Latest stories — Page 28

AI Security

AI Red Teaming Grew Up. The Job Description Is Still Being Written.

The tools broke when LLMs arrived. Now the discipline is rebuilding itself in real time — and the threat model includes teenagers with too much free time.

3 min
AI Security

Anthropic Ships Claude Fable 5 as Two Products, One With the Cyber Guardrails Off

The public gets Fable 5. A vetted cyber cohort gets Mythos 5 — the same model with safety classifiers lifted.

3 min
Vulnerabilities

ServiceNow Patches Auth Bug After Attackers Pivot Deeper Into Hosted Instances

An unauthenticated flaw let intruders escalate access inside customer tenants before ServiceNow shipped a hosted-side fix.

2 min
Vulnerabilities

RoguePlanet PoC Drops: Another Defender Race Condition, Another Path to SYSTEM

An anonymous researcher publishing as Chaotic Eclipse dropped a proof-of-concept against Microsoft Defender that wins SYSTEM on fully patched Windows — when the race goes their way.

3 min
Vulnerabilities

protobuf.js Ships Six Bugs That Turn Schemas Into RCE Triggers

A single malicious descriptor is enough. Node.js services parsing untrusted Protobuf are the obvious blast radius.

2 min
Policy & Regulation

Starmer's Device-Scan Mandate Puts Enterprise Encryption in the Crosshairs

The UK Prime Minister gave tech firms three months to build image-filtering controls into every device. Security leaders say the architecture required would gut encryption protections, create fresh exfiltration paths, and hand future governments a surveillance tool the current one insists it doesn't want.

3 min
AI Security

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds

A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

3 min
Vulnerabilities

Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days

AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.

3 min
AI Security

Anthropic Opens Mythos-Class Intelligence to the Public — With a Classifier Standing Guard

Claude Fable 5 ships with AI-powered routing that quietly downgrades sensitive requests to Opus 4.8. Early tests suggest the net is wider than Anthropic's marketing implies.

3 min
Vulnerabilities

Microsoft Ships KB5094127 ESU as Secure Boot Cert Rollover Looms

The June 2026 extended security update for Windows 10 patches Patch Tuesday bugs and adds telemetry to track the Secure Boot certificate transition.

2 min
Policy & Regulation

Meta Expands Off-Platform Data Use to Feed Ranking and AI Chatbot Replies

Activity shared by third-party businesses — already feeding ad targeting — will now shape what users see in their feeds and how Meta AI answers their questions.

3 min
Vulnerabilities

Veeam Patches 9.4-Severity RCE in Backup & Replication; Domain Auth Required

CVE-2026-44963 lets any authenticated domain user run code on the backup server. Veeam shipped fixes Tuesday.

2 min
Threat Intelligence

Microsoft Pulls GitHub Repos After 73 Open-Source Projects Get Stealer-Spiked

The 'Miasma' incident looks less like a novel supply-chain zero-day and more like classic account takeover hitting a soft target: the org's own open-source footprint.

3 min
AI Security

Anthropic's Mythos Preview Goes Bug-Hunting: What XBOW's Red Team Found

An offensive-security shop put Anthropic's unreleased Mythos model through exploit discovery, reverse engineering, and live-site validation. The source-code review results were the standout.

3 min
AI Security

Attackers Are Wrapping Old Phishing Tricks in AI Branding. It's Working.

Microsoft and Google both dropped advisories this week documenting how threat actors are dressing up familiar credential theft and malware campaigns as ChatGPT, Copilot, and DeepSeek experiences. The technique is not new. The success rate is.

2 min
AI Security

Cryptographic Invisibility: Atsign’s Approach to Securing AI Applications

Atsign’s AI Architect aims to shield agentic software from attackers by rendering application identities invisible.

2 min
Vulnerabilities

Chrome Ships Emergency V8 Fix for CVE-2026-11645 Already Under Attack

An out-of-bounds read/write in V8 is being exploited in the wild. Google's update covers 74 issues. Patch, then verify your browser fleet actually restarted.

2 min
Threat Intelligence

Gamaredon and UAC-0226 Are Still Riding the WinRAR Path-Traversal Bug Into Ukrainian Networks

Nearly a year after a patch shipped, CVE-2025-8088 keeps paying dividends for two Russia-aligned crews running stealer campaigns against Ukraine.

2 min
AI Security

AI Worm Exploits Networks Using Local Models

University researchers create AI worm that crafts unique attacks without external AI services.

2 min
Vulnerabilities

Check Point Issues Emergency Patches After IKEv1 Auth Bypass Draws Qilin Affiliate

Two certificate-validation flaws in Check Point's VPN stack — one already exploited, one caught during the ensuing review — have prompted hotfixes across nine Quantum software versions.

2 min
Opinion

The Gap Between the Tools Is Where Networks Break

More dashboards, more telemetry, more AI copilots — and outages still drag on for hours. The problem isn't visibility. It's the handoff.

3 min
© 2026 Threat Vectr