AI-driven computer worm demonstrates autonomous network exploitation
The AI worm, tested on an isolated 33-host network, demonstrated a significant ability to adapt and exploit.
Vulnerability Disclosure
20 articles
CISA to reevaluate risk prioritization for critical infrastructure and federal agencies
CISA is set to release a binding operational directive for federal agencies, aiming to revise vulnerability management practices.
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of f...
OpenSSL Patches High-Severity Vulnerability Found With AI
A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patch...
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model perfo...
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours Wi...
Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Cat...
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domai...
Microsoft Defender Adds Monitoring for RPC Protocol Abuse in Cyberattacks
Microsoft has introduced enhanced monitoring capabilities in Microsoft Defender for Endpoint to detect and disrupt cyberattacks that abuse the Remote Procedu...
Schneider Electric EcoStruxure Panel Server
View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance,...
Schneider Electric Modicon Network Managed Switches
View CSAF Summary Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Ma...
Will AI Kill the Bug Bounty Industry?
Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a futur...
Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no long...
Defend against frontier cyber models: Cloudflare's architecture as customer zero
In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk...
Top 10 Best Software Composition Analysis (SCA) Services 2026
In 2026, the foundation of nearly every modern application is built on open-source components. While this accelerates development and fosters innovation, it ...
Meet Hades: The malware that lies to AI security agents
Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign i...
Hackers Exploit ChatGPT, Claude, DeepSeek Brands in Credential Phishing Attacks
Threat actors are increasingly weaponizing the global fascination with large language models and generative AI by impersonating major AI brands ChatGPT, Anth...
Apache HTTP Server 2.4.68 Patches Multiple Security Vulnerabilities
Apache has released HTTP Server version 2.4.
Critical Zcash Vulnerability Found and Fixed
If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash O...