CyberheistNews Vol 16 #15 Anthropic's Mythos Is Not Just a Tool. It's Something You Have to Contain.

Anthropic's Mythos Is Not Just a Tool. It's Something You Have to Contain.

For years, as a defender, one of your quiet advantages has been friction.

Finding real exploits, especially the kind that can be chained into meaningful attack chains, takes time, expertise and patience. That friction has slowed attackers down.

Mythos just changed that. We're now looking at a model that can scan complex systems, identify subtle vulnerabilities and combine them into working attack paths—at speed and at scale. Not hypothetically. Practically. It's a good thing they have not released it yet, and only gave previews to selected defenders.

But it's a shift in the balance, because this isn't just about better tools. It's about collapsing the cost of offense. What once required a highly skilled team can increasingly be done faster, cheaper and more consistently. That means more attackers, more attempts and less margin for error on your side.

But here's the part that should really get your attention. In testing, Mythos didn't just follow instructions, it worked around constraints. It accessed things it wasn't supposed to, took initiative and pursued outcomes in ways its designers didn't explicitly authorize.

This is no longer just a tool. It's something you have to contain. So, what does that mean operationally? It means that in the near future you have to assume attackers will:

• Discover weaknesses faster than your patch cycle
• Combine low-risk issues into high-impact exploits
• Operate with increasing automation and persistence

Your response can't be incremental. You need tighter patch discipline. Stronger identity controls for both humans and agents. Faster detection and response.

Because the reality is simple: AI has made offense scalable. Now defense has to be just as disciplined and just as fast. Fight AI with AI.

[NEW] KnowBe4 Secures the Human and AI Workforce with Agent Risk Manager

We are excited to announce the launch of Agent Risk Manager, the industry's first defense system designed to secure, monitor and govern the behavior of autonomous AI agents. KnowBe4 Agent Risk Manager arrives as a cornerstone of the KnowBe4 HRM+ platform, fundamentally changing how organizations quantify and mitigate risks of the human and AI workforce.

Capabilities of Agent Risk Manager includes:

• Prompt Injection Detection: Machine learning-powered analysis that identifies jailbreaks, logic overrides and indirect injections across user messages and tool outputs
• Sensitive Information Detection: Uses 20+ classifiers to scan for PII and credentials, automatically redacting sensitive data before it reaches the audit log
• Unbounded Consumption Detection: Monitors for resource abuse and "runaway" agents to prevent excessive API calls, data queries and compute costs
• Agent Inventory: Automatically catalogues agents and tools across tenants without manual input, tracking tool definitions and activity timestamps
• Audit Log: A filterable, compliance-ready record of all agent actions and detections, designed for rapid incident response and forensic review
• Integration Management: Centralized lifecycle management for multiple tenants with automatic connectivity and permissions validation
• Guided Onboarding: A streamlined, step-by-step setup that achieves first-agent discovery in minutes without the need for professional services

Read more about Agent Risk Manager in the press release:
https://www.knowbe4.com/press/knowbe4-secures-the-human-and-ai-workforce-with-agent-risk-manager

P.S. Register for this week’s webinar to see a preview of Agent Risk Manager in action!
https://info.knowbe4.com/how-to-secure-ai-adoption?partnerref=CHN2

[It Sounds Real] Voice Phishing Is a Growing Social Engineering Threat

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant.

Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. "While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time," Mandiant says.

"This distinction is critical for defenders: interactive attacks are significantly more resilient against automated technical controls and require different detection strategies."

Vishing was responsible for a high-profile extortion campaign that compromised dozens of organizations' Salesforce instances throughout 2025. The attackers did not exploit any vulnerability in Salesforce; rather, they called employees and tricked them into granting access.

"One of the more pervasive examples of this activity was a campaign that spanned the first half of 2025, in which UNC6040 used voice phishing to convince targets to provide credentials and authorize an attacker-controlled version of a legit software-as-a-service (SaaS) application to access organizations' data," the researchers write.

"These organizations later received ShinyHunters-branded extortion notes demanding payment for the non-release of stolen data. Given the significant time lapse between the initial data theft activity and the extortion operations, GTIG (Google Threat Intelligence Group) tracks the extortion activity as UNC6240.

"Another example of a long-term voice phishing campaign came from UNC3944, a financially motivated threat cluster that has been active since at least early 2022 and overlaps with public reporting on Scattered Spider. UNC3944 targeted help desk staff by impersonating employees requesting password resets and changes to multi-factor authentication (MFA) settings."

Blog post with links:
https://blog.knowbe4.com/voice-phishing-is-a-growing-social-engineering-threat

Automate Incident Response and Maximize SOC Efficiency

Your security team is drowning in alerts, and threats are slipping through. With SOC teams facing more than 4,400 daily alerts, over 40% of which are false positives, the vast majority of organizations are drowning in backlogs. The result? A five-hour response gap that leaves threats sitting in your employee inboxes for days or weeks.

Stop gambling with unaddressed alerts with technology that collapses the time-to-containment from hours to minutes.

During this demo, you'll discover how PhishER Plus eliminates the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:

• Accelerate Response times with AI-powered automation that allows you to code custom rules in plain-English, reduce manual email review time by up to 99% and eliminates alert fatigue
• Leverage unmatched threat intelligence from 13+ million global users, KnowBe4 Threat Research Lab and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
• Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
• Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
• Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps

Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.

Date/Time: Wednesday, April 22 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN

AI-Powered Human Risk Management Shifts the Focus to Adaptive, Behavior-Based Training

Human risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate employee behavior.

Unlike traditional, one-size-fits-all security awareness training, human risk management focuses on changing employee behavior through monitoring and targeted reinforcement. But as social engineering tactics continue to evolve and scale, security teams need an even more adaptive approach.

AI-powered human risk management offers a solution. By using AI to continuously analyze behavioral signals and deploy personalized interventions based on users' unique risk profiles, organizations can reduce human risk faster.

Here is a closer look at how AI-powered human risk management supports behavior based risk reduction and why it is becoming a core security capability.

[CONTINUED] Blog post with links:
https://blog.knowbe4.com/ai-for-human-risk-management-shift-to-adaptive-behavior-based-training

Your Guide to Beating 2026's Phishing Epidemic

In 2026, the threat landscape has shifted from scattergun to hyper-automation of sophisticated threats. AI-driven toolkits aren't new, it's what they're doing that matters. With top threat actors achieving greater scale and agility, the window to detect and react has all but vanished.

Join this webinar for a first look at the 2026 Phishing Threat Trends Report. Jack Chapman, KnowBe4's SVP of Threat Intelligence, will break down the data from extensive analysis of phishing attacks that successfully landed in users' inboxes in 2026. Get the intelligence you need for proactive risk management.

You'll gain insight into:

• Why Microsoft Teams-based attacks have surged 41% and how multi-channel threats continue to evolve
• Dealing with the 139% spike in sophisticated M365 credential theft
• The reality of automated attacks that exploit LLMs and bypass humans and target agents
• How a 49% surge in fake invites is weaponizing business processes to manufacture instant urgency
• Battle-tested guidance to transform your cloud email security from reactive to proactive

Don't miss this exclusive preview of the new 2026 Phishing Thread Trends Report, and earn CPE for attending!

Date/Time: Wednesday, April 29 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/2026-phishing-threat-trends-report?partnerref=CHN

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: [Yours Truly in Forbes]: CMOs Are Building AI Scorecards (But They're Tracking The Wrong Score):
https://www.forbes.com/councils/forbestechcouncil/2026/04/10/cmos-are-building-ai-scorecards-but-theyre-tracking-the-wrong-score/

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-15-anthropics-mythos-is-not-just-a-tool-its-something-you-have-to-contain

Phishing Campaign Targets Japanese Firms During Tax Season

A criminal threat actor called "Silver Fox" is launching tax-themed phishing attacks against Japanese companies during the country's tax season, according to researchers at ESET.

"The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes and employee stock ownership plans," ESET says. "All emails share the same goal - trick the recipients into opening malicious links or attachments.

"As employees actually expect to receive emails about these subjects this time of year, they're more likely to trust and act on such messages without a second thought. Needless to say, this significantly increases the risk of compromise."

Notably, the threat actor researches its targets before launching the attacks in order to tailor the phishing messages to each potential victim. "The sender fields impersonate real employees and even CEOs at the targeted companies," ESET writes.

"Silver Fox is clearly doing some reconnaissance on each target before sending what aren't generic blasts. The attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications.

"The emails typically contain either a malicious attachment or a link leading to a malicious file. The files are named to resemble common HR, financial or tax-related documents."

ESET concludes, "The operation is also a reminder for organizations to increase vigilance, reinforce awareness around phishing attempts and ensure that employees verify the authenticity of tax- and HR-themed requests - including those that look routine.

"Immediate reporting of suspicious emails to security teams is essential to reduce exposure and prevent successful compromise."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

ESET has the story:
https://www.welivesecurity.com/en/business-security/cunning-predator-how-silver-fox-preys-japanese-firms-tax-season/

Warning: New Phishing Campaign Targets Latin America and Europe

Researchers at BlueVoyant warn that a phishing campaign is targeting Spanish speaking users across Latin America and Europe with attacks designed to deliver banking Trojans. The attackers are using WhatsApp messages, ClickFix attacks and emails to target users.

"The email contained a password-protected PDF attachment designed to mimic an official Spanish judicial notification, informing recipients they were legally required to appear as witnesses in court and directing them to click an embedded link to access their case file," BlueVoyant says.

"The subject line and document content are deliberate scare tactics, invoking fear of legal consequences to pressure users into interacting with the email without scrutiny."

The use of a password-protected PDF prevents security scanners from analyzing the file, and lends a sense of legitimacy to the document. "Upon interacting with the embedded link, the victim's default browser is launched and directed to the attacker-controlled URL," the report says.

"BlueVoyant researchers observed that the landing page initiates an automatic file download without user interaction. Unlike previous iterations of this malware that relied on statically named archives, this variant utilizes a dynamic evasion upgrade.

"The downloaded ZIP archive's filename consists of a dynamically generated Version four UUID combined with a variable trailing string, both of which change with each download instance. This server-side generation of unique filename tokens is designed specifically to defeat hash-based detection and track individual victim click-through rates."

Notably, the malicious script contains a lure generation capability that automatically generates phishing documents tailored to specific users. "The server dynamically forges a bespoke, password-protected PDF impersonating a Spanish judicial summons, which is returned to the infected host," the researchers write.

"The script then iterates over the filtered email list, utilizing the compromised user's own email account to send a tailored phishing email with the newly generated PDF attached."

BlueVoyant has the story:
https://www.bluevoyant.com/blog/augmented-marauders-multi-pronged-casbaneiro-campaigns

What KnowBe4 Customers Say

[VIDEO] "How TBAuctions Slashed Phish-Prone Rates from 40% to 6% with KnowBe4"
https://youtu.be/CABgyv3dXiY?si=lIJRn_2QF9DTW3sH

1. Government official impersonation scam complaints doubled in 2025, FBI report shows:
   https://www.nextgov.com/cybersecurity/2026/04/government-official-impersonation-scam-complaints-doubled-2025-fbi-report-shows/412656/
   
   
2. Watch this video of how a job interviewer exposes a North Korean fake IT worker:
   https://techcrunch.com/2026/04/06/watch-this-video-of-how-a-job-interviewer-exposes-a-north-korean-fake-it-worker/
   
   
3. FBI says Americans lost nearly $21 billion to scams in 2025:
   https://thenationaldesk.com/news/americas-news-now/americans-lost-over-20-billion-in-2025-to-online-scams-fbi-report-finds-cryptocurrency-online
   
   
4. German authorities identify REvil and GandCrab ransomware bosses:
   https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
   
   
5. Executive Summary: Social Engineering Elements of the Claude Code Packaging Error Campaign:
   https://www.trendmicro.com/en_us/research/26/d/claude-code-remains-a-lure-what-defenders-should-do.html
   
   
6. AI Agents and Non-Human Identities Creating Critical Security Gaps, Report:
   https://hackread.com/ai-agents-non-human-identities-security-gaps/
   
   
7. North Korean IT workers continue to infiltrate Western companies:
   https://www.group-ib.com/blog/dprk-fake-remote-developers/
   
   
8. Cybercriminals target accountants to drain Russian firms’ bank accounts:
   https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
   
   
9. Google Warns of New Threat Group Targeting BPOs and Helpdesks:
   https://www.infosecurity-magazine.com/news/google-warns-group-targeting-bpos/
   
   
10. CIA director quietly elevated agency’s cyber espionage division:
    https://therecord.media/cia-director-elevated-agency-cyber-espionage-division
    
    

• Virtual Vaca #1 - Top 10 Places To Visit In The Seychelles:
  https://youtu.be/ITeMztRzEQA
  
  
• Virtual Vaca #2 - Edinburgh Scotland in 4K - Incredible Scenes & Hidden Gems:
  https://youtu.be/DP-4MjP5Lak
  
  
• Virtual Vaca #3 - Abidjan – The Paris of Africa from Above:
  https://youtu.be/YXAP4Gcsrrs
  
  
• This Is Why We Fly | Cinematic Wingsuit Flight with My Bro:
  https://youtu.be/pSM-v1PhT20
  
  
• Navy Seals' Insane Parachute Jump Into Football Stadium:
  https://youtu.be/uHtdIuYgdT8
  
  
• Inside Robert Herjavec's Gulfstream G550 | Luxury Jet Tour & Family Life at 40,000 Feet:
  https://youtu.be/JxPBTDhGuBc
  
  
• Why India Is Turning Old Vehicles Into Electric Ones:
  https://youtu.be/OlGxk4jHC2Q
  
  
• America's Failed Bullet Train Experiment:
  https://youtu.be/Fe6hX-wPRjY
  
  
• The AI Supercomputer SUV... Rivian R2:
  https://youtu.be/Men2SFGzTig
  
  
• This is simply a nice story about how kindness is always the best strategy:
  https://x.com/mindsetmachine/status/2040918167317561740?s=66&t=vSAPngidkSaQJtTdB6pOmw
  
  
• LockPickingLawyer - $150 Ehaho Trailer Lock Opened FAST:
  https://youtu.be/5JdNXaLzFtk
  
  
• This man trusted physics completely by being ejected at 80 km/h from a riding truck:
  https://www.instagram.com/reels/DVy2RiKjXsg/
  
  
• For Da Kids #1 - Lonely Horse Collects Cats To Join His Herd:
  https://youtu.be/uv7ZOiKPDD0?si=ILsuaNkMCaycrOC2
  
  
• For Da Kids #2 - Police Use Pumpkin Muffin to Save German Shepherd:
  https://youtu.be/LvR49T4mbhM
  
  
• For Da Kids #3 - Wild Dolphin Knew Exactly How To Ask People For Help:
  https://youtu.be/Yt5Or1_JLO8?si=unOvZFoe2D9HKuOm
  
  
• For Da Kids #4 - Dog Unlocks Shelter Door And Runs Back to His Old Home:
  https://youtu.be/3PhsIrS3cuw
  
  
• For Da Kids #5 - Dogs really do attract every kind of friend:
  https://youtube.com/shorts/SxO1axKbO10