Tag: software vulnerability
8 articles

Anthropic's Vulnerability Tool Yields Mixed Results
Anthropic's Project Glasswing, launched in April, aimed to empower companies to detect and fix software vulnerabilities using its innovative Mythos model, but the results have been mixed. The initiative has generated significant buzz, with many outlets picking up Anthropic's messaging, but the actual impact remains to be seen.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library
In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

General Atomics Resumes Drone Flights After Software Fix
General Atomics has safely resumed drone flights after swiftly addressing a software glitch that caused a crash in April, and implementing a fix to prevent future mishaps. The issue, which stemmed from an autopilot miscalculation, was quickly pinpointed and rectified, allowing testing to resume.

GitHub Hit by Internal Repo Breach via Malicious VS Code Extension
GitHub's internal repositories were breached after a malicious Visual Studio Code extension was used to launch the attack, but thankfully, customer data appears to be safe. The incident has left users wondering what else may have been compromised.

SAP npm Packages Compromised in Supply-Chain Attack
Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

cPanel Discloses Authentication Flaw, Urges Immediate Server Updates
cPanel has uncovered a critical authentication flaw that could let hackers gain unauthorized access to your control panel, and is urging immediate server updates to protect against this threat. Check if your version is vulnerable and update to a patched build right away.

Anthropic's AI Model Exposes New Vulnerability Risks
Anthropic's new AI model, Claude Mythos Preview, has sent shockwaves through the internet security community by autonomously discovering and exploiting software vulnerabilities that even thousands of expert developers missed. This powerful tool is being cautiously released to a select few, leaving many to wonder about the implications of its capabilities.

Protobuf library flaw enables remote JavaScript code execution
A critical flaw in the popular protobuf.js library has been exposed, allowing hackers to execute JavaScript code remotely - and a proof-of-concept exploit has already been published, putting countless systems at risk.