Anthropic rolls out Claude Fable 5, but it's available for a limited time
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [.
Threat Intelligence Feed
Aggregating 4547 articles from trusted cybersecurity sources
LATEST CVEs
MED · CVE-2026-9754
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted is
HIGH · CVE-2026-9753
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed
MED · CVE-2026-9752
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSO
MED · CVE-2026-9751
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mon
MED · CVE-2026-9750
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfe
MED · CVE-2026-9749
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-ran
MED · CVE-2026-9748
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index st
MED · CVE-2026-9747
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.
MED · CVE-2026-9746
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which
MED · CVE-2026-9743
In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines
HIGH · CVE-2026-9742
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of th
MED · CVE-2026-9741
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side F
HIGH · CVE-2026-9740
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by
MED · CVE-2026-9735
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. W
MED · CVE-2026-46433
lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips
HIGH · CVE-2026-46374
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers
HIGH · CVE-2026-46373
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers
CVE-2026-44963
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
CVE-2026-10238
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MED · CVE-2026-47905
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu
MED · CVE-2026-47904
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu
MED · CVE-2026-47903
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v
MED · CVE-2026-47902
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu
HIGH · CVE-2026-34713
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu
HIGH · CVE-2026-34712
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v
HIGH · CVE-2026-34711
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparo
MED · CVE-2026-34657
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pa
MED · CVE-2026-34417
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbit
MED · CVE-2026-25860
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that al
CRIT · CVE-2026-48303
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerabil
HIGH · CVE-2026-48292
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i
HIGH · CVE-2026-48291
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i
MED · CVE-2026-47961
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that
HIGH · CVE-2026-47960
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference
HIGH · CVE-2026-47959
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabili
HIGH · CVE-2026-47955
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could
HIGH · CVE-2026-47952
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerabilit
CRIT · CVE-2026-47938
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF)
HIGH · CVE-2026-47937
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulne
MED · CVE-2026-47933
ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that c
Latest News
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
[..
Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs
Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Micr...
AI-driven computer worm demonstrates autonomous network exploitation
The AI worm, tested on an isolated 33-host network, demonstrated a significant ability to adapt and exploit.
Veeam releases security update for critical backup server vulnerability
The vulnerability, tracked as CVE-2026-44963, affects Veeam Backup & Replication (VBR) versions 12.3.
Rubrik enhances data security with AI agents and autonomous recovery
Rubrik introduced Rubrik AI, an agent-first interface for its Security Cloud and Agent Cloud, allowing customers to define business outcomes that the softwar...
Filigran launches AI orchestration layer for threat management
XTM One integrates Filigran's OpenCTI threat intelligence platform and OpenAEV exposure validation tool into a unified workflow, addressing the manual proces...
Tempo news website hit by massive DDoS cyberattack
Tempo's technology team reported that the cyberattack generated an unprecedented volume of bot-generated traffic, placing immense pressure on their infrastru...
CISA to reevaluate risk prioritization for critical infrastructure and federal agencies
CISA is set to release a binding operational directive for federal agencies, aiming to revise vulnerability management practices.
Iranian-linked hackers claim cyberattack on Israeli military, but evidence is weak
As reported by HackRead, an Iranian-linked hacker group named Handala claimed on Sunday, June 7, 2026, to have conducted significant cyberattacks against Isr...
Discord data breach claim filed with Maine AG raises red flags
The notice, submitted on June 8, 2026, presents several anomalies that suggest it may not be an officially verified incident.
Data Breaches
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the comp...
Cyber Insurance Explained: What CISOs MUST Know Before a Breach - WC #1
Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network
Chinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑lo...
Axios breach shows why software supply chains need zero trust
The axios breach shows trusted identities, not code flaws, now drive supply chain attacks.
Over 70% of organizations hit by identity breaches
Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Ide...
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-fin...
Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak
Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a publ...
OpenLoop Health confirms January 2026 Data breach affecting 716,000
In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confir...
South Staffordshire Water fined nearly $1.3 million over data breach
The cyberattack on South Staffordshire Water Plc was initiated through a phishing attempt that allowed attackers to install undetected malware for nearly two...
Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
Instructure reaches agreement with hackers after Canvas data breach
ShinyHunters claimed responsibility for stealing more than 3.6 terabytes of data by exploiting security vulnerabilities in Instructure's Free-for-Teacher env...