SecurityWeek’s weekly cybersecurity information roundup affords a concise overview of vital developments that will not obtain full standalone protection however stay related to the broader menace panorama.
This curated abstract highlights key tales throughout vulnerability disclosures, rising assault strategies, coverage updates, trade experiences, and different noteworthy occasions to assist readers preserve a well-rounded consciousness of the evolving cybersecurity atmosphere.
Listed below are this week’s highlights:
Fed officers talk about Anthropic’s Mythos AI with main US banks
Fed Chair Jerome Powell and Treasury Secretary Scott Bessent met with the heads of main US banks this week to debate the potential cyber dangers raised by Anthropic’s new Mythos mannequin that was introduced earlier this week, CNBC reported Friday. Mythos is Anthropic’s strongest frontier AI mannequin so far, a high-reasoning system with such superior autonomous cybersecurity and exploit-chaining capabilities that it’s at present restricted to a choose group of companions beneath an initiative known as Undertaking Glasswing.
New Mac stealer targets cryptocurrency wallets
A hacker who stormed off a serious underground discussion board in 2023 got here again in 2024 beneath a brand new alias, and by early 2026 had delivered on a promise: a classy macOS stealer known as NotnullOSX that completely targets victims holding over $10,000 in crypto. The malware, first detected on March 30, 2026 in Vietnam, Taiwan, and Spain, spreads via pretend Google paperwork and malicious DMG recordsdata, tricking customers into handing over Full Disk Entry, which provides it a free move to iMessages, Apple Notes, browser credentials, and crypto wallets with no further prompts.
Main Japanese manufacturers unite to spice up cybersecurity
Ten main Japanese companies, together with Suntory, Kao, Asahi, and NTT, are establishing a joint group to share intelligence on cyber threats and develop specialised safety expertise. This collaborative effort follows a major breach at Asahi final September that disrupted shipments and uncovered vulnerabilities in interconnected meals and retail networks.
Authorized large Jones Day focused by cybercrime group
The Silent Ransom Group used social engineering ways to infiltrate Jones Day, efficiently accessing data belonging to 10 of the legislation agency’s purchasers. The menace actors, who additionally function beneath the title Luna Moth, reportedly leaked delicate paperwork and inner negotiation logs after the agency refused to satisfy a $13 million ransom demand.
Adware maker receives lenient sentence
Bryan Fleming, the founding father of the surveillance instrument pcTattletale, was sentenced to time served and a $5,000 wonderful for producing software program that allowed customers to secretly monitor victims. This case marks the primary federal conviction of a spy ware operator in additional than a decade and alerts a possible shift in how the federal government prosecutes creators of intrusive monitoring expertise. Though Fleming’s software program facilitated unlawful surveillance and suffered a large information leak earlier than shutting down, he won’t face any further jail time.
Authorized tech agency DocketWise experiences main breach
Austin-based DocketWise, an immigration and case administration platform for authorized professionals, confirmed a information safety incident that uncovered the private data of 116,000 people. The breach, found in October 2025, concerned unauthorized entry to credentials for a third-party repository containing unstructured legislation agency consumer information.
Cloudflare quickens post-quantum transition
Cloudflare has moved its full post-quantum safety deadline to 2029, a shift prompted by Google’s current revelation that it considerably enhanced quantum algorithms able to breaking present encryption. The tech large additionally prioritized quantum-secure authentication after analysis from Oratomic advised that impartial atom computer systems may crack RSA-2048 and P-256 with far fewer qubits than beforehand estimated. By accelerating its roadmap, Cloudflare goals to implement superior authentication throughout its total suite.
HackerOne halts new IBB submissions to recalibrate for AI period
The Web Bug Bounty (IBB) program has formally paused new vulnerability submissions as of March 27, 2026, as a result of an inflow of AI-assisted safety analysis. Program organizers famous that the velocity and quantity of discoveries generated by synthetic intelligence have overwhelmed the open supply neighborhood’s capability to supply well timed remediations. Whereas present experiences will nonetheless be processed, HackerOne intends to restructure this system’s incentives to higher steadiness discovering flaws with efficiently fixing them.
Researcher leaks Home windows zero-day following dispute with Microsoft
A researcher has launched a Home windows zero-day exploit dubbed BlueHammer that leverages a race situation in Microsoft Defender to grant attackers full SYSTEM privileges. The privilege escalation flaw was disclosed following a breakdown in communication with Microsoft, with the researcher citing frustration with the corporate’s dealing with of the bug report. Microsoft has but to launch a patch or assign a CVE.
Hacker claims large breach of China supercomputing heart
A hacker working beneath the alias FlamingChina claims to have accessed the Nationwide Supercomputing Middle in Tianjin by way of a compromised VPN and used a botnet to quietly extract over 10 petabytes of information over six months. Samples posted on Telegram in February 2026 embrace paperwork marked ‘secret’, in addition to technical recordsdata, simulations, and renderings of protection tools, resembling bombs and missiles. The hacker is trying to promote the information, providing restricted previews for 1000’s of {dollars} and full entry for a whole lot of 1000’s, payable in cryptocurrency. Whereas some consultants who reviewed the samples known as them genuine, others have questioned the hacker’s claims.
Stryker confirms monetary hit following cyberattack
Stryker confirmed {that a} March 2026 cybersecurity incident precipitated important operational disruptions that may materially impression its first-quarter monetary outcomes. Whereas the corporate has restored its international manufacturing and distribution programs, the investigation into the complete extent of the information breach and its regulatory implications stays ongoing. Regardless of the short-term earnings dip, the medical machine producer expects to take care of its full-year monetary steering as it really works with legislation enforcement and safety consultants to finalize restoration efforts.
Associated: In Different Information: ChatGPT Information Leak, Android Rootkit, Water Facility Hit by Ransomware
