Tag: vulnerability management
341 articles
PHP Composer Flaws Expose Code Execution Risk, Prompting Patches
Critical flaws in PHP Composer, a popular package manager, leave countless websites vulnerable to code execution attacks - but fortunately, patches have been released to swiftly mitigate this risk. If exploited, these high-severity vulnerabilities could allow hackers to execute arbitrary commands, putting entire systems at risk.
Vulnerabilities Surge as Velocity Gap Widens in AI-Driven Development
The alarming truth: while alert volume grew by 52% year-over-year, prioritized critical risks exploded by nearly 400% in just 90 days, leaving defenders scrambling to keep up with a tsunami of high-impact problems. A new dataset from OX Security reveals this velocity gap in AI-driven development, where the noise is rising - but it's the critical risks that should give defenders pause.
CISA Catalog Exposes Actively Exploited Flaws in Fortinet, Microsoft, Adobe Software
The US Cybersecurity and Infrastructure Security Agency (CISA) has just added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that flaws in Fortinet, Microsoft, and Adobe software are being actively exploited by hackers. Is your system exposed - and what can you do to protect it?
Anthropic Unveils Vulnerability Testbed Amid AI Cyberattack Fears
As AI's power to fix software bugs grows, so do concerns that it could also supercharge cyberattacks - prompting Anthropic to unveil a vulnerability testbed to stay one step ahead of hackers. The company's new model, Claude Mythos Preview, is being tested against a wide range of software to identify and patch vulnerabilities before they can be exploited.
Mythos Exposes Software Backlog, Pressures Vendors on Patching
The Claude Mythos Preview has uncovered a harsh reality: artificial intelligence can spot long-known software defects faster than teams can fix them, revealing a massive backlog of vulnerabilities that could leave businesses exposed. This AI capability is sounding the alarm, forcing a critical rethink of how software vendors prioritize and deploy patches.
Microsoft Vulnerabilities Resurface, Fueling Cybercrime and Ransomware
Beware: long-dead Microsoft vulnerabilities are coming back to haunt networks, fueling cybercrime and ransomware attacks. Even a 14-year-old software flaw is being exploited by crooks, putting your network at risk.
OpenAI Rushes Updates for Mac Apps After Axios Hack Compromise
OpenAI recently issued urgent updates for its Mac apps after a developer tool inadvertently pulled in a malicious library, highlighting the risks of supply-chain vulnerabilities. Fortunately, the company assured that its systems and software integrity remained intact despite the incident.
Adobe Fixes Zero-Day Flaw in Acrobat Reader Exploited in Attacks
Adobe has rushed out an emergency patch for a critical vulnerability in Acrobat Reader that's been exploited by attackers since at least December, forcing users to rethink their document reader's security. This zero-day flaw, tracked as CVE-2026-34621, highlights the rapid discovery and weaponization of software flaws.
Zero-Day Exploits Proliferate as Breakout Times Shrink
Imagine a research preview that can teach itself to find and exploit the very flaws security teams scramble to patch - that's now a harsh reality, as an advanced language model has autonomously discovered and exploited zero-day vulnerabilities in every major operating system and browser. This breakthrough should be a wake-up call for security teams to rethink their response times to alerts.
Marimo Flaw Exploited for Credential Theft in Active Attacks
A critical vulnerability in Marimo is being actively exploited by attackers to steal sensitive credentials, and it requires no prior authentication to run code remotely. This flaw has severe consequences for organizations using Marimo, making it essential to take immediate action.
Adobe Fixes Exploited Flaw in Acrobat Reader
Adobe has issued an emergency update to fix a critical security flaw in Acrobat Reader that's being actively exploited by hackers, allowing them to run malicious code on affected installations. If you're one of millions of users, make sure to update now to keep your data safe.
Anthropic's AI Model Exposes Enterprise Cybersecurity Readiness Gap
The unveiling of Anthropic's Claude Mythos Preview has sent a stark message to enterprise leaders: the cybersecurity tools they've relied on may no longer be enough to protect their networks from zero-day flaws that even humans miss. This frontier AI model has the potential to expose a gaping hole in their cybersecurity readiness.
CrowdStrike Tests Anthropic's Claude Mythos for Accelerated Vulnerability Detection
Imagine slashing the time between discovering a software flaw and fixing it - a new breed of large language models, like Anthropic's Claude Mythos, may hold the key. Early tests with CrowdStrike suggest that AI-powered vulnerability detection can accelerate discovery and bring broader situational awareness to cybersecurity operations.
CISA KEV Remediation Records Expose Human-Scale Security Limits
The harsh reality of cybersecurity: an analysis of 1 billion CISA KEV remediation records reveals that most critical flaws are exploited by attackers before defenders can patch them, exposing the breaking point of human-scale security. This sobering trend highlights the limitations of traditional security approaches in keeping up with the volume and tempo of modern threats.
Tech Giants Unveil AI-Powered Bid to Fix Open Source Flaws
Tech giants have launched a game-changing $100 million initiative, Project Glasswing, harnessing AI to uncover and fix hidden flaws in critical open source software, aiming to bolster security and prevent devastating exploits. Led by Anthropic, this coalition is proactively tackling vulnerabilities with a cutting-edge AI program called Mythos.
Mythos Model Unleashes Zero-Day Exploit Capabilities for Mass Use
The game has changed: a new AI model called Mythos can now uncover devastating zero-day flaws in software and chain them together to create powerful exploits, putting this potent capability in the hands of anyone with an internet connection. This development blurs the lines between nation-state hackers and amateur cyber attackers, raising urgent questions about the future of cybersecurity.
Botnets Revive 13-Year-Old Apache Flaw in Global Campaign
A shocking resurgence of a 13-year-old Apache flaw has been exploited in a global campaign, highlighting the ongoing threat of old vulnerabilities getting new life. A hybrid P2P botnet and 18 other alarming stories have been uncovered, serving as a stark reminder to stay vigilant in the face of evolving cyber threats.
Anthropic AI Model Exposes Thousands of Zero-Day Vulnerabilities
Imagine a super-smart AI tool that can uncover thousands of hidden software flaws that nobody knew existed - and what happens when that powerful technology falls into the wrong hands? A new AI model from Anthropic has raised the stakes, leaving cybersecurity experts worried about a surge in zero-day vulnerabilities.
CISA Mandates Emergency Patch for Exploited Ivanti EPMM Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert, ordering US government agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within just four days, as the flaw has been under active exploitation since January. With a Sunday deadline looming, federal IT teams are racing against the clock to secure systems and prevent further attacks.
Apache ActiveMQ Flaw Exposes Systems to Remote Code Execution
A critical security flaw in Apache ActiveMQ Classic, hidden for over 13 years, allows remote code execution, putting vulnerable systems at risk of arbitrary command execution. This long-undetected vulnerability highlights the importance of staying vigilant and proactive in identifying and addressing potential security threats.
Anthropic Deploys AI to Autonomously Fix Software Vulnerabilities
Imagine an AI that can proactively hunt down and fix hidden software vulnerabilities in critical systems before hackers can exploit them - Anthropic's new Project Glasswing is making this a reality with its cutting-edge AI model, Claude Mythos Preview. This groundbreaking initiative has the potential to revolutionize cybersecurity, but also raises intriguing questions about its capabilities and implications.
Anthropic's AI Model Exposes Thousands of Zero-Day Flaws in Major Systems
Anthropic's cutting-edge AI model, Claude Mythos, has made a groundbreaking discovery - uncovering thousands of zero-day flaws in major systems, giving us a glimpse into the hidden vulnerabilities of our digital world. This breakthrough is the result of Anthropic's innovative Project Glasswing initiative, which aims to revolutionize cybersecurity.
Tech Giants Unveil AI-Powered Project to Fortify Software Defenses
Major tech players have joined forces to launch Project Glasswing, an AI-powered initiative that uses machine learning to identify and patch critical software vulnerabilities before malicious actors can exploit them. This game-changing project aims to stay one step ahead of attackers by harnessing the same AI technology that can be used for defense - and turning it into a powerful force for good.
Automated Pentesting Tools Hit PoC Plateau
Automated pentesting tools can deliver impressive early results, quickly uncovering low-hanging fruit and generating proof-of-concept failures - but often hit a plateau, leaving significant attack surfaces untested and creating a validation gap that's hard to ignore. This phenomenon, known as the PoC cliff, can abruptly halt progress, causing detection and exploitation attempts to drop off and tools to stop producing actionable findings.