New Fathom It

05/27/2026

Crypto ATM scams cost Americans $388M in 2025.

For small businesses, the lesson is broader: fraud succeeds when people are rushed, isolated, and told to bypass normal payment channels.

Train your team: verify odd payment requests before money moves. https://bit.ly/3Rp1kjm

The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs.

05/25/2026

Cybersecurity has had 20 years of “wake-up calls.” Breaches, ransomware, outages, cloud failures, vendor mistakes. For small businesses: don’t build around perfect prevention. Build for resilience: backups, MFA, patching, vendor review, and recovery plans.https://bit.ly/3PofdxJ

05/23/2026

The Mythos hype may be bigger than the breakthrough.

If multiple AI tools can find software flaws, the real takeaway for small businesses is practical: attackers will move faster, so patch faster, reduce exposed systems, and don’t let old software linger.https://bit.ly/435ktJB

The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysis of a smaller, cheaper model. I...

05/22/2026

BitLocker matters, but it should not be the only wall around your files.

For small businesses, this zero-day is a reminder to use device encryption, least-privilege access, sensitivity labels, rights management, and remote wipe. https://bit.ly/4eLsfj1

Security pros warn YellowKey claim could make stolen laptops a much bigger problem

05/20/2026

Anthropic’s Mythos is being called more marketing ploy than security breakthrough.
For small businesses, the lesson is worth noting: AI tools can be useful, but vendor hype should not replace testing, judgment, or expert review.

https://bit.ly/4nqjcpR

After all that hype, AI scanner found one low-severity cURL flaw

05/18/2026

A US bank reported itself after customer data was entered into an unauthorized AI app.

For small businesses, this is the lesson: have a clear AI use policy before employees improvise with sensitive data.

AI tools need guardrails, not guesswork. https://bit.ly/4fcrzDu

Volume and sensitivity of the data cited as chief concerns

05/16/2026

Google says AI-powered hacking is moving fast, including attempts to find and exploit unknown flaws.

For small businesses, this is not a reason to panic. It is a reason to tighten the basics: MFA, patching, backups, logging, and least-privilege access.
https://bit.ly/4fexmsa

Criminal groups and state-linked actors appear to be using commercial models to refine and scale up attacks

05/15/2026

60% of MD5 password hashes can reportedly be cracked in under an hour.
For small businesses, this is a reminder that passwords alone are not enough. Use MFA, strong password policies, and identity monitoring.
Security should not depend on one locked door. https://bit.ly/4uy5T9a

Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?

05/13/2026

Dirty Frag is a new Linux flaw with a public root exploit and no patch yet.

For small businesses, the takeaway is simple: know where Linux runs, including servers, firewalls, NAS devices, and hosted workloads.

Security starts with inventory.

https://bit.ly/42w5aJR

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

05/01/2026

Claude Mythos found 271 zero‑day vulnerabilities in Firefox, all patched in Firefox 150.
No new classes of bugs—just AI operating at a speed and scale human teams can’t match.
If patches ship fast, the balance finally shifts to defenders.
https://bit.ly/4tCZ71V

That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, wh...