Topic
Cybersecurity
Cybersecurity coverage that assumes you can read CVSS scores and don't need 'what is ransomware' explained. We report the vulnerabilities and incidents that change how teams ship software the following Monday.
50 stories
Critical Flaws Emerge in Google Chrome's V8, ANGLE, and XML
Google Chrome faces three new critical vulnerabilities, CVE-2026-9966, -9968, and -9969, affecting versions up to 148.0.7778.179. These flaws in the V8, ANGLE, and XML components could allow attackers to manipulate browser behavior, emphasizing the urgent need for prompt updates.
May 29, 2026
Anthropic Ships Opus 4.8, Teases Security-Focused Mythos
Anthropic rolled out Claude Opus 4.8 today, an upgraded model offering a faster mode at the same price. The AI lab also announced its more powerful, cybersecurity-focused Claude Mythos model will arrive for customers in the coming weeks, signaling a strategic dual release.
May 28, 2026
Multiple Critical Flaws Found in Recent Linux Kernels
Security researchers have flagged three critical vulnerabilities in recent Linux kernel versions, including denial-of-service, memory leaks, and potential arbitrary code execution. These flaws, reported by vuldb.com, generally require local access, but underscore ongoing challenges in OS security. System administrators should prepare for upcoming patches.
May 27, 2026
Three Critical Flaws Found in Linux Kernel
Security researchers have identified three new critical vulnerabilities in the Linux kernel, designated CVE-2026-45908, -45909, and -45910. These flaws, spanning use-after-free to memory leaks, affect several 6.x kernel branches, demanding prompt attention from system administrators and developers.
May 27, 2026
Ghost CMS Flaw Hijacks 700+ Sites for ClickFix Attacks
A critical SQL injection vulnerability, CVE-2026-26980, in the Ghost content management system has been actively exploited. Over 700 websites were hijacked, injecting ClickFix malware via fake CAPTCHA pages. Cybersecurity firm QiAnXin XLab identified the widespread attacks.
May 25, 2026
Three npm Packages Flagged Malicious: Developers Urged to Act
Multiple npm packages, including `async-pipeline-builder`, `node-setup-helpers`, and `workspace-config-loader`, were flagged as malicious on May 24, 2026. Security advisories warn that any system with these packages installed is fully compromised, requiring immediate credential rotation and system audits. This incident underscores ongoing software supply chain risks.
May 24, 2026
Employee Management System Hit by Trio of Critical Flaws
Three distinct security vulnerabilities, including SQL injection and cross-site scripting, have surfaced in code-projects Employee Management System 1.0. Disclosed simultaneously, these flaws pose a significant risk to organizations using the software, potentially exposing sensitive employee data and internal systems.
May 24, 2026
NousResearch's Hermes-Agent Hit by Two Remote Vulnerabilities
NousResearch's `hermes-agent` framework, up to version 2026.4.16, has two critical security flaws: a path traversal issue and a missing authorization vulnerability. Both are remotely exploitable, allowing attackers to potentially access sensitive data or execute unauthorized commands. Public exploits are reportedly available.
May 24, 2026
npm Tightens Security with 2FA Publishing Controls
GitHub has rolled out new security features for npm, including 'staged publishing' that requires mandatory two-factor authentication (2FA) for package releases. These measures aim to significantly reduce the risk of software supply chain attacks by giving maintainers explicit control over when packages become publicly available and how they're installed.
May 23, 2026
QuantumNous API Flaw: Old Threat, New Target
A severe SQL injection vulnerability, CVE-2026-9305, has been discovered in QuantumNous' `new-api` up to version 0.12.1. This flaw, located in top-up functions, can be exploited remotely, potentially exposing sensitive user and financial data. An exploit is already public, urging immediate action.
May 23, 2026
Anthropic AI Finds 10,000+ Critical Software Flaws in Weeks
Anthropic's Project Glasswing, powered by its Claude Mythos AI, has uncovered over 10,000 high- or critical-severity vulnerabilities in widely used global software. This rapid discovery, made within a month of the initiative's launch, underscores AI's growing, if complex, role in cybersecurity.
May 23, 2026
Apache CXF's RCE Fix Needs Another Fix: CVE-2026-44417 Emerges
Apache CXF users face a new Remote Code Execution vulnerability, CVE-2026-44417, stemming from an incomplete patch for an earlier RCE flaw (CVE-2025-48913). If untrusted users can configure JMS, systems remain at risk. Immediate upgrades to recommended versions are advised.
May 22, 2026
Two Fronts: AI Models & Critical Chips Threaten Supply Chains
Recent reports highlight a dual threat to tech supply chains: the unpredictable nature of third-party AI models and critical hardware dependencies, like South Korea's near-total reliance on foreign photonic chips for defense. These issues underscore a growing loss of control for companies and nations alike, demanding urgent attention.
May 20, 2026
Anthropic Withholds Cyber AI, Briefs Global Finance Regulators
Anthropic has decided not to release its Claude Mythos AI model, designed to find cyber flaws, due to fears it could be misused by hackers. Instead, the company is briefing global financial authorities like the Financial Stability Board on its findings, highlighting AI's dual-use dilemma.
May 18, 2026
Anthropic's Mythos AI Exposes Cyber Flaws to Global Finance Watchdog
Anthropic is set to brief the Financial Stability Board (FSB) about cyber vulnerabilities its AI model, Mythos, uncovered in the global financial system. This move, reported by the Financial Times, highlights AI's growing role in identifying systemic risks and the proactive approach of a major AI developer.
May 18, 2026
NK Hackers Use AI for Malware Against Seoul
North Korea-linked hackers are reportedly using artificial intelligence to develop sophisticated malware, specifically targeting South Korean government systems. This marks a significant shift, accelerating their attack capabilities and posing new challenges for cyber defense.
May 14, 2026
ChatGPT Doxes User With Old Personal Data
ChatGPT revealed a user's outdated home address and phone number, sparking fresh concerns about AI's grasp of personal data and the blurry line between public and private information online. The incident highlights potential doxing risks as large language models continue to train on vast internet datasets.
May 14, 2026
Microsoft's MDASH AI System Tops Cyber Security Benchmark
Microsoft's new multi-agent AI system, MDASH, significantly outperformed competitors like Anthropic's Mythos on a key cybersecurity benchmark. By deploying over 100 specialized AI agents, MDASH achieved an 88.45% score, signaling a potential shift in how AI tackles complex security vulnerabilities.
May 14, 2026
Maildrop Flaw Lets Attackers Fake Attachment Details
A public disclosure reveals Apple's Maildrop service allows manipulation of attachment filenames and sizes on `icloud.com` links. This vulnerability, reported in July 2023 and still active, creates a potent vector for highly convincing phishing attacks by masquerading malicious files as legitimate ones.
May 13, 2026
AI Cyberattacks Loom: Palo Alto Warns of New Norm
Palo Alto Networks warns that AI-driven cyberattacks will become the standard within months, pushing cybersecurity teams to quickly adapt. The rise of sophisticated AI models is accelerating threats, demanding new defense strategies from organizations globally. This shift marks a critical escalation in the digital arms race.
May 13, 2026
Tokee App May Have Exposed 1.2 Million User Profiles
The messaging app Tokee is facing scrutiny after security experts flagged a potential data leak affecting up to 1.2 million user profiles. This exposure, which could impact most of the app's userbase, raises serious privacy and security concerns for its users.
May 13, 2026
Tech Titans Face Union Push: Is Now the Moment for Devs?
As economic uncertainty and AI's rise reshape the tech landscape, a growing number of developers at giants like Meta and Amazon are weighing the merits of unionizing. The argument: banding together now could offer crucial protection and influence before the industry's shifts solidify.
May 13, 2026
Malwarebytes VPN: Good Add-on, Not a Powerhouse
Malwarebytes Privacy VPN delivers solid performance and ease of use, making it a strong contender when bundled with other Malwarebytes security products. However, as a standalone option, it faces stiff competition, lacking some of the advanced features and audit transparency found in market leaders. Its value proposition shifts significantly depending on how you buy it.
May 13, 2026
Foxconn Hit by Ransomware, Supply Chain Implications Loom
Electronics manufacturing giant Foxconn is reportedly facing a ransomware attack, with hackers claiming a data breach and demanding payment. This incident could have ripple effects across the global tech supply chain, impacting major clients like Apple, Google, and Nvidia. Details remain scarce as Foxconn has not yet publicly commented.
May 13, 2026
Lawmakers Grill Instructure Over Canvas Student Data Breaches
U.S. House lawmakers are demanding answers from Instructure after its Canvas learning management system suffered two data breaches. Hackers stole extensive student information, raising serious concerns about education technology security and privacy.
May 13, 2026
Google, SpaceX Eye Orbital Data Centers Amid Security Push
Reports suggest Google and SpaceX are in talks to launch data centers into orbit, a move that could reshape AI infrastructure. Simultaneously, SEALSQ is positioning itself to provide post-quantum security for these futuristic space-based computing platforms, highlighting a critical emerging challenge.
May 13, 2026
Canvas Parent Paid Ransom After Global Student Data Breach
Instructure, the company behind the widely used Canvas learning platform, has confirmed it paid a ransom to hackers who stole student data globally. The breach affected universities worldwide, including institutions across Australia, raising serious questions about data security in education.
May 13, 2026
Japan's Megabanks Adopt Anthropic AI for Cyber Defense
Japan's three largest banks — Mitsubishi UFJ, Sumitomo Mitsui, and Mizuho — are set to deploy Anthropic's new Claude Mythos AI model this month. They plan to use the advanced artificial intelligence primarily for strengthening their cybersecurity defenses against evolving threats.
May 13, 2026
AI Hacking Emerges as Key Threat in Global Concerns
A brief mention of "AI hacking" in a recent *Naked Capitalism* link highlights a growing security concern. This isn't just about protecting AI systems, but also about the potential for AI to become a potent weapon in the hands of malicious actors. We're seeing the outlines of a new cybersecurity frontier.
May 13, 2026
AI Hacking: The Next Frontier in Cyber Conflict
Concerns over "AI hacking" are growing, signaling a new era of cybersecurity challenges. This dual threat involves both attacking AI systems and using AI for sophisticated cyberattacks, pushing the boundaries of digital defense and raising stakes across industries.
May 13, 2026
AI Hacking Emerges in 2026 News Digest, Details Scarce
A May 12, 2026 Naked Capitalism digest briefly noted "AI hacking" among a list of pressing global issues. While details remain undisclosed, its inclusion signals a growing concern about AI security beyond niche tech circles. The terse mention sparks questions about the nature and scale of these incidents.
May 12, 2026
AI Hacking Emerges as Global Threat in Turbulent 2026
Daily links from Naked Capitalism on May 12, 2026, flagged 'AI hacking' amidst a landscape of global instability. This brief mention underscores growing concerns about the security of artificial intelligence systems. We're seeing how vulnerabilities could impact everything from supply chains to national security.
May 12, 2026
Google: AI Now Crafting Zero-Day Exploits for Hackers
Google's security teams recently thwarted a mass cyberattack where hackers reportedly used AI to develop a novel zero-day exploit. This incident marks a significant escalation, confirming long-held fears that malicious actors would weaponize AI to create entirely new software vulnerabilities.
May 12, 2026
AI Hacking Emerges: A New Cybersecurity Frontier
A brief mention of "AI hacking" in a recent news digest signals the growing concern around artificial intelligence as both a target and a tool for malicious actors. This development points to a significant shift in the cybersecurity landscape, demanding new defenses and strategies. We're seeing the dawn of an AI-powered arms race.
May 12, 2026
npm Attack Hits Mistral AI, TanStack; Dev Credentials at Risk
Hundreds of npm packages, including the Mistral AI SDK and TanStack Router, have been compromised in a new software supply chain attack. This incident threatens to expose enterprise credentials from developers' machines, underscoring the ongoing challenge of securing open-source ecosystems.
May 12, 2026
Mac Users Hit by Fake Claude AI Ads Pushing Malware
Scammers are using Google Ads to promote fake Claude AI support pages, tricking Mac users into downloading malicious software. This tactic exploits the popularity of AI tools and Google's ad platform to spread malware, highlighting an ongoing security challenge.
May 12, 2026
Denver Airport Breach Raises Alarms After Suicide on Runway
A 41-year-old man died by suicide after scaling a fence and walking onto a Denver International Airport runway, where he was struck by a plane. The incident, which authorities say was an intentional act, highlights significant gaps in perimeter security that initially went unnoticed by airport personnel.
May 12, 2026
AI Hacking: A New Cyber Battlefront Emerges
A terse mention of "AI hacking" in a recent news digest from Naked Capitalism serves as a stark reminder of our rapidly evolving digital threats. While short on specifics, it signals a growing concern among technologists about artificial intelligence's dual role in cybersecurity. This brief note points to the urgent need for a deeper look into AI's vulnerabilities and its potential as a weapon.
May 12, 2026
Ukrainian Sea Drone Found in Greece Raises Alarm
A Ukrainian-built military sea drone was discovered on a Greek island last week, prompting Greece's defense minister to label the incident "extremely serious." The unpiloted vessel's presence in NATO territory, far from the conflict in the Black Sea, highlights growing concerns about maritime security and the uncontrolled spread of military technology from the war zone.
May 12, 2026
Forza Horizon 6 Leak Triggers Extreme Dev Bans
Playground Games is cracking down hard on a leaked build of Forza Horizon 6, warning players that accessing the early, unencrypted version could lead to permanent hardware and franchise-wide bans. The studio confirmed the leak wasn't a pre-load error, suggesting an insider source.
May 12, 2026
OpenClaw AI Blocks Self-Data Leak Attempt, Surprising Experts
A cybersecurity researcher's weekend experiment to trick the OpenClaw AI into leaking their own personal data was swiftly thwarted, highlighting unexpectedly strong data protection measures. This incident points to significant advancements in AI security and prompt filtering, setting a new benchmark for large language models.
May 12, 2026
Iran Eyes AI for UK Attacks Amid Mideast Tensions
Middle East tensions are escalating, with new reports suggesting Iran could deploy artificial intelligence in future attacks targeting the UK. This represents a significant shift in the nature of potential state-sponsored aggression, moving beyond traditional cyber warfare tactics and raising alarms about the future of digital conflict.
May 12, 2026
Canvas Hackers Paid: Student Data Deleted, Trust Tested
Instructure, the company behind the widely used Canvas learning platform, has reportedly paid hackers to delete student data stolen in a recent breach. The agreement aims to prevent the widespread leak of sensitive academic information impacting thousands of colleges and universities. This incident raises serious questions about data security in education and the ethics of paying cybercriminals.
May 12, 2026
Chevin's FleetWave Confirms Customer Data Breach
Fleet management software provider Chevin has confirmed that attackers accessed customer data, including payroll numbers and operational details, following a recent system outage. This disclosure comes a month after the company brought its FleetWave platform back online, raising concerns about data security for SaaS users.
May 12, 2026
Google: North Korean Hackers Used AI to Bypass 2FA
Google recently disrupted a hacking operation where state-sponsored actors, including those from North Korea, employed artificial intelligence to find and exploit digital weak points. The specific attack involved bypassing two-factor authentication, highlighting an escalating threat from AI-powered cyber warfare.
May 12, 2026
OpenAI Launches Daybreak, Enters AI Cybersecurity Arms Race
OpenAI has unveiled Daybreak, a new cybersecurity initiative powered by its GPT-5.5 and Codex Security models. This move, coming just weeks after Anthropic's alarming Claude Mythos, positions Daybreak as a direct counter-measure to the escalating threat of AI-driven cyberattacks. The aim is to equip 'defenders' with frontier AI tools.
May 12, 2026
Singapore Bolsters Cyber Defenses with New Command
Singapore is consolidating its fight against online crime and scams by launching a new Cyber Command in July 2026. This move will bring together diverse expertise, expand its operational force, and deploy advanced technology to counter increasingly sophisticated digital threats.
May 12, 2026
OpenAI's Daybreak Enters AI Security Fray
OpenAI has launched Daybreak, its new AI security package, marking a direct challenge to Anthropic's Claude Mythos. This move highlights the growing competition and critical need for robust security solutions as AI models become more integrated into business operations.
May 11, 2026
API Keys: Kamal 2 Offers a Fix, Devs Still Risk It
Kamal 2, a deployment tool for Rails applications, introduced `kamal env` to encrypt API keys and other sensitive data, tackling a persistent security flaw. This feature aims to prevent costly breaches and account compromises, yet developers frequently make mistakes by hardcoding or committing credentials directly to repositories. The ongoing challenge highlights the need for robust secret management and better developer habits.
May 11, 2026
Google: AI-Powered Zero-Day Exploits Are Here
Google announced it found the first definitive evidence of hackers using AI to discover and exploit a zero-day vulnerability. This marks a significant and long-feared turning point in cybersecurity, pushing the theoretical threat of AI-driven attacks into reality. The company warns this development makes the digital world more dangerous.
May 11, 2026