Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked
McGraw‑Hill confirmed a data exposure caused by a Salesforce misconfiguration, after extortion group ShinyHunters claimed it had accessed up to 45 million records. The company’s investigation found only a limited set of non‑sensitive data exposed on a publicly reachable webpage, not its core customer or courseware systems. While the hackers’ claims suggest a massive breach, McGraw‑Hill says the actual impact is far smaller. The incident highlights the growing risk of SaaS configuration errors in large enterprises.
'Harmless' Global Adware Transforms Into an AV Killer
A threat actor operating as Dragon Boss Solutions LLC pushed a malicious update on March 22, 2025 that transformed its ad‑ware into a potent antivirus‑disabling payload. The update affected roughly 23,500 computers in 124 countries, with half of the victims...
The only Way to Fight Deepfakes Is by Making Deepfakes
Deep‑fake detection firms such as Reality Defender, Pindrop and GetReal are racing to combat AI‑generated audio, video and image fraud, a market now valued at roughly $5.5 billion. These companies train detection models by creating their own deepfakes, using a student‑teacher...
Apple Pay Express Mode for Transit, When Used With a Visa Card, Is Vulnerable to Scam Tap-to-Pay Readers
Researchers from the University of Surrey and Birmingham demonstrated that Apple Pay’s Express Transit Mode, when paired with a Visa card, can be hijacked by a specially tuned NFC reader. The attack works on a locked iPhone, intercepts the payment flow,...
An AI View of SentinelOne
McKinsey warns that AI is enabling cybercriminals to launch attacks in minutes rather than days. Attackers leverage AI for hyper‑personalized phishing, deepfakes, instant malicious code, and adaptive tactics. In response, 77% of organizations have integrated AI into security functions, automating...
Agentic AI Security Needs Layered, Integrated Defenses
We keep asking how to solve agentic security as if there is a single answer, but most of the conversations I am having suggest it is a combination of least privilege, access controls, monitoring, and good architecture. The question might not...
Threat Exposure Management Establishes a Risk-Driven Approach for Federal Agencies
Federal agencies are adopting Continuous Threat Exposure Management (CTEM) to shift from traditional vulnerability counting to a risk‑driven security posture. CDW’s leaders describe CTEM as a five‑stage framework—scoping, discovery, prioritization, validation, and mobilization—that ties technical findings to business impact. By...
North Korea Targets macOS Users in Latest Heist
North Korean Lazarus Group offshoot Sapphire Sleet is targeting macOS users with a fake Zoom SDK update delivered via a malicious AppleScript. The campaign begins with LinkedIn recruiter scams aimed at finance professionals, then tricks victims into running the script, which...
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Researchers at Cisco Talos have uncovered a new botnet, PowMix, actively targeting Czech workers since at least December 2025. The malware is delivered through phishing emails that contain a malicious ZIP file, which drops a Windows shortcut that launches a...
If You Want Into Anthropic's Claude Club, You May Have to Show ID
Anthropic is rolling out identity verification for select Claude features, using Persona Identities as its vendor. The verification prompts may appear at any time to enforce platform integrity, prevent abuse, and meet legal obligations. Anthropic assures users that identity data...
Officials Seize 53 DDoS-for-Hire Domains in Ongoing Crackdown
Authorities from 21 nations coordinated Operation PowerOFF to dismantle 53 DDoS‑for‑hire domains and seize related servers and databases. The crackdown yielded data on more than 3 million alleged criminal accounts and led to four arrests. Over 75,000 warning emails and letters...
CEO Interview: Underdark
Underdark operates in the cyber threat intelligence and dark‑web monitoring market, competing with larger firms such as Recorded Future, Digital Shadows, Flashpoint and Cyberint. While most rivals rely on AI‑assisted crawlers to collect data, Underdark’s core service is human intelligence—direct...
Why Donald Trump and Kash Patel Want Your Data
Congress is set to vote on a clean reauthorization of FISA Section 702, a foreign‑intelligence tool that also sweeps up the communications of millions of Americans. The Trump administration, with FBI director Kash Patel at the helm, is pushing the bill...
Delivering Reliable Connectivity And Cybersecurity On The High Seas: Inside MSP Marlink’s Approach
Marlink, a maritime‑focused managed services provider, delivers satellite connectivity and cybersecurity to oceangoing vessels despite tight budgets that often hover around $100‑$200 per month. The company leverages an "exchange platform" that aggregates Inmarsat, OneWeb, Starlink, SES and Iridium links, providing...
How Push Notifications Can Betray Your Privacy (and What to Do About It)
Push notifications travel through Apple or Google servers before reaching a device, exposing message content and metadata to the platform providers. Law‑enforcement can compel these companies to hand over notification data, and forensic tools can recover deleted notifications from a...
OpenAI Chooses CrowdStrike for Defender‑Focused AI Security
The top AI labs are building for defenders now. Today @OpenAI selected CrowdStrike for their Trusted Access for Cyber program. CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organizations of all sizes to accelerate...
Google Cloud Storage Weaponized for Clandestine Remcos RAT Delivery
Threat actors are weaponizing Google Cloud Storage to host phishing pages that silently deliver the Remcos remote‑access trojan. Emails direct victims to fake Google Drive login screens on the legitimate storage.googleapis.com domain, harvesting credentials and deploying a JavaScript loader. The...
Extensive MuddyWater-Like Attack Campaign Against Middle Eastern Critical Infrastructure Detailed
A threat group mirroring Iran‑backed MuddyWater launched a large‑scale campaign against Middle Eastern critical‑infrastructure entities beginning in February. Exploiting five vulnerabilities—including SmarterMail (CVE‑2025‑52691) and Langflow (CVE‑2025‑34291)—the actors breached more than 12,000 internet‑exposed systems and used brute‑force attacks on Outlook Web...
AISLE’s Open Analyzer — Finding and Fixing Vulnerabilities without Gated Frontier Models
AISLE unveiled Open Analyzer, an open‑source vulnerability scanner that leverages small, free LLMs instead of gated frontier models. The tool aims to provide a reliable source of truth by cutting false positives and negatives that plague traditional scanners. AISLE claims...
What to Do When Your AI Guardrails Fail
Microsoft 365 Copilot inadvertently processed confidential emails in users’ Sent Items and Drafts, bypassing sensitivity labels and Data Loss Prevention policies due to a code bug (CW1226324). The incident exposed a fundamental architectural flaw: all AI governance controls reside within...
Bitunix Gains ISO 27001:2022 Certification, Boosting Crypto Exchange Security
Bitunix, a crypto derivatives platform with over 5 million users, secured ISO/IEC 27001:2022 certification, confirming its formal information‑security management system. The move adds a globally recognized seal of trust to its proof‑of‑reserves model and $30 million USDC care fund, signaling heightened compliance for...
Brockton Hospital Restores Full Services After Week-Long Cyberattack
Signature Healthcare's Brockton hospital announced the restoration of all services following a cyberattack that halted pharmacy fills, chemotherapy, and patient portal access. The recovery, driven by intensive IT and clinical effort, underscores growing cybersecurity risks in the health sector.
Cal.com Closes Core Codebase Over AI Security Fears, Launches MIT‑Licensed Cal.diy
Cal.com announced it is moving its production codebase behind closed doors, warning that AI tools like Anthropic’s Claude Mythos make open code a security liability. The company, which has raised more than $30 million, simultaneously unveiled Cal.diy, an MIT‑licensed, feature‑lite variant...
CISA Flags Windows Task Host Flaw as Actively Exploited, Urges Federal Patch
The Cybersecurity and Infrastructure Security Agency (CISA) placed the Windows Task Host privilege‑escalation bug (CVE‑2025‑60710) on its catalog of actively exploited vulnerabilities and ordered federal agencies to apply the November 2025 Microsoft patch within two weeks. The move highlights a...
Q&A: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith
Sarah Armstrong‑Smith, former Microsoft EMEA security chief, warns that image‑based AI has turned faces, voices and online presence into a new attack surface. The technology enables cheap deepfakes and impersonation, exposing individuals and firms to reputational, emotional and financial harm....
Cinia Taps Nokia for DDoS Protection of Critical Infrastructure
Cinia announced a new managed security service that leverages Nokia’s Deepfield Defender to provide 24/7 DDoS protection for its critical infrastructure networks. The AI‑based solution embeds detection and mitigation directly into the transport layer, giving Finnish customers real‑time threat awareness....
APK Malformation Found in Thousands of Android Malware Samples
Researchers at Cleafy have identified a surge in Android Package (APK) malformation, an evasion technique now present in more than 3,000 malware samples across families such as Teabot, TrickMo, Godfather and SpyNote. By deliberately corrupting APK structures—creating mismatched headers, unsupported...
Two-Factor Authentication Breaks Free From the Desktop
Two-factor authentication (2FA) is expanding beyond traditional IT logins to protect physical assets such as cars, home heating systems, and medical devices. In the automotive sector, firms like Keyfree Technologies are pairing in‑vehicle hardware with mobile apps to require one‑time...
As DPDPA Kicks In, Are Startups Ready For Privacy Compliance Burden?
India’s Digital Personal Data Protection Act (DPDPA) 2023 and the DPDP Rules 2025 set an 18‑month compliance timeline ending May 2027, creating a $1.2 bn compliance‑as‑a‑service market. Startup IDfy, backed by Blume Ventures and others, won a government‑run privacy‑platform competition and is...
Cyber Incidents’ “Long Tail” Impact on Shareholder Value
A new ISS STOXX and ISS‑Corporate study of 176 cyber events in Russell 3000 firms shows that companies hit by significant breaches underperform the market by roughly 5% over a three‑year horizon. The underperformance persists for more than a year, indicating a...
Microsoft's Original Windows Secure Boot Certificate Is Expiring
Microsoft announced that the original UEFI Secure Boot certificates, first deployed in 2011, will expire on June 24, 2024. The company is urging IT leaders to apply the updated 2023 certificates to all Windows PCs built before 2024 to maintain the hardware‑based...
Mythos Poses Risk to SEC Market-Tracking Database, Group Says
Anthropic’s new AI model Mythos could exploit the SEC’s Consolidated Audit Trail (CAT), a database that tracks every trade in U.S. equities. The American Securities Association warned that the model enables mass identity theft, portfolio exposure, and insider‑threat amplification, and...
Your Employees Are Already Vibe Coding. Now What?
The article warns that employees are already using AI‑driven “vibe coding” to create live applications without IT or security oversight. These shadow apps can expose sensitive data because the AI builds exactly what is asked, ignoring access controls, encryption, and...
AI Is a Gold Mine for Spammers and Scammers, but Google Is Using It as a Tool to Fight Back
Google’s latest ads safety report reveals that generative AI, specifically its Gemini system, intercepted over 99% of policy‑violating ads in 2024, blocking more than 8.3 billion ads—including 602 million scam‑related pieces. The AI‑driven approach also cut incorrect advertiser suspensions by 80% and...
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
Cookeville Regional Medical Center disclosed that a July 2025 ransomware attack exposed the personal and medical records of 337,917 patients. The Russian‑linked Rhysida gang claimed responsibility, demanding 10 Bitcoin—about $1.15 million—though it is unclear if the ransom was paid. The hospital began mailing...
What Are Security Experts Saying About OpenAI’s GPT-5.4-Cyber?
OpenAI has launched GPT‑5.4‑Cyber, a defensive‑oriented AI model, and is scaling its Trusted Access for Cyber (TAC) program to thousands of verified individual defenders and hundreds of critical‑infrastructure groups. Unlike Anthropic’s Claude Mythos, which remains limited to a handful of...
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveiled GPT-5.4-Cyber, a defensive‑focused variant of its flagship GPT‑5.4 model, featuring binary reverse‑engineering to analyze compiled code without source access. The launch coincides with the expansion of its Trusted Access for Cyber (TAC) program, now available to thousands of...
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways
Meta released a detailed guide on its post‑quantum cryptography (PQC) migration, outlining a multi‑year rollout of PQ‑enabled TLS across its internal infrastructure. The company introduced a five‑tier PQC Migration Level framework—PQ‑Unaware to PQ‑Enabled—to help organizations assess and prioritize quantum‑risk mitigation....
Intercede Now Supports Idemia PS Devices for Unified FIDO, PKI Credential Management
Intercede has integrated Idemia Public Security’s newest authentication hardware into its MyID CMS 12.18 platform, enabling unified management of both FIDO and PKI credentials. The Idemia devices, built on the COSMO X platform, meet the FIPS 201 PIV standard required for...
Quest Software Launches the Quest Security Management Platform
Quest Software unveiled the Quest Security Management Platform, an AI‑powered suite that consolidates identity threat detection, response, and recovery into a single solution. The platform introduces Quest Identity Defense to block unauthorized changes to Tier 0 assets and Quest Identity Recovery...
Brain Corp Achieves SOC 2 Compliance, Reinforcing Trusted Enterprise-Grade Deployment of AI Systems at Scale
Brain Corp announced that its BrainOS platform has passed a SOC 2 Type II audit, confirming robust data security and operational controls. The company now supports more than 40,000 autonomous mobile robots deployed across six continents in settings such as stores, warehouses...
N-Able CEO On The MSP AI Journey: Efficiency First, Safe Deployment Next, Monetization Last
N‑able CEO John Pagliuca told CRN that managed‑service providers must prioritize efficiency, then safe AI deployment, and only later monetize AI. At the Empower conference the company unveiled a Model Context Protocol (MCP) server that securely connects external LLMs like...
SMBs Know Basics; Prioritize What Truly Matters
For SMBs, cybersecurity is rarely a knowledge problem. Most teams know the basics. The challenge is figuring out what actually matters for their business and doing that well.
Simple Closure Launches Asset Hub to Sell Legacy Data
a company called @simple_closure that helps startups wind down is launching "asset hub", which is a marketplace to sell all the old slack/email data apparently they are working on hardening the PII removal tech for this
New AI TUIs May Expand Attack Surface via React
I know there are some new TUIs coming out for AI development but I’m concerned about increasing the attack surface with web technologies like react. Securing AI is hard enough as it is.
World Cup Partners Neglect Strong DMARC Domain Protection
Some World Cup partners are not actively protecting their domain name with the strongest DMARC policy. https://t.co/Q4k3WpQ9hb
Russia Caps Bandwidth, Forcing VPN Filters or Price Hikes
Russia’s fight against digital privacy escalates as internet providers agree to freeze the expansion of cross-border channels into Europe. By capping international bandwidth, authorities aim to force telecom operators to either filter VPN traffic or hike prices, making it harder...
Mid‑Market Firms Must Close Compliance Gaps Now
Mid-market regulated firms are sitting on a compliance gap. PHI/PII pipelines built for speed, not governance. DLT expectations. Unity Catalog policies. On-call ownership. Most have one layer. Few have all five. Build it right once. Outrun the audit.
Small Businesses Need Post‑quantum Encryption Now
Even if you’re a small business, your data has long-term value. Cybercriminals are hoarding encrypted data, betting quantum computers will crack it. Post-quantum cryptography (PQC) and PQC-ready vendors are the defense today. https://t.co/JCn5eZDeii
AI Revives Early‑2000s 0‑Day Chaos
Has AI brought back the early 2000s? People can find and exploit 0days easily. Hackers angry at Microsoft are dropping 0day. Frosted tips are cool again (ok, that one would mean the apocalypse)