Behind the Mythos Hype, Glasswing Has Just One Confirmed CVE
Anthropic’s Project Glasswing, the gated access program behind its Mythos AI, has produced only one publicly attributed CVE (CVE‑2026‑4747) according to VulnCheck’s analysis. While Anthropic researchers are credited with 40 CVEs overall, the majority stem from external collaborations rather than Glasswing itself. The Mythos model, however, demonstrated a roughly 72% exploit success rate in internal testing, suggesting a dramatic reduction in the skill barrier for advanced attacks. Anthropic will release a comprehensive accounting of Glasswing’s findings in July 2026, and OpenAI is developing a competing cybersecurity model to counter the hype.
Insurance Carriers Quietly Back Away From Covering AI Outputs
Major U.S. insurers are quietly pulling back from covering AI‑generated outputs in cyber‑risk and errors‑and‑omissions policies. While some carriers are outright declining to write such coverage, others are imposing steep premium hikes or carving out explicit exclusions for AI‑related liabilities....
The Endless CISO Reporting Line Debate — and What It Says About Cybersecurity Leadership
The debate over where the chief information security officer (CISO) should report persists in 2026, despite two decades of high‑profile breaches and heightened board scrutiny. While the reporting line signals authority and visibility, it is ultimately a proxy for the...
Copilot and Agentforce Fall to Form-Based Prompt Injection Tricks
Security researchers at Capsule Security uncovered prompt‑injection flaws in Microsoft Copilot Studio and Salesforce Agentforce that let attackers exfiltrate data via ordinary SharePoint and lead forms. In Copilot, the “ShareLeak” vulnerability (CVE‑2026‑21520) lets a crafted comment field override system prompts...
The Deepfake Dilemma: From Financial Fraud to Reputational Crisis
Deepfake technology has moved from a niche curiosity to a cheap, widely accessible threat, with a 2025 Gartner survey showing 43% of cybersecurity leaders encountering audio deepfakes and 37% facing video deepfakes in the past year. The fraud potential is...
The Need for a Board-Level Definition of Cyber Resilience
Cyber resilience is now a board‑level governance priority, yet its definition varies across regulatory frameworks, leaving directors uncertain about oversight responsibilities. A literature review of 38 sources shows the concept is still fragmented, with divergent views on scope and relationship...
April Patch Tuesday Roundup: Zero Day Vulnerabilities and Critical Bugs
Microsoft’s April Patch Tuesday delivered 167 fixes, including a actively‑exploited SharePoint Server zero‑day (CVE‑2026‑32201) and a critical Windows IKE remote‑code‑execution flaw (CVE‑2026‑33824) with a 9.8 CVSS score. Additional high‑risk bugs affect Active Directory (CVE‑2026‑33826), TCP/IP stack (CVE‑2026‑33827) and SAP Business...
4 Questions to Ask Before Outsourcing MDR
Security teams face relentless alerts, staffing gaps and rising expectations for uptime, making Managed Detection and Response (MDR) a strategic necessity rather than a luxury. Outsourcing MDR provides round‑the‑clock monitoring across endpoints, identities and cloud workloads, ensuring threats are spotted...
5 Trends Defining the Future of AI-Powered Cybersecurity
The N‑able and Futurum report outlines how AI is reshaping cybersecurity, turning generative models into both attack tools and defensive assets. Attackers now automate phishing, vulnerability scanning and exploit delivery at machine speed, forcing security teams to abandon static, perimeter‑based...
China-Linked Cloud Credential Heist Runs on Typos and SMTP
Chinese‑aligned APT41 has deployed a Linux ELF backdoor that steals cloud credentials across AWS, GCP, Azure and Alibaba Cloud. The malware uses port 25 SMTP as a covert C2 channel, sending harvested IAM role and service‑account tokens to three typosquatted...
The AI Inflection Point: What Security Leaders Must Do Now
AI has moved from experiment to production in cybersecurity, forcing security leaders to treat it as an operating‑model shift rather than a bolt‑on tool. Threat reports show AI‑enabled adversaries accelerating attack timelines to under 30 minutes, outpacing human‑only triage. CISOs...
Seven IBM WebSphere Liberty Flaws Can Be Chained Into Full Takeover
Security researchers disclosed seven interrelated flaws in IBM WebSphere Liberty, a modular Java application server, that can be chained to achieve full server takeover. The chain begins with a pre‑authentication remote code execution (RCE) vulnerability in the SAML Web SSO...
CISOs Tackle the AI Visibility Gap
CISOs are confronting a growing AI visibility gap as organizations race to deploy generative models and AI‑enabled tools. A Pentera 2026 survey shows 67% of security leaders lack clear insight into where AI runs, and 48% cite limited visibility as...
Hungarian Government Email Passwords Exposed Ahead of Election
Bellingcat uncovered that passwords for nearly 800 Hungarian government email accounts are publicly available, affecting 12 of the 13 ministries, including national‑security officials. The leaks stem from simple, easily guessable passwords rather than sophisticated cyber attacks. The exposure comes weeks...
Why Most Zero-Trust Architectures Fail at the Traffic Layer
Zero‑trust programs often excel at identity verification but stumble when traffic reaches the network edge. In many enterprises, inconsistent enforcement of TLS, fragmented ingress points, and partial mutual‑TLS deployments let malicious traffic bypass policy controls. The article highlights that the...
