In today’s cybersecurity news…
Anthropic announces Project Glasswing
Anthropic says its unreleased AI model, Claude Mythos Preview, is powerful enough to autonomously discover and even exploit software vulnerabilities, prompting the company to restrict access and instead share it with more than 40 partners through Project Glasswing. The model has reportedly identified thousands of bugs, including long-missed flaws in major systems, raising concerns that AI could dramatically accelerate cyberattacks by lowering the skill barrier. Anthropic and participating researchers warn this marks a turning point for cybersecurity, where defenders have to adapt as similar capabilities spread and expose weaknesses across critical infrastructure. (New York Times) (ZDNet)
U.S. seeks to slash CISA funding
The US administration is proposing a $707 million cut to CISA’s FY2027 budget, reducing it to about $2 billion, with the goal of refocusing the agency on protecting federal systems and, again, that critical infrastructure. The plan would eliminate programs seen as redundant or outside its core mission, including misinformation efforts, international engagement, and some school safety initiatives. The move follows earlier attempted cuts and major staff reductions, even as CISA looks to hire for key roles amid ongoing cybersecurity threats. (SecurityWeek)
Russia-linked hackers hijack routers for passwords
The UK’s National Cyber Security Centre warned that Russia-linked hackers from APT28 are compromising widely used internet routers to steal login credentials for email and other online services. The group, tied to Russia’s military intelligence agency GRU, is said to be using router access to harvest passwords and potentially expand access to additional accounts and networks. (Bloomberg)
U.S. warns of Iranian hackers targeting industrial controllers
U.S. agencies including the FBI, CISA, and NSA say Iranian-linked hackers are targeting internet-exposed industrial controllers used in critical infrastructure, particularly Rockwell/Allen-Bradley PLCs. The attacks have reportedly been active since last month and involve manipulating operational data and extracting system files, causing disruptions across sectors like energy and water. Officials say the activity is escalating due to geopolitical tensions and urge organizations to secure or disconnect exposed systems, patch vulnerabilities, and monitor for suspicious activity. (BleepingComputer)
Huge thanks to our sponsor, Vanta
Attack hits Northern Ireland’s centralized school network
A cyberattack on Northern Ireland’s centralized C2K school network forced the Education Authority to shut down systems, disrupting access for potentially more than 300,000 students and 20,000 teachers. Officials say the breach was contained early and there is no evidence so far of data theft or corruption, though investigations with Capita and incident responders are ongoing. Schools are gradually being brought back online as authorities prioritize secure restoration and exam-related access. (The Record)
Max severity Flowise RCE vulnerability exploited
Attackers are actively exploiting a critical remote code execution flaw in the Flowise platform by injecting malicious JavaScript through improperly validated configuration inputs. Researchers at VulnCheck observed early exploitation activity, with thousands of internet-exposed instances potentially at risk, alongside additional Flowise vulnerabilities also under attack. Users are urged to patch to version 3.0.6 or later and restrict public exposure to prevent compromise. (BleepingComputer)
U.S. cybercrime losses pass $20B for first time
The FBI reports cybercrime losses reached a record $20.87 billion in 2025, with complaints surpassing one million for the first time, driven largely by phishing, investment scams, and business email compromise. AI is becoming a bigger part of these schemes, with criminals using tools like voice cloning, fake profiles, and deepfake content, contributing to at least $893 million in reported losses. Most losses still come from scaled-up traditional scams, with fraud accounting for 85% of financial damage. (The Register)
National security veterans warn against FISA delays
50 former U.S. national security officials urged Congress to pass a clean reauthorization of Section 702 of the Foreign Intelligence Surveillance Act before its April 20th expiration, warning any lapse would harm intelligence operations. The law allows the NSA to collect communications of foreign targets via U.S. tech infrastructure, but faces opposition from lawmakers pushing for privacy reforms or attaching unrelated legislation. The officials cautioned that political disputes could delay renewal. (The Record)