CyberSecure Specialist

The Pentagon said Friday that it has reached deals with seven tech companies to use their artificial intelligence in its classified computer networks, allowing the military to tap into AI-powered capabilities to help it fight wars. Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide their resources to help “augment warfighter decision-making in complex operational environments,” the Defense Department said. Notably absent from the list is AI company Anthropic, after its public…

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports. Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms,…

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: OFAC hits Iranian central bank crypto reserves OFAC designated two cryptocurrency…

Mythos in the hands of attackers threatens a storm beyond the power of security teams to weather. Claude Security is designed to counter this. Anthropic’s Mythos AI model will not be the only frontier model able to compress the time-to-exploit to a meaningless number of minutes. Other foundation model developers will produce their own models with comparable capabilities – and these models will find their way into the hands of criminals and nation state adversaries.…

A critical-severity vulnerability in the open source AI gateway LiteLLM was exploited days after public disclosure to access database tables containing sensitive information, Sysdig reports. The security defect is described as an SQL injection during the proxy API key verification process and is identified as CVE-2026-42208, with a CVSS score of 9.3. In an April 20 advisory, LiteLLM’s maintainers explained that a database query used during key verification did not pass the caller-supplied value as…

CFOs and boards need to understand risk in financial terms. Insurance data can do this. Obtaining adequate cybersecurity budget from the board requires translating technical risk into business financial risk – an ability that is not always available to security technicians. Resilience, a firm that provides insurance, risk decision support and consultancy, can assist. Through its insurance service, Resilience can directly relate financial loss to specific cybersecurity events and their likely occurrence, allowing CISOs to…