Submission + - Microsoft Working to Patch 'RoguePlanet' Zero-Day (securityweek.com)

Submitted by wiredmikey on Wednesday June 17, 2026 @09:59AM

wiredmikey writes: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed.

On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender’s real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

Submission + - Anthropic Launches Mythos-Class AI With Cybersecurity Guardrails (securityweek.com)

Submitted by wiredmikey on Tuesday June 09, 2026 @01:51PM

wiredmikey writes: Anthropic on Tuesday announced the general availability of Claude Fable 5, a powerful Mythos-class AI model engineered with new safeguards that specifically restrict its use in high-risk domains, including cybersecurity.

The AI giant says this marks the first time a model of this capability class has been deemed safe enough for widespread public and developer access.

In sensitive areas such as cybersecurity and biology, Anthropic says the model automatically falls back to the less capable Claude Opus 4.8 to prevent potential misuse. Early usage data indicates that at least 95% of sessions run entirely on Fable 5’s capabilities without triggering any fallback.

Submission + - WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order (securityweek.com)

Submitted by wiredmikey on Monday June 08, 2026 @12:35PM

wiredmikey writes: Meta-owned communications app WhatsApp says it recently detected and disrupted a spear-phishing attempt linked to spyware company NSO Group. The attack is allegedly in defiance of a court order that bars the spyware maker from targeting WhatsApp. WhatsApp filed a lawsuit against NSO in 2019, after it came to light that a zero-day vulnerability had been exploited to deliver spyware to users.

NSO has been seeking to overturn the order blocking it from targeting WhatsApp users, arguing that the company will “suffer irreparable harm”.

Submission + - Mythos Detected 23,000 Vulnerabilities Across 1,000 Open Source Projects (securityweek.com)

Submitted by wiredmikey on Tuesday May 26, 2026 @08:33AM

wiredmikey writes: Anthropic says its Claude Mythos model discovered thousands of severe vulnerabilities across more than 1,000 open source software (OSS) projects. According to the AI giant, Mythos Preview has identified more than 23,000 potential vulnerabilities. Of these, 1,900 have been reviewed by external security firms, and 1,726 have been confirmed, including over 1,000 rated ‘high’ or ‘critical’ severity.

Submission + - 'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains (securityweek.com)

Submitted by wiredmikey on Saturday May 23, 2026 @07:36AM

wiredmikey writes: Threat actors are exploiting a vulnerability dubbed "Underminr"i n shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.

Submission + - Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge (securityweek.com)

Submitted by wiredmikey on Thursday April 30, 2026 @03:05PM

wiredmikey writes: Anthropic has unveiled as the industry braces for a new wave of AI-powered attacks. Models like Mythos are compressing time-to-exploit to minutes, fundamentally shifting the advantage toward attackers. Without equally capable defensive AI, security teams risk being overwhelmed. Claude Security is Anthropic’s answer. Integrated directly into enterprise workflows, it scans code, identifies vulnerabilities, explains risk with confidence scoring, and helps generate targeted fixes in a single session.

Submission + - OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos (securityweek.com) 1

Submitted by wiredmikey on Thursday April 16, 2026 @11:46AM

wiredmikey writes: OpenAI has introduced GPT-5.4-Cyber, a cybersecurity-focused model that will be offered to many defenders. OpenAI announced that it’s scaling its Trusted Access for Cyber program to thousands of verified defenders and hundreds of security teams. They will be given access to GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 that relaxes the usual guardrails for legitimate cybersecurity work.

The announcement comes in the wake of Anthropic’s release of Claude Mythos, a new and powerful AI model allegedly capable of autonomously discovering thousands of zero-day vulnerabilities. This led Anthropic to withhold its public release and instead offer it only to a few dozen major organizations through a restricted program called Project Glasswing.

Submission + - Anthropic Unveils Claude Mythos, Powerful AI With Major Cyber Implications (securityweek.com) 1

Submitted by wiredmikey on Tuesday April 07, 2026 @02:51PM

wiredmikey writes: Anthropic has unveiled Claude Mythos, a new AI model capable of discovering critical vulnerabilities at scale. It’s already powering Project Glasswing, a joint effort with major tech firms to secure critical software. But the same capabilities could also accelerate offensive cyber operations.

Submission + - Trump Orders Federal Agencies to Stop Using Anthropic Technology (securityweek.com)

Submitted by wiredmikey on Friday February 27, 2026 @05:37PM

wiredmikey writes: President Donald Trump said Friday he was ordering all federal agencies to phase out use of Anthropic technology after the company’s unusually public dispute with the Pentagon over artificial intelligence safety. Trump’s comments came just over an hour before the Pentagon’s deadline for Anthropic to allow unrestricted military use of its AI technology or face consequences — and nearly 24 hours after CEO Dario Amodei said his company “cannot in good conscience accede” to the Defense Department’s demands.

Submission + - iOS Zero-Day Exploited in 'Extremely Sophisticated Attack' (securityweek.com)

Submitted by wiredmikey on Thursday February 12, 2026 @12:16PM

wiredmikey writes: Apple has rolled out fixes for iOS and macOS systems to resolve a zero-day vulnerability that has been exploited in the wild. Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” Apple noted in its advisory.

Submission + - New 'ZeroDayRAT' Enables Total Compromise of iOS, Android Devices (securityweek.com)

Submitted by wiredmikey on Tuesday February 10, 2026 @10:03AM

wiredmikey writes: Security researchers have discovered ZeroDayRAT, a new commercial mobile spyware toolkit that enables full remote access to Android and iOS devices, with features including live camera feeds, key logging, bank and crypto theft and more. Available via Telegram, researchers from iVerify warn that ZeroDayRAT is a ‘complete mobile compromise toolkit’ comparable to kits normally requiring nation-state resources to develop. This is a worrying new spyware RAT that may be with us for some time.

Submission + - Intel Core Ultra X9 388H Launched: Panther Lake Tests Strong In Lenovo Laptop (hothardware.com)

Submitted by MojoKid on Monday January 26, 2026 @10:54AM

MojoKid writes: Intel took the wraps off performance testing of its top-end 16-core / 12-Xe Core Ultra X9 388H, aka Panther Lake, mobile processor today, and puts up great numbers essentially across the board. The chip offers class-leading performance and excellent efficiency relative to other mainstream notebook platforms, especially as it relates to graphics and AI workloads. Intel didn't make significant changes to the Cougar Cove (P-Core) And Darkmont (E-Core) microarchitectures in Panther Lake, other than tuning them for manufacturing on Intel's 18A process, but the 12-Xe core iGPU represents a huge leap in performance and Intel's NPU5 is purpose -built for today's local AI workloads. With all of that in mind, it appears that Intel has delivered in spades with Panther Lake and the Core Ultra 300 series for next gen laptops and likely hand-held gaming devices as well. iGPU and NPU performance were both very strong, and CPU performance, particularly in multi-threaded workloads, is highly competitive. Battery life and efficiency were also very good. Despite the test vehicle's large, high-resolution 16-inch; display, the pre-production Lenovo IdeaPad 5 Pro tested lasted for nearly 24 hours untethered from a power outlet, with the screen lit up the entire time.

Submission + - Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits (securityweek.com)

Submitted by wiredmikey on Wednesday January 14, 2026 @10:36AM

wiredmikey writes: The Predator spyware is more sophisticated and dangerous than previously realized. New research reveals an error taxonomy that reports exactly why deployments fail, turning black boxes into diagnostic events for threat actors. Almost exclusively marketed to and used by national governments and intelligence agencies, the spyware also detects cybersecurity tools, suppresses forensics evidence, and has built-in geographic restrictions.

Submission + - CES Worst in Show Awards Call Out The Tech Making Things Worse (ifixit.com)

Submitted by chicksdaddy on Friday January 09, 2026 @04:52PM

chicksdaddy writes: CES, the Consumer Electronics Show, isn’t just about shiny new gadgets, as AP reports (https://apnews.com/article/ces-worst-show-ai-0ce7fbc5aff68e8ff6d7b8e6fb7b007d): this year brought back the fifth annual Worst in Show anti-awards (https://www.worstinshowces.com/), calling out the most harmful, wasteful, invasive, and unfixable tech at the Las Vegas show. The coalition behind the awards — including Repair.org, iFixit, EFF, PIRG, Secure Repairs and others — put the spotlight on products that miss the point of innovation and make life worse for users.

2026 Worst in Show winners include:
Overall (and Repairability): Samsung’s AI-packed Family Hub fridge — overengineered, hard to fix, and trying to do everything but keep food cold.
Privacy: Amazon Ring AI — expanding surveillance with features like facial recognition and mobile towers.
Security: Merach UltraTread treadmill — AI fitness coach that also hoovers up sensitive data with weak security guarantees — including a Privacy Policy that declares the company "cannot guarantee the security of your personal information" (!!)
Environmental Impact: Lollipop Star — a single-use music-playing electronic lollipop that epitomizes needless e-waste.
Enshittification: Bosch eBike Flow App — pushing lock-in and digital restrictions that make gear worse over time.
“Who Asked For This?”: Bosch Personal AI Barista — voice-assistant coffee maker that nobody really wanted.
People’s Choice: Lepro Ami AI Companion — an overhyped “soulmate” cam that creeps more than comforts.

The message? Not all tech is progress. Some products add needless complexity, threaten privacy, or throw sustainability out the window — and the industry’s watchdogs are calling them out.

Submission + - Microsoft To Appoint a Deputy CISO for Europe (csoonline.com)

Submitted by Anonymous Coward on Friday May 02, 2025 @01:34PM

An anonymous reader writes: In a move designed to reassure European leaders of the company's commitment to the region, Microsoft earlier this week announced that it will be creating a new position: a Deputy CISO for Europe. In reaction to the news, one analyst quipped, “I was mostly surprised that they don’t already have one,” adding that Microsoft is not creating the role “because they really believe in it. It’s because they don’t want to lose that business. It’s that simple."