Parsing Agentic Offensive Security's Existential Threat
Some fear frontier LLMs like Claude Mythos and OpenAI's GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of…
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September…
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing c…
Medieval Encrypted Letter Decoded
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending internati…
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uraniu…
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series r…
Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores
Meta is continuing its compute grab as the agentic AI race accelerates to a sprint. Today, the company announced a partnership with Amazon Web Services (AWS) that will bring “te…
Helping Romance Scam Victims Requires a Proactive, Empathic Approach
People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial, and government institutions to work together and protect them.
Friday Squid Blogging: How Squid Survived Extinction Events
Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The resea…
TNO061: Networking Theory and Practice; Networking in the Classroom Today
Scott Robohn sits down with Andy Smith, a distinguished engineer with Arrcus Networks, where he and his team work to advance networking with modern software and new architectures. …
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (…
HN824: That’s Not a Job for an LLM: The Right Way to Apply AI to Network Operations (Sponsored)
On today’s sponsored Heavy Networking, we get off the AI hype train to talk about how different artificial intelligence techniques usefully impact network operations—and where they…
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.
Cirrascale to offer on-prem Google Gemini models
Cirrascale Cloud Services has announced it will make artificial intelligence models available for on-premise use through Google Distributed Cloud, a move aimed at organizations tha…
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a s…
Space data-center news: Roundup of extraterrestrial AI endeavors
If you look away from the orbital data center beat, you could miss a lot. Fortunately, I’m a bit obsessed with the whole space thing. Multiple companies continue to make space-rela…
AI Phishing Is No. 1 With a Bullet for Cyberattackers
In the past six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.
North Korea's Lazarus Targets macOS Users via ClickFix
Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is …
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and…
Hiding Bluetooth Trackers in Mail
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch governmen…
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimat…
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wi…
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
China-Backed Hackers Are Industrializing Botnets
China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way.
LIU013: The Engineer Who Built a Business to Fund a Mission
Ray Cline has been in the tech trenches since he was twelve years old, helping his Dad run a bulletin board service. Today he runs an MSP called Libertas Consulting and leads a non…