BankInfoSecurity.com

Website Popular in Korean Ethnic Enclave in China Hosts Apps Laced With a Backdoor
A North Korean hacking group has been spying on a Korean ethnic enclave in China by infiltrating the Android apps of a regional gaming platform that hosts digital card and board games. Researchers attributed the supply-chain attack to a threat actor that Eset tracks as ScarCruft.

Mythos a Turning Point, Say Lawmakers in Missive to European Commission
Dozens of European lawmakers are pressing the European Commission to act quickly to protect the continent's cybersecurity, due to the advent of new AI models that have considerable hacking prowess.

Why Technical Leaders Are Walking Away and What We Can Do to Fix It
Leaders are expected to deliver results, yet often lack the authority to make key decisions. The article examines how this imbalance creates friction, undermines performance and turns accountability without authority into a persistent leadership challenge.

Smaller Cybersecurity Partners Get Opus 4.7 But Not Anthropic's Highest-Risk Model
Anthropic’s Project Glasswing gives CrowdStrike, Palo Alto Networks and Zscaler privileged access to Claude Mythos Preview, while smaller cybersecurity partners such as SentinelOne and TrendAI can only integrate with Anthropic's generally available Opus 4.7 model.

Cybercrime Gang Claims to Have 108-Gbyte Trove of Insurer's Files, Folders
Ransomware gang Everest Group claims to have stolen more than 108 gigabytes of data- including policyholder details - belonging to insurer Liberty Mutual. The cybercrime group began leaking the company's alleged data on Monday afternoon, saying the insurer "failed" to respond to the gang's demands.

Guidance Warns Autonomous Systems Expand Enterprise Exposure
Federal and Five Eyes cyber agencies warn that agentic AI systems - capable of autonomous action across enterprise environments - are introducing identity, visibility and control risks that could outpace existing defenses without continuous monitoring, zero trust enforcement and human oversight.

Cryptocurrency Exchange Traded A7A5 Token
Russian sanctions busters won't be too fazed by the collapse of a cryptocurrency platform that facilitated billions of dollars' worth of transactions and whose main attraction was a ruble-pegged stablecoin. Experts say transactions fueling Russia's shadow economy and its war machine will persist.

Startup Acquisition Adds Centralized Policy Control Over Agent Communications
Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility.

Zero Trust Is 'Essential' - But Who Pays for It?
New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts.

Also: Google’s $40B AI Bet, Insights From Google Next Conference
In this week's panel, four ISMG editors discussed North Korea's use of fake video meetings to fuel crypto fraud, Google's $40 billion investment in Anthropic and what it signals for the AI race, and key takeaways from Google Next in Las Vegas on enterprise AI adoption.

Flaw Finding Model Integrated into a Slew of Cybersecurity Platforms
Claude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a "public beta" for enterprise customers.

Combined Platform Spans Dependencies, Extensions, Developer Tools
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.

Bipartisan Deal Funds DHS Components After Record 75-Day Shutdown
The House passed a bipartisan bill funding the Department of Homeland Security, ending a 75-day shutdown that forced the Cybersecurity and Infrastructure Security Agency into a reactive posture and disrupted preventive cyber operations, even as workforce losses and proposed cuts threaten long-term resilience.

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber Defenses
State CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.