Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iran has resurrected the state‑backed Pay2Key ransomware operation, enlisting Russian cybercriminal affiliates to target high‑impact U.S. and Israeli entities. The campaign employs “pseudo‑ransomware,” encrypting data while delivering destructive wiper payloads to obscure motives. Affiliate rewards have been boosted to 80% of proceeds for successful attacks against Iran’s declared enemies. KELA warns that this hybrid model blurs state‑crime lines, creating attribution challenges and potential sanctions exposure for victims.
New Bitdefender Assessment Helps Organizations Identify and Eliminate Hidden Internal Attack Paths
Bitdefender launched a complimentary Internal Attack Surface Assessment to help enterprises pinpoint hidden internal cyber risks tied to excessive user access and shadow IT. The service leverages the GravityZone PHASR platform to deliver data‑driven visibility down to the individual user...
From AI Risks to Rapid Control Implementation
I hosted a roundtable at RSAC with NTT Data on AI risk. The conversation has shifted. We are past “what are the risks of AI.” Now it is: how do we operationalize controls fast enough? That is a very different problem.
Extending API Keys Beyond the RIPE Database
RIPE NCC is extending its API‑key authentication model from the RIPE Database to the LIR Portal services, allowing keys to be generated directly within each service while remaining centrally visible. The new design adds usage timestamps, fine‑grained permissions, modern password‑hashing...
AI Coding Assistants Poised to Flood Software with Zero‑Day Bugs
Security researchers say AI‑generated coding agents will soon produce a flood of zero‑day vulnerabilities, fundamentally altering exploit development. The shift could accelerate the pace of high‑impact bugs and strain the software supply chain.
ChatGPT Security Issue Enabled Data Theft via Single Prompt
Security researchers at Check Point uncovered a vulnerability in ChatGPT that allows a single crafted prompt to create a covert data‑exfiltration channel. The flaw leveraged a hidden DNS side‑channel from the model's isolated container, enabling both data leakage and remote...
AI Model Mythos Amplifies Attack Scale and Internal Threats
A leaked model is raising new concerns about AI and cybersecurity. Anthropic’s “Mythos” is described as a step change in capability, especially in how AI agents can act, reason and operate independently. That makes it easier for attackers to scale operations...
Download: 2026 SANS Identity Threats & Defenses Survey
The 2026 SANS Identity Threats & Defenses Survey reveals that 55% of organizations suffered an identity‑related breach in the past year. MFA fatigue contributed to 26% of those attacks, indicating user weariness with multi‑factor prompts. The report details how threat...
The Axios Breach: What Salesforce Developers Need to Know
The popular JavaScript HTTP client Axios suffered a supply‑chain breach that injected a Remote Access Trojan into versions 1.14.1 and 0.30.4. The malicious code is delivered through npm, a channel that sees roughly 300 million downloads each week, giving the attack...
Companies House ‘Developing a Case for Upgrade Investments’ After Five-Month Data-Security Breach
Companies House disclosed a five‑month data‑security flaw that let any user potentially edit another company’s details by pressing the back button four times. The defect, traced to an October software update, prompted a temporary shutdown of the WebFiling service and...
Board Briefing: Data at Risk: What Boards Are Missing on Cyber, AI & Regulation
Corporate Board Member Network is hosting a one‑hour virtual briefing on April 23, 2026, titled “Data at Risk: What Boards Are Missing on Cyber, AI & Regulation.” The session features privacy‑law expert Kwabena Appenteng, who will explain where companies are...
FBI Issues Urgent Warning: Cybercriminals Are Targeting Musicians
The FBI’s Internet Crime Complaint Center warned that cybercriminals are increasingly targeting musicians, industry staff, and fans. Between early 2024 and late 2025, complaints surged, highlighting extortion, AI‑driven streaming fraud, romance scams, and intellectual‑property theft. Criminals breach social‑media accounts, steal...
How to Give Your Google Account a Quick ‘Security Checkup’
Google’s Security Checkup is a free, web‑based audit that guides users through essential account protections, including password strength, two‑factor authentication, recent sign‑in activity, and third‑party app access. The tool, introduced in 2018, helps both consumers and enterprises quickly identify and...
EnSilica Joins UK CHERI Adoption Collective to Accelerate Secure-by-Design Silicon
EnSilica has been selected to join the newly formed CHERI Adoption Collective, a UK‑government‑backed initiative aimed at embedding hardware‑level memory safety into critical systems. The collective brings together infrastructure operators such as BT, National Grid and SSE, along with semiconductor...
RSAC 2026: Cohesity Enhances Cyber Resilience with Next-Generation Malware Scanning Powered by Sophos
Cohesity announced native integration of Sophos next‑generation malware scanning into its Data Cloud platform. The feature, included with the Enterprise Edition, detects zero‑day, polymorphic and fileless threats hidden in backup data without requiring a separate Sophos license. Scans run incrementally...
RSAC 2026: Commvault Extends Enterprise Resilience to Structured and AI Data with Real-Time Governance Controls
Commvault announced an expansion of its data security posture management (DSPM) to include structured data and AI‑driven vector databases, leveraging its recent acquisition of Satori. The new real‑time data access governance lets security teams monitor and control structured data usage,...
RSAC 2026: Druva Pioneers Identity-Aware Resilience for Okta, Active Directory, and Entra ID
Druva unveiled Identity Resilience, extending its SaaS platform to protect identities across Okta, Microsoft Active Directory and Entra ID. The solution continuously models identity state, correlates privileges, activity and data, and stores this intelligence in the MetaGraph engine. By unifying hybrid...
Rubrik and Rackspace Technology Launch UK Sovereign Cyber Recovery Cloud
Rackspace Technology and Rubrik have launched the UK Sovereign Cyber Recovery Cloud, a ransomware‑focused recovery service that keeps all data, hardware and management within UK borders. The offering provides an automated, isolated "clean‑room" environment that can restore public‑sector and regulated...
Nakivo Expands Platform Support and Elevates Security in v11.2
Nakivo released Backup & Replication v11.2, adding native support for VMware vSphere 9 and Proxmox VE 9.0/9.1 while introducing built‑in OAuth 2.0 for email notifications. The update also bundles broader platform compatibility and critical security patches. Customers can now protect the latest hypervisor versions...
Keepit Signs Strategic Agreement with Hammer Distribution
Keepit, a cloud‑native data protection provider, has signed a strategic agreement with Hammer Distribution to strengthen its UK and Ireland market presence. The partnership leverages Hammer’s value‑added distribution network and Keepit’s local data centers to deliver vendor‑independent SaaS backup that...
The Most Important Data Source for Enterprise SEO Teams in 2026
In this 1‑minute‑40‑second episode of Voices of Search, host Tyson chats with Kaspar Siminski, Senior Director at Search Brothers and former Google search team member, about the single most critical data source for enterprise SEO teams in 2026. Siminski argues...
Emerging Innovator Naveen Reddy Burramukku Recognized for Pioneering
Naveen Reddy Burramukku, a systems and network architect, has been highlighted as an emerging innovator in secure infrastructure engineering. His scholarly work spans virtualization protection, identity governance, disaster recovery, and hybrid cloud security, introducing methods that boost resilience and reduce...
AI Cyberattacks Surge, Cloudflare’s AI Defense Boosts $NET
AI-driven cyberattacks are scaling rapidly — and $NET is a direct beneficiary Cloudflare’s AI-powered defense, driven by Cloudforce One and its global network, now blocks ~230 billion threats daily. Attack sophistication is rising fast. AI is being used for exploit development, network mapping,...
Cato Networks Unveils Modular Adoption Model for SASE Platform
Cato Networks announced a modular adoption model for its core SASE platform, allowing enterprises to select and add capabilities such as AI security, SD‑WAN, SSE and universal ZTNA on demand. The solution runs on the GPU‑powered Cato Neural Edge, a...
Guidance: Industry Security Notice (ISN)
The UK Ministry of Defence’s Industry Security Notices (ISNs) continue to evolve, with the latest revision on 31 March 2026 adding Defence Cyber Certification (DCC) guidance under DEFCON 658 and clarifying the cyber‑security model scope. Over the past six years the ISNs have...
This App Makes Even the Sketchiest PDF or Word Doc Safe to Open
Dangerzone is a free, open‑source tool that sanitizes PDFs, Word, Excel, PowerPoint, OpenOffice, EPUB and image files by sandboxing them and converting each page to an image‑only PDF. The process runs in a container or virtual machine with no internet...
Fewer CVEs in Your Camunda 8 Containers with Hardened Base Images
Camunda announced that its Camunda 8 self‑managed containers now use hardened Minimus base images, eliminating 354 known CVEs from the base layer. The transition covers Node, OpenJDK, OpenJRE and PHP images and includes a build‑time option for Zeebe’s container. Ongoing...
Vibrations in Your Skull May Be Your Next Password
Rutgers researchers unveiled VitalID, a software biometric that authenticates XR users via skull‑borne vibrations from breathing and heartbeat. The method captures unique vibration patterns with headset motion sensors, eliminating passwords, PINs, and iris scans. In trials with 52 participants across...
Okta Deploys AI‑Agent Identity as 'Claw' Architecture Takes Hold in Enterprise
Okta, the $14 billion identity‑management firm, announced a new AI‑agent identity framework to protect autonomous software agents, signaling the enterprise’s shift toward “claw” technology. Executives from Okta, Nvidia and startup NanoCo highlighted security, productivity and cost pressures driving the move.
7,655 Ransomware Claims in One Year: Group, Sector, and Country Breakdown
From March 2025 to March 2026 ransomware groups posted 7,655 victim claims on public leak sites, averaging about 20 claims per day. The five most active groups—Qilin, Akira, INC Ransom, Play and Safepay—account for 40% of all claims, with Qilin alone responsible...
Apple Adds macOS ClickFix Warning to Block Self‑inflicted Malware Attacks
Apple introduced a Terminal warning in macOS 13.4 that blocks paste actions containing potentially malicious code, directly confronting the ClickFix social‑engineering technique. The move comes as researchers document new macOS threats like Infiniti Stealer that exploit the same user‑driven command...
Employee Data Breaches Surge to Seven-Year High
Employee data breach reports to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, the highest level in at least seven years. That marks a 5% rise from the previous year and a 29% increase versus 2019, when reporting...
Change Intelligence and Deployment Connectors for Liquibase Secure
Liquibase Secure announced two new capabilities—Change Intelligence and Deployment Connectors for ServiceNow, GitHub, Harness, and Terraform. Change Intelligence aggregates change data, applies AI‑driven risk analysis, and automatically captures audit evidence in a single view. Deployment Connectors embed governed database change...
KYND Warns Insurers of Surge in US Website Privacy Lawsuits
Cyber‑risk firm KYND warns insurers that U.S. privacy lawsuits tied to routine website tracking have surged from a few hundred to over 2,000 cases annually. The claims focus on marketing pixels and analytics tools rather than data breaches and can...
Let’s Stop Sovereignty Washing
The article warns that cloud providers are marketing “sovereignty” while delivering only data residency, creating a gap between promises and technical reality. It explains that U.S. laws such as the CLOUD Act can compel access to data stored in Europe,...
Hacker Charged with Stealing $53 Million From Uranium Crypto Exchange
U.S. prosecutors have charged Maryland resident Jonathan Spalletta with stealing more than $53 million from the decentralized Uranium Finance exchange through two separate smart‑contract exploits in April 2021. The attacks drained liquidity pools, forced the platform to shut down, and the...
Huawei Secure SD-WAN Full SASE Solution: Secure, Intelligent Connectivity for Modern Enterprises
Huawei has launched its Secure SD‑WAN Full SASE solution, a unified platform that blends networking, security and AI‑driven management for enterprise connectivity. The solution dynamically routes traffic over MPLS, broadband, LTE or 5G while encrypting tunnels and providing integrated firewall,...
The External Pressures Redefining Cybersecurity Risk
External pressures are reshaping cybersecurity risk, with third‑party breaches now accounting for over 35% of incidents. Geopolitical conflicts are spilling battle‑tested tactics into operational technology (OT) and IoT environments, raising safety and continuity stakes. Generative AI accelerates attacker capabilities while...
California Gets Serious About Regulation (Again)
Effective Jan 1 2026, California expanded its CCPA/CPRA into a unified governance framework that blends privacy, cybersecurity, and AI regulations. The new rules mandate formal risk assessments for high‑risk processing, regulate automated decision‑making technologies, and require independent cybersecurity audits. Obligations roll out...
Supply Chain Attacks Force Permanent Passwordless Rotation
Whoever is doing all the supply chain attacks really wants us to switch to passwordless auth for everything. If the cadence of attacks continues we will end up just having to permanently rotate everything for the rest of the year.
Quantum Crypto Threats Unlikely Within Our Lifetime
Neat paper on securing cryptocurrencies against quantum attacks. I want to stress that I am not convinced we have anything to worry about in my lifetime. This tweet might haunt me. https://t.co/d1i4reP93g
This Month in Security with Tony Anscombe – March 2026 Edition
In March 2026, ESET’s chief security evangelist Tony Anscombe highlighted four major cyber incidents. A hack claimed by Iran‑linked Handala crippled med‑tech giant Stryker, wiping over 200,000 devices and exfiltrating 50 TB of data. Google’s Threat Intelligence Group reported that 77 %...
PQC Adoption Accelerates as Qubit Requirements Shrink
More warning lights keep blinking for the urgency of PQC adoption in many fields as advances in both hardware and algorithm construction keep reducing the number of qubits and gates needed for a CRQC. https://t.co/55FxttUDdD https://t.co/nmDa4iDWbr https://t.co/MOfzj3Tl4O
Claude's Source Code Allegedly Exposed Through Npm Map File
WILD if true. @Fried_rice is reporting that Claude's source code leaked via an npm .map file 👀 Code: https://t.co/nQFCcCCc6Z https://t.co/ACLKa6wVFf
Here's a Thing - What if Shadow AI Is Actually Telling Us Something Useful?
Enterprises are confronting a surge of shadow AI—unauthorized, employee‑driven use of large language models and autonomous agents. As governance lags, these tools make decisions and act independently, amplifying risk beyond traditional shadow IT. Experts argue that treating employees as AI...
Quickly Detect Axios Supply‑Chain Compromise with New Claude Skill
🚨 Want to quickly check if you've been compromised by the Axios supply-chain attack? Hari (@hrkrshnn) just shipped a free @claudeai skill for us 🙏 /plugin marketplace add cantinasec/plugins /plugin install cantinasec@cantinasec-plugins /reload-plugins /cantinasec:axios https://t.co/XlUdHdDcl7
IOS 26.5 Restores Encryption, Paves Way for Maps Ads
iOS 26.5 brings back end-to-end encryption when messaging Android users, but it also brings us one step closer to ads in Apple Maps. https://t.co/uhPJbpMa8C
Qilin Ransomware Allegedly Breached Chemical Manufacturer Giant Dow Inc
Cybercrime group Qilin ransomware announced it breached chemical giant Dow Inc., adding the company to its Tor data‑leak site. Dow, a $40 billion global manufacturer with 36,000 employees, has not provided evidence of stolen data. The claim follows Qilin’s rapid growth...
Razorpay Introduces RBI-Compliant Biometric Authentication Solution ‘Passkey’
Razorpay has launched “Passkey,” an RBI‑compliant biometric authentication solution for online card payments, developed with Mastercard and slated to integrate Visa soon. The technology leverages device‑bound fingerprints or facial scans, removing the need for one‑time passwords that cause roughly 35%...
Consumers Shouldn't Bear the Burden of Spotting Scams
Why should consumers be the ones trying to work out whether something is a scam or not? #CyberSecurity #Scam #Fraud #DigitalSignatures https://t.co/UykiRfLj5z