网络安全资讯

Researchers at Mozilla's Zero Day Investigative Network (0DIN) have disclosed a novel attack technique that exploits agentic AI coding tools, demonstrating how a seemingly benign G...

OpenAI on Friday rolled out a limited preview of GPT-5.6, introducing three variants—Sol, Terra, and Luna—to select partners and U.S. government agencies. Sol serves as the new fla...

Anthropic is preparing to bring its agentic Claude Cowork experience to mobile devices, according to screenshots shared on X. Claude Cowork, the desktop-focused agentic mode introd...

Despite the growing abundance of security telemetry, most SOC teams still struggle with fundamental questions during incident investigation: What actually happened? What evidence s...

Security researchers at SentinelOne have uncovered a previously undocumented Rust-based macOS implant dubbed Gaslight, attributed with high confidence to North Korea-aligned threat...

A senior U.S. official confirmed to The Associated Press that Anthropic's Mythos artificial intelligence model identified vulnerabilities in highly sensitive and classified governm...

Security researchers at AIR have demonstrated a stark gap in AI agent supply chain defenses by publishing a malicious-looking skill that sailed past every scanner it was tested aga...

OpenAI announced on Monday the release of GPT-5.5-Cyber, an upgraded version of its cybersecurity-focused large language model, made available to trusted defenders through the Dayb...

Cybersecurity researchers at Zafran Security have disclosed four vulnerabilities in Dify, the open-source agentic workflow platform boasting more than 146,000 GitHub stars, that co...

Microsoft researchers have disclosed AutoJack, an exploit chain that weaponizes an AI browsing agent into a remote code execution vector. By luring a local agent to render an attac...

The average enterprise security team juggles 40 or more security tools, generating massive amounts of internal telemetry and asset data. Yet these tools operate in silos, producing...

The enterprise AI risk landscape has fundamentally shifted. Security teams initially focused on employees pasting sensitive data into public AI tools, responding with usage policie...

When an autonomous AI agent interacts with a company's core intellectual property, most security teams cannot instantly name the person who authorized it. The rush to deploy intern...

OpenAI is reportedly developing a new subscription tier called "ChatGPT for Science," according to references discovered on the web build by users on X. The new offering appears ai...

Cybersecurity researchers at Aikido Security have uncovered a coordinated malware campaign on the JetBrains Marketplace involving at least 15 malicious plugins designed to steal ar...

A single compromised npm contributor account ("ehindero") was used to mass-publish more than 144 malicious packages across the @mastra/* scope on June 17, 2026, in an 88-minute aut...

A critical vulnerability in Google Cloud's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads and execute arbitrary code inside Google's serving in...

At least 15 malicious plugins discovered on the JetBrains Marketplace have been stealing AI API keys from developers in a coordinated supply chain campaign that has accumulated clo...

Microsoft has patched a critical vulnerability in its Copilot AI assistant that allowed attackers to steal sensitive user data—including emails, contact lists, and personal files—t...

Researchers at Obsidian Security have disclosed a three-vulnerability chain in LiteLLM, a widely deployed open-source AI gateway that brokers calls to more than 100 model providers...

Researchers at Varonis Threat Labs have disclosed a critical chain of three vulnerabilities in Microsoft 365 Copilot's Enterprise Search feature that, if exploited, would have allo...

Anthropic announced on Friday that it will abruptly disable its most advanced AI models, Claude Fable 5 and Mythos 5, for all users after the U.S. government issued an export contr...

Anthropic has pulled the plug on its two most powerful AI models, Fable 5 and Mythos 5, for every user worldwide after receiving a US government export control directive on June 12...

Anthropic announced Friday that it has taken its latest artificial intelligence models, Fable 5 and Mythos 5, offline to comply with a directive from the Trump administration aimed...

Cybersecurity researchers at Tenet Security have uncovered a new attack class dubbed “Agentjacking” that tricks AI coding agents into executing arbitrary code on developer machines...

Anthropic has clarified the distinction between its latest large language model releases, confirming that Claude Mythos 5 does not represent a fundamental shift in the security pos...

This week in cybersecurity saw a wave of high-impact developments spanning government accountability, corporate breaches, and AI security. A former IBM cybersecurity executive has ...

Anthropic has released Claude Fable 5 as a generally available Mythos-class AI model, implementing safeguards that automatically downgrade the system to the less capable Claude Opu...

Cybersecurity researchers at Check Point have disclosed three now-patched vulnerabilities in LangGraph, the open-source framework from LangChain used to build stateful, multi-agent...

Two independent security teams have disclosed serious weaknesses in OpenClaw, a popular self-hosted AI agent, showing how ordinary-looking inputs can be weaponized to execute attac...

The 2026 Cybersecurity Stars Awards have officially announced winners across 95 subcategories spanning four main award pillars, spotlighting the often-unseen work that keeps organi...

Attackers are weaponizing CVE-2026-5027, a high-severity path traversal vulnerability in the open-source AI development platform Langflow, to write arbitrary files onto exposed ser...

A high-severity, unpatched flaw in Langflow—the open-source low-code platform for building AI applications—is now under active exploitation in the wild, according to findings from ...

Anthropic has begun rolling out Claude Fable 5, a new AI model built on the same foundation as its powerful Mythos class. When Anthropic first unveiled Mythos, the company warned t...

Meta announced on Tuesday that it will broaden its use of cross-site business data to personalize user experiences across Facebook and Instagram feeds, as well as responses generat...

Despite record investment in SIEM platforms, firewalls, IAM systems, and AI-driven detection, enterprise network security teams are still struggling with the same fundamental probl...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity command injection vulnerability in BerriAI LiteLLM to its Known Exploited Vulnerabilities...

Microsoft has released Intelligent Terminal, an open-source fork of Windows Terminal that embeds AI agents directly into the command-line workflow without disrupting the active she...

Seattle-based cybersecurity startup Emphere has secured $2.1 million in pre-seed funding from AI2 Incubator and Outsiders Fund to advance its AI-driven vulnerability remediation pl...

OpenAI has begun deploying a new Lockdown Mode for ChatGPT, targeting personal accounts on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans. The feature is designed for u...

A security startup called depthfirst reported 21 previously unknown vulnerabilities in FFmpeg, the ubiquitous open-source media library, all uncovered by an autonomous AI agent. Th...

Brave Software has publicly launched Brave Origin, a $59.99 paid version of its privacy-focused browser that removes cryptocurrency wallets, AI integrations, rewards programs, and ...

The Cybersecurity and Infrastructure Security Agency (CISA) will release a binding operational directive (BOD) to federal agencies by the end of the week, directing them on how to ...

A single malicious notification pushed through WhatsApp, Slack, SMS, Signal, Instagram, or Messenger was enough to hijack Google Gemini's voice assistant on Android, according to r...

Redis has patched a use-after-free vulnerability in its blocking-client code that allows an authenticated user to execute arbitrary OS commands on the host running the database. Tr...

Enterprise identity and access management is approaching a structural breaking point. As organizations scale, identity data fragments across thousands of applications, decentralize...

The window between vulnerability disclosure and indiscriminate exploitation has collapsed from days to hours, driven by AI-powered tooling that automates discovery, reproduction, a...

The managed service provider (MSP) cybersecurity landscape is undergoing a significant transformation as traditional vCISO platforms fail to meet the demands of modern security pra...

Security researchers at Red Access have uncovered a alarming trend in enterprise data exposure through what they term the 'Shadow Builders' phenomenon. In a comprehensive investiga...

Network Detection and Response (NDR) has long carried a reputation for being noisy and overwhelming security operations center (SOC) teams with alert fatigue. However, the emergenc...

Anthropic's Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity vulnerabilities across systemically important software globally since its launch ...

A threat actor recently obtained an AWS access key cached on a developer's workstation through standard browser behavior—no misconfiguration or policy violation required. This sing...

Organizations are dramatically increasing investments in AI agent identity management as enterprise deployments accelerate, according to new research from Omdia. The study reveals ...

Microsoft has unveiled two new open-source security tools—RAMPART and Clarity—to help developers identify and mitigate vulnerabilities in AI agents during the development lifecycle...

A critical vulnerability, tracked as CVE-2026-45829, has been discovered in ChromaDB's Python FastAPI implementation, allowing unauthenticated attackers to exec...

Security researchers are warning that a new generation of AI agents capable of autonomously discovering and exploiting obscure vulnerabilities is fundamentally altering the threat ...

OpenAI has disclosed that two employee devices were compromised via the Mini Shai-Hulud supply chain attack targeting TanStack, an open-source software library ecosystem. The breac...

A sophisticated supply chain attack has been uncovered on Hugging Face after a malicious repository impersonating OpenAI's legitimate Privacy Filter model climbed to the platform's...

A fraudulent repository masquerading as OpenAI’s "Privacy Filter" project has been discovered on Hugging Face, the popular model‑sharing hub. The repo, which briefly made the platf...

Braintrust, an AI infrastructure provider, disclosed on March 5 2026 that an unauthorized party had gained access to one of its Amazon Web Services (AWS) accounts. The intrusion, d...

Security researchers at Cisco Talos have disclosed a critical flaw in the Claude Chrome extension (version 2.3.0) that lets remote attackers hijack the AI agent by abusing the exte...

Modern threat actors launch campaigns that generate thousands of alerts per hour, leaving security operations centers (SOCs) drowning in data. Even with a larger team of analysts, ...

Musk's legal team filed a complaint in the Delaware Court of Chancery on 12 March, alleging that OpenAI's board has abandoned its original mission to develop artificial general int...

Organizations investing heavily in data loss prevention (DLP) solutions are discovering a critical blind spot: the browser has become the primary vector for inadvertent data exfilt...

Security researchers have uncovered a phishing campaign that spoofs the official Anthropic Claude AI portal to distribute a new Windows backdoor dubbed “Beagle.” The fraudulent sit...

According to Gartner's inaugural Market Guide for Guardian Agents, published in 2024, enterprise deployment of AI agents is accelerating at a pace that outstrips the development of...

Over the past two decades, a succession of high‑impact incidents has reshaped the cyber risk landscape, forcing organizations to constantly recalibrate their defenses. From the rev...

In the past twelve months, enterprises have rushed to embed AI‑powered writing assistants, workflow automations and productivity plugins into their Google Workspace and Microsoft 3...

A joint research effort by the Security Research Lab (SRL) and the AI Security Initiative (AISI) scanned over one million publicly reachable AI endpoints across IPv4 space between ...

The rapid adoption of AI agents in production environments has uncovered a troubling trend: systems that are supposed to enhance operational efficiency are instead causing catastro...

Security researchers using an AI-driven static analysis engine called Sentinel have uncovered a nine‑year‑old flaw in the Linux kernel’s netfilter subsystem. The vulnerability, tra...

Anthropic has officially launched Mythos, its latest large language model designed with a reported 1.2 trillion parameters and native multimodal reasoning capabilities. According t...

Japan’s financial services industry is on high alert after the release of Anthropic’s latest large language model, internally dubbed “Claude Mythos,” which early demonstrations sug...

Security researchers have uncovered a new phishing-as-a-service platform called Bluekit that advertises more than 40 ready‑made templates targeting popular online services such as ...

Security researchers at Wiz have leveraged an AI‑powered reverse‑engineering engine to uncover a high‑severity flaw in GitHub’s continuous integration infrastructure that would hav...

Security researchers using an AI‑driven code analysis platform identified 38 distinct vulnerabilities in the OpenEMR electronic health record (EHR) system, including 12 rated criti...

In February 2026, a joint research team from SentinelLabs and the University of Calgary published a report revealing a paradigm shift in cyber‑attack tradecraft. The analysts, led ...

Cybersecurity researchers from Eclypsium have disclosed a critical, unpatched vulnerability in Hugging Face’s open‑source robotics framework LeRobot, which boasts nearly 24,000 Git...

In the past, security teams could count on a brief, predictable window between the disclosure of a vulnerability and the release of a patch. That buffer has all but vanished as AI-...

The rapid advancement of frontier large language models, including Anthropic's Claude family and OpenAI's rumored GPT-5.5, has ignited fierce debate within the cybersecurity commun...

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...

Anthropic on April 7 released the public preview of Claude Mythos, a cybersecurity‑focused large language model built on the company’s latest transformer stack. The model ships wit...

Glasswing’s recent announcement that it has secured the core code of its platform is a welcome step toward reducing software vulnerabilities, but security experts warn that the bro...

Enterprise organizations deploying AI agents are confronting a critical security gap that traditional governance frameworks fail to address: the AI Agent Authority Gap. As autonomo...

Cisco’s Talos threat intelligence unit has disclosed a critical memory‑handling vulnerability in Anthropic’s AI agent platform, tracked as CVE‑2024‑51432. The flaw resides in the m...

Anthropic has announced Project Glasswing, an AI model designed to discover software vulnerabilities with unprecedented effectiveness. The company has taken the extraordinary step ...

Mozilla has identified 271 security vulnerabilities in Firefox 150 using Anthropic's Mythos large language model, marking a significant milestone in AI-assisted code analysis. The ...

Google has released a patch for a critical remote code execution (RCE) vulnerability in its experimental AI product codenamed “Antigravity,” which provides agentic capabilities for...

On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the ...

A new analysis published by Dark Reading warns that the most pressing security risk posed by artificial intelligence is not the emergence of novel code flaws, but the rapid amplifi...

The UK Cabinet Office’s Emerging Technology Cybersecurity Division (ETCD), in close collaboration with the National Cyber Security Centre (NCSC), has publicly released results from...

Worldcoin’s World ID initiative, built by Tools for Humanity, is deploying a biometric authentication system based on iris scanning to assign a unique human identity to every AI ag...

AI assistants, often marketed as autonomous "agents", are rapidly becoming a staple in developer toolchains, promising to automate everything from code generation to system configu...

Starting Monday, Google began rolling out a platform update for Android 14 (API level 34) that expands the capabilities of its on‑device AI assistant, Gemini. The change introduces...