Tag: cyber
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Nexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet Push
A newly discovered Mirai malware variant named Nexcorium is actively targeting unpatched Internet of Things (IoT) devices. According to recent threat research from FortiGuard Labs, attackers are exploiting a severe vulnerability in TBK DVR systems to build a massive botnet capable of launching destructive distributed denial-of-service (DDoS) attacks. The campaign primarily focuses on CVE-2024-3721, a…
-
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to…
-
Finance Chiefs Warn New AI Models May Rattle Global Banking
Officials Warned New Models Could Accelerate Cyber Risks Faster Than Rules. Global finance officials meeting in Washington warned that advanced artificial intelligence models could expose structural weaknesses across banking and payment systems, speeding vulnerability discovery and cyber exploitation faster than regulators can build guardrails. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/finance-chiefs-warn-new-ai-models-may-rattle-global-banking-a-31457
-
Healthcare Cyber Research Programs Escape Budget Knife
UPGRADE and DigiSeals Programs at ARPA-H Remain Fully Funded. A U.S. federal grant effort to develop autonomous medical device patching platforms for hospitals evaded the budget-cutting knife of the Trump administration. Program boosters hope to automate cyber defenses so that hospitals of any size can more quickly patch vulnerabilities. First seen on govinfosecurity.com Jump to…
-
Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence
Grinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a threat actor stole $13.7 million in a cyber attack that the company attributes to Western intelligence agencies. The stolen funds belonged to Russian users, as the…
-
How NIST’s Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST’s decision to cut back on CVE data enrichment. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nist-cutbacks-nvd-handling-impacts-cyber-teams
-
The Wall Around Claude 4.7 Does Not Extend to Dread
<div cla Anthropic released Claude Opus 4.7 on April 16, 2026 with automated cybersecurity safeguards and a Cyber Verification Program. Dark web intelligence from the same week, a cross-vendor prompt injection disclosure published the same morning, and the unanswered policy question of who decides which defenders deserve access to frontier AI all point to the…
-
The Wall Around Claude 4.7 Does Not Extend to Dread
<div cla Anthropic released Claude Opus 4.7 on April 16, 2026 with automated cybersecurity safeguards and a Cyber Verification Program. Dark web intelligence from the same week, a cross-vendor prompt injection disclosure published the same morning, and the unanswered policy question of who decides which defenders deserve access to frontier AI all point to the…
-
When Geopolitics Writes Your Compliance Roadmap
Cyber policy has always lagged cyber reality. Regulations arrive after breaches, frameworks emerge after failures, and accountability structures materialize long after the damage lands on someone else’s balance sheet. NCC Group’s fifth edition of its Global Cyber Policy Radar suggests that cycle is finally breaking, not because governments have gotten smarter, but because the.. First…
-
Bank cyber teams on red alert as Anthropic promises them Mythos next week
Artificial intelligence supplier promises UK banks opportunity to review AI model, which has already revealed thousands of security flaws First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641763/Bank-cyber-teams-on-red-alert-as-Anthropic-promises-them-Mythos-next-week
-
New IBM Security Services Aim to Counter Risks of Frontier AI Models
IBM Consulting is using AI agents in its new services to help organizations protect themselves against the growing security threats advanced AI foundation models like Anthropic’s Mythos Preview and OpenAI’s GPT-5.4-Cyber pose. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/new-ibm-security-services-aim-to-counter-risks-of-frontier-ai-models/
-
New IBM Security Services Aim to Counter Security Risks of AI Frontier Models
IBM Consulting is using AI agents in its new services to help organizations protect themselves against the growing security threats advanced AI foundation models like Anthropic’s Mythos Preview and OpenAI’s GPT-5.4-Cyber pose. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/new-ibm-security-services-aim-to-counter-security-risks-of-ai-frontier-models/
-
Taten statt Tools: Warum Cyber-Resilienz meist an der Umsetzung scheitert
Die zentrale Frage für Organisationen lautet nicht, welche neuen Tools man noch benötigt, sondern ob man diejenigen beherrscht, die man schon hat. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/taten-statt-tools-warum-cyber-resilienz-meist-an-der-umsetzung-scheitert/a44687/
-
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks
Hackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous when combined with default credentials and end”‘of”‘life firmware. It affects TL”‘WR940N v2/v4, TL”‘WR740N v1/v2 and…
-
White House moves to give federal agencies access to Anthropic’s Claude Mythos
Tags: access, ai, control, cyber, defense, framework, government, military, risk, supply-chain, update, vulnerabilityEnterprise implications: Those same assurance questions translate directly to enterprise procurement. The OMB move signals that federal cyber defense is pivoting toward frontier models that can find vulnerabilities faster than human teams can patch them, and the rift between the Pentagon and the White House carries a lesson for private-sector buyers, Shah said.”The rift between…
-
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
New research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The rogue domain copies the branding of the real open-source data recovery tool, presenting itself as “The Ultimate…
-
Operation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service Domains
A major international law enforcement campaign has hit the DDoS-for-hire ecosystem, warning more than 75,000 suspected users and disrupting the infrastructure that helped power online attacks around the world. Backed by Europol, Operation PowerOFF brought together authorities from 21 countries in a coordinated action week on 13 April 2026. The operation resulted in four arrests,…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide
OpenAI has announced the expansion of its >>Trusted Access for Cyber<< program, granting worldwide security organizations access to its advanced GPT-5.4-Cyber model. The initiative operates on a foundational premise: cutting-edge cyber capabilities must reach network defenders on a broad scale while maintaining strict trust, validation, and safety safeguards. By sharing these tools with a diverse…
-
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a separate but related issue is triggering BitLocker recovery prompts on enterprise-managed systems post-update. Reboot Loop Issue…
-
PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution
A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with the highest level of privileges. Security researcher Samuel de Lucas recently published the exploit details on GitHub, highlighting the…
-
Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters
OX Security researchers have uncovered a critical, systemic vulnerability built directly into the architecture of Anthropic’s Model Context Protocol (MCP). As the industry standard for AI agent communication, this foundational flaw exposes systems to Arbitrary Command Execution (RCE). Attackers who exploit this vulnerability can seize complete control of affected MCP implementations, gaining direct access to…
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…