In today’s cybersecurity news…
OpenAI shares cyber product with government orgs
Axios reports that OpenAI has been briefing U.S. federal agencies, state governments, and Five Eyes allies on its new GPT-5.4-Cyber model, demonstrating its capabilities to more than 50 government cyber practitioners as part of a controlled rollout. The model is being offered through a tiered “Trusted Access” program with vetting similar to commercial users, alongside a more restricted version with stronger safeguards. The push comes as Anthropic tests its competing Mythos model with select organizations.. (Axios)
Unauthorized Mythos access, Firebox bugs fixed by Mythos
Speaking of Anthropic, couple different Mythos stories today. Bloomberg reports a small group of unauthorized users claimed in a private Discord that they were able to access Anthropic’s Mythos model, which has been limited to 40 organizations because of its reported ability to find or exploit security vulnerabilities. One member of the group works for a third-party contractor for Anthropic. They combined that access and other information they gathered, like guessing the URL based on how Anthropic formats them. Anthropic is investigating the report and says it has no evidence that the access went beyond a third-party vendor’s environment.
Meanwhile, Mozilla said it used Mythos to look for bugs in Firefox 150, and it found 271. All of the bugs could also have been found by a human, Mythos simply found them faster.
Insurers move to cap LLMjacking cyber payouts
The Financial Times reports insurers including QBE Insurance and Beazley are moving to cap payouts for AI-related cyber incidents, introducing sublimits that significantly restrict coverage for risks like “LLMjacking,” where attackers exploit enterprise AI systems to avoid usage fees. Brokers and legal experts warn the changes could narrow protection across a broader range of emerging AI threats, even as insurers argue they are clarifying coverage rather than reducing it. (Financial Times)
Spain dismantles manga piracy platform
Spanish police have dismantled a major Spanish-language manga piracy platform operating since 2014, arresting four people and seizing infrastructure that supported millions of monthly users. Authorities said the site generated more than $4.7 million in ad revenue, including pornographic pop-ups, while also uncovering hidden cryptocurrency wallets holding about $470,000. The takedown is part of a broader crackdown on large-scale piracy operations that authorities say have caused significant financial and reputational damage to publishers and the wider cultural industry. (BleepingComputer)
Huge thanks to our sponsor, ThreatLocker
of Zero Trust Network Access and Zero Trust Cloud Access, access isn’t based on
credentials alone, it requires the right user, the right device, and the right conditions.
Because as we’ve seen in recent large-scale CRM breaches, stolen credentials and
misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is
exposed, and access is limited to exactly what’s needed. Learn more and start your free
trial today at ThreatLocker.com/CISO.
NCSC unveils SilentGlass
The National Cyber Security Centre announced SilentGlass at CYBERUK, a plug-in device designed to secure HDMI and DisplayPort connections by blocking malicious or unexpected signals between computers and monitors. The device is already deployed in government environments and targets an attack vector where monitors can be exploited to access sensitive data or infiltrate networks. Developed with Goldilock Labs and Sony UK, SilentGlass is now commercially available. (Infosecurity Magazine)
‘Contagious Interview’ scams self-propagate
According to research from Trend Micro, North Korean threat actors are evolving the “Contagious Interview” scam into a self-propagating supply chain attack, using fake job offers to trick developers into running compromised code that spreads malware through repositories. The campaign is attributed to the group Void Dokkaebi and uses malicious VS Code tasks and hidden repository files to deploy RATs, steal credentials, and infect downstream projects when code is shared. This can rapidly cascade across open-source and enterprise environments, with more than 750 infected repositories now identified. (Dark Reading)
Kyber gang toys with Windows post-quantum encryption
A new Kyber ransomware operation is targeting Windows and VMware ESXi systems, with one variant experimenting with post-quantum cryptography, according to analysis from Rapid7. Researchers found the Windows version uses Kyber1024 for key protection alongside traditional encryption, while the ESXi variant falsely claims post-quantum capabilities and relies on standard algorithms. Both strains are deployed together to maximize impact, aggressively encrypting data, deleting backups, and disrupting recovery. Researchers note the use of post-quantum methods doesn’t materially change outcomes for victims. (BleepingComputer)
Compromised KICS images and extensions hit Checkmarx
Socket researchers report threat actors compromised the Checkmarx supply chain by injecting malicious code into its KICS Docker images and related Visual Studio Code extensions. The tampered images enabled data collection and exfiltration of sensitive scan results, while affected VS Code extensions downloaded and executed remote code without verification. Researchers warn the incident likely spans multiple distribution channels, advising organizations to treat any credentials exposed through impacted scans as compromised. (The Hacker News)