https://ift.tt/1p0OfMV the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was

via The Hacker News https://ift.tt/ZECUSI9

https://ift.tt/ZnkbW5e got stupid again.

The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.

Read the whole thing before it ruins your week anyway.

Unauthenticated

via The Hacker News https://ift.tt/KL1wVCM

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity.

Symantec and Carbon Black’s Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab:

from The Hacker News https://ift.tt/LCRImj3
https://ift.tt/EP1sdpy

https://ift.tt/GhU5CXl has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.
Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.

via The Hacker News https://ift.tt/cGQAPyB

https://ift.tt/rtC1dKi the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does.

That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit

via The Hacker News https://ift.tt/0H2IdG7

https://ift.tt/ARnJZBy exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days.

The industry’s

via The Hacker News https://ift.tt/gASTEwj

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm.

“This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential

from The Hacker News https://ift.tt/kt45CwY

Monday hit like a cron job with anger issues.

A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought ‘curl | sh’ had a personality.

The vibe is simple: old

via The Hacker News https://ift.tt/fakAgvS