Latest stories — Page 28

AI Red Teaming Grew Up. The Job Description Is Still Being Written.
The tools broke when LLMs arrived. Now the discipline is rebuilding itself in real time — and the threat model includes teenagers with too much free time.

Anthropic Ships Claude Fable 5 as Two Products, One With the Cyber Guardrails Off
The public gets Fable 5. A vetted cyber cohort gets Mythos 5 — the same model with safety classifiers lifted.

ServiceNow Patches Auth Bug After Attackers Pivot Deeper Into Hosted Instances
An unauthenticated flaw let intruders escalate access inside customer tenants before ServiceNow shipped a hosted-side fix.

RoguePlanet PoC Drops: Another Defender Race Condition, Another Path to SYSTEM
An anonymous researcher publishing as Chaotic Eclipse dropped a proof-of-concept against Microsoft Defender that wins SYSTEM on fully patched Windows — when the race goes their way.

protobuf.js Ships Six Bugs That Turn Schemas Into RCE Triggers
A single malicious descriptor is enough. Node.js services parsing untrusted Protobuf are the obvious blast radius.

Starmer's Device-Scan Mandate Puts Enterprise Encryption in the Crosshairs
The UK Prime Minister gave tech firms three months to build image-filtering controls into every device. Security leaders say the architecture required would gut encryption protections, create fresh exfiltration paths, and hand future governments a surveillance tool the current one insists it doesn't want.

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds
A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days
AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.

Anthropic Opens Mythos-Class Intelligence to the Public — With a Classifier Standing Guard
Claude Fable 5 ships with AI-powered routing that quietly downgrades sensitive requests to Opus 4.8. Early tests suggest the net is wider than Anthropic's marketing implies.

Microsoft Ships KB5094127 ESU as Secure Boot Cert Rollover Looms
The June 2026 extended security update for Windows 10 patches Patch Tuesday bugs and adds telemetry to track the Secure Boot certificate transition.

Meta Expands Off-Platform Data Use to Feed Ranking and AI Chatbot Replies
Activity shared by third-party businesses — already feeding ad targeting — will now shape what users see in their feeds and how Meta AI answers their questions.

Veeam Patches 9.4-Severity RCE in Backup & Replication; Domain Auth Required
CVE-2026-44963 lets any authenticated domain user run code on the backup server. Veeam shipped fixes Tuesday.

Microsoft Pulls GitHub Repos After 73 Open-Source Projects Get Stealer-Spiked
The 'Miasma' incident looks less like a novel supply-chain zero-day and more like classic account takeover hitting a soft target: the org's own open-source footprint.

Anthropic's Mythos Preview Goes Bug-Hunting: What XBOW's Red Team Found
An offensive-security shop put Anthropic's unreleased Mythos model through exploit discovery, reverse engineering, and live-site validation. The source-code review results were the standout.

Attackers Are Wrapping Old Phishing Tricks in AI Branding. It's Working.
Microsoft and Google both dropped advisories this week documenting how threat actors are dressing up familiar credential theft and malware campaigns as ChatGPT, Copilot, and DeepSeek experiences. The technique is not new. The success rate is.

Cryptographic Invisibility: Atsign’s Approach to Securing AI Applications
Atsign’s AI Architect aims to shield agentic software from attackers by rendering application identities invisible.

Chrome Ships Emergency V8 Fix for CVE-2026-11645 Already Under Attack
An out-of-bounds read/write in V8 is being exploited in the wild. Google's update covers 74 issues. Patch, then verify your browser fleet actually restarted.

Gamaredon and UAC-0226 Are Still Riding the WinRAR Path-Traversal Bug Into Ukrainian Networks
Nearly a year after a patch shipped, CVE-2025-8088 keeps paying dividends for two Russia-aligned crews running stealer campaigns against Ukraine.

AI Worm Exploits Networks Using Local Models
University researchers create AI worm that crafts unique attacks without external AI services.

Check Point Issues Emergency Patches After IKEv1 Auth Bypass Draws Qilin Affiliate
Two certificate-validation flaws in Check Point's VPN stack — one already exploited, one caught during the ensuing review — have prompted hotfixes across nine Quantum software versions.

The Gap Between the Tools Is Where Networks Break
More dashboards, more telemetry, more AI copilots — and outages still drag on for hours. The problem isn't visibility. It's the handoff.