The UK AI Security Institute (AISI) has published the first independent assessment of Anthropic's Claude Mythos Preview, confirming it is the first AI model to autonomously complete a multi-step corporate network attack simulation. In controlled testing, Mythos solved expert-level capture-the-flag challenges 73% of the time and succeeded in 3 of 10 attempts on "The Last Ones"—a 32-step simulated breach scenario—averaging 22 steps per run. While these results signal a meaningful leap in AI-driven offensive capability, AISI emphasizes that evaluations occurred in undefended environments without active monitoring, EDR tooling, or real-world defensive countermeasures.

Key Bullet Points:

Censys Retrospective on Rhadamanthys Infostealer Operation Highlights Private-Sector Limits in Threat Disruption: A 2022 case study revealed how researchers leveraged an authentication flaw in Rhadamanthys control panels to collect 70,000+ infection logs for victim notification, underscoring that meaningful private-sector action often requires coordination with law enforcement and harm-reduction strategies rather than unilateral infrastructure takedowns. Link: https://censys.com/blog/rhadamanthys-private-sector-ops-limitations/

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Server Takeover via Unauthenticated Administrative Access: Attackers are leveraging a critical vulnerability in the nginx-ui management interface to gain complete control of affected servers, emphasizing the urgent need for administrators to patch or disable the vulnerable component and audit exposed administrative endpoints. Link: https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html

Standard Bank Data Breach Under Investigation by South African Information Regulator: The regulator is assessing unauthorized access to customer names and identity numbers at Standard Bank, reviewing the institution's access controls, encryption, firewall, and monitoring systems while the bank conducts its internal investigation and warns clients of potential phishing risks. Link: https://iol.co.za/business/2026-04-15-what-you-need-to-know-about-the-standard-bank-data-breach-investigation/

Hackers Offer Stolen Crime Tip Records for $10K After BlueLeaks 2.0 Exposure of 8.3 Million Entries: The INTERNET YIFF MACHINE group is marketing a cache of sensitive Crime Stoppers data—including informant details, SSNs, and criminal histories—stolen from P3 Global Intel, prompting the Portland Police Bureau to temporarily suspend tip submissions due to risks of informant retaliation and extortion. Link: https://san.com/cc/hackers-who-stole-crime-tip-records-offering-data-cache-for-10k/

McGraw Hill Confirms Salesforce Misconfiguration Breach Affecting 13.5 Million User Accounts: The ShinyHunters extortion group leaked over 100GB of data containing names, addresses, phone numbers, and emails after exploiting a Salesforce environment misconfiguration, exposing McGraw Hill customers to targeted phishing while the company clarified core systems and databases remained uncompromised. Link: https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/

$13.74M Hack Forces Closure of Sanctioned Grinex Cryptocurrency Exchange Amid Money Laundering Allegations: Intelligence claims linking the exchange to illicit financial activity, combined with a substantial theft incident, precipitated Grinex's shutdown, highlighting ongoing risks at sanctioned digital asset platforms and the convergence of cybercrime and regulatory enforcement actions. Link: https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html

Major Outage Disrupts Russian Banking Apps and Metro Payments, Attributed to Internal Sberbank Failure or Roskomnadzor Blocking Actions: Customers across multiple Russian regions experienced hours-long disruptions to card payments, ATM access, and mobile banking, with metro turnstiles failing to accept cards; while initial reports cited Roskomnadzor's VPN-blocking efforts, officials later indicated an internal Sberbank infrastructure failure as the probable cause. Link: https://therecord.media/outage-hits-russian-banking-apps

Swedish Heating Plant Targeted by Pro-Russian Cyberattack on Operational Systems: Sweden's Minister for Civil Defense confirmed a pro-Russian group compromised an industrial control system at a heating facility in spring 2025, marking a tactical shift toward OT-targeted intrusions; neighboring Norway and Denmark reported similar incidents, underscoring escalating hybrid threats against European critical infrastructure. Link: https://energywatch.com/EnergyNews/grid/article19202558.ece

Justice Department Disrupts GRU-Controlled DNS Hijacking Network via Court-Authorized Router Remediation: The FBI executed "Operation Masquerade" to neutralize U.S.-based TP-Link routers hijacked by Russia's GRU Unit 26165 (APT28), resetting malicious DNS resolvers and restoring legitimate ISP settings without impacting user functionality or collecting content, while urging router owners to update firmware and verify DNS configurations. Link: https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-dns-hijacking-network-controlled

NIST Adopts Risk-Based Prioritization for National Vulnerability Database Amid Record CVE Growth: Facing a 263% surge in CVE submissions since 2020, NIST will now enrich only KEV-listed, federal-use, or critical-software CVEs within one business day, while deferring lower-priority entries and streamlining severity scoring to sustain long-term NVD operations amid growing vulnerability discovery rates. Link: https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth

OpenAI Scales Trusted Access for Cyber Defense with GPT‑5.4‑Cyber and Expanded TAC Program: OpenAI introduced tiered access pathways for verified cybersecurity defenders, including GPT‑5.4‑Cyber—a fine-tuned model with reduced refusal boundaries for legitimate security work—and expanded Codex Security, which has contributed to fixing over 3,000 critical vulnerabilities since launch. Link: https://openai.com/index/scaling-trusted-access-for-cyber-defense/

Comprehensive Chrome Fingerprinting Reference Exposes 30+ Client-Side Tracking Vectors with MV3 Detection Strategies: A forensic guide details how Chrome provides minimal native anti-fingerprinting defenses while documenting canvas, WebGL, audio, font, and sensor-based tracking techniques, alongside Manifest V3 extension architectures using main-world scripts and CDP debugger APIs to intercept and log exploitation attempts. Link: https://www.thatprivacyguy.com/blog/the-beast-behind-the-browser/

OPM Launches Cybersecurity Specialist Role Through US Tech Force to Bolster Federal Defenses: The Office of Personnel Management opened applications for a new Information Cybersecurity Specialist position within Tech Force, targeting elite talent to strengthen federal systems, support mission-critical technology modernization, and coordinate recruitment with agencies including the CyberCorps Scholarship for Service program. Link: https://www.opm.gov/news/news-releases/opm-announces-new-cybersecurity-role-for-us-tech-force/

Two U.S. Nationals Sentenced for Facilitating North Korean IT Worker Fraud Scheme Generating $5M for DPRK: Kejia Wang (108 months) and Zhenxing Wang (92 months) were sentenced for enabling North Korean operatives to pose as U.S. residents, using stolen identities and laptop farms to secure remote jobs at over 100 companies—including a defense contractor handling ITAR data—and launder illicit revenue through shell entities. Link: https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker

PSNI Arrests 16-Year-Old in Connection with Education Authority Network Intrusion: Detectives from Northern Ireland's Cyber Crime Investigation Team detained a juvenile suspect in Portadown under the Computer Misuse Act 1990 following a reported intrusion into Education Authority systems, with searches conducted and the individual released pending further inquiry. Link: https://www.psni.police.uk/latest-news/detectives-arrest-16-year-old-suspicion-offences-under-computer-misuse-act

Hunt.io Maps Over 1,250 Russian C2 Servers Across 165 Hosting Providers, Highlighting Infrastructure Concentration: Analysis from January–April 2026 identified persistent abuse of Russian shared hosting and VPS platforms—led by TimeWeb, REG.RU, and WebHost1—to host Cobalt Strike, Ligolo-ng, and other framework-driven C2 infrastructure, with C2 activity comprising 88.6% of observed malicious artifacts. Link: https://hunt.io/blog/russian-malicious-infrastructure-c2-servers-mapped

Lloyds Banking Group and IBM Complete Quantum Computing Experiment for Economic Crime Prevention: A nine-month collaboration tested quantum graph algorithms on anonymized transaction data via IBM's cloud quantum hardware, finding early promise for quantum-enhanced anomaly detection as a complement to classical AI in identifying mule account networks, while building internal quantum readiness capabilities. Link: https://www.lloydsbankinggroup.com/insights/exploring-quantum-computing-at-lloyds-banking-group.html

Three Microsoft Defender Zero-Days Under Active Exploitation, Two Remain Unpatched: Security researchers identified three zero-day vulnerabilities in Microsoft Defender being leveraged in the wild, with two still lacking official patches, highlighting the urgent need for compensating controls and heightened monitoring of endpoint detection systems amid accelerated AI-assisted exploit discovery. Link: https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html

China's 15th Five-Year Plan Elevates Cybersecurity to "Cyber Superpower" Status with New Technical Resilience Mandates: Approved in March 2026, the 2026–2030 blueprint mandates disaster recovery systems for critical infrastructure, introduces cloud service security assessments, promotes domestic "secure and reliable" technology adoption, and expands international cyber governance cooperation as part of China's strategic digital sovereignty agenda. Link: https://www.nattothoughts.com/p/cybersecurity-strategy-in-chinas

France Accelerates Digital Sovereignty Push with Linux Migration and Sovereign Tool Adoption Across Government: Following Prime Ministerial directives, the DINUM announced plans to transition government workstations from Windows to Linux, migrate 80,000 health agency staff to sovereign collaboration tools (Tchap, Visio, FranceTransfert), and require each ministry to submit dependency-reduction plans by autumn 2026. Link: https://www.numerique.gouv.fr/sinformer/espace-presse/souverainete-numerique-reduction-dependances-extra-europeennes/

FCC Announces Conditional Approvals for Routers and Uncrewed Aircraft Systems, Exempts Certain Equipment from Covered List: The Public Safety and Homeland Security Bureau issued conditional approvals for specific router and UAS equipment under dockets 18-89, 21-232, and 21-233, while granting exemptions from the FCC's Covered List to streamline deployment of trusted telecommunications infrastructure. Link: https://www.fcc.gov/document/fcc-announces-routers-uas-conditional-approvals

EU Commission Statement Reinforces Commitment to Digital Sovereignty and Secure Technology Supply Chains: A formal statement underscored the European Union's strategic focus on reducing dependencies on extra-European technology providers, promoting interoperable standards, and strengthening collective resilience through coordinated public-private coalitions and investment in sovereign digital capabilities. Link: https://ec.europa.eu/commission/presscorner/detail/en/statement_26_820

NCSC Advises Organizations to Harden Cyber Baselines as Frontier AI Accelerates Vulnerability Discovery: The UK's National Cyber Security Centre warned that AI-driven exploit development will compress defender response timelines, urging rapid patching, reduced attack surface exposure, and executive-level championing of foundational security practices to maintain defensive advantage in an AI-augmented threat landscape. Link: https://www.ncsc.gov.uk/blogs/retaining-defensive-advantage-in-the-age-of-frontier-ai-cyber-capabilities

by Steven Switz

From Hiring Helper to Hiring Gatekeeper: The ICO Turns Up the Heat on Recruitment AI

The U.K. privacy conversation around AI in hiring is shifting from abstract ethics to concrete supervisory scrutiny. In Recruitment rewired, the ICO says evidence from more than 30 employers indicates that some recruitment tools are being used to make, not just support, decisions about candidates, even where employers believed meaningful human involvement was present. That matters because UK GDPR places extra safeguards on solely automated decisions that have legal or similarly significant effects, and hiring outcomes can plainly fall into that category. The report’s tone is notable: it does not read like a theoretical discussion of future risk, but like a regulator documenting present-day compliance failures in live recruitment systems.

For privacy teams, the practical message is straightforward. If automation is effectively decisive, employers need to stop calling it mere decision support and assess it against the ADM rules, including candidate-facing notices that explain the logic involved and likely consequences in understandable terms. They also need to test whether human review is genuinely capable of changing outcomes for every candidate, not just rubber-stamping high or low scores. The ICO’s next steps reinforce the point: it has already issued findings and deadlines to employers, while its March 2026 AI strategy update says draft ADM guidance is coming, an AI and ADM code of practice is being prepared under the Data (Use and Access) Act 2025, and the office is simultaneously engaging 11 major foundation model developers. For organizations using AI in recruitment, now is the moment to revisit Article 22-style analyses, tighten transparency, and build evidence that fairness monitoring is real before guidance hardens into enforcement.

UK AI Security Institute Evaluates Claude Mythos Preview's Cyber Capabilities, Finds First Model to Complete 32-Step Attack Simulation: AISI testing showed Mythos Preview succeeded in 3 of 10 attempts on "The Last Ones" corporate network range (averaging 22/32 steps), outperforming prior models on expert CTF tasks (73% success), while noting evaluation environments lack real-world defensive tooling and active monitoring. Link: https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities

Claude Skills for Governance, Risk & Compliance: 12 Installable Knowledge Packages Accelerate Regulatory Workflows: A GitHub repository offers .skill files for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, TSA Cybersecurity, ISO 42001, ISO 27701, DORA, and DPDPA, enabling Claude to generate audit-ready policies, gap analyses, and control mappings with trigger-based activation and progressive context loading. Link: https://sushegaad.github.io/Claude-Skills-Governance-Risk-and-Compliance/

VIDOC Security Reproduces Key Anthropic Mythos Findings Using Public Models, Challenging Exclusivity Narrative: Testing with GPT-5.4 and Claude Opus 4.6 in the open-source opencode agent reproduced exact vulnerabilities in FreeBSD, Botan, and OpenBSD cases, suggesting AI-assisted vulnerability discovery is already accessible beyond gated frontier labs and shifting the bottleneck to validation and remediation workflows. Link: https://blog.vidocsecurity.com/blog/we-reproduced-anthropics-mythos-findings-with-public-models

Cloud Security Alliance Releases "Mythos-Ready" CISO Briefing on AI-Accelerated Vulnerability Discovery: A collaborative paper from CSA, SANS, and OWASP Gen AI Security outlines immediate actions for security leaders to adapt vulnerability management operating models, introduce VulnOps capabilities, and prepare for compressed disclosure-to-exploitation timelines driven by AI-powered offensive tooling.

Link: https://labs.cloudsecurityalliance.org/mythos-ciso/

The London Marathon CISO Brunch Briefing brings together a select group of enterprise security leaders for an executive discussion on the morning of the London Marathon. In a setting that reflects the preparation, endurance, and discipline required to run 26.2 miles, the briefing offers CISOs and senior security executives an opportunity to connect with peers responsible for protecting some of the world’s largest organizations while discussing the challenges of staying ahead in today’s evolving threat landscape.

Interesting in joining then register here

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected]

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.