By summy 0 Comment

CyberSecurity Knuggets

Cybersecurity Knuggets

Apr 11, 2026

Subject: Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs

Sender: risky-biz@ghost.ioD

Chatlink: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MjAyNjA0MTAwNTM2NTUuZjZiZjg5NDAyYzlmYTJhOEBtLmdob3N0LmlvfHxja3NtK2N5YmVyc2VjdXJpdHlAc3VtbXltb25rZXkubWU=38487f3131db6614c48fce477bdc030dc

Summary:

The FBI has extracted deleted Signal messages from a suspect’s iPhone by accessing the device’s notification database, specifically from the notifications log, in a case related to anti-ICE protests in Texas. Despite Signal’s setting to hide message previews in notifications, the suspect did not enable this, which allowed the data collection. Additionally, the Los Angeles City Attorney’s Office was hacked with 7.7TB of sensitive police and case data leaked online. Other cyber events include ransomware hitting Dutch healthcare software provider ChipSoft, the Minnesota National Guard’s cyber units deployed after a local cyberattack, and petabytes of sensitive data stolen from China’s National Supercomputing Center by group FlamingChina. Also, Bitcoin Depot lost $3.6 million in a hack targeting crypto-wallets, and Pinterest faced a pro-Iranian DDoS attack.

Technical updates:

– Chrome 147 released featuring Device Bound Session Credentials (DBSC) to protect authentication cookies.

– Signal will soon add plaintext chat export.

– Meta is investigating a former employee over unauthorized downloading of private Facebook photos.

– Microsoft suspended developer accounts of VeraCrypt, WireGuard, and Windscribe due to a mandatory account verification process.

– Greece will ban children under 15 from social media starting next year.

– Akamai and Cloudflare support the Agent Name Service (ANS) protocol to identify AI agents uniquely.

– New malware: macOS infostealer notnullOSX; STX RAT; clipboard hijacker ClipBanker targeting Russian users.

Arrests & crimes:

Peter Williams, ex-Trenchant executive, sentenced to 87 months for selling iOS exploits to a Russian broker, citing stress and burnout. UK police investigating a former Meta employee for massive photo downloads. South Korea banned 41,000 scam phone numbers.

Sponsor interview with Airlock Digital about application allowlisting innovation is included.

Subject: Hacker Newsletter #789

Sender: kale@hackernewsletter.comD

Chatlink: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=Zjg0MjJiMjEtZGRmOS00NWJlLTkwMzctNTg0MWIzN2Y4Y2Y5QG10YXN2Lm5ldHx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1l631a594af8a90bd51cc13c563379be59c

Summary:

This issue offers a curated list of cybersecurity and technology content sourced from Hacker News community highlights. Key topics include:

  • Sysdig’s agentic AI for secure cloud solutions.

  • Concerns about AI control under Sam Altman.

  • Project Glasswing securing critical AI-era software.

  • A detailed investigation of the Apollo 11 guidance computer bugs.

  • New small language models to demystify LLM operations.

  • Breakthroughs in lunar flyby missions by NASA.

  • Various AI, programming, and design projects such as LittleSnitch for Linux, Lua-based 2D game framework LÖVE, and Rust-inspired languages.

Community engagement sections cover marketing advice for solo technical founders, European tech alternatives, and non-AI-related projects. Also, several educational, data, and design articles are listed for readers. Fun sections include retro computing and music programming topics.

Subscription and promotional information for Hacker Newsletter is included.

Subject: Feds summon Wall Street CEOs over fears Anthropic AI could supercharge cyberattacks

Sender: info@metacurity.comD

Chatlink: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MjAyNjA0MTAxNDM0NDAuOTgwYjI5MmVmM2VmNTc5NEBnaG9zdC5tZXRhY3VyaXR5LmNvbXx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1ld5c06b0316509c68e4a94a545fd320aac

Summary:

US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with Wall Street CEOs—including Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs—over concerns about Anthropic PBC’s Mythos AI model. The AI is capable of rapidly identifying and exploiting vulnerabilities across major operating systems and browsers. Anthropic has limited Mythos’s use to select firms (e.g., Amazon, Apple, JPMorgan) as part of “Project Glasswing” to proactively secure systems.

Additionally:

– FBI was able to retrieve incoming Signal messages from a removed app via an iPhone’s notification database.

– Hungarian intelligence has been using Webloc spyware for mass surveillance via consumer app advertising data, likely violating GDPR.

– US Treasury launched a cyber threat intel sharing program for digital asset firms, improving security awareness in the crypto sector.

– Microsoft reports payroll hijacking attacks titled Storm-2755 targeting Canadian organizations through sophisticated phishing and session hijacking.

– North Korean-linked operators generated over $3.5 million exploiting crypto payments and forged employment.

– Hong Kong police arrested a contractor employee for leaking personal health data of over 56,000 patients.

– Malware LucidRook used in spear-phishing attacks against NGOs and universities in Taiwan.

– Hackers compromised WordPress and Joomla Smart Slider plugin update channels to distribute malware.

– Zero-day Adobe Reader exploit used since December with Russian-language lures targeting oil and gas sectors.

– Vulnerability in EngageLab’s SDK affects Android crypto wallet apps exposing sensitive data.

– HWMonitor software distribution site appears compromised serving malware-laden installers.

– Google Chrome added Device Bound Session Credentials to protect session cookies.

– Gmail now supports native end-to-end encryption on Android and iOS apps.

– Pennsylvania state trooper pleaded guilty to multiple crimes including creating thousands of AI-generated pornographic deepfakes.

– OpenAI backing an Illinois bill shielding AI labs from liability for AI-caused societal harm.

– Former L3 Trenchant exec Peter Williams sentenced for selling exploits to Russia citing stress-related poor judgment.

Subject: Industry Reacts to Iran Hacking ICS in Critical Infrastructures

Sender: news@securityweek.comD

Chatlink: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MTE0MjMxMTkxMzc0OC4xMTAyNTkyMDEyNDU4LjE2NTM3ODkzNTIuMC42ODExMzBKTC4yMDAyQHN5bmQuY2NzZW5kLmNvbXx8Y2tzbStjeWJlcnNlY3VyaXR5QHN1bW15bW9ua2V5Lm1leccb96e2cde0e4e21adf692ca47365e5c

Summary:

This briefing highlights industry responses to recent Iranian cyberattacks targeting industrial control systems (ICS) in critical infrastructure sectors. Key points include:

  • Juniper Networks patched multiple Junos OS vulnerabilities.

  • Orthanc DICOM vulnerabilities causing crashes and remote code execution identified.

  • Chrome 147 security update fixed 60 bugs including two critical vulnerabilities, with bounty awards up to $86,000.

  • MITRE released a Fight Fraud framework.

  • Exploitation of a critical Marimo flaw occurred hours after public disclosure.

  • Google implemented cookie theft protections in Chrome.

  • Microsoft identified vulnerability affecting millions of Android crypto wallet users.

  • Iran-linked cyber groups continue attacks despite diplomatic ceasefires.

  • US disrupted a Russian espionage operation recently.

Expert insights emphasize the importance of visibility for proactive security, architectural responses to AI-enabled threats, and leadership focus on data trustworthiness.

Subject: Treasury Secretary and Fed Chair summon banking executives over AI security concerns | The CyberWire 4.10.26

Sender: editor@newsletter.n2k.comD

Chatlink: https://summymonkey.me/wp-json/chatlink/v1/sm-chat?chat=MTc3NTgzNjg4MzgxNC4wZDNmYzQxOS03Yjc5LTQ2MjgtODRkMy1iZjIyOGQ2MzAyYjdAYmYwMy5odWJzcG90ZW1haWwubmV0fHxja3NtK2N5YmVyc2VjdXJpdHlAc3VtbXltb25rZXkubWU=bb909d403a013eab935fde4e22d93691c

Summary:

US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an urgent meeting with Wall Street banking executives to discuss security issues related to Anthropic’s Mythos AI model and similar AI systems with the ability to quickly identify and exploit vulnerabilities. The meeting underscores regulatory concerns over AI-driven cyberattack risks to the financial sector, transcending political lines.

Additional details:

– Anthropic restricts Mythos access to a consortium of 40+ organizations, including major tech and security firms, focused on defensive testing and vulnerability identification under “Project Glasswing.”

– Alleged hacker “FlamingChina” claims theft of 10+ petabytes of data from a Chinese state supercomputer, selling it for cryptocurrency.

– Canadian organizations targeted by payroll hijacking campaign Storm-2755 using malicious Microsoft 365 sign-in phishing and session hijacking.

– Sponsored content highlights AI governance and security best practices for enterprises using Cato AI Security.

– Selected readings cover unique obfuscation malware techniques, investigations into Apple Intelligence prompt injection attacks, ransomware trends, quantum-proofing concerns, and court rulings related to Anthropic.

This briefing emphasizes ongoing cybersecurity threats, AI governance challenges, and active defense initiatives within critical sectors.

Stay Well!

summy
summy