SecurityWeek

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation

Claude Mythos Preview autonomously built 16 working exploits targeting Firefox and Windows vulnerabilities within hours.
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
CoinTelegraph

THORChain exploit tied to malicious node and GG20 flaw

The $10.7 million THORChain exploit was caused by a GG20 vulnerability, which allowed a malicious node to reconstruct a full private key to one of its vaults. THORChain said a malicious node operator ...
TechCrunch

Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack

In an ongoing cyberattack, hackers have compromised several popular open source projects that software developers all over the world rely on. On Tuesday, cybersecurity firms StepSecurity and SafeDep ...
Morning Overview on MSN

OpenAI asks all macOS users to update immediately after the TanStack attack forced the company to rotate its code-signing certificates

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a supply-chain attack on a popular open-source JavaScript toolkit called ...
The Next Web

Google found the first AI-generated zero-day exploit. It stopped the attack before it started.

Google identified the first zero-day exploit it believes was developed with AI and thwarted a planned mass exploitation event. The GTIG report documents state-sponsored actors from China, North Korea, ...
HotHardware

Google Detects First AI-Developed Zero-Day Exploit Used by Threat Actors

The May 2026 report from Google’s Threat Intelligence Group marks a definitive shift in the cybersecurity landscape. While previous assessments categorized AI-assisted cyberattacks as experimental, ...
techtimes

Google Discovers First AI-Made Zero-Day Exploit, Claims It Was Not Made With Gemini

Google has revealed that it has discovered a new zero-day exploit that was created using or with the assistance of artificial intelligence, claiming that this is the first-ever one in the tech ...