Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "...
Transportation
20 articles
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S.
Claude Mythos Preview Discovers 10,000+ 0-Days in Glasswing
Anthropic has published an update on Project Glasswing, its collaborative AI-powered vulnerability discovery initiative launched last month, revealing that C...
CISA to allow researchers to report vulnerabilities to exploited bugs catalog
The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vend...
Cisco warns of AI inaccuracies in security incident reports
Cisco's research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different ...
Kash Patel's merchandise site hacked to distribute malware
The attack on Based Apparel, reportedly an attempt to distribute infostealer malware designed to steal user credentials, was first brought to light by a user...
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 a...
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S.
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strat...
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
Google’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybers...
World Cup Phishing Surge: 203 Malicious IPs Detected
The scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat...
We hardened zizmor's GitHub Actions static analyzer
In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repos...
Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon D...
CISA’s new KEV nomination form opens reporting to vendors and researchers
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploi...
Megalodon Malware Rapidly Infects Over 5,500 GitHub Repositories
A newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of op...
Downtime has become a $600 billion business problem
The average cost of downtime has reached $600 billion for the Global 2000, a 50% increase in two years. According to Splunk’s The Hidden Costs of Downtime re...
Authorities Take Down “First VPN” Service Used in Ransomware Attacks
Authorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal grou...
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access...
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This a...