cybersecurity

According to Cointelegraph, Robinhood users have recently encountered a phishing attack. The attackers exploited the Gmail feature that ignores the "." in email usernames, along with a vulnerability in the Robinhood account creation process, to register accounts that are very similar to the target email addresses. This allowed them to send fake reminder emails with phishing links to the victims' inboxes from the Robinhood official mail server.Cybersecurity researcher Alex Eckelberry stated that the email could pass SPF, DKIM, and DMARC verification, appearing to come from an official address. Robinhood stated that this incident did not involve a system or customer account breach, and that user funds and personal information were not affected, but advised users to delete the related emails and not to click on suspicious links.

Police officer Guo Tingyu from the Cybersecurity Division of the Qingshan Branch of the Wuhan Public Security Bureau participated in the investigation of Hubei's first virtual currency theft case. By tracking the flow of funds and analyzing the code of fake wallets, he identified and dismantled a cryptocurrency theft gang involved in over 100 million yuan in illicit funds, with all five suspects arrested.The gang induced users to download a counterfeit virtual currency wallet app to steal coins, with a total download count of over ten thousand. Guo Tingyu also participated in the investigation of multiple virtual currency-related criminal cases.

According to Decrypt, Admiral Samuel Paparo, the commander of the U.S. Pacific Command, stated during a hearing before the U.S. House Armed Services Committee that the U.S. government is currently running a Bitcoin node for cybersecurity-related testing, but is not engaged in mining.Paparo indicated that the U.S. military's interest in Bitcoin primarily focuses on its value as a computer science tool, including cryptography, blockchain, and reusable proof-of-work mechanisms, with the aim of using the Bitcoin protocol to strengthen cybersecurity and enhance military capabilities, which is still in the experimental stage. He also mentioned that maintaining the global dominance of the U.S. dollar aligns with U.S. military interests and gave a positive evaluation of the stablecoin legalization bill, the GENIUS Act, signed by Trump last summer, believing that the bill helps to solidify the global position of the dollar.

According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a Senate Armed Services Committee hearing that Bitcoin is a "valuable computer science tool," and its proof-of-work technology has significant applications in cybersecurity, increasing the cost of attacks for adversaries and can be used to protect data, information, and command signals, helping to support U.S. national security interests.Paparo noted, "Beyond the economic aspect, it has very important computer science application value in cybersecurity." Previously, Jason Lowery, a member of the U.S. Space Force, also made similar points in 2023.

According to Decrypt, Mozilla recently revealed that Anthropic's latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser, and the related vulnerabilities have been fixed this week.In comparison, a previous version of the Anthropic model only found 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities were within the scope of top human researchers' findings. Claude Mythos was officially released in March 2026 and is Anthropic's most powerful model in the fields of reasoning, coding, and cybersecurity, currently available for use by vetted partners such as Amazon, Apple, and Microsoft through the "Project Glasswing" initiative.

According to Cointelegraph, the Monetary Authority of Singapore (MAS) has urged banks to strengthen their cybersecurity defenses due to heightened regulatory concerns arising from the spread of the Mythos AI model under Anthropic in the Asia region.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.

The Ethereum Foundation recently released a summary report on the ETH Rangers security project, revealing that during a 6-month security funding program, researchers identified approximately 100 suspected state-sponsored cyber operatives, including infiltrators from North Korea, who have been active in multiple Web3 projects.The report indicates that relevant investigations were advanced through projects like the "Ketman Project," where researchers issued warnings to about 53 blockchain projects, revealing that these individuals infiltrated development teams under false identities and participated in fund flows and technical positions. Meanwhile, some related funds have been frozen, amounting to hundreds of thousands of dollars. The security team also incorporated relevant intelligence into the threat analysis system for the Lazarus Group and disclosed it at security conferences such as DEF CON, showing that state-level cyber attacks are continuously infiltrating the infrastructure of the cryptocurrency industry.In terms of overall results, the program has frozen or recovered over $5.8 million in funds, reported or documented over 785 vulnerabilities, and handled 36 security incidents, indicating that the security threats currently faced by the Ethereum ecosystem have escalated from simple vulnerability attacks to systemic risks involving state-level actors. Additionally, the report points out that North Korean hackers have also infiltrated projects through methods such as "remote IT workers," involving various attack paths such as account takeovers, freelancing platform infiltrations, and fund transfers, making them a key target for industry prevention.The Ethereum Foundation emphasizes that the security of decentralized networks requires "decentralized defense" and will continue to support security research, threat intelligence, and talent development to address the escalating state-level cyber threats.

OpenAI announced the launch of the GPT-5.4-Cyber model, which is fine-tuned from GPT-5.4 for cybersecurity scenarios, reducing the refusal limits on security-related requests under specific conditions to support specialized operations such as binary reverse engineering.According to the introduction, the model is only available to vetted security vendors, corporate security teams, and researchers through the "Trusted Access for Cybersecurity" (TAC) program. OpenAI stated that the relevant layered mechanism will limit the scope of model usage and impose additional constraints on access in low visibility scenarios.

The Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) of the U.S. Department of the Treasury announced a new initiative today aimed at strengthening cybersecurity in the digital asset industry.This initiative will provide timely, actionable cybersecurity information to eligible U.S. digital asset companies and industry organizations, helping them better identify, prevent, and respond to cyber threats targeting their customers and networks. This action implements an important recommendation from the President's Working Group on Financial Markets in the report "Enhancing the U.S. Leadership in Digital Financial Technology."

According to Bloomberg, the Irish government officially launched the testing phase of the digital wallet on April 3 local time, which includes an age verification feature.According to a statement from the Irish Department of Public Expenditure and Reform, this digital ID will support age verification on social media platforms, aiming to protect children and adolescents from online harm.

According to CoinPost, the Japanese Financial Services Agency has officially announced the "Cybersecurity Enhancement Guidelines for Cryptocurrency Asset Exchange Businesses." This guideline is based on 18 opinions collected from February to March 2026, with the primary goal of protecting investor assets, proposing a three-tiered security enhancement framework of "self-help (individual businesses), mutual assistance (self-regulatory organizations), and public assistance (regulatory authorities)."The authorities pointed out that current cyber attacks have evolved from simple signature key theft to highly organized methods such as social engineering attacks and supply chain intrusions, making traditional cold wallet management insufficient to ensure security. Subsequently, the Financial Services Agency will implement threat-driven penetration testing (TLPT) on some major businesses and plans to revise operational guidelines to enhance cybersecurity personnel allocation and external audit standards.

The Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China has monitored and found that attackers are using exploit tools targeting Apple Inc.'s terminal products to carry out cyber attack activities, which can lead to serious harms such as information theft and system control. The affected range includes Apple terminal products such as iPhone and iPad running iOS 13 to 17.2.1.Attackers induce users to use the Safari browser to visit web pages containing malicious code through methods such as SMS, email, or web poisoning, comprehensively utilizing security vulnerabilities present in the terminal devices to implant remote control Trojans into the victim's terminal products, stealing sensitive user information, gaining maximum privileges, and taking control.It is recommended that users of Apple terminal products conduct risk assessments, and promptly fix vulnerabilities through version upgrades and patch installations (refer to the Apple Security Updates). Pay attention to system update notifications and the latest security update announcements released by Apple, upgrade to the latest secure version in a timely manner, strengthen security awareness, avoid clicking on unknown links, and prevent the risk of cyber attacks.

According to CoinDesk, Galaxy Digital (GLXY) recently experienced a cybersecurity incident where hackers gained unauthorized access to its isolated research and development workspace. The company stated that the affected environment was only used for research and development, completely isolated from core infrastructure, production systems, trading platforms, and customer accounts, with losses amounting to less than $10,000.Galaxy Digital stated that it quickly intervened, completed the lockdown and reinforcement of the compromised workspace, and deployed additional protective measures at the blockchain infrastructure level.

On March 28, the cybersecurity platform VECERT disclosed that hackers, under the name PexRat, are selling a database containing personal information of 1.5 million Binance users on the dark web. The content includes sensitive information such as names, emails, phone numbers, KYC verification status, login IP addresses, and two-factor authentication methods.Analysis indicates that this incident was not a direct intrusion into Binance's internal servers, but rather that the attackers bypassed the CAPTCHA mechanism and obtained data through credential stuffing and automated scraping methods. Affected users face a high risk of SIM card hijacking and phishing attacks. At the time of this incident, Binance's institutional OTC trading business is experiencing rapid growth, with trading volume reaching 25% of the total for the entire year of 2025 in just January and February of this year. This is another data security crisis for Binance following the leak of 420,000 sets of account credentials in January.

According to Reuters: Hackers linked to Iran claim to have hacked the email of the FBI director.

According to a report by Fortune magazine, documents leaked from Anthropic show that its next-generation super robot "Claude Mythos" is currently being tested, and the company believes that this robot "poses an unprecedented cybersecurity risk." Musk stated, "This is deeply concerning."

According to Decrypt, cybersecurity company Malwarebytes Labs has warned that a fake website impersonating the newly released game Pudgy World from Pudgy Penguins is attempting to steal cryptocurrency wallet passwords.The phishing site pudgypengu-gamegifts[.]live uses a highly realistic replica of a cryptocurrency wallet interface to deceive users. When visitors select a wallet on this fake site, a seemingly authentic wallet unlock interface is displayed, leading users to mistakenly believe it is a trustworthy cryptocurrency wallet software.Malwarebytes points out that the timing of this phishing campaign appears to be carefully planned, coinciding with the game's launch and a surge of new users, and the attack almost covers all mainstream wallets, indicating that it may be backed by well-resourced threat actors or using commercial phishing toolkits. Users are advised to access the official website only through trusted bookmarks, avoid clicking on social media links, and be cautious of wallet password prompts that appear on web pages.

Cybersecurity company CUJO AI has officially launched a network-layer cryptocurrency investment fraud detection capability designed for network service providers (NSP), which can identify fraudulent activities that bypass application layer and platform layer protections. CUJO AI stated that modern cryptocurrency investment scams often rely on rotating domain names, wallet interactions, and social engineering tactics, making it difficult for a single platform to grasp the full picture; the network layer is a key location where such threats are concentrated.According to Chainalysis data, global losses from cryptocurrency-related scams and fraud are estimated to reach $17 billion by 2025, with the majority of victims being ordinary users rather than institutional traders.

AI cybersecurity startup RunSybil has completed a $40 million financing round, led by Khosla Ventures, with participation from S32, Anthropic's Anthology Fund, Menlo Ventures, Conviction, and Elad Gil. Angel investors include Nikesh Arora, Amit Agarwal, Jeff Dean, and several founders and executives from OpenAI, Palo Alto Networks, Stripe, and Google.RunSybil was co-founded in 2023 by Ari Herbert-Voss, OpenAI's first security researcher, and Vlad Ionescu, former head of offensive security red team at Meta. Its core product is the AI agent Sybil, which can continuously and automatically perform penetration testing on applications running online, discovering, exploiting, and documenting real security vulnerabilities without human intervention.