https://ift.tt/eJT9sDI been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.

The bigger problem is how polished this all looks now. Mule networks run like SaaS.

via The Hacker News https://ift.tt/BDSQPWM

https://ift.tt/lmzb0P3 thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work.

Today, that buffer is gone.

AI didn’t make your team slower. It changed the other side of the

via The Hacker News https://ift.tt/zYbnGRw

https://ift.tt/IXHsZGq high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.

The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.

“The ‘POST /

via The Hacker News https://ift.tt/iUFNEy2

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.

The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1).

“An

from The Hacker News https://ift.tt/X1vkFqN
https://ift.tt/tfax64j

https://ift.tt/dep9h10 June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers.

Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

via The Hacker News https://ift.tt/CVIUsv7

https://ift.tt/NHdmCyz on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads.

“Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement.

“We already use this data – like games you play

via The Hacker News https://ift.tt/U3VWBcp

https://ift.tt/G9FZAqi of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.

The preprint, posted to arXiv on

via The Hacker News https://ift.tt/SJ9ohEj

https://ift.tt/APlYska have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.

But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to

via The Hacker News https://ift.tt/QLCBMeR

https://ift.tt/5KLN7rO again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.

A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and

via The Hacker News https://ift.tt/2sfyYcR

https://ift.tt/fGv5ZUV has always been a numbers game. AI has turned it into a volume machine.

Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.

As the queue grows, a credential theft attempt or malware delivery can easily

via The Hacker News https://ift.tt/LiU8u4v