Hello. Zcash, a digital token backed by some of bitcoin’s early evangelists, plunged about 40% in the 24 hours after a security bug was widely disclosed.

This, despite Zcash having fixed the bug the day after it was discovered.

The researcher, using Anthropic's Opus 4.8 AI model, identified a counterfeiting vulnerability in Zcash’s “Orchard pool,” a part of the blockchain where users’ transaction details are hidden to protect their privacy. Read more from WSJ. 

Also today: 

• U.S. intel, military bodies must step up use of AI: Trump memo
• Meta says 20,000+ Instagram users breached
• OpenAI's new 'lockdown mode'
• What's in the House's new AI bill
• Cyber stocks hit in tech rout last week

U.S. AI bill calls for “independent verification organizations” to check that makers of frontier AI models comply with rules for being transparent about security and other risks. The Great American Artificial Intelligence Act, proposed by a bipartisan group of lawmakers in the House, would preempt state AI laws. (Cybersecurity Dive)

• Here is the full 269-page draft of the bill.

OpenAI began rolling out "lockdown mode" for ChatGPT, to help protect users of the chatbot from having data stolen by hackers using prompt injection attacks. 

Worst breaches: Six months into 2026, TechCrunch outlined the biggest breaches so far this year. Among them are hacks on water and energy grids worldwide, the cyberattack at medical-device maker Stryker by hackers linked to Iran, and various data leaks attributed to missteps in the U.S. government during DOGE purges across agencies.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.