt injection, tool misuse, or data poisoning can trigger disproportionate impact. Agency enables malicious intent...
Changemaker Defends Healthcare's Evolving Cyber Frontline
Samantha Jacques, senior leader at McLaren Health Care, is spearheading a public‑private partnership through the Health Sector Coordinating Council to safeguard connected clinical environments. Her team delivers unified guidance that addresses the rising tide of cyber threats targeting hospitals and...
NordLayer Unveils Secure Browser for SMB SaaS Users, Pricing Starts at $8/Month
NordLayer has released a dedicated enterprise browser aimed at small and medium‑size businesses that rely on SaaS applications. The browser bundles data‑loss‑prevention, zero‑trust traffic routing and IP anonymization, with subscription plans beginning at $8 per user per month. The move...
CareCloud Confirms Data Breach After Eight‑Hour EHR Outage, Patient Info Potentially Exposed
CareCloud, a publicly traded healthcare‑technology firm, disclosed a cyberattack that knocked out one of its six electronic health‑record environments for eight hours on March 16, 2026. The breach may have allowed attackers to view or copy patient information, prompting a...
Google Paper Cuts Qubit Count, Sparks Quantum‑security Scramble for Bitcoin, Ethereum
Google’s Quantum AI team published a whitepaper indicating that fewer than 500,000 physical qubits could break the elliptic‑curve cryptography securing Bitcoin and Ethereum wallets. The finding compresses the timeline for a viable quantum attack from the mid‑2030s to the end...
OpenClaw Has 500,000 Instances and No Enterprise Kill Switch
OpenClaw, an AI‑driven personal assistant, has exploded to roughly 500,000 internet‑facing instances, with more than 30,000 showing clear security gaps. A UK CEO’s unencrypted OpenClaw workspace was listed for sale on BreachForums, exposing conversations, production databases, API keys and personal...
AI Agents Turn Environment Into Attack Surface
AI agents don’t just inherit LLM risks — they amplify them. I came across an interesting paper: “AI Agent Traps.” Most discussions still focus on prompt injection. That’s already incomplete. Because once agents have: - autonomy - persistence - tool access...
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google has moved its AI‑powered ransomware detection and built‑in file recovery for Drive from beta to general availability. The new model claims to spot 14 times more threats and automatically pauses Drive for desktop syncing when encryption activity is detected. A...
Unsolicited Loan Data Leak Exposes Flawed Third‑Party Sharing
Great. My phone number was found on the dark web in conjunction with a breach of a site I don’t even use. Third party data sharing is not cool. Apparently it is a fintech blockchain HELOC company. Definitely did not...
Essential Security Docs Most Orgs Still Miss
Cybersecurity scales with process + templates 🔐 Key docs every org needs: 🛡️ InfoSec: incident logs, access matrix, data classification 🌐 Network: DDoS plan, VPN/NAC logs, patch schedule ☁️ Cloud: config baseline, IR log, backup testing, asset inventory 🧩 AppSec: secure coding checklist, SAST logs,...
Claude Code's Source Code Leaks Via Npm Source Maps
A security researcher uncovered the entire Claude Code repository after source maps in its npm package exposed a Cloudflare R2 bucket containing every file. The leak reveals a sophisticated architecture: a 40‑tool plugin system, a 46,000‑line query engine, multi‑agent “swarms”, an IDE...
‘StravaLeaks’: How Le Monde Located 18,000 French Military Personnel with a Fitness App
Le Monde’s investigation, dubbed “StravaLeaks,” identified roughly 18,000 French military personnel who publicly shared workout data on the Strava app. The disclosed routes pinpointed high‑value assets, including the Charles de Gaulle carrier strike group, nuclear‑submarine base Île Longue, and even the movements of...
Understanding the Updated COPPA Rules and Their Impact on Child Safety
The Federal Trade Commission’s updated COPPA rules will take effect on April 22, 2026, marking the first major overhaul since 2013. The amendments require separate, opt‑in parental consent for targeted ads and third‑party data sharing, broaden the definition of personal...
Black Hat USA
Black Hat USA 2026 returns to Las Vegas for a six‑day cybersecurity showcase, featuring four days of expert‑led trainings, a summit day, and a two‑day conference with briefings, Arsenal tool demos, and a Business Hall. Attendees can use promo code...
Investing in Depthfirst
Depthfirst, an AI‑focused security startup, announced its Series B funding and introduced dfs‑mini1, a specialized model that outperforms leading AI systems at detecting smart‑contract vulnerabilities while costing far less to run. The platform builds a semantic model of a customer’s environment,...
Anthropic's Claude Code Leak Exposes Internal Architecture
Oh boy, including "Undercover" Claude -> Claude Code's source code appears to have leaked via a misconfigured npm package, revealing internal codenames, a “Self-Healing Memory” architecture, and more "For Anthropic, a company currently riding a meteoric rise with a...
IDnow and Trustfull Partner for Continuous Fraud Prevention
IDnow, Europe’s leading identity‑verification provider, has teamed up with fraud‑prevention specialist Trustfull to launch a continuous, end‑to‑end risk‑management solution. The joint offering merges IDnow’s AI‑driven verification suite with Trustfull’s real‑time digital and behavioural intelligence, extending protection beyond the initial onboarding...
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high‑severity zero‑day (CVE‑2026‑3502) in TrueConf’s video‑conferencing client was exploited in the wild, allowing attackers to replace legitimate updates with malicious code. The flaw, rated 7.8 CVSS, enables arbitrary code execution via DLL side‑loading and was used in the TrueChaos...
Rethinking Vulnerability Management Strategies for Mid-Market Security
Mid‑market security teams are confronting a widening gap between the surge in disclosed vulnerabilities—rising from roughly 30,000 to 50,000 CVEs annually—and their ability to remediate them quickly. Chris Wallis, founder of Intruder, argues that counting CVEs is insufficient; the real...
AI and Quantum Are Forcing a Rethink of Digital Trust
Enterprises are confronting a seismic shift in digital trust as AI agents multiply, pushing machine‑to‑human identity ratios from 100:1 toward 1,000:1. At the same time, digital certificates are being issued with ever‑shorter lifespans, complicating lifecycle management and increasing the risk...
Dynamic Identity Systems Needed for Independent AI Agents
Identity for AI agents came up in almost every serious conversation last week at RSAC. It is not just “give them an identity.” It is that: identities are dynamic agents act independently and they will outnumber humans We built identity systems for people. Now we need...
Linx Security Raises $50M Series B as Identity Becomes Security’s Biggest Failure Point
Linx Security announced a $50 million Series B round led by Insight Partners, bringing its total capital to $83 million. The New York‑based startup offers an AI‑native identity governance platform that continuously maps, monitors and automates control of human, machine and AI‑agent identities. With...
Autonomous Agents Risk Malicious Prompts Despite Sandbox Efforts
This is the type of thing I’m worried about with completely “autonomous” agents only the inclusion of something more malicious than ads. It could be unintentional or via prompt injection. I have some tools that can run while I’m sleeping...
How to Handle Unexpected Calls About Unclaimed Funds
Scammers are increasingly posing as government agencies to lure victims with promises of unclaimed funds, often citing specific amounts and urgent deadlines. They use phishing tactics such as fake texts, phone calls, and requests for upfront processing fees. Legitimate unclaimed...
AI Safety Becomes a Cybersecurity Priority
AI safety has entered the cybersecurity era. @IrenaCronin and I write this newsletter every week. AI safety is becoming a cybersecurity issue because advanced AI can now help both defenders and attackers, making the risks more immediate and practical. As AI systems...
Iran Conflict Highlights Cyberthreat Exposure of U.S. Facilities
State‑backed actors tied to the Iran conflict are exploiting insecure smart‑building and operational‑technology systems, as highlighted in WiredScore’s 2026 resiliency report. The report notes that retrofitted legacy assets and internet‑connected IoT devices dramatically expand the cyber‑physical attack surface for commercial...
BREAKING: Anthropic Just Leaked Claude Code’s Entire Source Code
Anthropic inadvertently published the Claude Code 2.1.88 source map to the npm registry, exposing the full JavaScript source and 44 internal feature flags. The leak revealed fully built, but unreleased, capabilities such as 24/7 background agents, multi‑Claude orchestration, cron scheduling,...
Securing Cloud Infrastructure for AI
The brief warns that AI workloads running in cloud environments create novel attack surfaces that existing vulnerability‑management frameworks cannot adequately protect. Nation‑state actors are accelerating discovery and exploitation cycles, while public resources like the National Vulnerability Database are overwhelmed by...
Axios Software Tool Used by Millions Compromised in Hack
Axios, a widely used NPM client for HTTP requests, was compromised after a hacker breached a maintainer's GitHub account and published malicious versions. The package, downloaded roughly 80 million times weekly, could deliver payloads to Windows, macOS and Linux machines. By...
Siemens Adds Viakoo Platform for OT and IoT Security
Siemens Smart Infrastructure has signed an agreement with Viakoo to integrate the Viakoo Action Platform into its service portfolio. The cloud‑based solution provides automated firmware updates, certificate management, password enforcement, and compliance tracking for OT and IoT device fleets. By...
AI Code Leaks Boost Demand for Software Security Jobs
Woke up to news of supply chain attacks on NPM and Claude Code’s source code leaking…again. It seems the only tech jobs that AI with any job security are going to be software security jobs. It’s only going to get...
Satoshi Warned of Quantum Risk, Urged Gradual Transition
JUST IN: Satoshi Nakamoto acknowledged Bitcoin quantum risk early in 2010, suggesting If it happens gradually, we can transition. https://t.co/P6PSea6doH
CrewAI Vulnerabilities Expose Devices to Hacking
Open‑source AI orchestration framework CrewAI disclosed four interrelated vulnerabilities. The flaws—CVE‑2026‑2275, ‑2285, ‑2286, and ‑2287—stem from the Code Interpreter tool’s fallback to an insecure sandbox and improper configuration checks. Exploited together, they enable remote code execution, SSRF, and arbitrary file...
AI‑found Zcash Sprout Bug Fixed; Funds Remain Safe
Security Disclosure: last week a white-hat security researcher using AI found a bug in Zcash's old “Sprout” pool. Folks from ZODL and Shielded Labs worked together to fix it, and mining pools have updated. User funds are safe. Full report:...
AI Governance Gaps Enable Rogue Agent Threats
Governance around AI and data is still a significant problem. Many vendors still hesitate to talk about it. What Happens When AI Agents Go Rogue? https://t.co/5TE3g0hXng #CIO #CISO #AI #cybersecurity
Can Burning Satoshi's Coins Curb Quantum Risk?
Is burning Satoshi's coins the right path to solve [part of] the quantum threat? https://t.co/LVOy35zOxM
Quantum Threat May Reach Bitcoin Within One Block
Google now warns quantum attacks could happen within Bitcoin’s block time. Are we closer than we think? I’m speaking with Alex Pruden and Dolev Bluvstein about what this means for crypto. https://t.co/LVOy35zOxM
Elliptic Curve Crypto Underpins All Protocols—Removing It Requires Complete Rebuild
"Everything relies on elliptic curve cryptography. If you remove that foundation, you need to rebuild EVERYTHING. The issue? Most protocols use this." https://t.co/OMA9HmxIQs
Quantum Leap: 10k Atomic Qubits Threaten Crypto Security
From “millions of qubits” to ~10,000 atomic qubits. That’s a major shift. What does it mean for Bitcoin, Ethereum, and cryptography? We break it down live. https://t.co/OMA9HmxIQs
Quantum Leap Brings Excitement and Cryptographic Risks
"It's clear we are crossing a moment. It's exciting. We'll be able to use quantum computers. But it's CONCERNING too, because it'll be cryptographically relevant." Dolev Bluvstein https://t.co/OMA9HmxIQs
Quantum Leap Could Accelerate Crypto's Existential Threat
A new quantum breakthrough may have cut the timeline dramatically. On Unchained, Alex Pruden and Dolev Bluvstein join me to discuss: ⚛️ When quantum becomes a real threat 🔐 What breaks first in crypto ⏳ Whether we’re already behind https://t.co/OMA9HmxIQs
AI Agent Identity Layer: Next Cybersecurity Frontier
I recently joined @reckless on @DecoderPod to discuss the “SaaSpocalypse,” the future of software, and why the identity layer for AI agents could become the biggest category in cyber. Really enjoyed this conversation: https://t.co/afZ84f2ymM
State Quantum Power Lies in Hidden Communications Exploitation
Ok I just want to add one thing. Folks, for state actors, the value of having a quantum computer is massively higher if you DON’T tell people you have a quantum computer. Exploiting Bitcoin is a parlor trick. Exploiting the world’s communications...
Victims Receive $27.92 Settlement After 2024 Evolve Hack
Remember back in 2024 when a Russian cybercrime group hacked Evolve and exfiltrated terabytes of data, including user data like SSN and account numbers? Victims are finally getting their settlement payments: $27.92 https://t.co/9rKUgGOh5I
Secure Hybrid Self‑Managed and Managed MCP Server Setup
You could use a mix of self-managed and managed MCP servers. Here's an example of using both, and securing them in a production-ready way. https://t.co/reHeaq6QEV https://t.co/5pLxHwGKWv
BeyondTrust Reveals New Token Injection and Exfiltration Vectors
Where else can the tokens be injected and exfiltrated. This is the original report from BeyondTrust.
DNS Covert Channel Bypasses AI Guardrails, Enables Remote Shell
“Specifically, it abuses a hidden DNS-based communication path as a "covert transport mechanism" by encoding information into DNS requests to get around visible AI guardrails. What's more, the same hidden communication path could be used to establish remote shell access...
Map Data, Centralize Control—Simple Shift, Big Cybersecurity Impact
Cybersecurity is overdue for a makeover. More of a focus on knowing where data lives, who has access, and how risk moves. One university proved it: map the data, identify real risks, centralize control. Simple shift. Big impact. https://t.co/GLJlBbM1uN
AI's Dual Role Fuels Security Edge at RSAC
“AI on Both Sides: Friend, Foe, and Everything In Between” RSAC 2026 Recap: Chatbots, Deepfakes, and Smart Glasses Highlight a Security World on Edge https://t.co/qHl5CXvVip #RSAC #RSAC26 https://t.co/IgIm5EZ5DI