Ransomware crims abused Cisco 0-day weeks before disclosure
…Late Wednesday, CISA added CVE-2026-2013 1 to its Known Exploited Vulnerability catalog, said it’s known to be used in ransomware infections, and gave federal agencies three days to patch…
Search
Lightning-fast exploits mean patch fast, says Cisco Talos
…the year. "The vulnerability's immediate exploitation reflects near-instant weaponization, driven by automated tooling and widespread internet exposure, leaving defenders little to no time between disclosure and active abuse," Talos noted…
Project Glasswing and open source: The good, bad, and ugly
…Project Glasswing is generously offering free access to Mythos Preview, which Anthropic claims "surpasses all but the most skilled humans at finding and exploiting software vulnerabilities." Free with $100 million in usage…
CISA tells feds to patch 13-year-old Apache ActiveMQ bug
…lands a bug on CISA's KEV list, which is reserved for vulnerabilities already being exploited in the wild. And there's plenty of exposed surface to aim at: threat monitoring outfit…
Firefox finds a slew of new bugs with Claude's help
…the gap between frontier models' vulnerability discovery and exploitation abilities will last very long," said Anthropic. "If and when future language models break through this exploitation barrier, we will need to consider…
Adobe finally patches PDF pest after months of abuse
…and Reader zero-day that attackers had been exploiting for months . The patch, shipped on April 11 , addresses CVE-2026-34621, a critical vulnerability in Acrobat and Reader on Windows and macOS…
Anthropic's Project Glasswing CVE count is still guesswork
…Anthropic announced its newest model on April 7, and at the time said Claude Mythos Preview has found and can develop exploits for zero-day vulnerabilities "in every major operating system and…
Telnyx package latest hit in PyPI supply-chain compromise
…Photon, as the ORNL team dubbed it , is designed to explore, discover, and exploit AI vulnerabilities at scale. According to the team, it starts by applying publicly known attacks against a target…
Rogue AI agents can work together to hack systems
…All of the prompts and agents' responses are detailed in a Thursday report [PDF]. In all the scenarios tested, the agents "demonstrated emergent offensive cyber behavior," including independently discovering and exploiting vulnerabilities…
Russia's APT28 behind latest wave of router, DNS attacks
…It said APT28, aka Fancy Bear, a group widely attributed to Russian intelligence (GRU), is exploiting vulnerabilities in small and home office (SOHO) routers and changing their DNS server settings to redirect…