cybersecurity

Regarding the suspected attack on the Aztec Router contract on the Ethereum chain, Aztec Labs has officially launched an investigation and clarified that Aztec Connect was deprecated three years ago. Aztec Labs does not hold any administrator keys or control over the system, and currently cannot pause or upgrade it. Therefore, the community is reminded to be vigilant against false "support" accounts and private messages.

According to the Wall Street Journal, the U.S. government's export controls and access restrictions on Anthropic's models Fable 5 / Mythos 5 partly stem from Amazon's cybersecurity research and AWS CEO Andy Jassy's communications with the White House.It is reported that the research submitted by Amazon indicated that through a series of prompt tests, researchers were able to induce Fable 5 to output sensitive information that could potentially be used for cyberattacks, raising security concerns. Subsequently, Andy Jassy reported the relevant findings to the U.S. government, prompting the White House to take further restrictive measures, including banning foreign users from accessing the model.At the same time, former U.S. Department of Commerce official Kate Koren revealed that the White House's existing policy stance on Anthropic may also have influenced this decision-making judgment, as there are differences between Anthropic and the White House on AI safety boundary issues, including the refusal to use the model for large-scale surveillance or lethal autonomous weapon systems. Although both sides had eased tensions and expanded cooperation earlier this year, this incident may once again exacerbate the strained relationship.

David Sacks, the head of AI and crypto affairs at the White House, stated that although the commercial version of the Mythos series model Fable released by Anthropic this week includes safety barriers, once those barriers are bypassed, users will be able to access Mythos's advanced cyber attack capabilities. Sacks pointed out that Anthropic had previously described Mythos as a "cyber weapon" that requires regulation, so fixing the related vulnerabilities should have been its responsibility.Sacks mentioned that a partner trusted by both Anthropic and the U.S. government discovered a jailbreak method to bypass the safety barriers while testing Fable. The U.S. government subsequently requested Anthropic CEO Dario Amodei to fix the vulnerabilities or take the model offline, but this request was refused. Anthropic stated in a declaration that the vulnerability is "not serious," a claim that contradicts the judgment of the U.S. government and relevant partners.Sacks stated that Anthropic has always emphasized that safety should be prioritized, but this time it prioritized maintaining consumer-grade model services. In response, the U.S. government reluctantly imposed export control measures on Anthropic and hopes that Anthropic will resolve the safety issues as soon as possible to lift the related restrictions and restore the full release of Fable.Sacks also denied that this action is related to previous disputes between the U.S. Department of Defense and Anthropic, stating that the government recognizes Anthropic's technological capabilities and believes that the current issues can be resolved relatively easily, with the initiative currently in Anthropic's hands.

According to Slow Fog's disclosure, a new variant of Shai-Hulud Hades has been found attacking PyPI. The malicious package drops a .pth file that executes automatically when Python starts, and checks if Bun is installed locally; if not installed, it downloads the official Bun binary from GitHub Releases, and then executes a multi-layer obfuscated JavaScript payload to steal credentials from GitHub, npm, AWS, and cloud services.Slow Fog stated that this variant uses the same RSA public key and infrastructure as previous Shai-Hulud attacks, and has capabilities such as encrypted exfiltration, persistence, CI/CD injection, and GitHub Actions injection.

According to the official announcement, Bitget stock derivatives have now launched for 15 underlying assets including ADBE (Adobe), CRWD (CrowdStrike), HPE (Hewlett Packard Enterprise), BX (Blackstone Group), TWLO (Twilio), covering popular sectors such as cybersecurity, AI data centers, satellite communications, and small-cap ETFs.

Bitget Chief Legal Officer Hon Ng today released an open letter, announcing that Bitget has officially launched the 2026 Global Anti-Fraud Month campaign, themed "More Assets, Stronger Protection."In the letter, Hon Ng pointed out that as the platform expands from crypto assets to a multi-asset ecosystem, users face increasingly complex cybersecurity threats while enjoying broader market access. He emphasized that the multi-asset era means greater responsibility. User protection is not a one-time project but a continuous result of risk monitoring, rapid response, security education, and industry collaboration.The open letter also disclosed Bitget's security and anti-fraud achievements for 2025. Data shows that Bitget intercepted over 150 million malicious attack requests throughout the year, identified over 13,000 high-risk malicious IPs, handled 18,135 user protection cases, and assisted users in recovering approximately $32.3 million related to security incidents and fraudulent activities.In addition, Bitget's security system achieved over 2.8 billion risk interceptions through customized protection rules, defended against over 1.5 billion DDoS attack attempts, and introduced machine learning-based behavioral analysis capabilities to further identify suspicious activities and potential risks.

Drift Protocol stated that its current top priority is to restart the platform and restore revenue-generating capabilities to expedite the recovery process of user funds. After the platform restarts, it will become the largest USDT-based perpetual contract trading platform on Solana, and the related revenue will be used to support a specially established user compensation fund.Drift claims that substantial progress has been made in the restart efforts with strategic support from Tether and other partners. To enhance security, Drift announced the appointment of Noah Prince, the former head of engineering at Helium Protocol, as the protocol lead, responsible for protocol restructuring and security system upgrades.Meanwhile, former members of the Gauntlet team have also joined the restart efforts, providing risk management and treasury design support for the platform, including clearing engine reviews, funding rate optimization, market parameter adjustments, and ongoing risk monitoring. Additionally, Drift has hired the cybersecurity company Mandiant to conduct an independent forensic investigation of the attack incident.The investigation results indicate that this attack can be clearly attributed to the North Korean hacker group UNC6862, which is associated with multiple cyber attack operations. Drift stated that it will continue to prioritize security in advancing the platform restart and will announce the user compensation mechanism and specific timeline in the future.

The "Anthropic" plan allows the EU's cybersecurity agency to use the powerful artificial intelligence tool "Mythos," which can discover and exploit vulnerabilities in computer systems.According to informed sources, Anthropic will allow the European Cybersecurity Agency to join the "Glass Wings" project. This project aims to let key institutions test the capabilities of "Mythos" before widespread deployment. A spokesperson for the European Commission stated that negotiations with Anthropic are progressing but declined to comment further.

According to Fortune magazine, the UK AI agent security and governance platform Geordie AI has completed a $30 million Series A funding round, led by Balderton Capital, with participation from Crosspoint Capital, and additional investments from General Catalyst and Ten Eleven Ventures, resulting in a post-money valuation of $155 million. This is the largest Series A funding round to date for a cybersecurity startup in Europe.The company was co-founded by former executives from the UK cybersecurity company Darktrace and the code security company Snyk. Its platform can discover and monitor AI agents operating within enterprises in real-time, identifying risks and dynamically constraining agent behavior. Geordie is currently deployed in approximately 30 client environments, including financial data company AlphaSense and the Franco-American joint venture AI biotechnology company Owkin.

According to Cryptopolitan, cybersecurity analysts have discovered a new type of fileless remote access trojan (RAT) named RemotePE. It is believed that the cybercrime organization Lazarus Group, associated with North Korea, is using this trojan to attack banks and cryptocurrency companies. The trojan operates entirely in memory, making it difficult for traditional antivirus and forensic tools to detect. Attackers impersonate trading company employees via Telegram, using forged Calendly and Picktime links for social engineering attacks. The malware is loaded in a three-stage chain through DPAPILoader, RemotePELoader, and RemotePE, with the entire process avoiding contact with the file system, utilizing process hollowing, anti-analysis checks, and encrypted C2 communication to evade detection.This malware was first discovered in September 2025. In the first four months of 2026, the Lazarus organization has stolen approximately $577 million in cryptocurrency assets, accounting for 76% of the total global cryptocurrency theft. Since 2017, the organization has accumulated a total theft amount of $6 billion.

According to informed sources, U.S. President Trump is expected to issue an executive order aimed at strengthening cybersecurity for artificial intelligence as early as Thursday and has invited leaders from the tech industry to attend the signing event. Media reports previously indicated that the order Trump is expected to sign will modify the existing cybersecurity information sharing program to include artificial intelligence companies, but it will not require federal approval for cutting-edge models.Instead, the order will call for voluntary testing of cutting-edge artificial intelligence systems by the government to identify and patch vulnerabilities in federal, state, and local networks as well as critical infrastructure in the U.S., without the need for extensive new regulations. Informed sources stated that invitations have been sent to several tech industry executives to attend the signing ceremony at the White House on Thursday, but it is currently unclear who will attend.

According to Cointelegraph, crypto risk management and infrastructure provider Chaos Labs stated that its oracle network experienced a suspected "nation-state" hacker attack last weekend but was not breached.Chaos Labs founder Omer Goldberg stated on the X platform that the attack was strictly limited to the operational wallets used for daily on-chain operations, and the oracle network was never compromised. The oracles operate in a fully isolated environment, with nodes distributed globally, protected by multi-layer security and encryption controls. Chaos Labs has rotated all keys since the attempted attack and has not detected any suspicious activity.

According to Cointelegraph, Robinhood users have recently encountered a phishing attack. The attackers exploited the Gmail feature that ignores the "." in email usernames, along with a vulnerability in the Robinhood account creation process, to register accounts that are very similar to the target email addresses. This allowed them to send fake reminder emails with phishing links to the victims' inboxes from the Robinhood official mail server.Cybersecurity researcher Alex Eckelberry stated that the email could pass SPF, DKIM, and DMARC verification, appearing to come from an official address. Robinhood stated that this incident did not involve a system or customer account breach, and that user funds and personal information were not affected, but advised users to delete the related emails and not to click on suspicious links.

Police officer Guo Tingyu from the Cybersecurity Division of the Qingshan Branch of the Wuhan Public Security Bureau participated in the investigation of Hubei's first virtual currency theft case. By tracking the flow of funds and analyzing the code of fake wallets, he identified and dismantled a cryptocurrency theft gang involved in over 100 million yuan in illicit funds, with all five suspects arrested.The gang induced users to download a counterfeit virtual currency wallet app to steal coins, with a total download count of over ten thousand. Guo Tingyu also participated in the investigation of multiple virtual currency-related criminal cases.

According to Decrypt, Admiral Samuel Paparo, the commander of the U.S. Pacific Command, stated during a hearing before the U.S. House Armed Services Committee that the U.S. government is currently running a Bitcoin node for cybersecurity-related testing, but is not engaged in mining.Paparo indicated that the U.S. military's interest in Bitcoin primarily focuses on its value as a computer science tool, including cryptography, blockchain, and reusable proof-of-work mechanisms, with the aim of using the Bitcoin protocol to strengthen cybersecurity and enhance military capabilities, which is still in the experimental stage. He also mentioned that maintaining the global dominance of the U.S. dollar aligns with U.S. military interests and gave a positive evaluation of the stablecoin legalization bill, the GENIUS Act, signed by Trump last summer, believing that the bill helps to solidify the global position of the dollar.

According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a Senate Armed Services Committee hearing that Bitcoin is a "valuable computer science tool," and its proof-of-work technology has significant applications in cybersecurity, increasing the cost of attacks for adversaries and can be used to protect data, information, and command signals, helping to support U.S. national security interests.Paparo noted, "Beyond the economic aspect, it has very important computer science application value in cybersecurity." Previously, Jason Lowery, a member of the U.S. Space Force, also made similar points in 2023.

According to Decrypt, Mozilla recently revealed that Anthropic's latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser, and the related vulnerabilities have been fixed this week.In comparison, a previous version of the Anthropic model only found 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities were within the scope of top human researchers' findings. Claude Mythos was officially released in March 2026 and is Anthropic's most powerful model in the fields of reasoning, coding, and cybersecurity, currently available for use by vetted partners such as Amazon, Apple, and Microsoft through the "Project Glasswing" initiative.

According to Cointelegraph, the Monetary Authority of Singapore (MAS) has urged banks to strengthen their cybersecurity defenses due to heightened regulatory concerns arising from the spread of the Mythos AI model under Anthropic in the Asia region.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.