Cybersecurity

Anthropic eases threat-sharing rules as Cloudflare details frontier AI cyber gains

CISA contractor exposed sensitive gov't creds in public GitHub repo, Buterin says AI-assisted formal verification can secure blockchain systems, NY public health provider says breach affects 1.8m, FBI wants access to ALPRs nationwide, Interpol busts 200+ people for cybercrime in MENA, much more

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

Upgrade my subscription now

In a candid technical assessment, Cloudflare described its experience testing Mythos under Anthropic’s restricted “Project Glasswing” evaluation program, concluding that the model demonstrates a significant jump in autonomous cyber capability, particularly in vulnerability discovery, exploit-chain analysis, and multi-step attack reasoning.

Rather than merely assisting human researchers with coding tasks, Cloudflare argued, the system increasingly behaves like a highly capable security researcher able to independently identify weaknesses, reason through exploitation paths, and adapt its approach when initial attempts fail.

Cloudflare said, "We've been running models against our code for a while now, and the jump from what was possible with previous general-purpose frontier models to what Mythos Preview does today is not just a refinement of what came before.

It's a different kind of tool doing a different kind of work, and that makes a clean apples-to-apples comparison to earlier models difficult," with two features, Exploit Chain Construction and Proof Generation, particularly standing out.

Other frontier models fell short at the point of stitching the pieces together, Cloudflare said.

At this point, Cloudlfare says it needs a "harness" that manages the overall execution of frontier models that tells it to narrow the scope to produce better findings, an adversarial review to reduce the noise, splitting the chain across agents to produce better reasoning, and parallel tasks to beat one exhaustive agent.

Separately, Anthropic recently began letting users of Mythos share cybersecurity threats with others who may face similar vulnerabilities, modifying its previous stance amid concerns that limiting access to the information could hurt smaller companies.

The new policy highlights the challenges facing AI companies that are restricting access to their best models.

Anthropic has allowed roughly 50 large companies and organizations managing critical digital infrastructure to access Mythos, which is capable of finding software vulnerabilities much more efficiently than humans, in a program called Project Glasswing. The goal is to let those companies and the government address cyber threats before expanding access and potentially releasing more capable models.

The Mythos users initially signed confidentiality agreements to make sure their cyber risk information wasn’t shared, a company spokeswoman said. Last week, Anthropic began telling the companies they could share information about cyber threats and Mythos findings with other entities as long as it was done responsibly, she said.

“Confidentiality protections were something partners asked for at the outset and were built into agreements partners signed. As the program has matured, we’ve adapted them to ensure key information can be shared broadly—including outside the program—for maximum defensive impact,” the spokeswoman said.

In one sign of the backlash facing the company, a top Democratic congressman said in a Monday letter to Anthropic Chief Executive Dario Amodei that the company should let Mythos users notify peers in their industries that may face similar challenges, according to a copy viewed by The Wall Street Journal.

“No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks,” Rep. Josh Gottheimer (D., N.J.) wrote in the letter. He co-chairs a House Democratic commission on AI and typically backs policies that have the support of many industry executives. (Cloudflare and Amrith Ramkumar / Wall Street Journal)

Example of Mythos Preview pushing back on building a working proof of concept. Source: Cloudflare.

GitGuardian researcher Guillaume Valadon discovered that a contractor working for the US Cybersecurity and Infrastructure Security Agency (CISA) accidentally exposed highly sensitive government credentials in a public GitHub repository.

The repository reportedly contained administrative keys for multiple AWS GovCloud environments along with plaintext usernames and passwords tied to numerous internal CISA systems.

Valadon said the repository, called “Private-CISA,” contained a staggering range of sensitive assets, including cloud keys, access tokens, logs, and deployment information showing how CISA internally builds and deploys software. He described it as one of the worst leaks he had seen professionally.

Particularly alarming, according to the report, was evidence that the administrator managing the repository had disabled GitHub’s built-in secret-detection protections — safeguards designed to stop users from publicly uploading credentials and SSH keys.

Researchers also found CSV files containing plaintext passwords for dozens of internal systems, including what appeared to be CISA’s “Landing Zone DevSecOps” environment used for secure software development. (Brian Krebs / Krebs on Security)

Ethereum co-founder Vitalik Buterin said that mathematically verified software is becoming essential to protecting Ethereum and the broader cryptocurrency industry from AI-assisted cyberattacks and software vulnerabilities.

In a blog post published on Monday, Buterin argued that AI-assisted “formal verification” could help secure blockchain networks, smart contracts, and cryptographic systems against software flaws that can expose users to irreversible financial losses.

“If done right, this has potential to both output extremely efficient code, and be far more secure than the way programming has been done before,” Buterin wrote, noting that developer Yoichi Hirai refers to it as the “final form of software development.”

Formal verification is a way of mathematically testing whether software behaves correctly, with the approach dating back to foundational work in the 1950s and 1960s. According to Buterin, recent advances in AI are making the technique more practical for software engineering and security research. (Jason Nelson / Decrypt)

New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprint scans affects at least 1.8 million people.

NYCHHC is the largest public health system in the United States and provides healthcare to over a million New Yorkers, the majority of whom are uninsured or receive state healthcare benefits, such as Medicaid.

The healthcare system reported the number to the US Department of Health and Human Services, making it one of the largest healthcare-related data breaches of the year so far. Financially motivated cybercriminals have repeatedly targeted healthcare organizations in recent years in efforts to steal their vast banks of highly sensitive patients’ personal, medical, and billing information.

In a data breach notice on its website, NYCHHC said that it detected a cyberattack on February 2 and secured its network. The hackers had access to its network from November 2025 until February 2026, during which the hackers copied files from its systems.

The incident appears to be unrelated to the data breach at the National Association on Drug Abuse Problems (NADAP) earlier this year, in which over 5,000 NYCHHC patients had information taken in the cyberattack. (Zack Whittaker / TechCrunch)

The FBI wants to buy access to automated license plate readers (ALPRs) nationwide, which would likely allow the agency to track the movements of vehicles—and by extension people—across the country without a warrant, according to FBI procurement records reviewed by 404 Media.

“The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States. This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement,” a statement of work, which describes what data the FBI is seeking access to, reads.

The FBI says it is looking for a vendor that will let it log into a Software-as-a-Service system and then query the collected ALPR data with license plate information, a description of the vehicle, a time or date, and geolocation information.

The FBI says it is looking for ALPR coverage in the following areas: Eastern 48 (East of the Mississippi River); Western 48 (West of the Mississippi River); Hawaii; Puerto Rico; Alaska; and outlying areas such as Guam, the US Virgin Islands, or Tribal Territories. In effect, the FBI is looking for ALPR data nationwide and even beyond. An attached price template indicates the FBI is willing to pay $6 million for each of those broad areas, bringing the total to $36 million. (Joseph Cox / 404 Media)

More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa.

Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the UAE).

In addition to the arrests, authorities seized 53 servers used for phishing, malware, and online fraud that affected at least 3,867 confirmed victims, as determined from nearly 8,000 intelligence packages retrieved from the equipment.

“The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” according to Interpol.

INTERPOL collaborated with several private cybersecurity firms during the operation to track the malicious infrastructure, including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI. (Bill Toulas / Bleeping Computer)

Seized devices in Jordan. Source: Interpol.

Staff at Ireland's tax authority, Revenue, were warned under no circumstances to use their work password anywhere else after 137 employees were caught up in a data breach involving a supplier.

The names, email addresses, job titles, phone numbers, and office addresses of the Revenue workers were reported to be at risk of exposure during a ransomware attack on the technology company Pitney Bowes.

An internal Revenue email stated negotiations undertaken in an attempt to contain the breach “did not go well” and that some records had already been published online.

It said Pitney Bowes was a supplier of franking machines for the Revenue Commissioners. In the email to all staff in late April, Revenue’s security team said home addresses were unlikely to have been compromised unless people had one of the machines at their home.

The message read: “I would assume that they only have Revenue-related information and not anything related to your personal life.”

It said affected employees could see an increase in the number of scam emails and phone calls in the future. (Ken Foxe / Irish Times)

Related: RTE

According to information released by the Austrian police, more than 500 attempted cyberattacks targeting Eurovision Song Contest 2026 events and live broadcasts were recorded by Austrian security authorities during the past week.

The attacks primarily involved digital threats against the systems supporting the contest, highlighting the high level of vigilance required to protect one of Europe’s largest televised events.

At the same time, authorities filed a total of 74 criminal charges. Of these, 57 concerned administrative law violations, while the remaining cases were related to criminal offenses. (Ανδρέας Κορυπάς / Eurovision Fun)

Related: DPA, The Cyber Express, Inbox.eu, The Star

Microsoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems.

The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can become gateways to an organization’s entire cloud ecosystem.

According to Microsoft, the attack unfolded in two primary stages: an initial identity compromise phase followed by a broader cloud infrastructure takeover.

Rather than deploying traditional malware or relying on conventional on-premises attack methods, the attackers abused legitimate cloud administration tools and Azure management features to blend into normal activity while gaining access to high-value systems. (Ashish Khaitan / The Cyber Express)

Storm-2949 attack diagram. Source: Microsoft.

Echo Protocol suffered a major security breach after an attacker minted approximately 1,000 unauthorized eBTC tokens on the protocol, which operates on the Monad blockchain, resulting in roughly $76.7 million worth of synthetic Bitcoin being created without authorization.

Because of this, it is one of the latest large-scale attacks to hit the decentralized finance sector during an already difficult month for crypto security.

Blockchain security firms PeckShield and Lookonchain both reported the incident on Tuesday, while Echo Protocol later confirmed that it was investigating a security issue affecting its bridge infrastructure. The protocol also announced that all cross-chain transactions were suspended while the investigation continued.

The attacker quickly began moving portions of the stolen assets through decentralized finance platforms in an attempt to launder the funds. According to PeckShield, the hacker deposited 45 eBTC, valued at around $3.45 million, into Curvance, a DeFi lending and liquidity management platform. The attacker then borrowed approximately 11.3 wrapped Bitcoin worth about $868,000 against the collateral before bridging the assets to Ethereum. (Danielle du Toit / Coinpaper)

SentinelOne researchers report that a new variant of the ‘SHub’ macOS infostealer, Reaper, uses AppleScript to show a fake security update message and installs a backdoor.

Reaper steals sensitive browser data, collects documents and files that may contain financial details, and hijacks crypto wallet apps.

Unlike earlier SHub campaigns that relied on “ClickFix” tactics, tricking users into pasting and executing commands in Terminal, the Reaper relies on the applescript:// URL scheme to launch the macOS Script Editor preloaded with a malicious AppleScript.

This approach bypasses the Terminal-based mitigations Apple introduced in late March with macOS Tahoe 26.4, which blocked pasting and executing potentially harmful commands.

Users were lured with a fake installer for WeChat and Miro applications hosted on domains made to appear legitimate to less experienced users (e.g., qq-0732gwh22[.]com, mlcrosoft[.]co[.]com, mlroweb[.]com). (Bill Toulas / Bleeping Computer)

HTML source code showing the construction of the malicious AppleScript. Source: SentinelOne.

YouTuber Eric Parker discovered that the indie game "Beyond the Dark," which was being distributed for free on the global PC game platform Steam, plants malware on users' computers.

According to Parker, the game evaded security detection by hiding malware within DLL files loaded upon execution. This malware attempts to steal users' cryptocurrency wallets and Roblox account information and performs the function of downloading and installing additional malware through a backdoor.

Parker urged users not to download the game under any circumstances and not to click on any play links shared with them. (Yoon Hong-man / Inven)

Related: PC Games, PC Guide

According to cybersecurity company Bridewell, cyber attackers are increasingly bypassing traditional security tools altogether, using ‘fix-style’ attacks, including ClickFix, FileFix, and ConsentFix, to trick users into compromising their own organizations.

The report highlights how attackers are refining, rather than reinventing, their methods. For example, core tooling such as command-and-control (C2) frameworks and offensive security tools continues to dominate, while adversary infrastructure is becoming more agile and distributed. Rather than being eliminated by law enforcement, cyber threats are increasingly resilient. Disruption of one tool or malware family is often followed by rapid ‘rotation’ into others, allowing attackers to sustain operations with minimal downtime.

Looking ahead, Bridewell warns that organizations face an increasingly adaptive threat landscape shaped by identity abuse, infrastructure agility, and AI-enabled attacks. Key risks this year include increased exploitation of edge devices and identity infrastructure, continued growth in supply chain compromise, and ongoing convergence between cybercrime and nation-state operations. (Ian Barker / Beta News)

Related: Bridewell, Infosecurity Magazine

Researcher Moshe Siman Tov Bustan of Ox Security reports that a Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open-sourced the worm and announced a supply-chain attack competition on BreachForums.

The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai-Hulud, which TeamPCP published last week on GitHub after poisoning more than 170 npm packages with the credential-stealing malware as part of the ongoing supply chain attacks targeting open source dev tools.

Plus, the same individual who uploaded the worm to chalk-template also published three other malicious npm packages - @deadcode09284814/axios-util, axios-utils, and color-style-utils - containing infostealer code.

Ox researchers said that the npm user behind all four new stealer infections ran the supply-chain campaign from a home computer or local server farm. "The use of lhr.life is a clear indicator of a reverse proxy used to expose an internal network to the internet," they wrote in an email, adding that the miscreant(s) seem to be financially motivated as the code targets victims' cryptocurrency wallets and accounts.

Moreover, the DDoS botnet component "could indicate affiliation with anarchy groups looking to take down infrastructure and services, or intent to sell it as DDoS-as-a-service," they added. (Jessica Lyons / The Register)

7-Eleven, the world’s largest convenience store chain, has confirmed suffering a data breach after the notorious ShinyHunters hacker group claimed to have stolen information from its systems.

The company has started sending out security incident notices revealing that an intrusion into 7-Eleven systems used to store franchisee documents was detected on April 8.

According to a notification submitted to the Maine Attorney General’s Office, unspecified personal information has been compromised.

The exposed information was provided to the company during franchise applications.

ShinyHunters listed 7-Eleven on its leak website on April 17, claiming to have stolen more than 600,000 Salesforce records, including personal information and corporate data.

The cybercriminals threatened to leak the data unless a ransom was paid by April 21. They later offered to sell the stolen data for $250,000 on a popular hacker forum. (Eduard Kovacs / Security Week)

South Korea's Financial Supervisory Service and the Korea Financial Security Institute said they will significantly expand a nationwide cybersecurity rewards program this year, as authorities seek to strengthen defenses against increasingly sophisticated digital threats targeting the country’s financial system.

The two organizations will jointly operate the 2026 financial-sector “bug bounty” program, which rewards outside security researchers and ethical hackers for identifying previously undiscovered vulnerabilities in digital financial services.

Under the program, participants can search for security flaws in websites, mobile applications, and home trading systems operated by financial firms and receive rewards of up to 10 million won, or roughly $7,400, per verified case. (The Korea Bizwire)

Related: bloomingbit, Maeil Business

Best Thing of the Day: Bug Bounty Hunters Can Benefit From Frontier Models

Bug bounty hunters are leveraging frontier AI models in hopes of beating them at their own game.

Bonus Best Thing of the Day: Immigrant Ingenuity Takes on Canvas

Sanithu Hulathduwage, a 20-year-old computer science senior originally from Sri Lanka, is developing software he believes could eventually replace Canvas and other traditional learning management systems with a better approach to handling student data.

Worst Thing of the Day: Protecting the Absurdly Rich From the Consequences of Their Windfalls

Crypto conferences are hardening their security after a year of kidnappings, assaults, and armed home invasions targeting cryptocurrency holders, with the highest-profile speakers at the recent Bitcoin 2026 conference moving through the venue trailed by personal bodyguards.