Claude Mythos Exposed a Hard Truth: Your Enterprise Patching Process Is Way Too Slow
Anthropic’s Claude Mythos preview proved AI can autonomously discover thousands of zero‑day vulnerabilities, collapsing exploitation timelines to hours. Recent CVEs such as Langflow and Marimo were weaponized within 20 hours and under 10 hours of disclosure, far faster than the five‑day median reported by Rapid7. The article recommends replacing CVSS‑only triage with a three‑layer filter using CISA KEV, EPSS, and CVSS scores, and tightening agent authorization and credential mapping to curb the new attack surface.
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
Security researcher Charlie Eriksen uncovered that the popular npm package codexui-android, which has about 27,000 weekly downloads, contains hidden code that steals OpenAI authentication tokens, including long‑lived refresh tokens. The malicious payload is embedded only in the published package, bypasses...
Brain Corp Achieves SOC 2 Compliance
Brain Corp announced that its BrainOS autonomy platform has achieved SOC 2 Type II compliance, confirming that its data security and system operations meet rigorous industry standards. The company currently powers more than 40,000 autonomous mobile robots in commercial settings across...
Week in Review: Infostealer Dropped via FortiClient EMS Flaw, Exploited Trend Micro Apex One Flaw
The week’s headlines were dominated by critical vulnerabilities and active exploits. FortiClient’s Enterprise Management Server (CVE‑2026‑35616) was leveraged to spread a broad‑range infostealer across corporate endpoints, while Trend Micro’s Apex One suffered a zero‑day path‑traversal attack (CVE‑2026‑34926). Microsoft released patches for a...
The Measurement Problem
Identity and access management (IAM) remains a critical security pillar, yet most enterprises lack a reliable way to gauge program maturity. Multiple surveys—including SailPoint, Ponemon/GuidePoint, and IDSA—show that roughly 60‑70% of organizations sit in the lowest two maturity tiers, with...
XRP Ledger's New Proposal Blocks the Flash Loan Attacks Costing DeFi Hundreds of Millions
The XRP Ledger (XRPL) has introduced a draft amendment that makes flash‑loan attacks structurally impossible by prohibiting composable intra‑transaction calls. Recent DeFi exploits, including a $10.8 million Thorchain breach and over $600 million in losses across Solana and Ethereum protocols, leveraged flash...
Pentagon Says US Military Personnel Targeted Using Commercial Location Data
U.S. Central Command confirmed that forces in active war zones have been targeted using commercially available location data, according to a Reuters report and a letter from Senator Ron Wyden. The threat reports focus on the Gulf region, where U.S....
Autonomous Endpoint Management in 2026: What 916 Reviews Reveal About AI's Role
Autonomous Endpoint Management (AEM) tools are gaining traction as AI‑powered solutions that automate patching, threat detection, and remediation across sprawling device fleets. G2 analyzed 916 verified reviews, finding the category generally delivers on its promises, with Tanium noted for the...
Microsoft Criticized for Threatening Legal Action Against Security Researcher
Microsoft’s Digital Crimes Unit warned it would pursue legal action against the security researcher known as “Nightmare Eclipse” after the individual publicly disclosed four unpatched bugs—BlueHammer, RedSun, UnDefend and YellowKey—affecting Windows Defender and BitLocker. Microsoft argues the researcher bypassed its...
Palo Alto GlobalProtect VPN Auth Bypass Flaw Now Exploited in Attacks
Palo Alto Networks says its GlobalProtect VPN authentication‑override cookie flaw (CVE‑2026‑0257) is being actively exploited. The vulnerability, patched earlier this month, lets attackers forge cookies and gain unauthorized VPN access when authentication‑override is enabled and the same certificate is reused....
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited by Attackers
Researchers have identified active exploitation of CVE‑2026‑45112, a critical authentication bypass flaw in Palo Alto Networks PAN‑OS firewalls. The vulnerability allows unauthenticated attackers to access administrative functions through exposed management interfaces. Exploits have been observed targeting internet‑facing portals, potentially giving...
Exploit Code Published for Critical Flowise RCE Vulnerability
Obsidian Security disclosed a critical remote code execution flaw in Flowise, an open‑source LLM workflow platform, tracked as CVE‑2026‑40933 with a CVSS score of 9.9. The vulnerability originates from unsafe serialization of stdio commands in Anthropic’s MCP protocol, allowing any...
Wall Street’s Trillion-Dollar Dilemma: Why AI-Powered Hackers Are Keeping Big Banks Off the Blockchain
Traditional banks aim to move trillions of dollars onto blockchain, but a surge of AI‑powered DeFi hacks is creating a major roadblock. CertiK’s CEO Ronghui Gu reports that April 2026 saw exploits on 27 of 30 days, including a $1.46 billion Bybit...
New CIFSwitch Linux Flaw Gives Root on Multiple Distributions
Security researcher Asim Viladi Oglu Manizada disclosed a new Linux kernel local privilege escalation vulnerability named CIFSwitch. The flaw lets an unprivileged user forge cifs.spnego key requests, manipulate the cifs.upcall helper, and ultimately execute code as root on affected distributions....
AIAI Holdings’ Constellation Network Unveils Gate AI Security Gateway and Performance Benchmarks Ahead of June Launch
AI‑enabled holding company AIAI Holdings announced that its portfolio firm Constellation Network will release the Constellation Gate AI security gateway in June 2026. A technical report shows Gate AI topped eight of sixteen public prompt‑injection benchmarks and posted a 97.4%...
Lone Attacker Published 14 Malicious Npm Packages Mimicking Popular OpenSearch, Elasticsearch Libraries
A single npm maintainer alias published 14 malicious packages within four hours, impersonating popular OpenSearch, Elasticsearch, and DevOps libraries. The packages used typosquatting, spoofed metadata, and inflated version numbers to appear legitimate, then executed a Bun‑compiled credential harvester via install‑time...
Okta Writes Its Own License to Kill Rogue AI Agents
Okta announced a new identity‑centric control layer for autonomous AI agents, positioning itself as the "kill switch" for rogue bots. The company highlighted that 92% of executives report moderate or widespread AI‑agent use, yet only 22% have tied those agents...
Yoti Challenges Academic Research, Invites Independent Audit of Age Assurance Platform
Yoti, a leading age‑verification provider, publicly disputed academic research from Georgia Tech and UC Irvine that alleged its platform shares facial images and device data with third parties. The company issued an open letter denying the claims and invited the...
Semperis: Enforcing Phishing-Resistant Authentication at Scale with Passkeys
Semperis, an identity‑security firm, mandated phishing‑resistant passkeys for its entire workforce using Microsoft Entra conditional‑access policies. The rollout, staged by user tier, combined device‑bound passkeys, Windows Hello for Business, and FIDO‑certified hardware keys, achieving 100% adoption among full‑time staff. Live...
FBI Issues Alert on Cyber Actors Impersonating IT Personnel
The FBI issued an alert warning that the Silent Ransom Group, also known as Luna Moth, Chatty Spider and UNC3753, is impersonating IT support staff to infiltrate organizations. The threat actor has focused on healthcare and other critical sectors since...
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Researchers at Permiso Security have uncovered a new vulnerability dubbed ChatGPhish that tricks OpenAI's ChatGPT into rendering malicious Markdown links and images when summarizing web pages. The AI’s response renderer automatically fetches embedded images and activates clickable links, allowing attackers...
The Ad-Tracking Industry Is Exposing US Soldiers on the Battlefield
U.S. Central Command has publicly confirmed that hostile actors are exploiting commercial ad‑tech location data to track American service members in active war zones. The Pentagon’s own reports show that data brokers sell detailed geolocation, identity and financial information on...
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
SecurityWeek’s weekly roundup highlights a wave of high‑profile cyber incidents. A third‑party breach at Trump Mobile exposed customer contact data, while a Russian state‑sponsored APT gained deep access to Treasury email accounts. Vulnerabilities in popular tools such as VS Code Remote‑SSH, Veeam,...
23andMe Inherits Lawsuit over 'Disturbing' DNA Data Breach
California Attorney General Rob Bonta sued 23andMe, now operating as Chrome Holding Co., alleging the company failed to safeguard genetic data and misled consumers after the 2023 breach. The incident, initially affecting about 14,000 accounts, leveraged the DNA Relatives feature...
Federal Audit Reveals NIST’s NVD Is Plagued by Poor Planning and Duplication
The Department of Commerce’s inspector general flagged serious mismanagement at NIST’s National Vulnerability Database (NVD). A backlog of unprocessed flaws ballooned from roughly 13,000 in mid‑2024 to over 27,000 by the end of 2025, far exceeding the agency’s pledged processing...
Health Officials Shift Cybersecurity Toward Proactive Resilience
Federal health agencies are moving from reactive cyber defense to proactive resilience, leveraging AI‑enhanced threat detection, role‑based microlearning, and expanded interagency intelligence sharing. AI analytics now identify vulnerabilities and anomalous user behavior faster than traditional tools, while keeping a human...
CISA Urges Security Teams to Check for Software Development Compromises
The Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are targeting software development pipelines, citing the Megalodon supply‑chain attack and a compromised GitHub employee device via a malicious Nx Console VS Code extension. Megalodon injected malicious GitHub Action workflows into...
Windows BitLocker Exploit Sparks Messy Feud Between Microsoft and the Researcher Who Exposed It
A security researcher named Chaotic Eclipse disclosed a zero‑day called “YellowKey” that can unlock BitLocker‑encrypted drives on Windows 11 using a USB device, while it fails on Windows 10. Microsoft assigned CVE‑2026‑45585, issued mitigation guidance, but has not yet released a full...
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
A threat actor exploited the critical Marimo CVE‑2026‑39987 remote code execution flaw to gain initial access to an internet‑exposed notebook. Using a large language model (LLM) agent, the attacker harvested AWS credentials, retrieved an SSH private key from Secrets Manager,...
Dutch Govt Disrupts Malware Botnet with 17 Million Infected Devices
The Dutch National Cyber Security Centre, together with police, dismantled a botnet that infected at least 17 million devices worldwide. More than 200 servers hosting the command infrastructure were seized from a local provider, effectively taking the network offline. The operation...
Shadow AI: The Hidden Risk Expanding Across the Enterprise
Enterprises are rapidly adopting generative AI, but many employees and developers use unauthorized tools, creating a hidden attack surface known as shadow AI. This ungoverned usage exposes sensitive data, invites prompt‑injection attacks, and bypasses traditional security controls such as firewalls...
TTEC Launches TTEC Titan, an AI-Powered Security Platform for Remote Customer Experience Operations
TTEC announced the launch of TTEC Titan, an AI‑powered security platform built to protect remote contact‑center and customer‑experience (CX) operations at enterprise scale. The solution combines real‑time threat detection, behavioral monitoring, fraud prevention, and compliance management, including SOC 2 and PCI‑DSS...
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
Token Security researchers exposed a five‑step exploit that could have seized control of Zapier’s low‑code automation platform by leveraging an over‑permissive AWS Lambda role and lingering secrets. The chain began with custom code in Zapier’s sandbox, uncovered a misnamed “allow_nothing_role”,...
Google Chrome Adds Session Cookie Theft Protection for All Users
Google Chrome has made its Device Bound Session Credentials (DBSC) feature generally available, rolling it out to all Workspace, Individual, and personal users. DBSC cryptographically binds session cookies to a device’s security chip, such as TPM or Secure Enclave, so...
ChatGPT Blindly Trusts Browser Content, Turning the Page Into a Payload
A researcher has shown that ChatGPT cannot distinguish its own generated text from attacker‑controlled Markdown fetched from web pages, a flaw dubbed “ChatGPhish.” By embedding hidden instructions in a page, an attacker can make the model append phishing links or...
Russia-Linked Threat Group Put ChatGPT to Work From Lure to Payload
A Russia-linked cyber espionage group, dubbed GREYVIBE, has been leveraging generative AI tools such as ChatGPT, Google Gemini, and Ideogram AI across its entire attack lifecycle against Ukrainian targets. The campaign, active since at least August 2025, employs AI‑generated spear‑phishing...
ShinyHunters Adds Charter to Trophy Shelf After 4.9M Customer Records Leak
ShinyHunters released the personal details of 4.9 million Charter Communications customers after the telecom declined the gang’s extortion demand. The leak, confirmed by Have I Been Pwned, contains names, email addresses, phone numbers, physical addresses, and a subset of about 85 000...
Chrome 148 Update Patches 151 Vulnerabilities
Google rolled out Chrome 148, patching 151 vulnerabilities, including 22 critical‑severity flaws. The most severe CVEs 2026‑9872 and 2026‑9873 earned $43,000 each in bug‑bounty rewards. Use‑after‑free bugs dominate the critical set, posing remote‑code‑execution and sandbox‑escape risks. Google disclosed over $130,000 in payouts and...
LinkedIn-Themed Phishing Abuses Adobe’s A/B Testing Platform
A new phishing campaign is targeting professionals with LinkedIn‑styled business emails that contain a PDF‑named HTML attachment. When opened, the attachment displays a counterfeit LinkedIn login page that auto‑fills the victim’s email and captures credentials. The malicious page is delivered...
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
The Cybersecurity Communities of Support (CyCOS) pilot, launched by UK universities, is expanding from two to seven peer‑led communities for small and micro businesses. The growth adds five new SME‑facilitated groups and coincides with a handover of governance from academia...
Notepad++ Vulnerabilities Could Enable Arbitrary Code Execution on Windows Systems
Two high‑severity vulnerabilities (CVE‑2026‑48778 and CVE‑2026‑48800) were found in Notepad++ that let a local attacker execute arbitrary commands by tampering with XML configuration files. The flaws affect all versions up to 8.9.6 and were patched the same day in version...
The Gentlemen Are Coming for Your Files, and Then Your Network
Microsoft warned that the Gentlemen ransomware now employs a self‑propagating Go‑based encryptor that moves laterally across networks via SMB and harvested credentials before encrypting files. First observed in mid‑2025, the malware transitioned to a ransomware‑as‑a‑service model in September 2025, recruiting...
Arctic Wolf Takes Aim at South Africa’s Security Blind Spots
Arctic Wolf has introduced its Aurora Attack Surface Management (ASM) platform to the South African market, offering organizations real‑time, agent‑less visibility of all assets across cloud, on‑premise and hybrid environments. The solution consolidates data from endpoints, servers, network devices and...
MEPs Urge European Commission to Take Action over Europol’s Shadow IT
Members of the European Parliament have written to the European Commission demanding action after investigations uncovered that Europol stored massive volumes of sensitive personal data on undocumented shadow‑IT systems, and that Frontex transferred data on roughly 13,000 interviewees to Europol...
NHS England Selects Partners for NHS Secure Boundary Service
NHS England has appointed IBM and Palo Alto Networks to build the NHS Secure Boundary, a cloud‑native, AI‑enabled cyber‑security platform for the health system. The service will centralise threat intelligence, integrate with the NHS Cyber Security Operations Centre, and replace...
Claroty Targets Cyber-Physical System Risks with AI-Powered Security Agent
Claroty unveiled Claroty Claire, an AI‑driven security agent built natively for cyber‑physical systems (CPS). The agent leverages a CPS‑specific language model trained on more than a decade of industry data and insights from over 6,500 OEMs. Deployed across 20,000+ sites in...
Notepad++ Patches High-Severity RCE Flaws in Version 8.9.6.1
The Notepad++ team released version 8.9.6.1, patching three newly disclosed vulnerabilities—CVE‑2026‑48778, CVE‑2026‑48770 and CVE‑2026‑48800. The most critical flaw, CVE‑2026‑48778, allows remote code execution by abusing the entry in the config.xml file, enabling attackers to launch arbitrary programs such as calc.exe....
Humanix Expands Detection to Identify Live Violations of Security Procedures
Humanix unveiled a new capability that detects live violations of organization‑defined IT support procedures. The conversational‑AI platform monitors voice, chat, email, and ticket interactions to flag impersonation, manipulation, and attempts to bypass security steps in real time. By identifying the...
How Advanced Security Solutions Support Recruitment, Employee Privacy, and Business Growth
Enterprises are shifting from data‑center‑centric firewalls to Secure Access Service Edge (SASE) as workforces become distributed and cloud workloads proliferate. The article profiles five leading SASE providers—Fortinet, Zscaler, Cato Networks, Versa Networks, and Netskope—highlighting each vendor’s architectural focus, from unified...
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
North Korean threat group Kimsuky intensified its 2026 campaign against South Korean military and corporate targets by deploying the HTTPSpy RAT through counterfeit security‑software installers and a fake Webex meeting page. The group introduced a novel "JSONPing" technique to verify...