For years, science fiction has warned humanity about artificial intelligence going off the rails. Killer computers, manipulative chatbots, and superintelligent systems deciding people are the problem... all these themes have become so familiar that “evil AI” is practically its own entertainment genre. Now, Anthropic is floating an idea that sounds almost like the plot of a science fiction novel itself: what if all those stories helped teach modern AI systems how to behave badly in the first pl
All Articles (3018)
Sort by
Finding software vulnerabilities used to require teams of security researchers months of painstaking analysis. Anthropic’s Claude Mythos does it automatically-and that’s exactly the problem. The company admits no one, including itself, has built safeguards strong enough to prevent such models from being weaponized. Yet Anthropic simultaneously promises to make “Mythos-class models” publicly available once it develops “far stronger safeguards.”[1]
When AI Outpaces Human Security Teams - Mythos
In the cybersecurity world, we often assume that small and medium-sized businesses (SMBs) are the lagging indicators of digital maturity. But new research from Tech.co and Expert Market suggests that SMB leaders are becoming surprisingly surgical in their tech adoption. The data reveal a major pivot in 2026: while many organizations are pulling back AI for general business tasks, automated cybersecurity remains a non-negotiable priority. As inflation pressures and tech regret drive a more sel
Infostealers targeting macOS have continued to proliferate over the last two years, with threat actors iterating on successful techniques across related malware families. Researchers at Moonlock, Jamf, and Malwarebytes have previously documented the rise of SHub Stealer, including its use of fake application installers and “ClickFix” social engineering. SentinelOne recently observed a new SHub variant using the build tag “Reaper.” Below is their great analysis.
Reaper uses fake WeChat and Miro
Two Microsoft zero-days affecting its Defender antimalware suite are being actively exploited to trigger denial-of-service (DoS) states on unpatched Windows devices. The first flaw, tracked as CVE-2026-41091 (CVSS: 7.8), is a privilege escalation vulnerability impacting the Microsoft Malware Protection Engine versions 1.1.26030.3008 and earlier. This engine provides scanning, detection, and cleaning functions for Microsoft’s native security software. The vulnerability arises from an improper li
FortiGuard Labs recently identified persistent P2Pinfect presences within Google Kubernetes Engine (GKE) clusters at several client companies, with one compromise spanning six months. The compromises originated from exposed Redis instances, which allowed the botnet to gain an initial foothold. The botnet's beaconing was repeatedly flagged in FortiCNAPP's Composite Alerts, underscoring how a single misconfiguration can enable long-term compromise in cloud environments. The IOCs observed across
New research from Barracuda Networks has identified a surge in attacks by Saiga 2FA, a small-scale but sophisticated phishing kit. Activity increased significantly in February 2026, following earlier sightings targeting legal organizations in Australia in 2025. The kit operates as a boutique service rather than a high-volume automated platform, focusing on highly targeted campaigns against enterprise email users. Saiga 2FA serves as an Adversary-in-the-Middle tool that bypasses multifactor a
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and many internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
On 15 May, KrebsOnSecurity heard from Gui
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month, with some of the more widely used software makers, including Apple, Google, Microsoft, Mozilla, and Oracle, fixing near-record volumes of security bugs and/or quickening the tempo of their patch releases.[1]
As it does on the second Tuesday of every mon
These attacks are abusing trusted remote access tools to bypass detection, exposing a growing security gap for enterprises. A fake Word Online phishing page has exposed a growing enterprise blind spot: attackers using trusted tools to gain remote access without raising immediate alarms.
The attack chain observed by ANY.RUN moved from an Outlook email to an MSI installer, silent execution, ScreenConnect remote access, and HideUL-based concealment. For CISOs, this is a warning that phishing in
With record reports of bear attacks on humans, Japan has been increasingly turning to high-tech solutions, as you might expect. However, reports suggest that Ohta Seiki, a firm making the animatronic robot Monster Wolf to repel bears from human-habituated areas, can’t keep up with demand. “We cannot make them fast enough,” company president Yuji Ohta told AFP. This year’s order book for Monster Wolf has already hit 50 units. Hokkaido-based Ohta Seiki usually doesn’t even manufacture that ma
A new report from Google Threat Intelligence Group (GTIG) reveals a coordinated campaign exploiting an AI-generated zero-day vulnerability. The attack targets an unnamed open-source web administration tool, using the flaw to bypass two-factor authentication (2FA). The researchers say they identified an active threat actor utilizing large language models (LLMs) to actively discover and weaponize software vulnerabilities in the wild.
As the targeted flaw involves a high-level semantic logic bug
Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach. The EU's IPCEI-CIS program funds infrastructure development. France qualifies operators under SecNumCloud, a framework with nearly 1,200 technical requirements promising "immunity from extraterritorial laws."
But most datacenters and qualified cloud operators still rely heavily on Intel or AMD processors. And inside those processors sits a computer beneath the computer: manag
The FBI have remotely reset thousands of home and small office routers after releasing a joint press release detailing how Russia has been compromising devices.
Some brands of routers are known for lasting upwards of a decade, and while that's great for the consumer, the developers will often stop releasing updates to keep the router secure. This leaves them open to compromise by attackers, specifically Russia’s Main Directorate of the General Staff (GRU), tracked as APT28 or Fancy Bear, which
The Port of Long Beach has opened a new Cyber Defense Operations Center (CDOC) dedicated to protecting the seaport from cyberattacks, utilizing monitoring and threat analysis to secure the digital infrastructure of one of the busiest maritime gateways in the United States.
The Port of Long Beach in California says that it currently stops an attempted cyberattack approximately every three seconds, highlighting the constant threat to the $300 billion in trade handled annually by the complex. The
The fragile global semiconductor supply chain is facing a major snag. Samsung Electronics has officially entered “emergency management mode,” actively preparing for a potential full-scale shutdown of its ultra-advanced automated production lines amid an impending strike following the collapse of labor negotiations. According to South Korean industry reports, the tech giant is actively preparing for a worst-case scenario: a full-scale shutdown of its ultra-advanced automated production lines du
The use of steganography in the threat landscape continues to accelerate. Threat actors are increasingly shifting from direct encrypted transfers to a 'legitimate-file-plus-hidden-data' model, effectively masking their next-stage payloads within everyday media.
FortiGuard Labs recently uncovered a phishing campaign that abuses environment variables to hide malicious commands and uses PawsRunner as a Steganography Loader to deploy the .NET infostealer PureLogs.[1]
Crypto wallet owners using Ledger hardware wallets are being targeted through physical mail, with scammers impersonating the company in a campaign designed to steal recovery seed phrases. The operation uses printed letters that look official, complete with Ledger branding, a reference number, and a fake security notice warning recipients about an urgent “Quantum Resistance” update.
One example of the scam circulating online shows an Italian language version addressed to a customer in Italy, sug
Cybersecurity researchers at Point Wild recently found a new way that cyber-attackers are gaining unauthorized access to computers. The investigation, led by experts Kedar Shashikant Pandit, Prathamesh Shingare, and Amol Swami from the Lat61 Threat Intelligence Team, reveals that a common tool used by legitimate developers is being twisted by hackers to hide a nasty malware called XWorm.
Attack Details - The attack starts with a trick email or a fake software update, involving a harmless-lookin
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely carried out by a competitor seeking to tarnish his company’s public image.[1]
For the past several years, security experts ha
