Tag: software
-
Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push
Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise security, national defence, and SaaS environments. The hire comes at a turbulent time for software security. Dependency abuse, credential misuse, and compromised build pipelines have…
-
Der Leak des Claude-Codes von Anthropic zieht Malware-Kampagnen nach sich
Ende März 2026 wurde der vollständige Quellcode von Claude, dem terminal-basierten KI-Programmier-Agenten von Anthropic, versehentlich der Öffentlichkeit preisgegeben. Ausgelöst durch einen einfachen, aber gravierenden Fehler bei der Software-Paketierung hat dieses Datenleck weitreichende Konsequenzen für die IT-Sicherheitslandschaft und die Software-Supply-Chain. Das Zscaler-ThreatLabz-Team hat die Auswirkungen des Vorfalls analysiert und warnt aktuell vor aktiven Bedrohungskampagnen. Hacker und…
-
Anthropic Claude Mythos Suggests Vulnerability Management Will Soon ‘Break’: Forrester
Following claims by Anthropic and its partners in a new software security initiative announced this week, it’s clear that AI could soon upend existing vulnerability management practices, according to Forrester analysts. First seen on crn.com Jump to article: www.crn.com/news/security/2026/anthropic-claude-mythos-suggests-vulnerability-management-will-soon-break-forrester
-
Chevin pulls the handbrake on FleetWave software after security scare
UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/chevin_fleetwave_security_incident/
-
Why Web Content Filtering Software for Schools Must Go Beyond Simple Blocking
Digital learning has become a core part of the K12 classroom experience. With the widespread adoption of one-to-one device programs, students now rely on Chromebooks, iPads, laptops, and tablets to access lessons, collaborate with peers, and complete assignments both in and out of the classroom. While this shift has expanded learning opportunities, it has also…
-
Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
Security researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tracked as CVE-2026-20160, this flaw carries a near-maximum CVSS score of 9.8. It allows remote, unauthenticated attackers to execute commands as a root user. With no workarounds available, organizations must apply patches immediately to secure…
-
Patch windows collapse as timeexploit accelerates
N-day exploitation: Rapid7 Labs validated its findings about a more febrile threat environment by producing both n-day and zero-day exploits using AI-assisted research, substantially reducing development time.In practice, n-day bugs, or the development of exploits against patched software, are a bigger problem than headline-grabbing zero-day vulnerabilities, adds Leeann Nicolo, incident response lead at Coalition, a technology…
-
Microsoft suspends dev accounts for high-profile open source projects
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-suspends-dev-accounts-for-high-profile-open-source-projects/
-
Microsoft Confirms Windows 11 Update Breaks Start Menu Search
Microsoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directly on Microsoft’s servers, users do not need to search for or install any additional software…
-
WireGuard VPN developer can’t ship software updates after Microsoft locks account
The popular open source VPN maker is the second high-profile developer to say Microsoft locked his account without notifying him and are blocking their ability to send software updates to users. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/wireguard-vpn-developer-cant-ship-software-updates-after-microsoft-locks-account/
-
What Mythos Reveals About Zero Trust’s Scope Problem
<div cla The coverage of Anthropic’s Mythos Red Team report has followed a predictable arc: a sensational headline, reactions ranging from alarm to dismissal, and little engagement with what the research actually demonstrates. That is worth correcting, because what Mythos reveals is not primarily a story about AI finding vulnerabilities. It is a story about…
-
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account
The maker of the popular open-source file encryption software VeraCrypt said Microsoft locked his online account, which may prevent device owners from booting up their computers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/veracrypt-encryption-software-windows-microsoft-lock-boot-issues/
-
Check Point Software Celebrates Partner Success at Annual UK Partner Awards
Check Point has announced the winners of its 2026 UK Partner Awards, recognising the achievements of its UK partner ecosystem and their role in helping organisations strengthen cyber resilience. The awards ceremony took place on 19 March 2026 at One Moorgate Place in London, bringing together partners from across the UK to celebrate innovation, collaboration…
-
AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog
Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, conference, control, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, framework, gartner, GDPR, governance, guide, infrastructure, injection, LLM, malicious, microsoft, monitoring, network, nvidia, office, regulation, risk, saas, software, threat, tool, training, vulnerabilityApr 08, 2026 – – Quick Facts: Enterprise AI Security Most enterprises are running AI at scale before their security teams have visibility into it. Shadow AI (unsanctioned AI tools spreading department by department) is now the most common entry point for data leakage. Agentic AI introduces a new category of risk: autonomous systems that…
-
Anthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability Discovery
Anthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and exploit zero-day vulnerabilities. In response to these powerful capabilities, the company introduced Project Glasswing, a coordinated defensive initiative aimed at securing critical software infrastructure before cyberattackers can leverage similar tools. This release marks a watershed…
-
Cyberkriminelle haben ihre Angriffe Monate im Voraus auf die Steuersaison 2026 vorbereitet
Check Point Software Technologies warnt vor einer deutlichen Zunahme von auf die Steuererklärungszeit ausgerichteten Cyberangriffen. Neue Erkenntnisse von Check Point Research zeigen, dass diese Kampagnen nicht opportunistisch entstehen. Die Angreifer bauen ihre Infrastruktur Monate im Voraus auf, indem sie betrügerische Domains, Phishing-Websites und schädliche E-Mail-Kampagnen nutzen. Hierzulande wird vor allem mit angeblichen E-Mails von Elster und…
-
Project Glasswing powered by Claude Mythos: defending software before hackers do
Anthropic unveiled Claude Mythos, a powerful AI for cybersecurity that could also be misused to enhance cyberattacks. Anthropic has unveiled Claude Mythos, a new AI model designed to strengthen cybersecurity through Project Glasswing, aiming to secure critical software before it can be abused. Interest in Mythos grew after a leak of nearly 3,000 internal files…
-
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anthropic-launch-project-glasswing/
-
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft’s website remains down but emails are functioning First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/chipsoft_ransomware/
-
What Anthropic Glasswing reveals about the future of vulnerability discovery
From backlog management to exposure-window risk: The issue, as Williams frames it, is not simply how many vulnerabilities exist, but how they are managed. “Mythos makes one thing painfully clear,” he says. “This is not a prioritization problem. It’s an exposure-window problem.”Traditional vulnerability management has been built around prioritization, ranking issues by severity, exploitability, and…
-
5 Things To Know On Anthropic’s Claude Mythos And ‘Project Glasswing’
Tags: softwareAnthropic announced Tuesday it has launched a new initiative, “Project Glasswing,” focused on boosting software security with involvement from a number of major industry players. First seen on crn.com Jump to article: www.crn.com/news/security/2026/5-things-to-know-on-anthropic-s-claude-mythos-and-project-glasswing
-
Cybersecurity in the Age of Instant Software
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand”, a spreadsheet, for example”, and delete it when…
-
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. First…
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…
-
Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities
The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to handle. First seen on cyberscoop.com Jump to article: cyberscoop.com/project-glasswing-anthropic-ai-open-source-software-vulnerabilities/
-
AI, DevSecOps, and the Future of Application Security: The Gartner® Report
<div cla Even as organizations recognize the importance of application security, most still struggle to operationalize it at scale. That gap becomes harder to ignore as development accelerates, AI becomes embedded in workflows, and software supply chains grow more complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-devsecops-and-the-future-of-application-security-the-gartner-report/

