Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
It’s a Mystery … Alleged Unpatched Telegram Zero-Day Allows Device Takeover, but Telegram Denies
TrendAI Zero Day researcher Michael DePlante disclosed a critical zero‑click vulnerability in Telegram (ZDI‑CAN‑30207) that could allow remote code execution via a crafted animated sticker, earning a CVSS score of 9.8. The flaw impacts Android and Linux clients and currently has no patch, prompting the Zero Day Initiative to give Telegram until July 24 2026 to address it. Telegram, however, publicly denies the existence of the bug, asserting server‑side validation prevents malicious stickers. In the meantime, Telegram Business users can mitigate risk by limiting messages from unknown contacts.
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
The week’s cyber‑threat landscape was dominated by a critical Citrix NetScaler flaw (CVE‑2026‑3055) that is now being actively exploited, a confirmed breach of FBI Director Kash Patel’s personal email with a $10 million bounty offered, and the emergence of Red Menshen’s BPFDoor...
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
Hackers on the dark‑web marketplace Threat Market claim to have obtained 375 TB of Lockheed Martin data and are offering it for a $600 million buy‑out. The alleged sale, posted via a Telegram account linked to the market and attributed to an APT...
Compliance Without Validation Is a False Sense of Security
Compliance teams can pass audits and keep perfect documentation yet remain vulnerable to third‑party breaches. The article argues that without real‑world validation, controls are merely theoretical and provide a false sense of security. It highlights that 68% of organizations experience...
3 SOC Process Fixes That Unlock Tier 1 Productivity
The article outlines three SOC process fixes that boost Tier 1 productivity: a unified cross‑platform investigation workflow, a behavior‑first triage model powered by automation and interactivity, and standardized escalation with response‑ready evidence. Leveraging ANY.RUN’s sandbox, analysts can analyze Windows, macOS, Linux...
YouTube TV Subscribers Are Being Targeted By Scammers
Cybercriminals are sending phishing emails that falsely claim YouTube TV subscriptions have been cancelled due to payment problems. The messages contain counterfeit links that mimic the official YouTube TV portal, prompting victims to enter credit‑card numbers and personal data. Google’s...
Estonian Hospital Sends Patient Home with Other Peoples’ Health Data
West Tallinn Central Hospital gave a patient a USB drive that, instead of containing only their X‑ray images, also held the personal health records of several other patients. The hospital claims the drive was newly purchased from its own shop,...
Investing Blog Roundup: Getting Used to Passkeys
The blog post urges readers to start using passkeys—cryptographic login tokens that replace passwords—by experimenting on low‑stakes sites like Target or Walmart. It explains that the user experience differs across ecosystems: Apple‑only households enjoy a seamless flow, while mixed environments...
AI‑Powered Recruiter Scam Uses Fake Jobs to Sell Software
PSA: There’s a new scam going around with exec search firms targeting people to say there’s a role they’re well suited for in order to sell resume software. The tell is AI: They essentially leveraged LinkedIn keywords to market these...
Aderant Achieves SOC 2 Type 2 for Onyx
Aderant announced on March 30 that its outside‑counsel guideline platform, Onyx, successfully completed a SOC 2 Type 2 audit. The examination, conducted by Schellman & Company, assessed controls for security, availability, and confidentiality over the period Nov 1 2025 through Jan 31 2026. Achieving Type...
Container Security Now Central to Government Martech Stacks
Government marketing‑technology platforms are increasingly built on containerized infrastructure, making container security a core concern for public‑sector digital services. Over‑provisioned images and ineffective runtime scans expose agencies to heightened cyber risk, especially as sensitive citizen data flows through these systems....
LLMs on Kubernetes Part 1: Understanding the Threat Model
Running large‑language models (LLMs) on Kubernetes provides familiar scheduling and isolation, but the platform cannot assess the safety of natural‑language prompts or the confidentiality of generated output. The article highlights the OWASP Top 10 for LLM applications and focuses on four...
AI-Fueled Cyberattacks Surge in UAE Amid Rising Regional Tensions
The United Arab Emirates is confronting an unprecedented wave of cyberattacks, with the Cyber Security Council estimating 500,000 to 700,000 incidents each day. Threat actors, including state‑linked groups from Iran, are exploiting artificial‑intelligence tools such as ChatGPT to automate reconnaissance,...
Kantara Initiative to Collaborate with the OIDF on the Role of Authorised Auditor
The OpenID Foundation announced a Memorandum of Understanding with the Kantara Initiative, appointing Kantara as an Authorized Auditor for its independent conformance testing program. In this role, Kantara will evaluate organizations seeking Approved Testing Service Provider status, ensuring they meet...
Iran War Triggers Surge in Spyware Attacks on Israelis and U.S. Firms
Iran-linked hacking groups have launched a coordinated spyware campaign that sent fake shelter‑alert texts to Israelis, while nearly 5,800 cyberattacks have been logged against U.S. and regional firms. The digital offensive underscores how cyber tools are now a core component...
RedotPay Earns ISO/IEC 27001 Certification, Bolstering Stablecoin Payment Credibility
RedotPay, the Hong‑based stablecoin payment fintech, received ISO/IEC 27001 certification from SGS, confirming its information‑security management system meets global standards. The audit highlights robust encryption, data‑access controls and a security‑first culture, positioning the firm for deeper institutional partnerships.
Foster City Cyberattack, Jury Finds Meta and Google Negligent, and Can SF’s Small Clubs Survive?
A ransomware breach forced Foster City to declare a state of emergency, temporarily disabling municipal phone and email services before restoration within a week. A federal jury found Meta and Google negligent for contributing to a youth mental‑health crisis, marking...
Cyber Incidents: Share Price Response Immediate and Sustained
ISS STOXX and ISS‑Corporate analyzed cyber incident disclosures for Russell 3000 companies from 2022‑2024. They found that firms reporting significant cyber breaches underperform the market by roughly 5% on average, with the gap widening to nearly 4.9% after 250 trading...
World Back Up Day 2026 – What Are the Takeaways?
World Backup Day 2026 highlighted that backups alone no longer guarantee security. Experts from WatchGuard, KnowBe4, and Keeper urged organizations to move beyond storage and implement fully tested, recovery‑focused resilience plans. The discussion emphasized that data loss is inevitable, ransomware...
Falsely Accused, Bail Granted; Fraud Was Impersonator Scheme
I want to address what happened to Neeraj and me last week. Of course, it was quite shocking to us as well and honestly very disheartening. But today, we want to talk about what actually happened and more importantly, what...
Cybersecurity Is a Calling, Not Just a Career — Dr. Priyanka Sunder (PD) on Women Leading the Charge
Dr. Priyanka Sunder, a two‑decade cybersecurity strategist and award‑winning leader, discusses how women are reshaping governance, risk and compliance (GRC) in the industry. She highlights the shift from compliance check‑boxes to continuous resilience, emphasizing cloud security controls, data localization, and...
Why Kubernetes Controllers Are the Perfect Backdoor
Kubernetes controllers, the engine behind cluster self‑healing, are being weaponized as stealthy backdoors. Threat actors register rogue MutatingAdmissionWebhooks or custom controllers that watch for pod creation events and inject malicious sidecars, as seen in the Siloscape and Hildegard campaigns. Because...
Why User Behavior Is the Primary Entry Point for Cyberattacks
Cybercriminals are increasingly exploiting human behavior as the primary gateway into enterprises, with credential theft now eclipsing traditional technical exploits. Although perimeter defenses have hardened, 60% of data breaches still stem from user error, amplified by AI‑driven social engineering and...
How OpenClaw’s Agent Skills Become an Attack Surface
OpenClaw, an AI‑agent gateway, gives users deep access to local files, browsers and long‑term memory, but it stores that data in plain‑text files on predictable disk locations. This design creates a low‑effort attack surface: if the host is compromised, an...
6 Trends Redefining Organizations’ Future with IAM
Inductive Automation’s CISO Jason Waits highlights six emerging IAM trends as the company scales, including a 71% surge in session hijacking and expanding identity sprawl across five systems on average. The firm has responded by deepening its use of Cisco...
'The Missing Piece' For Automating Patching Containers at Scale
Container security teams are grappling with the complexity of patching container images at scale, often stalled by tangled dependency trees and coordination across multiple teams. A new automation framework, dubbed the "missing piece," integrates vulnerability scanning, dependency resolution, and rollout...
Hackers Impersonate Ukrainian CERT to Plant a RAT on Government, Hospital Networks
Ukrainian cyber‑defense agency CERT‑UA was spoofed with an AI‑generated website and phishing emails that distributed a password‑protected ZIP containing the AGEWHEEZE remote‑access Trojan. The Go‑based RAT offered full screen, input and system control and communicated with a command‑and‑control server on...
“Sleeper Cells” In Telcos Seen Using Novel New BPFdoor Malware
Researchers have identified a novel malware called BPFdoor that exploits the Linux kernel’s eBPF subsystem to filter packets at kernel level, evading firewalls, IDS and deep packet inspection. The threat has been observed operating as “sleeper cells” within telecommunications networks,...
Pondurance Launches Pondurance Kanati(™): The Industry’s First Agentic AI SOC Designed for Autonomous Operations in a Next-Generation Managed Detection and...
Pondurance announced the general availability of Kanati, the industry’s first agentic AI‑driven Security Operations Center that powers its managed detection and response (MDR) service. The platform autonomously handles high‑confidence threats, delivering 90% faster threat analysis, sub‑two‑minute investigation times and an...
Thailand’s Cybersecurity Boom Has a Weak Core
Thailand’s cybersecurity market has expanded rapidly through 2025, driven by aggressive digital transformation, cloud adoption and new data‑infrastructure initiatives. However, operational depth has lagged, with ransomware employing double‑extortion tactics and APT groups targeting financial firms more frequently. A chronic talent...
Global Threat Landscape Report Shows Exploited High and Critical Severity Vulnerabilities Surged 105% as Attack Timelines Collapsed
Rapid7’s 2026 Global Threat Landscape report reveals a dramatic acceleration in cyber‑attack cycles, with exploited high‑ and critical‑severity vulnerabilities more than doubling year‑over‑year, up 105% from 71 in 2024 to 146 in 2025. The median time from vulnerability disclosure to...
Critical Fortinet Forticlient EMS Flaw Now Exploited in Attacks
Threat‑intelligence firm Defused reports active exploitation of Fortinet’s FortiClient EMS vulnerability CVE‑2026‑21643. The SQL‑injection flaw lets unauthenticated attackers execute arbitrary code via crafted HTTP requests to the EMS web GUI. Shodan and Shadowserver data show roughly 1,000‑2,000 publicly exposed instances,...
Continuous Control Monitoring and the Power of Live Cloud Inventories
Traditional cloud inventories rely on periodic scans and manual CMDB updates, leaving dynamic, short‑lived resources invisible. Continuous controls monitoring (CCM) replaces these static methods with near‑real‑time data ingestion, creating a graph‑based, live inventory that covers every asset. By continuously applying...
SystemRescue 13 Updates Its Kernel to Linux 6.18 LTS, Adds New Recovery Tools
SystemRescue released version 13.00, upgrading its core to the Linux 6.18.20 long‑term support kernel. The update also refreshes storage utilities, including Bcachefs 1.37.3 and GParted 1.8.1, and adds new command‑line tools such as yq and the C‑based iotop‑c. HiDPI display...
The EU CRA – Treating Cybersecurity as Product Liability
The EU’s Cyber Resilience Act (CRA) moves cybersecurity from post‑incident tort claims to product‑level liability, obligating manufacturers, importers and distributors to ensure devices are secure by design, supported and able to report vulnerabilities. The regulation, which entered force on Dec 10 2024,...
Stats SA Confirms Data Breach as Hackers Demand R1.7m Ransom
Stats SA confirmed that hacker group XP95 accessed its HR recruitment database, stealing roughly 154 GB of personal data and demanding a $100,000 (R1.7 million) ransom. The agency rejected the demand, citing compliance with South Africa’s Public Finance Management Act and plans...
AI Agents Could Automate Large‑scale Cyberattacks, Warns Experts
A new wave of AI models could turn cyberattacks into something far more scalable. According to industry and government sources, upcoming systems may enable autonomous agents to plan and execute sophisticated attacks with minimal human involvement. What once required teams could...
Identity Remains Primary Defense in AI-Driven Threats
Identity is the first line of defense, especially in an AI-fueled threat landscape | Cybersecurity Dive https://t.co/8y0zjDUN0H
Government Likely to Extend SIM-Binding Deadline for WhatsApp, Telegram and Other Messaging Platforms: Report
India's Department of Telecommunications will push the SIM‑binding compliance deadline for messaging apps to the end of December 2026, after companies cited technical hurdles. The rule, introduced in November 2025, requires apps like WhatsApp, Telegram and Signal to link accounts...
Drone Attacks Expose Risk of Centralized Cloud Infrastructure
Iranian drones hit AWS data centres twice this month. Banks went down. Apps went offline. Thats centralised cloud, one strike and everything breaks. This war is making the case for decentralised computing like Ocean Network. No single point of failure. No data centre...
AI Defense Must Outpace AI Attack to Preserve Internet
Let's hope AI cyber defense beats AI cyber offense, or the internet age is over
Why Risk Alone Doesn’t Get You to Yes
Security leaders often present technically sound risk briefings, yet executives delay action because risk data alone doesn’t compel decisions. The gap lies in translating exposure into business‑focused consequences that align with revenue, compliance, and operational goals. Executives need clear, stakeholder‑specific...
North Korea Pressures Russian Officers over Crypto Ransomware
I assess with medium confidence this is a North Korean state actor looking for Russian officers with large crypto holdings from shaking down ransomware cyber criminals.
ShipSec Studio Brings Open-Source Workflow Orchestration to Security Operations
ShipSec AI has launched ShipSec Studio, an open‑source security workflow automation platform that replaces ad‑hoc scripts with a dedicated orchestration layer. The visual, no‑code builder lets operators chain tools like Subfinder, Nuclei and TruffleHog into automated pipelines, compiling them into...
FIFA World Cup 2026: A Match Between Fans and Scammers
As the FIFA World Cup 2026 approaches, a NordVPN survey reveals that 11% of American internet users have already encountered soccer‑related scams. Betting fraud (46%) and counterfeit ticket offers (44%) are the most common schemes, proliferating on platforms such as...
Stop Scams Steps up to Online Fraud Challenge
Stop Scams UK, a not‑for‑profit founded in 2020, is scaling its data‑sharing platform to combat online fraud across banks, telecoms and tech firms. In the first half of 2025, UK scams cost roughly $800 million, with two‑thirds originating online. The organisation...
Telstra Business Launches Managed IT Service for SMB Market
Telstra Business announced a new managed IT service aimed at small‑ to medium‑sized enterprises with up to 500 staff. The offering bundles IT support, security and maintenance into Basic, Standard and Premium tiers, each featuring a 24/7 service desk and...
The Hidden Tracking Risk Inside Your Tires
In this episode of the Shared Security Podcast, hosts Tom and co‑host Scott Wright explore the privacy risks posed by tire pressure monitoring systems (TPMS). They discuss a recent study by Spain’s IMDEA institute that captured 6 million wireless signals from...
Don’t Count on Government Guidance After a Smart Home Breach
Researchers examined government cybersecurity guidance across 11 countries for smart homes and found that most advice concentrates on prevention—such as regular updates and changing default credentials—while post‑breach support is minimal. Reporting mechanisms exist but are generic and not tailored to...
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Microsoft issued its March 2026 security update, fixing 83 vulnerabilities across Windows, Office, SQL Server, Azure and other core products. The bulletin includes eight critical and 75 important flaws, notably remote‑code‑execution bugs in Office (CVE‑2026‑26110, CVE‑2026‑26113) and the Print Spooler service...