The Canadian Federal government plans to ban crypto ATMs to stop scammers from defrauding Canadianshttps://www.cbc.ca/news/canada/toronto/canada-crypto-atm-ban-scammers-9.7180642

The Canadian Federal government plans to ban crypto ATMs to stop scammers from defrauding Canadians
https://www.cbc.ca/news/canada/toronto/canada-crypto-atm-ban-scammers-9.7180642

RE: https://mastodon.world/@signalapp/116478659183004819

This is what Signal is referring to

reuters.com

(www.reuters.com)

Canada arrests three for operating “SMS blaster” device in Toronto
https://www.bleepingcomputer.com/news/security/canada-arrests-three-for-operating-sms-blaster-device-in-toronto/

KitKat’s newest product is . . . a Faraday cage?
https://www.fastcompany.com/91531587/kitkats-newest-product-isa-faraday-cage

American utility firm Itron discloses breach of internal IT network
https://www.bleepingcomputer.com/news/security/american-utility-firm-itron-discloses-breach-of-internal-it-network/

Each week, Metacurity offers our subscribers a curated selection of the best infosec-related long reads.

This week's choices cover

--Cybercrime has been very good to Cambodia,
-- GrapheneOS is a triumph and a cautionary tale,
-- Satellite signals can evade state information controls,
--AI tools create child exploitation risks,
--No excuse to delay creating a US Cyber Force

Happy reading!

Best infosec long reads 4/25: Power moves fastest where institutions fail

Cybercrime has been very good to Cambodia, GrapheneOS is a triumph and a cautionary tale, Satellite signals can evade state information controls, AI tools create child exploitation risks, No excuse to delay creating a US Cyber Force

Metacurity (www.metacurity.com)

It's finally Friday, but don't kick back for the weekend until you've checked out today's Metacurity for the most crucial cybersecurity developments you should know, including

--China’s hackers hide in plain sight through hijacked home routers, allies warn,
--US charges two accused of running a major scam compound,
--White House accuses China of stealing AI property on 'industrial scale,'
--Stuxnet-like code was used in the mid-2000s,
--Health info from the UK Biobank was posted for sale in China,
--An Indian media giant was hacked by alleged Afghan group,
--Coupang breach has triggered a corporate crisis,
--Customer data for Canada Life compromised in breach,
--UNC6692 is running an intrusion campaign that impersonates Teams,
--Firestarter survives firmware updates and reboots on Cisco devices,
--xAI may lose market share due to sexually abusive imagery,
--Cambodian scam compounds are using more sophisticated malware
https://www.metacurity.com/chinas-hackers-hide-in-plain-sight-through-hijacked-home-routers-allies-warn/

As if things weren't bad enough, scam compounds are growing in malware sophistication.

Cambodian compound found with new type of scam malware: researchers
https://asia.nikkei.com/spotlight/cybersecurity/cambodian-compound-found-with-new-type-of-scam-malware-researchers

Not sure if this is relevant to BlueSky followers, but it seems that Gmail was serious about ditching the POP3 format, and I've had to quickly set up a new email system today for all my accounts. Some emails may have been lost or misdirected.

When all else fails, use Signal (in my bio).

Sandy Hook Promise and others use anonymous tips to prevent school shootings. Hackers exposed their data
https://san.com/cc/sandy-hook-promise-and-others-use-anonymous-tips-to-prevent-school-shootings-hackers-exposed-their-data/?utm_campaign=aud-dev&utm_medium=social&utm_source=bluesky&utm_content=owned-auto

Ukrainian hackers disrupted a closed-door meeting at Russia’s Ministry of Industry and Trade and made a recording.

https://www.kyivpost.com/post/74379

At issue in the Mobley case is whether courts will impute legal responsibility to AI systems for decisions they take on behalf of companies, or whether liability will sit with the companies

https://www.ft.com/content/51b55431-30e8-4eb3-9730-f5e89c24ad56

Mythos is the cover story at The Economist this week.

https://www.economist.com/leaders/2026/04/16/america-wakes-up-to-ais-dangerous-power?utm_campaign=a.the-economist-this-week&utm_medium=email.internal-newsletter.np&utm_source=salesforce-marketing-cloud&utm_term=4/16/2026&utm_id=2181431

The cybersecurity sector never cools down -- it only heats up -- so don't miss today's Metacurity for the most critical infosec developments you should know, including

--Overwhelmed by vulnerability surge, NIST scales back NVD coverage,
--US nationals head to prison for aiding fake DPRK IT workers,
--Anthropic publishes Claude ID verification requirements,
--New ransomware attacks target S. Korean SMEs,
--New adware tool delivers system privileges that disable AV protections,
--Critical flaw in Nginx UI with MCP exploited,
--AgingFly malware steals authentication data,
--Two rival ransomware gangs have locked horns,
--Data from adult nightclub giant exposed in cyberattack,
--DPRK's BlueNoroff is deploying increasingly sophisticated tactics,
--Phishing kits rushed in to seize market share left vacant by Tycoon 2FA,
--Trump is expected to sign more cyber exec orders,
--Apple and Google have continued to offer nudify apps,
--Deepfake sexual abuse incidents have hit around 90 schools globally,
--Google Chrome does not protect against browser fingerprinting,
--Telegram channels and groups advertise bypass kits and stolen biometric data,
--Open source Cal.com is moving code behind closed doors due to AI,
--OPM plans to hire more US government cyber workers,
--UK PM chastises tech giants over lack of child protections,
--Artemis raises $70m in new funding rounds,
--Publicly attributable impact of Glasswing remains limited so far,
--Shareholders blast Thomson Reuters for supporting ICE depravities,
--GOP struggles to reauthorize Sec. 702
https://www.metacurity.com/overwhelmed-by-vulnerability-surge-nist-scales-back-nvd-coverage/

This is going in Metacurity's long reads issue on Saturday, but I urge folks to read it now. Really good description of how Anthropic figured out the power of Mythos.

How Anthropic Learned Mythos Was Too Dangerous for the Wild
https://www.bloomberg.com/news/features/2026-04-16/how-anthropic-discovered-mythos-ai-was-too-dangerous-for-release?embedded-checkout=true

While the watchword of the day is Mythos, there is a ton of other critical infosec news in today's Metacurity you should know, including

--US agencies court Anthropic AI for cyber defense despite Pentagon ban,
--OpenAI launches private test of its Mythos rival,
--Russian cyber group targeted a Swedish thermal power plant,
--Microsoft fixes 167 flaws on Patch Tuesday,
--Fake Ledger site linked to $9.5m crypto theft,
--McGraw-Hill hacked via Salesforce misconfiguration,
--Russian hackers breached 170 Ukraine prosecutor accounts,
--Breach of Africa's Standard Bank exposed business customers' data,
--Microsoft, Meta, and Google continue tracking users despite tracking opt-outs,
--Grok continues to generate sexualized images of people without their consent,
--Telegram has failed to eradicate black market known as Xinbi Guarantee,
--EU launches online verification app,
--Everyone must read the sharpest-witted tech writer,
--Companies are killing the Internet Archive,
--CISA kills this year's internship program
https://www.metacurity.com/us-agencies-court-anthropic-ai-for-cyber-defense-despite-pentagon-ban/

@beyondmachines1 If you know, you know.

OK, I just discovered this extremely useful take on Claude Mythos and highly recommend it to all cyber practitioners.
https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready.pdf

Don't miss today's Metacurity for the most critical infosec developments you might have missed over the weekend, including

--ShinyHunters hits Rockstar Games, threatens data dump after cloud breach,
--Basic-Fit data breach exposes data on 1m+ members,
--Operation Atlantic disrupted $45m pig butchering network,
--Hackers exploited Hyberbridge flaw for $237k gain,
--Booking [dot] com suffered breach exposing customer details,
--UK finance regulators are assessing Anthropic's Claude Mythos,
--Hackers infiltrated Japanese shipping giant NYK's fuel procurement system,
--Handala claims attack on three Dubai government organizations,
--French government is moving from Windows to Linux to ditch US tech,
--Dutch cops bust eight men for fake ID platform used by scammers,
--800 Hungarian government email addresses and associated passwords were circulated online,
--Hackers exploited flaw in Marimo open-source reactive Python notebook platform,
--North Korea's APT37 shifts to social media reconnaissance,
--OpenAI internal tools downloaded a compromised update from legitimate OSS library,
--Palo Alto Networks founder seeks to buy bank to develop AI tools,
--Cisco is in talks to buy Astrix Security,
--Iran's supposed cyber prowess takes it on the chin,
--Mark Zuckerberg wants to replicate himself in AI,
--Getting sober or naked on Zoom could be tricky
https://www.metacurity.com/shinyhunters-hits-rockstar-games-threatens-data-dump-after-cloud-breach/

Japanese shipping giant NYK detected unauthorized access by a third party to its marine fuel procurement system.
https://www.manifoldtimes.com/news/nyk-alerts-on-data-breach-in-bunker-fuel-procurement-system/