Apr 03, 2026

Subject: Srsly Risky Biz: America’s Next Top (Cyber) Models

Sender: risky-biz@ghost.ioD

Summary:

– AI models, especially Anthropic’s Opus 4.6 and Claude Code, have shown remarkable ability to find and exploit software vulnerabilities, including zero-days, in complex, well-audited software.

– Opus 4.6 found over 500 high-severity vulnerabilities in open-source code, some decades old, reasoning like a human security researcher by learning from past bug fixes and spotting risky patterns.

– Hans Nguyen and Anthropic researcher Nicholas Carlini demonstrated Claude Code discovering and exploiting a blind SQL injection in the Ghost publishing platform and a Linux kernel heap overflow, among others.

– While consumer versions of these models have safeguards preventing exploit writing, cyber organizations like NSA, Cyber Command, and Five Eyes require access to stripped versions for offensive and defensive cyber operations.

– The US government’s feud with Anthropic may be counterproductive as the administration seeks aggressive cyber capabilities; a portfolio approach to AI models from multiple companies is advised.

– Ukraine’s restriction on Starlink terminals is hampering Russian forces; Russia adapts by increasing use of Ubiquiti’s wireless bridges for military communications despite US export bans and alleged sanctions evasion.

– Notable positive developments: Apple’s Lockdown Mode shown effective; Armenian developer Hambardzum Minasyan faces court over RedLine infostealer; NSA director emphasizes improved intelligence sharing with allies.

Subject: Iran’s Handela group claims control of the IT infrastructure in St. Joseph County, Indiana

Sender: info@metacurity.comD

Summary:

– Iranian state-backed group Handela Hack claims full control over St. Joseph County, Indiana’s centralized IT infrastructure; local officials confirmed a breach of a third-party fax system but no sensitive data compromised so far.

– Hasbro acknowledges cyberattack detected March 28, resulting in system shutdowns and ongoing remediation over weeks. Cybersecurity firms involved. Site maintenance messages reported.

– Meta took actions against the Italian company ASIGINT for distributing fake WhatsApp apps with spyware, warning users who downloaded unofficial iOS versions.

– Microsoft researchers describe sophisticated multi-stage attacks via WhatsApp, sending malicious VBScript files masquerading as messages from known contacts, leading to remote control and data access.

– Solana-based DeFi platform Drift suffered a $250M active attack causing suspended withdrawals and significant token price drop.

– Anthropic rushed takedown of leaked Claude Code source from GitHub, removing over 8,000 copies by mistake, clarifying the leak exposed proprietary AI agent harness code, not model weights or customer data.

– FBI declared recent China-linked intrusion into sensitive surveillance systems a “major incident” with broad national security implications.

– US ICE bought Israeli spyware, raising concerns over possible abuses; stop-work orders issued and lifted by successive administrations.

– Multiple US towns hit by ransomware attacks affecting regional emergency communications systems.

– Okla. Tax Commission confirms data exposure affecting Social Security numbers via their online portal.

– Kaspersky found new malware-as-service CrystalRAT promoted on Telegram with advanced spying and prankware features targeting low-skilled hackers.

– McAfee uncovered Android malware NoVoice on Google Play in over 50 apps with 2.3M+ downloads, attempting root exploits on devices.

– Check Point reports zero-day exploit CVE-2026-3502 targeting TrueConf servers used by governments and enterprises in Southeast Asia.

– New phishing toolkit EvilTokens targets Microsoft accounts using OAuth-based device code attacks, sold on Telegram.

– Arrests made for ATM jackpotting operation in Texas.

– Thailand facing cyberattack volumes 164% higher than global average, with escalating ransomware incidents.

– European Commission orders senior officials to abandon Signal group chat amid espionage fears.

– Russia intensifies crackdown on VPN usage to enforce internet censorship.

– Cybersecurity startups Variance and Linx Security secure tens of millions in funding for AI-based compliance and identity security solutions.

– Best news includes Amazon realizing 40% pentesting efficiency gains from AI. Concerns about OpenAI secretly funding AI age verification groups.

– Fake news incident about tortoise Jonathan’s death highlighted risks of social media misinformation.

Subject: Webinar: Let AI agents run without running wilds

Sender: news@securityweek.comD

Summary:

– Upcoming SecurityWeek webinar on April 14 about managing security risks from AI agents and non-human identities; growing concerns on blind spots, credential sprawl, and auditability.

– Webinar will cover discovery, securing, and auditing of non-human access, with focus on endpoint security.

– Related resources include blog posts on AI agent scams, malware risks like OpenClaw, and customer success stories from Canva.

– Webinar targets security professionals managing risk from expanding AI adoption in workplaces.

Subject: WhatsApp warns Italian users of spyware campaign | The CyberWire 4.2.26s

Sender: editor@newsletter.n2k.comD

Summary:

– WhatsApp alerted about 200 users (mostly in Italy) who downloaded a malicious unofficial iOS WhatsApp client containing spyware. Users were logged out and urged to uninstall the fake app.

– Spyware app allegedly developed by Italian surveillance firm SIO and its subsidiary ASGINT, implicated in spyware sales to governments.

– BlackFog reports new malware-as-a-service “Venom Stealer” platform automating ClickFix social engineering attacks, capturing browser credentials, cookies, autofill, and crypto wallets on Windows and macOS.

– North Dakota Minot water treatment plant suffered a ransomware attack on March 14; manual operation maintained safety with no service disruptions; no ransom demands received.

– Selected news includes Cisco patches, public safety system cyberattacks in Massachusetts, and new sandbox security products.

Subject: Critical Bug in Claude Code Emerges Days After Source Leaks

Sender: news@securityweek.comD

Summary:

– A critical vulnerability discovered in Anthropic’s Claude Code AI agent platform shortly after the accidental leak of its source code.

– Apple expanding deployment of DarkSword exploit protection across more devices to bolster security against advanced threats.

– New sophisticated malware CrystalX RAT emerging with advanced remote access and data stealing features.

– LiteLLM supply chain attack impacts Mercor.

– Cisco released patches for multiple critical and high-severity vulnerabilities.

– Data breach affects 250,000 patients at Nacogdoches Memorial Hospital.

– AI-driven compliance platform Variance raised $21.5 million; Linx Security secured $50 million for identity security.

– Industry trends include security incidents at Hasbro and ongoing expansions for ICS cybersecurity conferences.

– Analysis pieces discuss data integrity challenges in cybersecurity and the governance needs for autonomous AI agents.

– Recent notable incidents: OpenAI Codex vulnerability allowed GitHub token issues; Fortinet EMS zero-day exploits patched; FBI warns about China-made app risks; and more.

Stay Well!