Top stories.
- Treasury Secretary and Fed Chair summon banking executives over AI security concerns.
- Iranian cyber operations will likely continue during ceasefire.
- US Justice Department disrupts APT28 router network.
- White House proposes $707 million cut to CISA's budget.
- Cambodia passes law targeting scam compounds.
Treasury Secretary and Fed Chair summon banking executives over AI security concerns.
Bloomberg reports that US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called Wall Street leaders and banking executives to an urgent meeting on Tuesday to address security concerns surrounding Anthropic’s Mythos AI model and similar models capable of rapidly identifying and exploiting vulnerabilities. Bloomberg notes that Powell's presence at the meeting indicates that the concern is apolitical, and not tied to the Trump administration's recent clashes with Anthropic. The meeting signals that regulators consider AI-driven vulnerability exploitation to be a major risk to the financial industry.
Anthropic announced earlier this week that it would not be releasing Claude Mythos to the public and would instead grant access to a consortium of more than forty organizations, including Amazon, Microsoft, Google, Apple, the Linux Foundation, and several security vendors, to support controlled defensive testing. This initiative, dubbed "Project Glasswing," will focus on "tasks like local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing of systems" that "represent a very large portion of the world’s shared cyberattack surface." Anthropic says Mythos has discovered thousands of zero-day vulnerabilities over the past few weeks, though these findings are only partly externally verified.
TechCrunch cites experts who say Mythos likely isn't as groundbreaking or as dangerous as much of the coverage suggests, but the publication concedes that "a careful rollout of the technology is a responsible way forward."
Iranian cyber operations will likely continue during ceasefire.
The United States and Iran reached a shaky ceasefire on Tuesday, though it's uncertain what impact the truce will have on Iranian cyberactivity, SecurityWeek reports. IRGC-linked hacktivist group Handala said it would stop targeting the US for now, but will continue hitting Israeli targets. Handala claimed responsibility for a disruptive cyberattack against US medtech giant Stryker last month.
US intelligence and law enforcement agencies warned on Tuesday that multiple Iranian APTs are targeting programmable logic controllers (PLCs) and SCADA systems across US critical infrastructure sectors, and experts say organizations should treat this warning urgently despite news of a ceasefire. The joint advisory from the FBI, CISA, NSA, EPA, DOE, and US Cyber Command states, "This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss." The agencies say the threat actors are actively exploiting vulnerable PLCs manufactured by Rockwell Automation/Allen-Bradley, and are also probing products from other vendors, including the Siemens S7 PLC.
Markus Mueller, Field CISO at Nozomi Networks, told SecurityWeek that he expects an increase in cyber operations during the ceasefire, rather than a decrease, as threat actors attempt to infiltrate data centers, tech companies, and defense contractors that participated in the war. Cyberattacks give nation-states a level of plausible deniability, allowing them to continue operating below the level of open war.
US Justice Department disrupts APT28 router network.
The US Justice Department and the FBI announced a court-authorized disruption of a network of small office/home office (SOHO) routers controlled by APT28 (also known as "Fancy Bear"), a unit within Russia's GRU, Reuters reports. The DOJ says the threat actor used the compromised routers to conduct DNS hijacking attacks.
The Justice Department stated, "Since at least 2024, GRU actors have exploited known vulnerabilities to steal credentials for thousands of TP-Link routers worldwide. The actors then accessed many of these compromised routers without authorization and manipulated their settings to redirect DNS requests to GRU-controlled servers - i.e., malicious DNS resolvers. GRU actors were indiscriminate in their initial targeting and manipulation of routers. The actors then implemented an automated filtering process to determine which DNS requests were of interest and warranted interception."
White House proposes $707 million cut to CISA's budget.
The Trump administration is seeking to cut $707 million from the Cybersecurity and Infrastructure Security Agency (CISA), lowering the agency's budget to approximately $2 billion, SecurityWeek reports. The White House says the new budget "refocuses CISA on its core mission—Federal network defense and enhancing the security and resilience of critical infrastructure—while eliminating weaponization and waste." The proposed changes would remove "offices that are duplicative of existing and effective programs at the State and Federal level" and cut programs focused on misinformation and propaganda, which the White House says violated the First Amendment.
Cambodia passes law targeting scam compounds.
Cambodia's parliament has unanimously passed the country's first law specifically targeting scam compounds, Reuters reports. The law targets compound operators and willing participants in scams, taking into account that many of the compounds are staffed by trafficked victims operating under threats of violence. Scam compound operators will face five to ten years in prison; if torture or kidnapping was involved, the sentence rises to twenty years. If deaths are reported at a compound, the operators will face life in prison.
Cambodia's Prime Minister Hun Manet told AFP in February that the scam networks were giving the country a bad reputation and harming the economy, particularly by driving a decline in tourism. The country has also faced international pressure to crack down on the scam compounds, which have been widely condemned by human rights groups.
