Tag: software
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities, flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy […]…
-
Dutch Health Tech Firm ChipSoft Confirms Destruction of Stolen Patient Data
The Cyber Express previously reported the ChipSoft cyberattack, in which ransomware actors stole patient data. Now, reports have surfaced from the Dutch medical software provider, noting that the compromised data has been destroyed, though key details about the incident remain undisclosed. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chipsoft-cyberattack-stolen-data-destroyed/
-
Zunehmende Bedrohung durch Infostealer auf macOS-Systemen
Von Account-Übernahmen bis hin zu Supply-Chain-Angriffen: Viele Nutzer installieren Software über das Terminal und umgehen damit bewusst Sicherheitsmechanismen von macOS. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zunehmende-bedrohung-durch-infostealer-auf-macos-systemen/a44831/
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
-
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its…
-
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its…
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
How a Long-Lived API Credential Let an AI Agent Delete Production Data
4 min readWhat began as a routine staging task for a SaaS startup ended in a disaster that would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a worst-case production failure. In a detailed X post, Jer Crane, founder of PocketOS, a software platform for the…
-
How a Long-Lived API Credential Let an AI Agent Delete Production Data
4 min readWhat began as a routine staging task for a SaaS startup ended in a disaster that would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a worst-case production failure. In a detailed X post, Jer Crane, founder of PocketOS, a software platform for the…
-
How a Long-Lived API Credential Let an AI Agent Delete Production Data
4 min readWhat began as a routine staging task for a SaaS startup ended in a disaster that would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a worst-case production failure. In a detailed X post, Jer Crane, founder of PocketOS, a software platform for the…
-
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Tags: control, marketplace, monitoring, open-source, risk, software, supply-chain, tool, update, vulnerabilityAdvice for developers: Janca said developers who want to reduce their exposure to the GlassWorm campaign should start with the basics: install fewer extensions and treat each one as a dependency with real risk attached. Disable auto-update so you control when updates are applied, and carefully evaluate each one. Use a next-generation SCA tool that covers…
-
Open is Not Costless: Reclaiming Sustainable Infrastructure
<div cla For years, the software industry treated public package registries like a law of nature. They were simply there. Immutable, invisible, and somehow outside the normal rules of cost, capacity, and responsibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/open-is-not-costless-reclaiming-sustainable-infrastructure/
-
The Breach Did Not Knock on the Front Door
Attackers are getting in. Security teams have long accepted that premise. What is unsettling is where they are entering from. They are coming through software packages that development teams trust by default, hijacking single sign-on accounts that serve as master keys to dozens of business applications, and pulling firewall configuration files that reveal how a……
-
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates FireTail Blog
Apr 28, 2026 – Timo Rüppell – Most security teams have accepted a hard truth in recent months. AI has already arrived in your organization. It resides in your codebase, runs in your cloud infrastructure, and is likely open in a nearby browser tab right now.The question is no longer whether to let AI in.…
-
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…
-
What Anthropic’s Mythos Means for the Future of Cybersecurity
Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have…
-
Fake Tax Audits and Updates Fuel Silver Fox Malware Campaign
A China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially motivated attacks but, since 2024, has evolved into a dual-purpose operation combining cybercrime and…
-
Palantir-Vertrag läuft aus – Polizei in NRW schreibt Analyse-Software neu aus
Tags: softwareFirst seen on security-insider.de Jump to article: www.security-insider.de/polizei-in-nrw-schreibt-analyse-software-neu-aus-a-5f19a8cb06aece640a2f651a93745fda/
-
Chinese engineer stole US military and NASA software for years
He created Gmail accounts, impersonated real US researchers, and convinced NASA, the military, and universities to hand over sensitive code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/chinese-engineer-stole-us-military-and-nasa-software-for-years/
-
Artifact Poisoning: A Silent Threat to Enterprise Software Supply Chains
Software supply chains have quietly become one of the most critical and most vulnerable foundations of modern enterprises. Today, applications are no longer monolithic systems built entirely in-house. Instead, they are complex assemblies of open-source libraries, third-party packages, container images, APIs, and pre-built binaries pulled from multiple repositories. This interconnected ecosystem has dramatically improved speed,……
-
Verhaltensanalysen für KI-Agenten in Cloud-Umgebungen: Transparenz und Anomalieerkennung als Sicherheitsfaktor
Wie Security-Teams autonome Software-Agenten über den Lebenszyklus hinweg beobachten, Normalverhalten modellieren und Abweichungen frühzeitig erkennen können. Mit der zunehmenden Verbreitung von KI-Agenten in Unternehmen entsteht eine neue Herausforderung für die IT-Sicherheit: Autonome Systeme handeln eigenständig, interagieren miteinander und greifen auf Daten sowie Dienste zu häufig bei eingeschränkter Nachvollziehbarkeit von Entscheidungen und Aktionen. Klassische… First seen…
-
ICS intrusion detection has blind spots that complicate plant security
Industrial control systems on plant floors run alongside a growing layer of monitoring software meant to catch intruders before they reach a turbine, a valve, or a chemical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/ics-intrusion-detection-blind-spots/
-
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
-
Top 7 Threat Intelligence Platforms Software in 2026
Discover top threat intelligence platforms, including their features, use cases, and comparisons in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/threat-intelligence-platforms/
-
7 Best Penetration Testing Tools Software in 2026
View our complete buyer’s guide of the best penetration testing tools in 2026. Browse the best pentesting tools now. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/best-penetration-testing/
-
prompted 2026 Exploring The Al Automation Boundary
Author, Creator & Presenter: Arthi Nagarajan, Software Engineer for Internal Threat Detection At Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-exploring-the-al-automation-boundary/
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal…
-
Technology-Innovation-Leadership 2026 Auszeichnung für Check Point für seine WAF- und API-Sicherheitslösungen
Check Point Software Technologies gibt bekannt, dass das Unternehmen für seine Fortschritte im Bereich des Schutzes von Webanwendungen und APIs (WAAP) mit der Auszeichnung ‘Technology Innovation Leadership 2026″ von Frost & Sullivan geehrt wurde. Die neue Auszeichnung verdeutlicht, wie Check Points Strategie, bei der Prävention an erster Stelle steht, sowie die Beiträge des Unternehmens zur…

