April 11, 2026

Hello all,

Artemis II splashed down on Friday off the US Pacific coast after making a successful orbit around the moon – very cool!  In the world of cyber, Anthropic’s latest AI, Claude Mythos, continues to rattle experts and tantalize evil people worldwide with its unprecedented ability to find and exploit vulnerabilities. The US Treasury and Federal Reserve is highly concerned about AI’s burgeoning ability to autonomously perform compromise, and has summoned bank executives to meet to discuss the situation. Additionally, the US government is warning about Iranian threat actors actively probing industrial control systems and critical infrastructure nationwide, with nearly 4,000 Rockwell Automation/Allen-Bradley PLC devices known to be potentially vulnerable. In a bit of good news, the FBI took decisive action regarding vulnerable TP-Link and MikroTik routers that were part of a massive botnet, removing malware and hardening them against further compromise. And there’s much more in this week’s links.

Headline NEWS:

• Adobe Acrobat had a zero-day vulnerability that has been under active exploitation since at least December revealed by a researcher. In response, Adobe has released an emergency patch for both Windows and Mac to address the defect. Readers are urged to update their Adobe Acrobat Readers to the latest version to prevent this exploit.
• Fortinet FortiClient EMS received an emergency update last week for yet another defect. CISA ordered all federal agencies to update by this past Thursday since it is already under active exploitation. If you have it, patch it.
• Juniper Networks patched for dozens of Juno OS vulnerabilities. At least one is a remote code execution defect that doesn’t require authentication. Unbelievably, one of the flaws is a default password in Support Insights (JSI) Virtual Lightweight Collector (vLWC). When will this stop being a thing? Come on! It is high time that all default passwords were required to be changed before allowing a device into service. There are a lot of items that have been addressed by these patches and none are known to be actively exploited yet, so don’t wait to plug these defects.
• Palo Alto Networks and SonicWall both released patches for high-severity vulnerabilities. For Palo Alto’s part, they’ve patched three flaws in their own and in third-party products that are integrated into their solutions, such as Chrome. SonicWall patched four vulnerabilities in the SMA1000 series firewalls. The vulnerabilities are not known to be exploited yet and are not present in their other SSL-VPN firewalls.

In Ransomware, Malware, and Vulnerabilities News:

• Anthropic Claude Mythos is everywhere in the news this week. This newest unreleased AI agent is so effective at finding and exploiting vulnerabilities, that Anthropic has decided to not release it to the public, but has instead created Project Glasswing where they’ve invited security vendors and major cyber companies to use the model to find and plug defects in their products. The fascinating thing about this AI agent is that it wasn’t designed to be a cyber security agent, it is just that good at what it does. The 245 page “Claude Mythos Preview System Card” PDF is an eye-opening very interesting read about the limitations, capabilities, and downright scary behavior of this new agent.
• Device Code Phishing Attacks have grown by 3,600% this year. You can have all the secure systems you want, but if users enable access to their accounts by giving access to a rogue application, then all the threat actor needs to do is log in. Click-Fix attacks are still dominating the phishing vector, but a new form of attack that asks you to enter a pin to verify a login is actually tricking the user to authorize a “device”, which in turn grants that threat actor access to the user’s account and anything therein. The particularly insidious part of this attack is that it uses the legitimate Microsoft login page to accomplish the goal.

In Other News Events of Note and Interest:

• Unitree launching a sub $4,500 robot this coming week. I saw the recent Chinese New Year Celebrations that showcased robots performing parkour, martial arts moves, and dancing, and I was absolutely amazed at the nimbleness and dexterity of these automatons. Well, that’s the units that will be selling for just a tiny bit over the average New York city monthly rent. The world of robotics is about to change rapidly, it would appear.

Musings

While the news headlines generally are about problems, issues, defects, and disasters, there is always something good out there. Don’t allow yourself to become cynical and like Winnie the Pooh’s friend Eeyore. Bad news sells, good news rarely does. There are good people, there is good news, and there is hope to be found, we just need to be willing to open our eyes and look for it. If you need a dose of positive to start your day, check out the Good News Network. How can you not like a headline like “Urine From Music Festival Toilets is Fertilizing a New Biodiverse Forest With Odor-Free Nutrients.”

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Hackers exploiting Acrobat Reader zero-day flaw since December
• Adobe patches actively exploited flaw
• CISA orders feds to patch exploited Fortinet EMS flaw by Friday
• Juniper Networks Patches Dozens of Junos OS Vulnerabilities
• Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
• Treasury Sec. Scott Bessent summons bank executives over Anthropic cyber risk
• FBI 2025 internet crime report
• Kaspersky financial threat report 2025
• Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
• FBI Boston neutralizes U.S. portion of hacked routers by Russia in Operation Masquerade
• Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
• Are You Using These TP-Link Routers? Russian Hackers Are Targeting Them
• Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
• A core infrastructure engineer pleads guilty to federal charges in insider attack
• LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
• LinkedIn scanning users’ browser extensions sparks controversy and two lawsuits
• Vulnerabilities and Exploits
• AI-assisted breach of Mexico’s government
• Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
• ‘BlueHammer’ Windows Exploit Signals Microsoft Disclosure Issues
• Mythos autonomously exploited vulnerabilities that survived 27 years of human review
• Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
• Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
• Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
• Iranian hackers are targeting American critical infrastructure, US agencies warn
• Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
• NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
• China’s Ministry of State Security urges enhanced security awareness to deal with token-related risks
• OpenAI Codex Vulnerability Allows Attackers to Steal GitHub Access Tokens
• Anthropic’s latest AI model identifies ‘thousands of zero-day vulnerabilities’ in ‘every major operating system and every major web browser’ — Claude Mythos Preview sparks race to fix critical bugs, some unpatched for decades
• A frightening OpenClaw vulnerability has been discovered
• Fiber Optic Cables Turned Into Hidden Microphones to Secretly Spy on Your Conversations
• Multiple OpenSSL Vulnerabilities Exposes Sensitive Data in RSA KEM Handling
• Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files
• Grafana Patches AI Bug That Could Have Leaked User Data
• Critical Dgraph Database Flaw Allowed Attackers to Bypass Authentication
• AI agents found vulns in this Linux and Unix print server
• Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
• Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
• Malicious PDF reveals active Adobe Reader zero-day in the wild
• Phishing, Malware, and similar
• Device code phishing attacks surge 37x as new kits spread online
• Scammers pose as Amazon support to steal your account
• GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
• New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
• Inside an AI‑enabled device code phishing campaign
• How AI Is Transforming the Global Scam Industry
• Scammers made $800M by impersonating US government officials, FBI says
• APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
• Hackers Use ClickFix Lure to Drop Node.js-Based Windows RAT With Tor-Powered C2
• Fake Software Installers Used to Drop RATs and Monero Miners in Long-Running Malware Campaign
• Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
• Smart Slider updates hijacked to push malicious WordPress, Joomla versions
• Threat Actors Get Crafty With Emojis to Escape Detection
• Hackers use pixel-large SVG trick to hide credit card stealer
• When attackers already have the keys, MFA is just another door to open
• New macOS stealer campaign uses Script Editor in ClickFix attack
• CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
• Microsoft: Canadian employees targeted in payroll pirate attacks
• New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection
• Breaches, Leaks, and Ransomware
• Hacker breaches Chinese supercomputer, attempts to sell stolen intelligence
• Not Toying Around: Hasbro Attack May Take ‘Weeks’ to Remediate
• Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
• Ransomware knocks Dutch healthcare software vendor offline
• Microsoft links Medusa ransomware affiliate to zero-day attacks
• Qilin ransomware group claims the hack of German political party Die Linke
• Eurail says December data breach impacts 300,000 individuals
• Law firm Jones Day says hackers accessed client files
• Jones Day confirms limited breach after phishing attack by Silent Ransom Group
• Backups won’t save you from this version of ransomware
• Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
• Ex-Meta worker investigated for downloading private Facebook photos
• Snowflake customers hit in data theft attacks after SaaS integrator breach
• Hackers steal and leak sensitive LAPD police documents
• ‘Several dozen’ orgs targeted by a new extortion crew
• Russia’s ‘Fancy Bear’ APT Continues Its Global Onslaught
• Hungary officials used weak passwords exposed in breach dump
• ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot 

Other News Events of Note and Interest

• France to ditch Windows for Linux to reduce reliance on US tech
• Apple update turns Czech mate for locked-out iPhone user
• Apple approves drivers that let AMD and Nvidia eGPUs run on Mac — software designed for AI
• AWS CEO: Working 24/7 on Middle East services after drone strikes
• Amazon S3 Files gives AI agents a native file system workspace, ending the object-file split that breaks multi-agent pipelines
• AWS S3 Files just made Transfer Family SFTP obsolete for most use cases
• Chrome finally gets vertical tabs and a smarter reading mode
• Google Chrome adds infostealer protection against session cookie theft
• Google rolls out Gmail end-to-end encryption on mobile devices
• YouTube Tests AI Summaries On Home Screen
• Living Neurobot Blurs Line Between Cells and Machines
• OCSF explained: The shared data language security teams have been missing
• Cast Adrift, Meta Employees Have No Idea Who the ‘Token Legend’ Is Anymore
• Sad Story Of My Google Workspace account suspension
• Zorin OS Says No to Mandatory Age Verification in Linux
• Ubuntu 26.04 LTS makes it even easier to enable 10 years of security updates
• Firefox’s free VPN rollout finally reached me – is it any good?
• Excellent Podcast – Episode 358 Deep Dive: Lisa Black | How Leaders Survive Major System Failures
• First person convicted under law criminalizing intimate deepfakes
• Criminal wannabes even more dangerous than the pros
• Western Union zaps VMware and moves to Nutanix
• H.264 streaming fees jump from $100,000 to $4.5 million a year under new licensing terms
• Scientists create new type of encryption that protects video files against quantum computing attacks
• Two manufacturers commit to keep Blu-ray alive after others quit manufacturing
• AI, LLM’s, and Skynet
• Unitree to launch cheapest humanoid robot globally next week, starting at over $4,000
• Cloudflare, GoDaddy team up to curb AI bot brigades
• OpenAI’s vision for the AI economy: public wealth funds, robot taxes, and a four-day workweek
• Fastly, along with Akamai and Cloudflare, tumbles after Anthropic launches Managed Agents
• We’re Getting the Wrong Message from Mythos
• Anthropic makes the case for anthropomorphizing AI chatbots
• Anthropic’s new Mythos model system card shows devious behaviors
• Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’
• Project Glasswing: Securing critical software for the AI era
• Anthropic launches Claude Managed Agents for businesses
• The full PDF from the above article
• Anthropic loses appeals court bid to temporarily block DOD ruling
• AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
• Japan relaxes privacy laws to make AI development easy
• Copilot in Word: New Capabilities for Document Workflows
• Microsoft begins removing Copilot from Windows 11, starting with Notepad, Snipping Tool, but not entirely
• Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
• Microsoft
• Microsoft pulls developer accounts of WireGuard and Veracrypt
• Microsoft’s reauthentication snafu cuts off developers globally
• Microsoft cuts cloudy desktop prices by 20 percent
• Microsoft Intune announces Android Enterprise management support for Android XR
• Windows 11 KB5086672 is out to fix broken feature update
• Modern Azure Resilience with Mark Russinovich
• Introducing the New Windows 365 Monitoring and Reporting Platform
• NET Core 2.3 end of support announcement – .NET Blog
• Microsoft fixes Classic Outlook bug causing email delivery issues
• Windows Secure Boot Certificates Expire in June. How to Verify Your PC Is Updated
• Microsoft’s OneDrive deletion change means you’ll need to recover files differently starting next month
• Microsoft admits its recent “update” broke vital Windows 11 Start menu function
• Windows 11’s emergency March update is breaking window management
• A ten-year old Windows version now has official extended support from Microsoft
• Microsoft releases Edge 147 with Copilot in Immersive Reader, improved cookie settings, more