Anthropic’s Mythos heads toward federal use as Hegseth's ban falters

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

The US government is preparing to make a version of Anthropic PBC’s powerful new artificial intelligence model available to major federal agencies amid concerns that the tool could sharply increase cybersecurity risk, according to a memo reviewed by Bloomberg News.

Gregory Barbaccia, federal chief information officer of the White House Office of Management and Budget, told officials at Cabinet departments in an email Tuesday that OMB is setting up protections that would allow their agencies to begin using the closely guarded AI tool, Mythos.

The email doesn’t say definitively that the various agencies will get access to Mythos, nor does it provide a timeline for when it might come or how they might use it. It tells top technology and cybersecurity chiefs to expect more information “in the coming weeks.”

US officials have previously urged private sector organizations to use Mythos to improve their cybersecurity. The Treasury Department has been seeking access to Mythos to uncover its own software flaws, Bloomberg has reported.

Anthropic has only provided Mythos to a limited group of technology companies, financial firms, and others, urging them to use it to assess their cybersecurity risk. The firm limited the release of Mythos amid concerns that hackers could weaponize its capabilities to steal data or sabotage victim networks.

The Pentagon this year declared Anthropic a supply chain threat, under an authority normally reserved for foreign adversaries, over a dispute about artificial intelligence safeguards. The company won a court order last month blocking a ban on government use of the technology, after Anthropic argued the move could cost it billions of dollars in lost revenue.

But, Anthropic CEO Dario Amodei is scheduled to walk into the West Wing on Friday for a meeting with White House chief of staff Susie Wiles — a breakthrough in his effort to resolve the company's bitter AI fight with the Pentagon. (Jake Bleiberg and Margi Murphy / Bloomberg and Jim VandeHei, Mike Allen / Axios)

Related: Futurism, Axios, International Business Times, Crypto Briefing, Forbes, Financial Times, Reuters, Crypto Briefing, Washington Examiner

Anthropic announced a new artificial intelligence model, Claude Opus 4.7, which the company said is an improvement over past models but is “less broadly capable” than its most recent offering, Claude Mythos Preview.

Claude Opus 4.7 is better at software engineering, following instructions, completing real-world work, and is its most powerful generally available model, Anthropic said. But the model’s cyber capabilities are not as advanced as Claude Mythos Preview, which Anthropic rolled out to a select group of companies as part of a new cybersecurity initiative called Project Glasswing earlier this month.

“We are releasing Opus 4.7 with safeguards that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses,” Anthropic said in a release. “What we learn from the real-world deployment of these safeguards will help us work towards our eventual goal of a broad release of Mythos-class models.”

Separately, Mohan Pedhapati (s1r1us), CTO of Hacktron, the company's Opus 4.6 model, already superseded by the release of Opus 4.7 on Thursday, is capable of developing functional exploit code.

In a blog post, Pedhapati described how he used Opus 4.6 to create a full exploit chain targeting the V8 JavaScript engine in Chrome 138, which is bundled into current versions of Discord.

"The V8 [out of bounds error] we used was from Chrome 146, the same version Anthropic's own Claude Desktop is running," he said. "A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc."

“Popped calc” is a reference to opening the calculator app – an event commonly used in proof-of-concept exploit code to indicate that an attack compromised the target system.

Pedhapati said that while $2,283 is a significant sum for an individual to pay, it's very little if you consider the weeks it would take a person to develop a similar exploit without assistance. (Ashley Capoot / CNBC and Thomas Claburn / The Register)

Related: Anthropic, Forbes, Bloomberg, Implicator.ai, Barron's Online, The GitHub Blog, Tom's Guide, iClarified, Wired, Telegraph, Cyber Daily, Hacktron

Senior international financial officials have warned that the latest AI models from US tech companies could threaten the world banking system by exposing weaknesses in lenders’ cyber defense.

As finance ministers, central bankers, and regulators met this week in Washington for the IMF and World Bank spring meetings, their discussions were dominated by concern over the latest AI model developed by San Francisco-based start-up Anthropic.

“It is a very serious challenge for all of us,” said Andrew Bailey, governor of the Bank of England, who chairs the Financial Stability Board of global regulators. “It reminds us how fast the AI world moves.”

Bailey added that global regulators would need to rapidly evaluate the potential cybersecurity threat to the financial system from Anthropic’s new Claude Mythos Preview model.

Until just over a week ago, most policymakers had expected the IMF and World Bank meetings to focus on the conflict in the Middle East, tensions in the private credit market, and elevated levels of government debt. (Martin Arnold, Sam Fleming, Claire Jones, Joshua Franklin, and Akila Quinio / Financial Times)

Related: The Guardian, Bloomberg

Russia-linked sanctioned crypto exchange ​Grinex said it had suspended ‌operations after assets worth 1 billion roubles ($13.10 million) were stolen during a cyber attack.

Grinex, which is based in ​Kyrgyzstan but linked to Russia, was sanctioned ​by the US, the UK, and the ⁠European Union last year.

In a statement posted ​on its Telegram channel, the exchange accused "foreign intelligence ​services" of unfriendly states of being involved in the attack.

"The digital ​footprints and nature of the attack indicate ​an unprecedented level of resources and technologies available exclusively to ‌entities ⁠of unfriendly states," the exchange said."According to preliminary data, the attack was coordinated to cause direct harm to Russia's financial sovereignty," ​it added.

The ​US has ⁠stated that Grinex helped customers circumvent sanctions via a Russian rouble-backed stablecoin ​called A7A5. (Gleb ​Bryanski / Reuters)

Related: Grinex, FinanceFeeds, CoinDesk, The Moscow Times, Elliptic, Crypto Briefing, The Cyber Express, The New Voice of Ukraine, United24Media, Coinfomania, Kyiv Independent

Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts.

According to court documents, the accounts were hijacked by Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accomplice charged in May 2023) in a massive November 2022 credential-stuffing attack that compromised nearly 68,000 DraftKings accounts.

US prosecutors said Austad and Garrison used a list of credentials stolen in multiple breaches to hack into DraftKings accounts, then sold access to others who stole around $635,000 from roughly 1,600 compromised accounts.

While they made over $2.1 million selling some of these hijacked DraftKings accounts (as well as FanDuel and Chick-fil-A accounts) through their own "shops," they also sold many in bulk to Stokes (also known online as TheMFNPlug), who resold them through his own "shop."

One month later, the sports betting giant said it had to refund hundreds of thousands of dollars stolen from hacked accounts, after all available funds were withdrawn following the addition of a new payment method and a $5 deposit to verify its validity. (Sergiu Gatlan / Bleeping Computer)

Related: Justice Department

A cyber incident at Nippon Yusen Kabushiki Kaisha (NYK) has exposed personal data linked to its marine fuel procurement platform, raising questions about digital risk in ship operations.

The company said unauthorized access was detected on the afternoon of 24 March 2026, affecting a system used to manage bunker purchasing. “We have become aware that a marine fuel procurement system used by the NYK Group was accessed without authorization by a third party,” the company said in its official notice. It added that “certain data — including personal information — was accessed and exfiltrated.”

NYK moved to isolate the system and suspend its use immediately. An internal task force was set up, and the platform was restored three days later on 27 March. The company reported the incident to Japan’s Personal Information Protection Commission the same day, followed by a report to police on 31 March. (Arnel Murga / Digital Ship)

Related: NYK, Tradewinds News, Digital Shield

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers at risk of complete takeover, according to security researchers at Ox Security.

The Ox research team says they "repeatedly" asked Anthropic to patch the root issue, and were repeatedly told the protocol works just fine, thank you, despite 10 (so far) high- and critical-severity CVEs issued for individual open source tools and AI agents that use MCP. A root patch, according to Ox, could have reduced risk across software packages totaling more than 150 million downloads and protected millions of downstream users.

Anthropic "declined to modify the protocol's architecture, citing the behavior as 'expected,'" Ox researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni Bar said in a blog about their research, which began in November 2025 and included more than 30 responsible disclosure processes.

A week after their initial report to Anthropic, the AI vendor quietly released an updated security policy – as seems to be the pattern when faced with AI bugs. The updated guidance says MCP adapters, specifically STDIO ones, should be used with caution, the team wrote in a subsequent 30-page paper [PDF]. "This change didn't fix anything," they added. (Jessica Lyons / The Register)

Related: Ox Security, Infosecurity Magazine, r/cybersecurity, TechRadar

North Korean hackers breached DeFi wallet Zerion to steal about $100,000 from the company’s internal wallets by targeting a team member’s device.

In a post on X, Zerion clarified that the breach did not affect user funds or its core infrastructure. The company said attackers gained access through compromised credentials and active login sessions. The team further stated that it quickly shut down its web app as a precaution.

“No user funds were lost,” Zerion stated in its update. However, the incident exposed internal security weaknesses tied to phishing methods and human error. (Kenrodgers Fabian / Cryptotimes)

Related: NK News, The Cryptonomist, Gadgets 360, Cryptonews.net

Europol announced that more than 75,000 individuals using distributed denial-of-service (DDoS) platforms for disruptive attacks have been warned through emails and letters during the latest phase of the Operation PowerOFF international law enforcement action.

Europol supports the ongoing operation and involves authorities in 21 countries. Coordinated efforts led to the arrest of four people, taking offline 53 domains, and issuing 25 search warrants.

“Leading up to the action week, a series of operational sprints took place, gathering experts from national authorities across the globe to carry out actions against high-value target users of DDoS-for-hire platforms and raise awareness about the illegality of these activities,” Europol says.

“During these sprints, the participating countries disrupted illegal booter services, dismantling the technical infrastructure that supports illegal DDoS.”

The operation has a global span and includes multiple European Union countries as well as Australia, Thailand, the United States, the United Kingdom, Japan, and Brazil. (Bill Toulas / Bleeping Computer)

Related: Europol, Justice Department, TechRadar, Security Week, CyberScoop, The Cyber Express, TechCrunch

A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers.

This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on the latest April Patch Tuesday patches, when Windows Defender is enabled.

"When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea just to rewrite the file it found again to its original location," explains the researcher.

Will Dormann, principal vulnerability analyst at Tharros, confirmed that the exploit for the new Microsoft Defender RedSun zero-day works and grants SYSTEM privileges on fully patched Windows 10, Windows 11, and Windows Server 2019 and later.

"This Exploit uses the 'Cloud Files API', writes EICAR to a file using it, uses an oplock to win a volume shadow copy race, and uses a directory junction/reparse point to redirect the file rewrite (with new contents) to C:\Windows\system32\TieringEngineService.exe," Dormann wrote in a thread on Mastodon.

"At this point, the Cloud Files Infrastructure runs the attacker-planted TieringEngineService.exe (which is the RedSun.exe exploit itself) as SYSTEM. Game over."

Security researcher Kevlar shared a more detailed technical write-up about this vulnerability. (Lawrence Abrams / Bleeping Computer)

Related: GitHub, Nefarious Plan, CloudSEK, BornCity, PC World, CyberSecurityNews

Microsoft has confirmed that some Windows domain controllers are entering restart loops due to Local Security Authority Subsystem Service (LSASS) crashes after installing the April 2026 security updates.

The company also warned that Windows admins may encounter this issue when setting up new domain controllers, or even on existing ones, if the server processes authentication requests very early in the startup process.

"After installing the April 2026 Windows security update (KB5082063) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM) might experience LSASS crashes during startup," Microsoft said in a release health dashboard update.

"As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."

This known issue only impacts organizations using Privileged Access Management (PAM) and is unlikely to affect personal devices that an IT department doesn't manage. The list of affected platforms includes systems running Windows Server 2025, Windows Server 2022, Windows Server 23H2, Windows Server 2019, and Windows Server 2016. (Sergiu Gatlan / Bleeping Computer)

Related: GBHackers, Cyber Press, Cyber Security News

Researchers at Darktrace have discovered a new malware strain named ZionSiphon, which appears to target water treatment and desalination plants in Israel.

ZionSiphon has many capabilities typically seen in commodity malware, but it caught analysts’ attention due to functionality aimed at operational technology (OT), specifically industrial control systems (ICS).

Strings in the analyzed malware sample indicate that ZionSiphon has been developed by anti-Israel hackers, and one encoded string decodes to “Poisoning the population of Tel Aviv and Haifa”.

There are several other indicators that Israel is the malware’s main target, including strings naming water facilities in the country.

In addition, once it verifies that it’s running with admin privileges and establishes persistence, the malware executes a function to fetch the local IP address and determine whether the compromised host is located in Israel.

If the IP is associated with Israel, ZionSiphon checks the system for processes and folders typically found in water treatment plants. Specifically, the malware looks for processes linked to reverse osmosis, desalination, chlorine handling, and plant control.

If these conditions are met, the malware looks for local configuration files associated with the aforementioned water treatment processes and attempts to alter them to increase chlorine doses and pressure. (Eduard Kovacs / Security Week)

Related: Darktrace, Cyber Press, Cyber Security News, GBHackers, Bleeping Computer

Hospital patient data may have been stolen during the ransomware attack on software provider Chipsoft, sources told NOS.

Chipsoft supplies software for the storage of patient records to Dutch hospitals and house doctors. Sources in the company initially reported that the hack only affected GP records and that the hospital records were safe, but now say that it cannot be ruled out that the hackers gained access to the data of some hospitals.

Sources tell the NOS that it cannot be ruled out that hospital patient data was stolen during the ransomware attack on Chipsoft. Chipsoft supplies software for the storage of patient records. Initially, sources inside and outside the company reported that hospital data was safe.

It now appears that it cannot be ruled out that the ransomware attackers gained access to the data of some hospitals. According to an insider, there are no concrete indications that this has happened, but it cannot be ruled out either.

This fear is an issue for hospitals that use a special Chipsoft website to give patients access to their records. Traffic to and from the patient records then runs through Chipsoft servers. The fear now is that attackers could potentially intercept that traffic. (Joost Schellevis / NOS)

Related: Dutch News, NL Times

In early April, security researcher Alex Shakhov discovered a coordinated subdomain takeover campaign targeting major US universities, with attackers hijacking subdomains at MIT, Harvard, Stanford, UC Berkeley, Columbia, UChicago, Johns Hopkins, and more than 25 other institutions and using them to serve explicit pornographic spam that Google was actively indexing under trusted .edu domains.

After he published his initial findings on LinkedIn, Infoblox VP of Threat Intelligence Renée Burton confirmed the campaign was the work of Hazy Hawk — a threat actor her team has been tracking since they hijacked CDC subdomains using the same technique.

A member of the security community also flagged that the Department of Defense Education Activity (DoDEA) — a DoD field activity operating under the Under Secretary of Defense for Personnel and Readiness — had a domain vulnerable to the same attack pattern.

The technique is straightforward, which is part of what makes it so effective.

University IT teams create CNAME records that point subdomains to external services — GitHub Pages, WordPress via WP Engine, various cloud hosting platforms. A department sets up a project site, a research group launches a microsite, and ,a student builds something for a class. Eventually the project ends, the person graduates or moves on, and the external hosting account gets deleted or abandoned.

But the DNS record stays.

The subdomain still points to the external service. The attacker scans for these orphaned CNAME records, registers a new account on the external platform that matches the abandoned target, and takes full control of what the university's subdomain serves. (Alex Shakov / SH Consulting)

Microsoft announced it uncovered a macOS-focused cyber campaign by North Korean threat actor Sapphire Sleet that shows how attackers are bypassing built-in Apple protection by impersonating legitimate software updates, tricking users into manually running malicious files.

Once inside, Sapphire Sleet establishes persistence, harvests credentials, and steals sensitive personal data and cryptocurrency assets, posing a heightened risk to organizations and individuals in crypto, finance, and other high-value sectors the group is known to target. 

The techniques rely on convincing prompts rather than technical exploits, putting even security-conscious users and organizations at risk for being exposed. The findings highlight a broader shift in state-backed cyber operations. Attackers are increasingly bypassing security, not by breaking protections, but by convincing users to bypass them themselves. (Microsoft)

Related: Dark Reading, Cyber Press, GBHackers

Best Thing of the Day: Nabbing A Criminal at the Airport

FBI agents recently arrested a man accused of attempting to help scam $600,000 worth of gold bullion from a Valley resident using a 'phantom hacking scam."

Bonus Best Thing of the Day: Getting Down With SMB Cyber Protection in Japan

Japan will launch a pilot program for detecting cyberattacks at small and midsize businesses along with a framework for security certification, aiming to minimize business disruptions stemming from inadequate protection.

Worst Thing of the Day: Make This Make Sense

Nick Andersen, director of the Cybersecurity and Infrastructure Security Agency (CISA), said that despite the opening of the Department of Homeland Security after an extended stand-off between the White House and Democrats in Congress, CISA still isn’t legally allowed to carry out certain activities, such as outreach, despite mounting risks to the nation's critical infrastructure.

Closing Thought