May 01, 2026

Subject: Srsly Risky Biz: US Vows to Fight Distillation Attacks

Sender: risky-biz@ghost.io

Summary:

– The US government has pledged to counteract “distillation attacks” executed by Chinese AI labs, aiming to steal proprietary capabilities from American advanced AI models.

– Distillation attacks involve training less capable models using outputs from more advanced ones, helping cheaper and rapid upskilling.

– Companies such as OpenAI, Google, and Anthropic reported being targets, citing massive fraudulent account activity and hundreds of thousands of queries.

– The White House memo acknowledges these systematic campaigns and promises information sharing, private sector coordination, development of best practices, and exploring measures to hold attackers accountable.

– The measures are considered potentially insufficient, as past attempts to combat China’s IP theft largely failed.

– The US State Department has formally expressed concerns to China via diplomatic channels; China denies allegations, calling them slander.

– Semiconductor export restrictions, a potentially more powerful tool to impede China’s AI progress, were notably absent from the memo, despite evidence suggesting chip export control delays the development of Chinese AI models.

– Chinese AI development struggles with access to advanced chips, affecting performance and innovation cycles.

– The newsletter also discusses the rise of Chinese hackers using botnets of compromised IoT and SOHO devices, complicating detection but also presenting disruption opportunities for governments.

– The US has conducted some successful takedowns of Chinese botnets but is urged to intensify efforts.

– Additional news includes US actions against scam operations, arrests linked to Chinese hacking groups, and security agency recommendations on SOC metrics and new Tor fingerprinting threats.

– Sponsored content features API security insights and interviews.

Subject: Nine Dubai scam centers raided in joint US-China operation, 276 arrested

Sender: info@metacurity.com

Summary:

– US and Chinese law enforcement raided nine scam centers in Dubai, arresting 276 people for cryptocurrency investment fraud (“pig-butchering” schemes) targeting US victims.

– Four individuals have been charged federally; arrests were coordinated with multiple international agencies and social media companies providing intelligence.

– The White House opposes Anthropic’s proposed expansion of Mythos AI model access, citing security concerns and resource limitations.

– The Australian Prudential Regulation Authority warns banks are not keeping pace with AI advances, increasing cyberattack risks; frontier AI models like Mythos could exacerbate threat speed and scale.

– Ukrainian police arrested three hackers who compromised over 610,000 Roblox accounts, exploiting them for profit.

– Security researcher Jeremiah Fowler found a cloud repository with nearly 90,000 stalkerware screenshots exposing private conversations and sensitive info of a European celebrity; law enforcement notified.

– Researchers report Chinese hackers breached the Cuban embassy’s email system in Washington amid geopolitical tensions, exploiting old Microsoft Exchange vulnerabilities.

– A Korean individual was sentenced for collaborating with North Korean hackers to run illegal game servers.

– Several major vulnerabilities have been patched or exposed recently including Linux privilege escalation “Copy Fail,” Qinglong task scheduler authentication bypass, and critical flaws in cPanel and WebHost Manager.

– Sens. Grassley and Banks are pressing tech companies on insider access risks related to China in AI systems.

– The US House passed an extension for a key surveillance law (FISA Section 702) with privacy provisions but Senate approval remains uncertain.

– Lawmakers consider giving data centers a standalone critical infrastructure designation due to their importance and threat profile.

– Municipalities in Oklahoma and Manitoba report ransomware or cybersecurity incidents affecting public services.

Subject: A Better Way to Think About AI & App Securitys

Sender: news@securityweek.com

Summary:

– Traditional AI security discussions focus on AI models, but real exposure for Application Security (AppSec) teams occurs through APIs.

– All prompts, integrations, and AI-driven actions flow through APIs, which grow rapidly and create new risk surfaces.

– Traditional security controls fall short at protecting APIs, especially given the acceleration caused by AI integration.

– Wallarm’s eBook “The New Security Perimeter” offers practical guidance on understanding API visibility challenges, AI-driven API growth, limitations of traditional controls, and best practices for API security.

– Additional resources include blogs, reports, customer stories, and webinars focusing on API security and AI governance.

Subject: “Copy Fail” flaw leads to privilege escalation on Linux | The CyberWire 4.30.26s

Sender: editor@newsletter.n2k.com

Summary:

– Researchers disclosed a high-severity Linux kernel flaw named “Copy Fail” (CVE-2026-31431) allowing local privilege escalation.

– The flaw permits an unprivileged user to modify the page cache of any readable file by writing 4 controlled bytes, achieving root access.

– Unlike other LPE bugs, this one works unmodified on all Linux distributions since 2017 without needing race conditions.

– Exploitation requires local code execution but can be chained with remote code execution vulnerabilities for full takeover.

– Proof-of-concept exploit code is publicly available, urging immediate patching.

– The US House voted to extend FISA Section 702 for three years but the Senate may reject it due to the inclusion of a provision banning Central Bank Digital Currencies. Temporary extension may be needed.

– A serious OpenSSH flaw (CVE-2026-35414) affecting versions before 10.3 allows attackers with specific configurations to gain root shell access; patched in version 10.3p1.

– Selected readings cover phishing using AI, recent supply chain attacks, policy updates, and law enforcement activities regarding cybercrime.

Subject: Anthropic Unveils Claude Securitys

Sender: news@securityweek.com

Summary:

– Anthropic launches “Claude Security,” a product designed to counter the surge in AI exploit attempts.

– SonicWall urges immediate patching of firewall vulnerabilities to mitigate risks.

– AI is propelling an “industrial” scale of cybercrime with dramatically shrinking time-to-exploit windows.

– Various high-impact vulnerabilities have been reported and exploited, including supply chain attacks on SAP NPM packages, Gemini CLI host code execution, EnOcean SmartServer hacking risks, and critical zero-day flaws in cPanel & WHM.

– The “Copy Fail” Linux kernel bug remains significant with ongoing exploitation potential.

– Sandhills Medical announces a ransomware breach affecting 170,000 individuals.

– Security experts advocate for AI-driven defense platforms capable of competing against autonomous AI agents in enterprise environments.

– Industry conferences focusing on AI risk and governance are ongoing.

– The newsletter includes expert insights urging a paradigm shift to agentic AI defense to protect against AI-powered attackers.

Stay Well!