❌

Normal view

Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn

23 April 2026 at 21:25

All the Typhoons, everywhere, all at once

A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.…

Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger

22 April 2026 at 23:39

Hackpocalypse deferred

Anthropic's Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to make it available to the general public for fear that criminals will take advantage. But early analysis shows that Mythos may not be as dangerous as some would have you believe.…

Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus

21 April 2026 at 01:26

A lesson in how not to respond to vulnerability reports

UPDATEDΒ  Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…

Nobody knows how many CVEs Anthropic's Project Glasswing has actually found

15 April 2026 at 23:33

Like the majority of the companies participating, it remains a mystery

Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?…

1K+ cloud environments infected following Trivy supply chain attack

24 March 2026 at 21:31

Crims 'creating a snowball effect' across open source projects

RSAC 2026Β  Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…

Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss

23 March 2026 at 23:50

'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss

RSAC 2026Β  The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec community, according to former NSA cyber boss Rob Joyce.…

Smooth criminals talking their way into cloud environments, Google says

23 March 2026 at 16:00

Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins

RSAC 2026Β  Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims' IT estate – and the No. 1 tactic used when breaking into cloud environments.…

❌