Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Norway’s State Telecoms Firm Accused of Helping Myanmar Regime Seize Activists
A Norwegian state‑owned telecom, Telenor, faces a class‑action lawsuit in Norway alleging it supplied the Myanmar military with personal data on more than 1,200 activists, facilitating arrests and alleged torture. The suit, filed by the Justice and Accountability Initiative and partners, seeks at least €11 million (about $12 million) in damages for the victims. Internal reports show Telenor complied with 96% of 153 data requests, including location metadata, before it withdrew from Myanmar in 2022. A parliamentary inquiry into the government’s oversight of Telenor is expected later this year.
Too Many Tools, Not Enough Outcomes: Redefining MDR with Exposure Management
Rapid7 will speak at the ITWeb Security Summit JHB 2026 about redefining managed detection and response (MDR). The firm argues that the proliferation of point tools has produced fragmented defenses, and advocates an outcomes‑first model that merges detection, continuous threat exposure...
“I’m Just Scared”: Teen Hacker Jailed After Massive U.S. School Data Breach
Teen hacker Matthew Lane, now 20, was sentenced to four years in federal prison for his central role in the PowerSchool data breach, one of the largest attacks on U.S. education. The breach exposed personal information for roughly 60 million students...
HKIRC Recognised As Certification Authority Under Hong Kong Electronic Transactions Ordinance
The Hong Kong government has officially recognized Hong Kong Internet Registration Corporation Limited (HKIRC) as a certification authority under the Electronic Transactions Ordinance. This designation, announced on 16 April 2026, permits HKIRC to issue six types of trusted digital certificates for individuals...
Capsule Security Raises $7m to Secure AI Agents at Runtime
Capsule Security emerged from stealth with a $7 million seed round led by Lama Partners and participation from Forgepoint Capital International. The startup’s runtime‑first platform aims to secure AI agents while they execute tasks, preventing prompt‑injection attacks, data leaks, and unintended...
Shinka Achieves SOC 2 Type II Certification
Shinka, the independent CTV and DOOH mediation platform, announced it has earned SOC 2 Type II certification after completing a Type I audit. The certification validates that Shinka’s security, availability, processing integrity, confidentiality and privacy controls operate effectively over time. The achievement underscores...
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Security researchers disclosed a new prompt‑injection technique called “Comment and Control” that exploits AI‑driven code tools on GitHub. The method tricks Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent by embedding malicious prompts in pull‑request titles, issue...
US Nationals Behind DPRK IT Worker 'Laptop Farm' Sent to Prison
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to 108 months and 92 months respectively for orchestrating a scheme that placed North Korean IT workers in over 100 American companies using stolen identities. Between 2021 and October 2024...
Proactive Steps to Cut Cyber Risk Before Damage
How To Reduce Cyber Risk Before It Becomes Business Impact by @austingadient @Forbes Learn more: https://t.co/3n73qicnmw #CyberSecurity #Infosec #Technology https://t.co/WfQRH57gbm
Use of Agentic AI Erodes GDPR Compliance as We Know It. Wipro's 'Privacy by Design' Comes Into Its Own
The rise of agentic AI—autonomous systems that decompose tasks, retain memory, and act on users’ behalf—exposes gaps in current GDPR compliance frameworks. Traditional governance assumes static tools, not self‑directing agents that make micro‑decisions, store contextual data, and can be hijacked...
Anthropic’s Nuclear Bomb
Anthropic unveiled Claude Mythos Preview, an AI model that can autonomously discover and exploit zero‑day vulnerabilities with a 72.4% success rate. In tests the model cracked a 17‑year‑old FreeBSD remote code execution flaw, granting unauthenticated root access. Access is restricted...
Microsoft: April Windows Server 2025 Update May Fail to Install
Microsoft is investigating a failure of the April 2026 KB5082063 security update on Windows Server 2025, which triggers error code 0x800F0983 and, in some cases, forces servers into BitLocker recovery mode. The issue appears limited to enterprise‑managed configurations and does not affect...
Teenaged Boy Arrested After NI Schools Hacked
A 16‑year‑old was arrested in Portadown after allegedly compromising the C2K platform used by schools across Northern Ireland. The breach, which occurred at the start of the Easter break, locked students out of their accounts and exposed some personal data....
One Year on From the M&S Cyber Attack: What Did We Learn?
One year after the Easter‑week 2025 Marks & Spencer cyber breach, analysts confirm the attack originated from a simple social‑engineering phone call that compromised a third‑party help‑desk and cascaded into ransomware across VMware hosts. The incident sparked a wave of...
Sweden Reports Cyberattack Attempt on Heating Plant Amid Rising Energy Threats
Sweden’s civil defense ministry confirmed that a pro‑Russian group attempted a cyberattack on a western heating plant in 2025, but the intrusion was stopped. The operation is tied to Russian intelligence and mirrors a wave of sabotage that has hit...
Targeted Cyberattack on Northern Ireland Schools Exposes Personal Data
A recent cyberattack on Northern Ireland's Education Authority was confirmed as a targeted breach affecting a small number of schools. Forensic analysis revealed that attackers accessed personal data, though no large‑scale exfiltration has been proven. Police Service of Northern Ireland...
The Data Sovereignty Vise: Two Governments, One Compliance Trap, No Safe Harbor
China’s State Council rolled out two sweeping regulations in April 2024—Decree 834 on industrial and supply‑chain security and Decree 835 on countering foreign extraterritorial jurisdiction—both effective immediately and without a transition period. The rules clash directly with the U.S. Department of Justice’s Data...
How to Implement Passwordless Authentication to Boost User Conversion
Passwordless authentication replaces passwords with device‑bound cryptographic keys, removing a major source of friction in sign‑up and login flows. The 2026 Passwordless Conversion Impact Report shows that faster entry boosts lifetime value, while the IBM Cost of Data Breach Report...
Reddit 2026 Cybersecurity Talk Shifts From Phishing To AI Chaos
From Phishing to AI Chaos: What My Analysis of All Reddit CyberSecurity Discussions So Far in 2026 Revealed https://t.co/LF7w9E3mMR
Democratized Software, Democratized Risk: Who’s Accountable When Everyone Codes?
AI‑driven coding tools are letting non‑technical teams create software without traditional developer resources, accelerating delivery and cutting costs. However, this democratization creates governance gaps that can expose organizations to security, compliance, and accountability risks. The article advises IT leaders to...
Corporate Affairs Commission Hit by Cyberattack in Nigeria
Nigeria’s Corporate Affairs Commission confirmed a cyber‑attack that compromised its company‑registration platform, prompting an urgent investigation with the National Information Technology Development Agency. The breach threatens sensitive business data, could delay filings and erode confidence in government digital services. At...
Shadow AI and the New Visibility Gap in Software Development
Generative AI is now a core part of software development, but shadow AI—unapproved AI tools used by developers—is already mainstream, with 50% of workers globally and over 70% of UK employees relying on them. This creates a "lethal trifecta" of...
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems
Researchers at Cyble have identified a surge in Android malware campaigns leveraging a new modular framework called MiningDropper. The platform repurposes the open‑source Lumolight app as a trojanized entry point and uses layered XOR and AES encryption to deliver multi‑stage...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Researchers at Acronis have identified a low‑dollar, high‑volume ransomware operation that has been active in Turkey since at least 2020. The attackers deploy a customized Adwind RAT to deliver the JanaWare ransomware, demanding between $200 and $400 per victim. The...
Super Funds Seek to Coordinate Sector's Cyber Threat Response
The Association of Superannuation Funds of Australia (ASFA) has applied to the Australian Competition and Consumer Commission for a five‑year licence to operate the Superannuation Cyber and Financial Crime Exchange (SuperFCX), a dedicated threat‑intelligence sharing platform for the sector. The...
Who Is Winning the Scam Game?
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis dissect two major scam narratives: an international gold‑scam ring that lured U.S. victims into buying $800,000 worth of physical gold, culminating in the arrest of a...
Europe Launches First Kill‑switch‑proof Cloud Recovery Stack
Europe builds its first “kill-switch proof” cloud recovery stack https://t.co/QMZVcROJjW >> Congrats. Interesting pan EU collaboration - BUL / D / I and LUX. Good to see. Bow let's look for adoption.
.png)
ITnews to Bring Security Leaders Together for State of Security Breakfast Roadshow
iTnews is launching its inaugural State of Security Breakfast Roadshow in Brisbane on June 18, gathering more than 50 senior IT and security executives to discuss findings from its State of Security report released April 30. The breakfast will focus on three...
Web Supply Chain Risk in ANZ: Why the Browser Is the New Front Line
Reflectiz warns that modern web applications increasingly rely on third‑ and fourth‑party scripts that execute in users' browsers, creating a hidden supply‑chain risk that traditional security tools cannot see. Research of 4,700 ANZ sites shows 64% of these scripts handle...
Timely Takes Podcast: J.T. Ho’s Latest “Fast Five”
Cleary Gottlieb’s J.T. Ho hosts the latest Timely Takes podcast, delivering a monthly briefing on securities and governance trends. The episode covers five hot topics: prediction‑market considerations for public companies, board‑level cybersecurity guidance amid cyber‑warfare, the 2026 CISO AI Risk...
Cyberwar’s New Frontier
The article warns that autonomous cyber‑agents are moving from theory to operational reality, capable of launching attacks in minutes and persisting undetected across critical sectors. It highlights the U.S. 2026 Cyber Strategy’s embrace of such agents while noting severe staffing...
RedSun: System User Access on Win 11/10 and Server with the April 2026 Update
RedSun is a newly disclosed vulnerability affecting Windows 10, Windows 11 and Windows Server with the April 2026 Update. The flaw exploits Windows Defender’s cloud‑tag handling, causing the antivirus to rewrite a malicious file back to its original location. By overwriting trusted system...
FSF Trying to Contact Google About Spammer Sending 10k+ Mails From Gmail Account
Thom Zane, an administrator of the daedal.io Mastodon instance, posted on the fediverse asking for a direct email address to reach a human on Google’s Gmail team. He wants to report a spammer who allegedly sent more than 10,000 Gmail...
AI Threats Push Businesses to Rethink Cybersecurity Strategies: Kaspersky
AI is reshaping cyber threats, enabling both seasoned hackers and novices to launch sophisticated attacks with generative tools. Kaspersky warns that 72% of firms are deeply concerned as AI‑driven phishing, deepfakes, and automated malware surge. A deepfake video call cost...
AI Tool Adoption Leaves Companies With Zero Code Controls
In all seriousness though, companies that are investing in these tools have zero control over code quality, how to protect from prompt injection, what gets shoved and executed into the developers environment, what gets shoved into production. Zero. Controls. Death of...
Taking Operational Risk to Resilience with Emerging AI Systems: Gartner
Gartner warns that generative AI (GenAI) and agentic AI are exposing enterprises to rising security incidents. It predicts 25% of GenAI applications will suffer at least five minor incidents annually by 2028, and 15% will encounter a major breach by...
Ivanti Unveils AI‑Driven Neurons Platform to Automate IT and Security Ops
Ivanti announced the launch of its AI‑driven Neurons platform, a suite of autonomous IT and security capabilities that deflect tickets, cut manual effort and enforce compliance. The move targets growing pressure on DevOps teams to scale operations without sacrificing governance.
Commvault Launches ‘Ctrl‑Z’ AI Protect to Undo Cloud AI Actions
Commvault rolled out Ctrl‑Z, an AI Protect feature that can roll back actions taken by autonomous agents across major cloud platforms. The tool aims to restore data, configurations and applications after unintended AI‑driven changes, tackling emerging governance challenges in cloud‑based...
National Cyber Director Signals Wave of New Cybersecurity Executive Orders
At the Semafor World Economy forum, National Cyber Director Sean Cairncross warned that President Trump will sign more cybersecurity‑focused executive orders soon, following the rollout of the administration’s new national cyber strategy. The signal hints at tighter regulation for businesses...
SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns;
In this 7‑minute Stormcast episode, Johannes Ulrich warns that attackers are increasingly scanning web servers for AI‑related configuration files such as .env files containing OpenAI, Claude, or OpenClaw credentials, emphasizing the need for proper secret management and billing alerts. He...
Unity AI Gateway Simplifies Secure Agent Integration
Securing agents is one of the main bottlenecks to adoption. With Unity AI Gateway, we're making it easy to secure your agents, tools and data they access in one place. It's super easy to plug into existing agents as just...
Spatiotemporal Light Pulses Could Secure Optical Communication by Masking Data
Ben‑Gurion University researchers have devised a secure optical‑communication scheme that embeds data within spatiotemporal optical vortices—light pulses whose structure conceals information from conventional detectors. The approach pairs these shaped pulses with a pre‑shared key and decoy‑signal algorithm, allowing only a...
IBM Rolls Out AI‑Driven Cybersecurity Assessment to Counter Agentic Attacks
IBM announced a new cybersecurity assessment and the IBM Autonomous Security service aimed at protecting enterprises from AI‑driven, agentic attacks. The offering promises machine‑speed detection, coordinated response and guidance on AI‑specific vulnerabilities.
Adapting in the Era of AI
Fastly announced ContentGuard, a new feature inside its Bot Management suite that gives customers granular control over who accesses cached content. The company’s security research shows 47% of requests to cached assets are from unverified or malicious bots, while only...
Coremail Showcases at GITEX Asia 2026: Advancing Enterprise Communication with AI-Native Secure Email
Coremail unveiled its AI‑Native Secure Email System and CACTER AI‑Native Secure Email Gateway at GITEX Asia 2026 in Singapore. The solutions combine large language models with autonomous agents to transform email from a static messaging tool into a task‑execution hub....
Anonymizing Network Traffic: A Dive Into SOCKS5 and Data Encryption
SOCKS5 proxies have become a core tool for businesses that need to hide IP addresses while handling any traffic type, from HTTP to UDP. Unlike HTTP proxies, SOCKS5 does not inspect data, allowing seamless use for streaming, automated data collection,...
Smashing Security Podcast #463: This AI Company Leaked Its Own Code. It’s Also Built Something Terrifying
In the Smashing Security #463 episode, host Graham Cluley and guest Tanya Janca discuss Anthropic’s accidental leak of the Claude Code CLI source via a mis‑published source‑map and the company’s new AI model, Mythos, which can autonomously discover and chain...
Over 25K Systems Exposed by Adware App to Supply Chain Compromise
Dragon Boss Solutions’ ad‑ware platform inadvertently exposed more than 25,000 systems after an insecure software‑update channel was discovered. Threat actors could purchase a signed payload for about $10 and push malicious code with SYSTEM privileges. Huntress identified communications from 23,565 IP addresses,...
To Fight Ransomware, Turn to Incident Response Professionals
The UK Home Office is consulting on a ban on ransomware payments for public‑sector bodies and critical national infrastructure, alongside a broader payment‑prevention regime and mandatory incident‑reporting. Critics argue the proposal could leave under‑resourced firms tangled in legal hoops while...