Tekin Night April 22: Anthropic Security Hack & Meta Employee Spying 🌙

🤖 Dangerous Anthropic Mythos Hack: AI Security Tool in Hackers' Hands

In one of the most dangerous security incidents of 2026, an unauthorized group gained access to Anthropic's powerful Mythos model via Discord. Mythos is an AI-powered cybersecurity tool that can find 271 vulnerabilities in Firefox 150 - but the problem is that this tool in hackers' hands can become a dangerous weapon. This tool was only released to major companies like Apple as part of Project Glasswing, but a Discord group gained access through a third-party vendor.

According to Bloomberg's report, this group gained access to Mythos through an employee of a third-party contractor working for Anthropic. Using their knowledge of Anthropic's URL format, they guessed where the model was located and managed to access it. This group, operating in a Discord channel, seeks access to unreleased AI models and claims they did this just to "play with new models," not for sabotage.

Anthropic stated in a release that they are investigating this report and have found no evidence so far that this unauthorized access affected their systems. But security experts warn that if this tool falls into the hands of professional hackers, it could become a serious threat to global cybersecurity. CISA (US Cybersecurity Agency) announced it has no access to Mythos and cannot assess the tool's security.

👁️ Meta Starts Full Employee Tracking: Every Click, Every Movement, Every Keystroke

In one of the biggest employee privacy violations in Big Tech history, Meta installed MCI (Model Capability Initiative) spyware on American employees' computers. This software records every mouse click, every movement, every keystroke, and even random screenshots. Meta's goal is to train AI Agents to perform office tasks, but this action has raised serious concerns about employee privacy.

Andrew Bosworth, Meta's CTO, announced in an internal memo that this program is part of the "Agent Transformation Accelerator" (ATA) initiative. Meta's goal is to build a world where "AI Agents do the actual work and our role is just to guide, review, and help improve them." Simply put: Meta wants to replace employees with robots and is using employees themselves to train these robots.

Meta employees protested on social networks and internal forums, calling this action a "privacy violation" and "employee spying." Some legal experts believe this type of tracking may violate labor laws in some US states. But Meta announced that this program only runs on work computers and does not collect personal data.

🎮 PlayStation UK: Mandatory Age Verification or Online Cutoff

Sony Interactive Entertainment announced that from June 2026, mandatory age verification will be enforced for all adult PSN users in UK and Ireland. Without completing this process, access to key online features like Voice Chat, Messaging, Party, and Live Streaming will be cut off. This action is being taken to comply with the UK's Online Safety Act, but has faced technical issues and user protests.

The main problem is that many users have faced server errors and technical issues in the age verification process. Some users reported that even after submitting documents, the system didn't verify them. Sony announced they are fixing these issues, but there are concerns about privacy and security of personal data. Users must upload identification documents like passports or driver's licenses, which itself is a security risk.

💰 Xbox Game Pass Got Cheaper - But We Lost Call of Duty

Microsoft in an unexpected move dropped Xbox Game Pass Ultimate price from $29.99 to $22.99 per month. PC Game Pass also went from $16.49 to $13.99. This price cut was immediate and applied to all new and existing users. But there's bad news: new Call of Duty games won't come Day One to Game Pass anymore. Instead, they'll be added one year after release.

Asha Sharma, the new head of Microsoft's gaming division replacing Phil Spencer, announced in an internal memo that Game Pass has become "too expensive" and needs to be "more affordable." This price cut happened 6 months after a 50% price increase in October 2025. But removing Call of Duty from Day One is a major blow to users.

🏦 Everest Ransomware: Two Major US Banks Hacked

The Everest ransomware group hacked two major US banks - Frost Bank and Citizens Bank - and published sensitive financial information. This group, active since 2020 and linked to Russia, published samples of stolen data on their leak site and gave a 6-day ultimatum for ransom payment. If the banks don't pay the ransom, all information will be publicly released.

Everest is a Russian-speaking ransomware group that focuses on data theft and extortion instead of file encryption. This group has been active since November 2021 and has connections to the BlackByte ransomware family. Everest also operates as an Initial Access Broker, selling access to compromised networks to other hacker groups. Since October 2023, this group has started recruiting corporate insiders who provide access to internal networks in exchange for money or profit share.

🔓 Dangerous DNN Vulnerability: 750,000 Websites at Risk

A dangerous XSS (Cross-Site Scripting) vulnerability was discovered in the DNN (DotNetNuke) platform that puts 750,000 websites at risk. DNN is one of the most popular content management systems (CMS) in the Microsoft ecosystem. This vulnerability can be exploited through uploading malicious SVG files and can lead to Remote Code Execution (RCE) and complete server compromise.

This vulnerability is registered as CVE-2025-64094 and is considered an incomplete version of the CVE-2025-48378 patch. The problem is that sanitization of uploaded SVG file content doesn't cover all XSS scenarios. Hackers can embed malicious JavaScript code inside SVG files, and when this file is viewed by other users, the code executes. This can lead to theft of authentication tokens, access to admin panels, and ultimately complete server compromise.