Saturday Security: Scattered Spider Member Pleads Guilty After $8M Phishing Spree

 

We’ve covered Scattered Spider a few times—and now there’s a major update. A key member, Tyler Robert Buchanan, has pleaded guilty in a California federal court, closing the loop on a global phishing campaign that hit 130+ companies. By impersonating IT help desks with SMS phishing, attackers tricked employees into fake login pages—stealing credentials and gaining access. Targets included Twilio and Cloudflare, with losses totaling at least $8 million in cryptocurrency. But here’s the bigger issue: Groups like Scattered Spider are decentralized, fast-moving, and constantly recruiting. Your help desk is now a primary attack surface. If users can’t spot a fake IT message, attackers don’t need to hack in… they just log in. I’m Peter Silva — your Saturday Security Story. Like, subscribe, and share. https://www.databreachtoday.com/scattered-spider-hacker-pleads-guilty-in-us-federal-court-a-31459

Saturday Security: AI Could Trigger a Zero-Day Exploit Tsunami

 

states and elite attackers could find and weaponize them. That balance may be gone. On April 7, 2026, Anthropic announced Claude Mythos Preview — an AI model so capable of finding and exploiting vulnerabilities that the company decided it's too dangerous to release publicly. 🔴 What it can do: Mythos has already found thousands of high-severity zero-days across every major OS and browser. It autonomously chained four vulnerabilities into a working browser exploit. It found a 27-year-old OpenBSD flaw for ~$50 in compute. ⚡ The gap is staggering: Claude Opus 4.6 developed working Firefox exploits 2 times out of hundreds of attempts. Mythos: 181 times. That's a ~90x improvement in autonomous exploit development. 🛡️ Project Glasswing: Anthropic formed a $100M coalition — Microsoft, AWS, Apple, Google, Cisco, NVIDIA, CrowdStrike, and others — giving them early access to Mythos to patch vulnerabilities before adversaries find them. The model stays restricted. 🎯 The bottom line: AI may soon remove the biggest barrier to cyberattacks — the expertise needed to find flaws. When that barrier falls, exploits could grow exponentially. Stay sharp. Stay secure. This is human generated content. 👇 https://www.anthropic.com/glasswing 👍 Like • 🔔 Subscribe • 💬 Comment: Does Project Glasswing give you confidence — or concern? #ClaudeMythos #ProjectGlasswing #Anthropic #ZeroDay #CyberSecurity #AIHacking #CyberThreat #InfoSec #SaturdaySecurityStory

Saturday Security: Cybercrime Is Now the 3rd Largest Economy

 

Cybercrime is now the third largest economy in the world — projected to cost $12.2 trillion annually by 2031 (Huntress 2026 Cyber Threat Report). Here's what the numbers say: 🔧 Remote admin tool abuse jumped 277% year over year — attackers using your own trusted IT tools against you. 🎭 50%+ of malware infections now start with social engineering — fake CAPTCHA pages, ClickFix scams, and psychological tricks. 🔑 37% of identity threats are now driven by suspicious login activity. They don't hack in — they log in. ⏱️ Ransomware groups are getting more patient — time-to-ransom stretched from 17 hours to ~20 hours. They're hiding longer and doing more damage before you notice. 🎯 The big lesson: Attackers don't need everything to fail. They just need ONE overlooked control. 📄 Full report: Huntress 2026 Cyber Threat Report https://www.huntress.com/resources/2026-cyber-threat-report. Stay sharp. This is human generated content. 👍 Like • 🔔 Subscribe • 💬 Comment: Which stat surprised you most?