CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Windows Report

CISA Orders Urgent Patch for Actively Exploited Windows Shell Vulnerability

CISA orders urgent patching of a Windows Shell flaw actively exploited in zero-click attacks. Federal agencies must update by ...

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

Google shoehorned Rust into Pixel 10 modem to make legacy code safer

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

From defence tool to risk factor: Understanding Anthropic's Mythos AI model

From uncovering decades-old vulnerabilities to autonomously building exploits, Anthropic's Mythos AI frontier model is ...
The Hacker News

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

CVE-2024-3721 and CVE-2023-33538 exploited in TBK DVRs and EoL TP-Link routers, enabling Mirai variants and DDoS risk.
The Next Web

Unauthorized users gained access to Anthropic’s restricted Mythos AI model on launch day via a third-party contractor’s environment

A Discord group accessed Anthropic’s Mythos AI model on its launch day by guessing its URL via a third-party vendor environment.
Council on Foreign RelationsOpinion

Six Reasons Claude Mythos Is an Inflection Point for AI—and Global Security

Anthropic’s new AI model has taught itself to hack into software infrastructure systems believed to be among the most secure ...
Live Science on MSN

Is Anthropic's Claud Mythos really too dangerous to release to the public?

Anthropic's Mythos AI is being kept behind closed doors as governments assess what faster, AI-driven vulnerability discovery ...