#vulnerabilities

[ follow ]
#cybersecurity #ai #ai-security #project-glasswing #cisa #security #anthropic #remote-code-execution #microsoft
Artificial intelligence
fromThe Verge
1 week ago

Researchers gaslit Claude into giving instructions to build explosives

Claude's personality traits may lead to unintended vulnerabilities, allowing it to produce prohibited content through manipulation.
Information security
fromSecurityWeek
1 week ago

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Apache released patches for critical vulnerabilities in HTTP Server and MINA, addressing remote code execution risks and denial-of-service conditions.
#cybersecurity
Information security
fromThe Hacker News
2 weeks ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromSecurityWeek
2 weeks ago

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.
Information security
fromSecurityWeek
1 week ago

MetInfo, Weaver E-cology Vulnerabilities in Attackers' Crosshairs

Threat actors exploit critical vulnerabilities in MetInfo and Weaver E-cology for remote code execution without authentication.
Information security
fromThe Hacker News
1 week ago

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.
Information security
fromThe Hacker News
2 weeks ago

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two vulnerabilities to its KEV catalog due to active exploitation, impacting ConnectWise ScreenConnect and Microsoft Windows.
Information security
fromThe Hacker News
2 weeks ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromSecurityWeek
2 weeks ago

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.
more#cybersecurity
#ai
fromInfoWorld
2 weeks ago
Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

Information security
fromComputerworld
2 weeks ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
EU data protection
fromTNW | Eu
1 week ago

Why the EU is now demanding access to Anthropic's Mythos

Anthropic's Mythos AI model can identify zero-day vulnerabilities, raising geopolitical concerns and prompting discussions among European finance ministers.
Information security
fromInfoWorld
2 weeks ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
Information security
fromComputerworld
2 weeks ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
more#ai
#chrome
Information security
fromTechRepublic
1 week ago

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

Google patched 30 Chrome vulnerabilities, including four Critical flaws, requiring users to update their browsers for enhanced security.
Information security
fromSecurityWeek
2 weeks ago

Chrome 147, Firefox 150 Security Updates Rolling Out

Google and Mozilla released security updates for Chrome and Firefox, addressing multiple memory safety vulnerabilities and critical flaws.
Information security
fromTechRepublic
1 week ago

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

Google patched 30 Chrome vulnerabilities, including four Critical flaws, requiring users to update their browsers for enhanced security.
Information security
fromSecurityWeek
2 weeks ago

Chrome 147, Firefox 150 Security Updates Rolling Out

Google and Mozilla released security updates for Chrome and Firefox, addressing multiple memory safety vulnerabilities and critical flaws.
more#chrome
#iot-security
Information security
fromTheregister
2 weeks ago

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.
Information security
fromThe Hacker News
3 weeks ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.
Information security
fromTheregister
2 weeks ago

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.
Information security
fromThe Hacker News
3 weeks ago

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.
more#iot-security
fromSecurityWeek
2 weeks ago

38 Vulnerabilities Found in OpenEMR Medical Software

"In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server."
Healthcare
Information security
fromSecurityWeek
2 weeks ago

The Mythos Moment: Enterprises Must Fight Agents with Agents

Agentic AI poses significant cyber risks by autonomously identifying and exploiting software vulnerabilities, necessitating advanced defensive measures.
Information security
fromFortune
2 weeks ago

Ten years after Ethereum's DAO disaster, it's time to try again | Fortune

The DAO Moratorium warned of critical vulnerabilities in Ethereum's DAO, exposing nearly $200 million to hackers.
Information security
fromSecurityWeek
2 weeks ago

Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Electric motorcycles from Zero Motorcycles and scooters from Yadea have vulnerabilities that could impact physical security and safety.
Software development
fromArs Technica
2 weeks ago

Open source package with 1 million monthly downloads stole user credentials

Developers must uninstall version 0.23.3 of elementary-data due to security vulnerabilities and follow specific remediation steps.
Washington DC
fromwww.theguardian.com
2 weeks ago

White House Correspondents' Dinner suspect to be charged as Trump prepares to welcome king US politics live

A meeting will assess Secret Service protocols after vulnerabilities were exposed during an attack on Donald Trump.
#ai-security
fromFortune
2 weeks ago
Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

Artificial intelligence
fromTechRepublic
3 weeks ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
Information security
fromFortune
2 weeks ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.
Information security
fromTheregister
2 weeks ago

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.
Information security
fromSecuritymagazine
3 weeks ago

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.
Artificial intelligence
fromTechRepublic
3 weeks ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
more#ai-security
fromSecurityWeek
2 weeks ago

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.
Information security
#nist
Information security
fromSecuritymagazine
2 weeks ago

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.
Information security
fromTechzine Global
3 weeks ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
Information security
fromSecuritymagazine
2 weeks ago

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.
Information security
fromTechzine Global
3 weeks ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
more#nist
fromTNW | Anthropic
2 weeks ago
Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.
Information security
fromComputerWeekly.com
3 weeks ago

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.
Information security
fromSecurityWeek
3 weeks ago

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.
#openclaw
more#openclaw
Information security
fromSecurityWeek
3 weeks ago

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.
#cisa
Information security
fromSecurityWeek
3 weeks ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.
Information security
fromSecurityWeek
4 weeks ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
Information security
fromSecurityWeek
3 weeks ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.
Information security
fromSecurityWeek
4 weeks ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
more#cisa
Information security
fromThe Hacker News
3 weeks ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromSecurityWeek
3 weeks ago

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.
#microsoft
Information security
fromSecurityWeek
4 weeks ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Information security
fromSecurityWeek
3 weeks ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromTechRepublic
3 weeks ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
Information security
fromSecurityWeek
4 weeks ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
Information security
fromSecurityWeek
3 weeks ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Software development
fromTheregister
3 weeks ago

Anthropic's Project Glasswing CVE count is still guesswork

Anthropic's Mythos model is under testing by select companies to identify security vulnerabilities, but actual findings remain uncertain.
#fortinet
Information security
fromTheregister
3 weeks ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
Information security
fromTheregister
3 weeks ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
more#fortinet
Information security
fromSecurityWeek
4 weeks ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Information security
fromSecurityWeek
4 weeks ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromThe Hacker News
4 weeks ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
Information security
fromTechzine Global
4 weeks ago

Anthropic's Mythos preview: why the human layer matters more, not less

Anthropic's Mythos Preview autonomously discovers and exploits high-severity vulnerabilities, achieving a 72.4% success rate in exploit chaining.
Information security
fromSecurityWeek
1 month ago

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks released patches for multiple vulnerabilities, including severe flaws that could lead to privilege escalation and remote device takeover.
Information security
fromSecurityWeek
1 month ago

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

Google released Chrome 147, fixing 60 vulnerabilities, including two critical ones affecting WebML, with significant bug bounties awarded to researchers.
Software development
fromDevOps.com
1 month ago

Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications - DevOps.com

Appknox introduces AI to assess mobile app vulnerabilities and recommend fixes, enhancing the patching process for software engineering teams.
Information security
fromSecurityWeek
1 month ago

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.
Information security
fromThe Hacker News
1 month ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
[ Load more ]