Claude Mythos Finds 271 Firefox Vulnerabilities
All the flaws could have also been found by an elite human researcher, according to Mozilla.
The post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek.
Featured
Oracle Patches 450 Vulnerabilities With April 2026 CPU
The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.
The post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek.
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server.
The post Unsecured Perforce Servers Expose Sensitive Data From Major Orgs appeared first on SecurityWeek.
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure.
The post $290 Million Kelp DAO Crypto Heist Blamed on North Korea appeared first on SecurityWeek.
Next.js Creator Vercel Hacked
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million.
The post Next.js Creator Vercel Hacked appeared first on SecurityWeek.
ZionSiphon Malware Targets ICS in Water Facilities
The malware is configured to operate on systems associated with Israeli water treatment and desalination plants.
The post ZionSiphon Malware Targets ICS in Water Facilities appeared first on SecurityWeek.
What to do When Your AI Guardrails Fail
I want to talk about a bug. Not because the bug itself was exceptional, but because what it exposed should change how every organisation architects AI governance. For several weeks earlier this year, Microsoft 365 Copilot read and summarised confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured to block that […]
The post What to do When Your AI Guardrails Fail appeared first on IT Security Guru.
Q&A: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith
Sarah Armstrong-Smith brings rare front-line authority to the cyber resilience conversation, with a career shaped by some of the most defining digital threats of the modern era. From the Millennium Bug through to board-level cyber strategy at Microsoft and the London Stock Exchange Group, her perspective is grounded in real crisis leadership, not theory. That […]
The post Q&A: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith appeared first on IT Security Guru.
UK Government Sound Alarm Over AI Security Risk
This week, UK government leaders and cyber officials are sounding an increasingly urgent alarm over the security risks posed by artificial intelligence, warning that the technology is both amplifying existing cyber threats and reshaping the balance between attackers and defenders. In a joint open letter to business leaders, ministers and the National Cyber Security Centre […]
The post UK Government Sound Alarm Over AI Security Risk appeared first on IT Security Guru.
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work.
The post OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal appeared first on SecurityWeek.