Gathos News

Topic

Cybersecurity

Cybersecurity coverage that assumes you can read CVSS scores and don't need 'what is ransomware' explained. We report the vulnerabilities and incidents that change how teams ship software the following Monday.

50 stories

US Halts Anthropic AI Models Amid Security, China Access Fears
AI

US Halts Anthropic AI Models Amid Security, China Access Fears

The US government has ordered AI firm Anthropic to disable its most advanced models, Mythos 5 and Claude Fable 5, globally. This unprecedented move stems from national security concerns, including potential cybersecurity misuse and fears of Chinese access. Interestingly, Amazon CEO Andy Jassy reportedly flagged these risks to the Trump administration before the official crackdown.

Jun 14, 2026

Anthropic Halts AI Access on US National Security Order
AI

Anthropic Halts AI Access on US National Security Order

Anthropic has suspended access to its Fable 5 and Mythos 5 AI models for foreign users, citing a U.S. national security directive. This move, reported on Friday, June 13, 2026, sparks concerns among international users about the reliability and geopolitical risks of U.S.-based AI technology.

Jun 14, 2026

Anthropic Halts New AI Models Under US National Security Order
AI

Anthropic Halts New AI Models Under US National Security Order

The US government has ordered AI developer Anthropic to suspend access to its newly released Fable 5 and Mythos 5 models. The directive, citing national security concerns, prompted a complete shutdown over fears of potential misuse in cybersecurity and hacking.

Jun 13, 2026

Anthropic Pulls AI Models Globally After US Security Order
AI

Anthropic Pulls AI Models Globally After US Security Order

AI firm Anthropic has suspended worldwide access to its Fable 5 and Mythos 5 models. The move follows a US government order citing national security concerns, which initially targeted foreign access but prompted Anthropic to disable the models for all customers to ensure compliance.

Jun 13, 2026

US Order Forces Anthropic to Halt Global AI Models
AI

US Order Forces Anthropic to Halt Global AI Models

Anthropic has globally disabled its Fable 5 and Mythos 5 AI models following a US government export control order. The directive, reportedly triggered by an alleged security 'jailbreak,' underscores growing government intervention in advanced AI and creates significant ripples for enterprises relying on these tools.

Jun 13, 2026

Anthropic Halts Top AI Access on US Security Order
AI

Anthropic Halts Top AI Access on US Security Order

Anthropic has suspended international access to its Fable 5 and Mythos 5 AI models, complying with a US government directive. The move cites national security concerns, blocking foreign nationals from using the powerful systems. This marks a notable escalation in government oversight of advanced AI.

Jun 13, 2026

US Government Blocks Anthropic's Advanced AI Models
AI

US Government Blocks Anthropic's Advanced AI Models

The US government ordered Anthropic to disable foreign access to its Fable 5 and Mythos 5 AI models due to national security concerns. Anthropic complied but disagrees, leaving users in an "absolute nightmare scenario" and triggering alarm among international tech firms. This marks a new phase in AI export controls.

Jun 13, 2026

US Order Halts Anthropic AI Access, Raises Tech Sovereignty Questions
AI

US Order Halts Anthropic AI Access, Raises Tech Sovereignty Questions

Anthropic, a prominent AI developer, abruptly suspended access to its advanced Fable 5 and Mythos 5 models this week, just days after their public launch. This drastic move followed a US government directive citing national security, effectively blocking foreign access and sparking debate over global AI development.

Jun 13, 2026

Anthropic Pulls Fable 5 AI After US National Security Order
AI

Anthropic Pulls Fable 5 AI After US National Security Order

Anthropic abruptly suspended access to its new AI models, Fable 5 and Mythos 5, just days after their public release. The move came following a directive from the U.S. government, citing national security concerns primarily focused on access by foreign nationals.

Jun 13, 2026

US Halts Foreign Access to Anthropic's Fable 5, Mythos 5 AI
AI

US Halts Foreign Access to Anthropic's Fable 5, Mythos 5 AI

The US government has ordered Anthropic to suspend foreign access to its advanced AI models, Fable 5 and Mythos 5. Citing national security concerns, particularly around potential misuse for cyberattacks, this move signals a tightening grip on frontier AI technologies. Anthropic has confirmed its compliance with the directive.

Jun 13, 2026

US Orders Anthropic to Halt AI Models Over Security Flaw
AI

US Orders Anthropic to Halt AI Models Over Security Flaw

Anthropic has disabled its Fable 5 and Mythos 5 AI models following a US government order citing national security concerns. The move comes after authorities reportedly discovered a method to "jailbreak" Fable 5, prompting a block on foreign nationals.

Jun 13, 2026

AI Agents Get Safer: Azure & SkyPilot Launch Code Sandboxes
AI

AI Agents Get Safer: Azure & SkyPilot Launch Code Sandboxes

As AI agents increasingly generate code, security risks loom large. On June 12, 2026, both Microsoft Azure and SkyPilot introduced sandboxing solutions to safely run this untrusted code. Azure offers hardware-isolated environments within Container Apps, while SkyPilot brings scalable sandboxes to existing Kubernetes clusters.

Jun 12, 2026

Technology
Technology

Netty DNS Poisoning: A Recurring Threat to Network Apps

A new vulnerability, CVE-2026-45674, has surfaced in Netty, a widely used network application framework. The flaw allows for DNS cache poisoning due to improper validation of CNAME records, potentially redirecting users to malicious sites. Developers should update to versions 4.1.135.Final or 4.2.15.Final immediately.

Jun 12, 2026

Weak Hashes Haunt Popular AI Tools: A Security Patch Alert
AI

Weak Hashes Haunt Popular AI Tools: A Security Patch Alert

Three widely used AI/ML platforms — PaddlePaddle FastDeploy, Streamlit, and MLflow — recently disclosed separate 'weak hash' vulnerabilities. These flaws, identified as CVEs 2026-10800, 2026-10804, and 2026-10803, highlight a critical security oversight. Users should update immediately to protect data integrity and model trustworthiness.

Jun 4, 2026

Anthropic's Mythos AI Expands, Cybersecurity Implications Rise
AI

Anthropic's Mythos AI Expands, Cybersecurity Implications Rise

Anthropic has broadened access to its potent Mythos AI model to about 150 organizations across more than 15 countries, including the EU and India. Intended for cybersecurity, the expansion, part of Project Glasswing, also brings renewed focus to the inherent security risks of powerful AI.

Jun 3, 2026

AI
AI

AstrBot Faces Dual Critical Security Flaws

Developers of AstrBot are grappling with two critical vulnerabilities, CVE-2026-10210 and CVE-2026-10211, affecting version 4.23.6. These flaws allow remote prompt injection and unauthorized file system access, respectively, with public exploits already in circulation. Users are urged to update immediately.

Jun 1, 2026

AI
AI

Aider-AI's Code Workflow Vulnerable to SQL Injection

A critical remote SQL injection vulnerability, CVE-2026-10176, has been disclosed in Aider-AI's Aider version 0.86.3. The flaw affects the "Code Generation Workflow" via an unspecified function, and a public exploit is available, posing immediate risk to users.

May 31, 2026

AI
AI

Aider-AI Hit by Two Remote Exploits, Code Injection Confirmed

Two critical vulnerabilities, CVE-2026-10175 and CVE-2026-10174, have been discovered in Aider-AI Aider 0.86.3, with exploits already in the wild. These flaws allow remote code injection in Architect Mode and bypass a protection mechanism in the Pre-commit Hook Handler, posing significant risks to developers.

May 31, 2026

Technology
Technology

Open5GS DoS Flaw Puts 5G Core Networks at Risk

A critical denial-of-service vulnerability, CVE-2026-10117, has been found in Open5GS versions up to 2.7.7. The flaw in a core networking component allows remote attackers to disrupt services, with a public exploit already available. This poses an immediate threat to deployments relying on the open-source 5G core.

May 30, 2026

Metasploit Update Arms Testers with 'Dirty Frag' Linux LPEs
Technology

Metasploit Update Arms Testers with 'Dirty Frag' Linux LPEs

The latest Metasploit update, released May 29, 2026, significantly boosts Linux local privilege escalation (LPE) capabilities. It introduces new modules for the 'Dirty Frag' vulnerabilities (CVE-2026-43284 and CVE-2026-43500), alongside other tools, making these critical exploits readily available for security testing.

May 30, 2026

Technology
Technology

ExtremeCloud IQ Flaw Exposed Tenant Data via API Race Condition

A recently disclosed vulnerability, CVE-2026-9831, revealed that ExtremeCloud IQ could suffer cross-tenant data exposure. A race condition in the Extreme Platform ONE IAM Gateway API-key authentication path allowed authenticated requests to intermittently receive data meant for another customer. This highlights the inherent risks in multi-tenant cloud architectures under high-stress conditions.

May 29, 2026

Technology
Technology

Critical Flaws Emerge in Google Chrome's V8, ANGLE, and XML

Google Chrome faces three new critical vulnerabilities, CVE-2026-9966, -9968, and -9969, affecting versions up to 148.0.7778.179. These flaws in the V8, ANGLE, and XML components could allow attackers to manipulate browser behavior, emphasizing the urgent need for prompt updates.

May 29, 2026

Anthropic Ships Opus 4.8, Teases Security-Focused Mythos
AI

Anthropic Ships Opus 4.8, Teases Security-Focused Mythos

Anthropic rolled out Claude Opus 4.8 today, an upgraded model offering a faster mode at the same price. The AI lab also announced its more powerful, cybersecurity-focused Claude Mythos model will arrive for customers in the coming weeks, signaling a strategic dual release.

May 28, 2026

Technology
Technology

Multiple Critical Flaws Found in Recent Linux Kernels

Security researchers have flagged three critical vulnerabilities in recent Linux kernel versions, including denial-of-service, memory leaks, and potential arbitrary code execution. These flaws, reported by vuldb.com, generally require local access, but underscore ongoing challenges in OS security. System administrators should prepare for upcoming patches.

May 27, 2026

Technology
Technology

Three Critical Flaws Found in Linux Kernel

Security researchers have identified three new critical vulnerabilities in the Linux kernel, designated CVE-2026-45908, -45909, and -45910. These flaws, spanning use-after-free to memory leaks, affect several 6.x kernel branches, demanding prompt attention from system administrators and developers.

May 27, 2026

Ghost CMS Flaw Hijacks 700+ Sites for ClickFix Attacks
Technology

Ghost CMS Flaw Hijacks 700+ Sites for ClickFix Attacks

A critical SQL injection vulnerability, CVE-2026-26980, in the Ghost content management system has been actively exploited. Over 700 websites were hijacked, injecting ClickFix malware via fake CAPTCHA pages. Cybersecurity firm QiAnXin XLab identified the widespread attacks.

May 25, 2026

Technology
Technology

Three npm Packages Flagged Malicious: Developers Urged to Act

Multiple npm packages, including `async-pipeline-builder`, `node-setup-helpers`, and `workspace-config-loader`, were flagged as malicious on May 24, 2026. Security advisories warn that any system with these packages installed is fully compromised, requiring immediate credential rotation and system audits. This incident underscores ongoing software supply chain risks.

May 24, 2026

Employee Management System Hit by Trio of Critical Flaws
Technology

Employee Management System Hit by Trio of Critical Flaws

Three distinct security vulnerabilities, including SQL injection and cross-site scripting, have surfaced in code-projects Employee Management System 1.0. Disclosed simultaneously, these flaws pose a significant risk to organizations using the software, potentially exposing sensitive employee data and internal systems.

May 24, 2026

AI
AI

NousResearch's Hermes-Agent Hit by Two Remote Vulnerabilities

NousResearch's `hermes-agent` framework, up to version 2026.4.16, has two critical security flaws: a path traversal issue and a missing authorization vulnerability. Both are remotely exploitable, allowing attackers to potentially access sensitive data or execute unauthorized commands. Public exploits are reportedly available.

May 24, 2026

npm Tightens Security with 2FA Publishing Controls
Technology

npm Tightens Security with 2FA Publishing Controls

GitHub has rolled out new security features for npm, including 'staged publishing' that requires mandatory two-factor authentication (2FA) for package releases. These measures aim to significantly reduce the risk of software supply chain attacks by giving maintainers explicit control over when packages become publicly available and how they're installed.

May 23, 2026

Technology
Technology

QuantumNous API Flaw: Old Threat, New Target

A severe SQL injection vulnerability, CVE-2026-9305, has been discovered in QuantumNous' `new-api` up to version 0.12.1. This flaw, located in top-up functions, can be exploited remotely, potentially exposing sensitive user and financial data. An exploit is already public, urging immediate action.

May 23, 2026

AI
AI

Anthropic AI Finds 10,000+ Critical Software Flaws in Weeks

Anthropic's Project Glasswing, powered by its Claude Mythos AI, has uncovered over 10,000 high- or critical-severity vulnerabilities in widely used global software. This rapid discovery, made within a month of the initiative's launch, underscores AI's growing, if complex, role in cybersecurity.

May 23, 2026

Technology
Technology

Apache CXF's RCE Fix Needs Another Fix: CVE-2026-44417 Emerges

Apache CXF users face a new Remote Code Execution vulnerability, CVE-2026-44417, stemming from an incomplete patch for an earlier RCE flaw (CVE-2025-48913). If untrusted users can configure JMS, systems remain at risk. Immediate upgrades to recommended versions are advised.

May 22, 2026

Two Fronts: AI Models & Critical Chips Threaten Supply Chains
Technology

Two Fronts: AI Models & Critical Chips Threaten Supply Chains

Recent reports highlight a dual threat to tech supply chains: the unpredictable nature of third-party AI models and critical hardware dependencies, like South Korea's near-total reliance on foreign photonic chips for defense. These issues underscore a growing loss of control for companies and nations alike, demanding urgent attention.

May 20, 2026

Anthropic Withholds Cyber AI, Briefs Global Finance Regulators
AI

Anthropic Withholds Cyber AI, Briefs Global Finance Regulators

Anthropic has decided not to release its Claude Mythos AI model, designed to find cyber flaws, due to fears it could be misused by hackers. Instead, the company is briefing global financial authorities like the Financial Stability Board on its findings, highlighting AI's dual-use dilemma.

May 18, 2026

Anthropic's Mythos AI Exposes Cyber Flaws to Global Finance Watchdog
AI

Anthropic's Mythos AI Exposes Cyber Flaws to Global Finance Watchdog

Anthropic is set to brief the Financial Stability Board (FSB) about cyber vulnerabilities its AI model, Mythos, uncovered in the global financial system. This move, reported by the Financial Times, highlights AI's growing role in identifying systemic risks and the proactive approach of a major AI developer.

May 18, 2026

NK Hackers Use AI for Malware Against Seoul
AI

NK Hackers Use AI for Malware Against Seoul

North Korea-linked hackers are reportedly using artificial intelligence to develop sophisticated malware, specifically targeting South Korean government systems. This marks a significant shift, accelerating their attack capabilities and posing new challenges for cyber defense.

May 14, 2026

ChatGPT Doxes User With Old Personal Data
AI

ChatGPT Doxes User With Old Personal Data

ChatGPT revealed a user's outdated home address and phone number, sparking fresh concerns about AI's grasp of personal data and the blurry line between public and private information online. The incident highlights potential doxing risks as large language models continue to train on vast internet datasets.

May 14, 2026

Microsoft's MDASH AI System Tops Cyber Security Benchmark
AI

Microsoft's MDASH AI System Tops Cyber Security Benchmark

Microsoft's new multi-agent AI system, MDASH, significantly outperformed competitors like Anthropic's Mythos on a key cybersecurity benchmark. By deploying over 100 specialized AI agents, MDASH achieved an 88.45% score, signaling a potential shift in how AI tackles complex security vulnerabilities.

May 14, 2026

Technology
Technology

Maildrop Flaw Lets Attackers Fake Attachment Details

A public disclosure reveals Apple's Maildrop service allows manipulation of attachment filenames and sizes on `icloud.com` links. This vulnerability, reported in July 2023 and still active, creates a potent vector for highly convincing phishing attacks by masquerading malicious files as legitimate ones.

May 13, 2026

AI Cyberattacks Loom: Palo Alto Warns of New Norm
AI

AI Cyberattacks Loom: Palo Alto Warns of New Norm

Palo Alto Networks warns that AI-driven cyberattacks will become the standard within months, pushing cybersecurity teams to quickly adapt. The rise of sophisticated AI models is accelerating threats, demanding new defense strategies from organizations globally. This shift marks a critical escalation in the digital arms race.

May 13, 2026

Tokee App May Have Exposed 1.2 Million User Profiles
Technology

Tokee App May Have Exposed 1.2 Million User Profiles

The messaging app Tokee is facing scrutiny after security experts flagged a potential data leak affecting up to 1.2 million user profiles. This exposure, which could impact most of the app's userbase, raises serious privacy and security concerns for its users.

May 13, 2026

Tech Titans Face Union Push: Is Now the Moment for Devs?
Technology

Tech Titans Face Union Push: Is Now the Moment for Devs?

As economic uncertainty and AI's rise reshape the tech landscape, a growing number of developers at giants like Meta and Amazon are weighing the merits of unionizing. The argument: banding together now could offer crucial protection and influence before the industry's shifts solidify.

May 13, 2026

Malwarebytes VPN: Good Add-on, Not a Powerhouse
Technology

Malwarebytes VPN: Good Add-on, Not a Powerhouse

Malwarebytes Privacy VPN delivers solid performance and ease of use, making it a strong contender when bundled with other Malwarebytes security products. However, as a standalone option, it faces stiff competition, lacking some of the advanced features and audit transparency found in market leaders. Its value proposition shifts significantly depending on how you buy it.

May 13, 2026

Foxconn Hit by Ransomware, Supply Chain Implications Loom
Technology

Foxconn Hit by Ransomware, Supply Chain Implications Loom

Electronics manufacturing giant Foxconn is reportedly facing a ransomware attack, with hackers claiming a data breach and demanding payment. This incident could have ripple effects across the global tech supply chain, impacting major clients like Apple, Google, and Nvidia. Details remain scarce as Foxconn has not yet publicly commented.

May 13, 2026

Lawmakers Grill Instructure Over Canvas Student Data Breaches
Technology

Lawmakers Grill Instructure Over Canvas Student Data Breaches

U.S. House lawmakers are demanding answers from Instructure after its Canvas learning management system suffered two data breaches. Hackers stole extensive student information, raising serious concerns about education technology security and privacy.

May 13, 2026

Google, SpaceX Eye Orbital Data Centers Amid Security Push
Technology

Google, SpaceX Eye Orbital Data Centers Amid Security Push

Reports suggest Google and SpaceX are in talks to launch data centers into orbit, a move that could reshape AI infrastructure. Simultaneously, SEALSQ is positioning itself to provide post-quantum security for these futuristic space-based computing platforms, highlighting a critical emerging challenge.

May 13, 2026

Canvas Parent Paid Ransom After Global Student Data Breach
Technology

Canvas Parent Paid Ransom After Global Student Data Breach

Instructure, the company behind the widely used Canvas learning platform, has confirmed it paid a ransom to hackers who stole student data globally. The breach affected universities worldwide, including institutions across Australia, raising serious questions about data security in education.

May 13, 2026

Japan's Megabanks Adopt Anthropic AI for Cyber Defense
AI

Japan's Megabanks Adopt Anthropic AI for Cyber Defense

Japan's three largest banks — Mitsubishi UFJ, Sumitomo Mitsui, and Mizuho — are set to deploy Anthropic's new Claude Mythos AI model this month. They plan to use the advanced artificial intelligence primarily for strengthening their cybersecurity defenses against evolving threats.

May 13, 2026

AI Hacking Emerges as Key Threat in Global Concerns
AI

AI Hacking Emerges as Key Threat in Global Concerns

A brief mention of "AI hacking" in a recent *Naked Capitalism* link highlights a growing security concern. This isn't just about protecting AI systems, but also about the potential for AI to become a potent weapon in the hands of malicious actors. We're seeing the outlines of a new cybersecurity frontier.

May 13, 2026