Apr 30, 2026

Email Summaries:

Subject: Risky Bulletin: UK NCSC blasts SOC metrics

Summary: The UK National Cyber Security Centre (NCSC) warns that relying on poor SOC (Security Operations Center) metrics harms security effectiveness. Metrics such as number of tickets processed, time taken to close tickets, number of detection rules written, and volume of logs collected incentivize rushed, careless work and false positives. Instead, metrics like time-to-detect and time-to-respond are recommended to promote thorough investigations. The NCSC advises SOC teams to use hypothesis-led threat hunting and to study attacker techniques rather than focusing on inefficient metrics. Other news includes breaches at Vimeo, arrests of hackers including Scattered Spider in Finland, and regulatory actions such as Greece wanting to ban online anonymity.

Subject: Scattered Spider’s ‘Bouquet’ nabbed after globe-trotting luxury hacker sprees

Summary: Peter Stokes, aged 19 and known by alias “Bouquet,” was arrested in Finland and charged with wire fraud, conspiracy, and computer intrusion as a member of the Scattered Spider hacker group responsible for multi-million-dollar hacks. Authorities are seeking extradition to Chicago. Stokes was noted for a lavish lifestyle despite his age. The newsletter also covers the US White House working to re-engage Anthropic’s AI models for government use, reporting on a spyware scandal involving Israeli company Paragon in Italy, denial of a breach by prediction market Polymarket, data breach at Vimeo through third-party Anodot, and plans to ban crypto ATMs in Canada due to fraud concerns. Other topics: new AI security standards groups, ransomware updates, Congressional committee staffing changes, privacy vulnerability fixes, and Europol ransomware threat reports.

Subject: Webinar: Securing Identity Across AI, Humans and Machines

Summary: Invitation to a live webinar on May 7th discussing identity security challenges and solutions across humans, AI systems, and machine identities. Topics include the complexity and risk from rapid identity growth, security gaps caused by fragmented identity management, and identity risks linked to AI adoption. Additional upcoming webinars on threat detection and CISO forum also highlighted.

Subject: OpenAI and Anthropic brief Congress on cyber-capable AI models | The CyberWire

Summary: OpenAI and Anthropic met with the US House Homeland Security Committee staff to discuss cybersecurity implications of AI models Mythos Preview and GPT-5.4-Cyber. Both restrict releases of these models to prevent misuse. The White House is preparing guidance to enable federal use of Anthropic’s AI models despite supply chain risk designations. Additional stories include ransomware gangs leaking each other’s data, Silverfort’s acquisition of Fabrix Security to enhance AI-driven identity security, and updates on cybersecurity trends, vulnerabilities, and litigation.

Subject: Millions of GitHub Repositories Exposed

Summary: SecurityWeek reports on multiple cybersecurity news, focusing on a critical GitHub vulnerability exposing millions of repositories and data stolen from Checkmarx in a supply chain attack connected to ransomware group partnerships. Additional topics include exploitation of LiteLLM vulnerability, exposure of VNC servers for ICS/OT, Iranian cyber group attacks on US troops, browser security updates, medical software vulnerabilities, cyber insurance trends, and upcoming cybersecurity webinars. Industry expert insights highlight the need to defend enterprises against AI-powered autonomous threats.

Stay Well!