AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside ...
General
20 articles
Senator introduces bill to restore cybersecurity funding for state and local governments
The proposed "Guaranteeing Universal Access to Cybersecurity Act" seeks to authorize $50 million annually for the MS-ISAC, which is operated by the Center fo...
New China-linked threat cluster OP-512 targets Microsoft IIS servers
OP-512 deploys a custom web shell framework consisting of three distinct web shells, designed to provide attackers with remote access while evading detection.
California man sentenced to over 26 years for dark web drug trafficking
Darren Hughes, 39, of San Jose, was convicted in November 2025 on drug trafficking charges.
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [.
Anthropic deploys engineers to NSA to aid Mythos use
The deployment of Anthropic engineers to the NSA is intended to help the agency integrate and utilize the Mythos AI model for specific applications.
Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure
Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S.
Dark web Nemesis Market vendor gets 26 years for selling drugs
A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world'...
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes i...
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a messa...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified Permissions
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental...
Why AI Agents Need an Identity Model, Not Just an API Key
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific condi...
Why writing software has become dangerous today
There’s just more code than ever and developers can’t verify everything – we need to make all that code understandable.
Commvault offers recommendations for resilience in the age of frontier AI
Frontier AI models, while powerful for identifying vulnerabilities, also present new risks from bad actors, accelerating exploitation timelines to mere minutes.
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure ...
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away
When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident ...
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitali...
Your AI bill is out of control. Cloudflare can fix it now.
AI Gateway now features real-time spend limits to prevent runaway token bills across multiple AI providers. By integrating with Cloudflare Access, companies ...