Vulnerabilities
Mythos 5 Restricted by US Government for Being Too Dangerous
For those of you who have been questioning the power and impact of Mythos, claiming the initial restricted use (Project Glasswing) was just a marketing ploy, I urge you to reconsider and ...
Survey: Organizations Take Too Long to Fix Application Vulnerabilities
A global survey of 902 IT and security professionals finds 80% of respondents work for organizations that have been impacted by an application security incident in the last 12 months, with 36% ...
HackerOne Unveils Agentic AI Platform to Discover and Validate Vulnerabilities Faster
HackerOne has launched a platform that expands the use of artificial intelligence (AI) agents to identify threats and prioritize remediation efforts based on how exploitable a vulnerability actually is and the level ...
Google Patches 429 Chrome Vulnerabilities in Major Browser Update
Google has patched 429 vulnerabilities in its Chrome browser, an unusually large update for a stable Chrome release. Chrome 149 was released with fixes for security flaws affecting the browser’s rendering, graphics, ...
Vulnerability Disclosure in the Age of AI
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI ...
Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99 ...
Cogent: AI Exploit Developer Threats Outpace Scanner Detection On Critical Vulnerabilities
AI-native cybersecurity firm Cogent reveals that AI-assisted exploit development has collapsed vulnerability-to-weaponization timelines from 125 days to 12 hours, rendering traditional scanner-based detection cycles obsolete ...
Three CVEs and the May 2026 Exploit Chain Nobody’s Taking Seriously
May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a reliable, race-free, ...
How Dangerous Is Anthropic’s Mythos AI?
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to ...
Copy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a ...
