A Packed Week Across the Threat Landscape
Cybersecurity news rarely slows down, and the latest weekly cycle proved no exception. From a new macOS crypto-targeting stealer to a hacker claiming to have exfiltrated over 10 petabytes from a Chinese supercomputing center, here is a breakdown of the week's most consequential stories.
Federal Officials Brief Major US Banks on Anthropic's Mythos AI
Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent met with the chief executives of major US banks this week to discuss the potential cyber risks posed by Anthropic's newly announced Mythos model, according to a CNBC report published Friday. Mythos is described as Anthropic's most powerful frontier AI model to date — a high-reasoning system with advanced autonomous cybersecurity and exploit-chaining capabilities. Due to those capabilities, the model is currently restricted to a select group of partners through an initiative called Project Glasswing.
New macOS Stealer Hunts Cryptocurrency Wallets
A threat actor who dramatically exited a major underground forum in 2023 resurfaced in 2024 under a new alias. By early 2026, they had delivered on a prior promise: a sophisticated macOS stealer named NotnullOSX designed specifically to target users holding more than $10,000 in cryptocurrency.
The malware was first detected on March 30, 2026, with initial infections recorded in Vietnam, Taiwan, and Spain. NotnullOSX spreads via fake Google documents and malicious DMG files. Once a victim is tricked into granting Full Disk Access, the stealer gains unfettered access to iMessages, Apple Notes, browser credentials, and crypto wallet data — all without requiring further user interaction.
Ten Japanese Corporations Form Joint Cybersecurity Body
Ten prominent Japanese corporations — including Suntory, Kao, Asahi, and NTT — announced the formation of a joint organization aimed at sharing cyber threat intelligence and cultivating specialized security talent. The initiative follows a notable breach at Asahi last September that disrupted shipments and exposed weaknesses across interconnected food and retail supply chains.
Silent Ransom Group Targets Law Firm Jones Day
The cybercrime group known as The Silent Ransom Group — which also operates under the alias Luna Moth — used social engineering tactics to infiltrate global law firm Jones Day, gaining access to records belonging to 10 of the firm's clients. After Jones Day reportedly declined to pay a $13 million ransom, the threat actors leaked sensitive documents and internal negotiation logs.
First Federal Spyware Conviction in Over a Decade
Bryan Fleming, the founder of the surveillance software pcTattletale, was sentenced to time served and fined just $5,000 for producing software that enabled users to covertly monitor victims. Despite the lenient sentence, the case is historically significant: it represents the first federal conviction of a spyware operator in more than a decade. Fleming's platform had also suffered a massive data leak before ultimately shutting down, though those factors did not result in additional prison time.
DocketWise Discloses Breach Affecting 116,000 People
Austin-based immigration and case management platform DocketWise confirmed a data security incident that exposed the personal information of 116,000 individuals. The breach, which was discovered in October 2025, stemmed from unauthorized access to credentials for a third-party repository containing unstructured law firm client data.
Cloudflare Accelerates Post-Quantum Security Timeline
Cloudflare has moved its full post-quantum security deadline forward to 2029, citing Google's recent disclosure that it had significantly enhanced quantum algorithms capable of breaking current encryption standards. The company also elevated the priority of quantum-secure authentication after research from Oratomic indicated that neutral atom computers could potentially crack RSA-2048 and P-256 encryption using far fewer qubits than previously believed. Cloudflare's accelerated roadmap aims to implement advanced authentication across its entire product suite.
HackerOne Pauses Internet Bug Bounty Submissions
The Internet Bug Bounty (IBB) program officially halted new vulnerability submissions as of March 27, 2026, citing an overwhelming influx of AI-assisted security research. Program organizers noted that the volume and pace of discoveries generated with artificial intelligence assistance have exceeded the open source community's capacity for timely remediation. Existing reports will continue to be processed while HackerOne restructures the program's incentives to better balance the discovery of flaws with the ability to actually fix them.
Researcher Drops Windows Zero-Day After Microsoft Dispute
A security researcher publicly released a Windows zero-day exploit dubbed BlueHammer following what they described as a breakdown in communication with Microsoft. The flaw exploits a race condition in Microsoft Defender and, if successfully leveraged, grants an attacker full SYSTEM-level privileges on a targeted machine. Microsoft has not yet released a patch, and no CVE number has been assigned to the vulnerability at the time of writing.
Hacker Claims to Have Breached China's National Supercomputing Center in Tianjin
A threat actor operating under the alias FlamingChina claims to have infiltrated the National Supercomputing Center in Tianjin through a compromised VPN and subsequently used a botnet to quietly extract more than 10 petabytes of data over a six-month period. Sample files posted to Telegram in February 2026 reportedly include documents marked secret, as well as technical files, simulations, and renderings of defense equipment such as bombs and missiles.
FlamingChina is reportedly attempting to monetize the stolen data, offering limited previews for thousands of dollars and full access for hundreds of thousands of dollars, payable in cryptocurrency. While some security experts who reviewed the samples deemed them authentic, others have expressed skepticism about the scale and veracity of the claims.
Stryker Confirms Financial Impact from March 2026 Cyberattack
Medical device manufacturer Stryker confirmed this week that a March 2026 cybersecurity incident caused significant operational disruptions that will materially impact its first-quarter financial results. The company stated that its global manufacturing and distribution systems have since been restored, but the investigation into the full scope of any data breach — and any resulting regulatory obligations — remains ongoing. Despite the near-term earnings hit, Stryker indicated it expects to maintain its full-year financial guidance while continuing to work with law enforcement and external security experts throughout the recovery process.
Key Takeaways
- The BlueHammer Windows zero-day, targeting a race condition in Microsoft Defender for SYSTEM privileges, remains unpatched with no CVE assigned.
- Stryker's March 2026 cyberattack is confirmed to materially impact Q1 financial results.
- NotnullOSX macOS malware specifically hunts crypto holders with more than $10,000 in assets, spreading via fake Google documents and DMG files.
- Cloudflare has moved its post-quantum deadline to 2029 in response to advances in quantum computing research.
- The IBB program paused new submissions on March 27, 2026, overwhelmed by AI-generated vulnerability reports.
- Bryan Fleming's pcTattletale conviction is the first federal spyware case in over a decade, resulting in time served and a $5,000 fine.
Source: SecurityWeek