Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

Sysdig finds evidence of Contagious Interview actors abusing React2Shell. [...]

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

During Operation Lunar Peek in November 2024, attackers gained unauthenticated remote admin access — and eventual root — across more than 13,000 exposed Palo Alto Networks management interfaces. P [...]

Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

A 27-year-old bug sat inside OpenBSD’s TCP stack while auditors reviewed the code, fuzzers ran against it, and the operating system earned its reputation as one of the most security-hardened platfor [...]

Anthropic says DeepSeek, Moonshot, and MiniMax used 24,000 fake accounts to rip off Claude

Anthropic dropped a bombshell on the artificial intelligence industry Monday, publicly accusing three prominent Chinese AI laboratories — DeepSeek, Moonshot AI, and MiniMax — of orchestrating coor [...]

Flaw in 17 Google Fast Pair audio devices could let hackers eavesdrop

Now would be a good time to update all your Bluetooth audio devices. On Thursday, Wired reported on a security flaw in 17 headphone and speaker models that could allow hackers to access your devices, [...]

Anthropic says its most powerful AI cyber model is too dangerous to release publicly — so it built Project Glasswing

Anthropic on Tuesday announced Project Glasswing, a sweeping cybersecurity initiative that pairs an unreleased frontier AI model — Claude Mythos Preview — with a coalition of twelve major technolo [...]

SEC lawsuit claims Musk gained over $150 million by delaying Twitter stake disclosure

After a more than two-year investigation, the Securities and Exchange Commission has sued Elon Musk over his delayed disclosure of the Twitter stock he amassed before announcing his intention to acqui [...]

Hackers are exploiting a critical RCE Flaw in a popular FTP server — here's what you need to know

Attackers are exploiting a critical Wing FTP flaw which allows remote system access, although all attempts have failed so far. [...]