Apr 23, 2026

1. Email 1: Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals and critical infrastructures
2. Cynthia Kaiser, former FBI Cyber Deputy Director, suggests Congress investigate designating ransomware groups targeting hospitals and critical infrastructure as terrorist organizations.
3. This designation would enable prosecutors to use a broader range of legal tools.
4. Kaiser also urges considering homicide charges if ransomware attacks lead to death, citing a 2023 study that showed 20% increased mortality in hospitals during/after ransomware attacks.
5. The US Justice Department elevated ransomware investigations to terrorism priority in 2021, leading to crackdowns, but attacks persist.

6. Other notes: Vercel breach traced to Context.ai employee compromise; France’s ID agency (ANTS) breached; Mastodon DDoS attacks; Firefox 150 release includes new translation app.

7. Email 2: Mythos model slips into the wild through vendor backdoors

8. Unauthorized users gained access to Anthropic’s Mythos AI model on the day it was announced for limited release.
9. Intrusion occurred via tactics including use of a third-party contractor’s access and tools used by cybersecurity researchers.
10. The Mythos model is highly capable, identifying 271 vulnerabilities and potentially enabling sophisticated cyberattacks.
11. Regulators in Australia, New Zealand, and Japan are monitoring Mythos’s cybersecurity implications closely, engaging with financial institutions and government agencies.
12. UK’s NCSC chief warns the UK could face large-scale hacktivist attacks similar to ransomware incidents if involved in conflict, with no ransom options available.

13. Other news: group behind Sandy Hook “Say Something” reporting system hack offers stolen data for sale; insurers are capping payouts related to AI cyber losses; Coinbase warns proof-of-stake blockchains face quantum computing risks; Meta installs tracking software on US employees for AI training.

14. Email 3: Webinar invitation – Step-By-Step Approach to AI Governance

15. Upcoming live webinar on April 28th at 1PM ET focused on managing risks of “Shadow AI” — unsanctioned AI tool use in organizations.
16. Topics include identifying entry points of Shadow AI, establishing approval workflows, navigating governance for LLMs to autonomous agents, and aligning IT, legal, and business through cross-functional AI councils.

17. Additional webinars on CPS security ROI and threat detection scheduled in May and June 2026.

18. Email 4: Unauthorized users gain access to Anthropic’s Mythos model – CyberWire briefing

19. Bloomberg reports unauthorized users accessed Anthropic’s Mythos AI model shortly after its announcement and release to limited partners.
20. Access was obtained partly via third-party contractor credentials and open-source intelligence gathering in private Discord channels.
21. Anthropic investigating the incident.
22. Mustang Panda (Chinese APT) deploying LOTUSLITE backdoor variants targeting India’s financial sector.
23. Israeli AI-native detection and response provider Artemis emerges from stealth mode with $70 million funding.

24. Other selected stories include new wiper malware targeting Venezuela’s energy sector and ongoing exploits in Microsoft SharePoint servers.

25. Email 5: Claude Mythos Finds 271 Firefox Vulnerabilities

26. Firefox 150 release integrates protections for 271 vulnerabilities identified with help from Anthropic’s Mythos AI model.
27. The model dramatically accelerates vulnerability identification, as confirmed by Firefox CTO Bobby Holley.
28. Other topics covered include newly patched critical vulnerabilities by Oracle, ongoing supply chain attacks challenging SBOM effectiveness, DDoS attacks on Mastodon and Bluesky platforms, and recent reports of serious cyberattacks on the UK linked to Russia, Iran, and China.
29. Additional security insights and current challenges with AI-related cybersecurity risks, including malicious crypto apps, exposed Perforce servers leaking sensitive data, and new Microsoft patches addressing zero-day privilege escalation.

Stay Well!