In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Fed officials discuss Anthropic’s Mythos AI with major US banks Fed Chair Jerome Powell and Treasury Secretary Scott Bessent met with the heads of major US banks this week to discuss the possible cyber risks raised by Anthropic’s new Mythos model that was announced earlier this week, CNBC reported Friday. Mythos is Anthropic’s most powerful frontier AI model to date, a high-reasoning system with such advanced autonomous cybersecurity and exploit-chaining capabilities that it is currently restricted to a select group of partners under an initiative called Project Glasswing. New Mac stealer targets cryptocurrency wallets A hacker who stormed off a major underground forum in 2023 came back in 2024 under a new alias, and by early 2026 had delivered on a promise: a sophisticated macOS stealer called NotnullOSX that exclusively targets victims holding over $10,000 in crypto. The malware, first detected on March 30, 2026 in Vietnam, Taiwan, and Spain, spreads through fake Google documents and malicious DMG files, tricking users into handing over Full Disk Access, which gives it a free pass to iMessages, Apple Notes, browser credentials, and crypto wallets with no additional prompts.  Major Japanese brands unite to boost cybersecurity Ten leading Japanese corporations, including Suntory, Kao, Asahi, and NTT, are establishing a joint organization to share intelligence on cyber threats and develop specialized security talent. This collaborative effort follows a significant breach at Asahi last September that disrupted shipments and exposed vulnerabilities in interconnected food and retail networks. Legal giant Jones Day targeted by cybercrime group The Silent Ransom Group used social engineering tactics to infiltrate Jones Day, successfully accessing records belonging to 10 of the law firm’s clients. The threat actors, who also operate under the name Luna Moth, reportedly leaked sensitive documents and internal negotiation logs after the firm refused to meet a $13 million ransom demand. Spyware maker receives lenient sentence  Bryan Fleming, the founder of the surveillance tool pcTattletale, was sentenced to time served and a $5,000 fine for producing software that allowed users to secretly monitor victims. This case marks the first federal conviction of a spyware operator in more than a decade and signals a potential shift in how the government prosecutes creators of intrusive tracking technology. Although Fleming’s software facilitated illegal surveillance and suffered a massive data leak before shutting down, he will not face any additional prison time. Legal tech firm DocketWise reports major breach Austin-based DocketWise, an immigration and case management platform for legal professionals, confirmed a data security incident that exposed the personal information of 116,000 individuals. The breach, discovered in October 2025, involved unauthorized access to credentials for a third-party repository containing unstructured law firm client data. Cloudflare speeds up post-quantum transition  Cloudflare has moved its full post-quantum security deadline to 2029, a shift prompted by Google’s recent revelation that it significantly enhanced quantum algorithms capable of breaking current encryption. The tech giant also prioritized quantum-secure authentication after research from Oratomic suggested that neutral atom computers could crack RSA-2048 and P-256 with far fewer qubits than previously estimated. By accelerating its roadmap, Cloudflare aims to implement advanced authentication across its entire suite. HackerOne halts new IBB submissions to recalibrate for AI era The Internet Bug Bounty (IBB) program has officially paused new vulnerability submissions as of March 27, 2026, due to an influx of AI-assisted security research. Program organizers noted that the speed and volume of discoveries generated by artificial intelligence have overwhelmed the open source community’s capacity to provide timely remediations. While current reports will still be processed, HackerOne intends to restructure the program’s incentives to better balance finding flaws with successfully fixing them. Researcher leaks Windows zero-day following dispute with Microsoft A researcher has released a Windows zero-day exploit dubbed BlueHammer that leverages a race condition in Microsoft Defender to grant attackers full SYSTEM privileges. The privilege escalation flaw was disclosed following a breakdown in communication with Microsoft, with the researcher citing frustration with the company’s handling of the bug report. Microsoft has yet to release a patch or assign a CVE. Hacker claims massive breach of China supercomputing center A hacker operating under the alias FlamingChina claims to have accessed the National Supercomputing Center in Tianjin via a compromised VPN and used a botnet to quietly extract over 10 petabytes of data over six months. Samples posted on Telegram in February 2026 include documents marked ‘secret’, as well as technical files, simulations, and renderings of defense equipment, such as bombs and missiles. The hacker is attempting to sell the data, offering limited previews for thousands of dollars and full access for hundreds of thousands, payable in cryptocurrency. While some experts who reviewed the samples called them authentic, others have questioned the hacker’s claims. Stryker confirms financial hit following cyberattack Stryker confirmed that a March 2026 cybersecurity incident caused significant operational disruptions that will materially impact its first-quarter financial results. While the company has restored its global manufacturing and distribution systems, the investigation into the full extent of the data breach and its regulatory implications remains ongoing. Despite the short-term earnings dip, the medical device manufacturer expects to maintain its full-year financial guidance as it works with law enforcement and security experts to finalize recovery efforts. Related: In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline Related: In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware WRITTEN BY SecurityWeek News More from SecurityWeek News Webinar Today: Why Automated Pentesting Alone Is Not Enough In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents Webinar Today: Agentic AI vs. Identity’s Last Mile Problem In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline RSAC 2026 Conference Announcements Summary (Days 3-4) RSAC 2026 Conference Announcements Summary (Day 2) RSAC 2026 Conference Announcements Summary (Day 1) Latest News Juniper Networks Patches Dozens of Junos OS Vulnerabilities Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday Orthanc DICOM Vulnerabilities Lead to Crashes, RCE Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 MITRE Releases Fight Fraud Framework Critical Marimo Flaw Exploited Hours After Public Disclosure Google Rolls Out Cookie Theft Protections in Chrome Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Black Duck has named Dom Glavach as Chief Information Security Officer. Finite State has named Ann Miller as Vice President of Marketing. Yael Nardi has joined Minimus as Chief Business Officer. More People On The Move Expert Insights The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email