- New Yellowkey bitlocker bypass and what it means for you
- Hackers can run you over with a robot lawnmower
- FCC says new things about routers, again
- Glitching with AI
- almost no false positives
- AI thought it was evil
- DirtyFrag and the sad state of Linux LPEs
- You can buy better tools, perfect security, and other lies
- The Canvas breach
- Hackers can still take over trains
- Baby monitors, on the Internet!
- dnsmasq flaws I am now paying attention to
- Swordfish
- A neat vulnerability for ransomware
- Mythos, Curl, and how to do secure software
- Various ways to use AI to find bugs, spoiler, you don't need Mythos
Paul Asadoorian
- Lanzaboote: Towards Secure Boot for NixOS
Lanzaboote is a pragmatic Secure Boot implementation for NixOS that trades off some threat-model assumptions for usability.
Lanzaboote is a NixOS-specific UEFI stub that enables Secure Boot without the standard UKI approach of embedding the kernel and initrd inside a single signed binary. Instead, Lanzaboote signs a lightweight stub that contains the paths and hashes of the kernel and initrd stored separately on the ESP, then delegates signature verification to UEFI's
LoadImagecall—avoiding duplicating crypto in the bootloader. githubWhy it matters: NixOS's content-addressed store generates a new kernel path on every update, making traditional UKI approaches impractical since you'd need to re-sign a monolithic binary constantly. Lanzaboote solves this elegantly but introduces a security caveat—the initrd lives unprotected on the ESP, protected only by a hash embedded in the signed stub rather than a direct UEFI signature. github
- Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability
The author (Chaotic Eclipse / Nightmare-Eclipse) posted details at deadeclipse666.blogspot.com, confirming the release was motivated by Microsoft silently patching a prior zero-day (RedSun) with no CVE and no advisory. deadeclipse666.blogspot
How It Works: YellowKey abuses NTFS transactional file system (TxF/FsTx) in combination with Windows Recovery Environment (WinRE). The attacker copies a specially crafted folder (containing transaction files) to a USB drive or the EFI partition, then triggers WinRE's automatic repair sequence. When WinRE processes the injected transaction file, it deceives Windows into believing it is executing a staged OS update via FsTx—a trusted component in SafeOS—causing the TPM to release the BitLocker encryption key and grant an unrestricted shell to the storage volume. reddit
Physical access is required, but critically TPM+PIN does not mitigate this—the researcher confirmed exploitability in TPM+PIN environments and states the full PoC for that variant has been withheld. Independent researchers Kevin Beaumont and Will Dormann both confirmed the USB-based variant works. bleepingcomputer
Patch Status: Unpatched as of May 13, 2026—no CVE assigned, no Microsoft advisory, no patch. This is the researcher's fifth+ zero-day drop this year (same person behind RedSun, UnDefend, BlueHammer), all released in full or partial PoC form out of frustration with Microsoft's disclosure process. The real root cause remains publicly unknown even to MSRC per the researcher. theregister
Recommended mitigations until patched: BitLocker PIN + BIOS password (limits physical-access exploitation window), disable WinRE where feasible in high-security environments. bleepingcomputer
- Our evaluation of OpenAI’s GPT-5.5 cyber capabilities
UK AI Security Institute evaluated GPT-5.5 against 95 narrow cyber tasks (CTF format) testing reverse engineering, web exploitation, cryptography, heap/stack overflows, UAF, type confusion, cryptanalysis, TOCTOU races, and malware unpacking. Achieved 71.4% pass rate on Expert-level tasks versus 68.6% for Mythos Preview, 52.4% for GPT-5.4, and 48.6% for Opus 4.7—may be the strongest model AISI has tested. aisi.gov
Multi-Step Attack Simulation: GPT-5.5 completed "The Last Ones" corporate network attack simulation end-to-end (32-step scenario, estimated 20 hours for human) in 2 of 10 trials, making it the second model after Mythos Preview (3/10 success). Failed to solve "Cooling Tower" range targeting OT/ICS environments, getting stuck on IT sections rather than OT-specific steps. tech.yahoo
Limitations: Evaluated ranges lack active defenders, defensive tooling, and alert penalties; testing scoped to scenarios where model already has network access and is directed toward specific vulnerable targets. AISI building new ranges to assess detection evasion on hardened targets. aisi.gov
Trend Analysis: Two models from different developers (Anthropic, OpenAI) reaching similar performance suggests cyber-offensive skill is emerging as byproduct of general improvements in long-horizon autonomy, reasoning, and coding—expect further rapid capability increases potentially in quick succession. linkedin
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
Microsoft MDASH Results: Microsoft's multi-model agentic scanning harness (MDASH) discovered 16 vulnerabilities in April 2026 Patch Tuesday (out of 137 total CVEs), including four critical-severity flaws like unauthenticated RCE in Windows kernel TCP/IP stack and IKEv2 service. System orchestrates 100+ specialized AI agents across frontier and distilled models through a structured pipeline: preparation → scanning → validation → deduplication → proof construction, with agents debating exploitability before escalating to humans. linkedin
MDASH Validation: Against pre-patch snapshots of heavily-audited Windows components, MDASH recovered 96-100% of confirmed vulnerabilities discovered over the previous five years; achieved 88% success rate on CyberGym benchmark (1,507 real-world vulnerability tasks). Currently in limited private preview. linkedin
Palo Alto Networks Output: Published record 26 security advisories in one day (typical monthly volume: 5-10), covering 75 vulnerabilities across 130+ products including recent acquisitions (CyberArk, Chronosphere, Koi). Majority found internally using Claude Mythos and other frontier AI models; none rated critical, no known exploitation, three high-severity requiring specific configurations. linkedin
Strategic Implications: Palo Alto CISO Marc Benoit emphasizes volume reflects finding issues while exploitation status remains "none known"—preemptive discovery over reactive patching. Company warns organizations have 3-5 month window to outpace adversaries before AI-driven discovery becomes widespread attacker capability. Long-term strategy: integrate AI models directly into SDLC to prevent flaws reaching production. linkedin
Context: This aligns with broader industry surge—Microsoft April 2026 Patch Tuesday totaled 163 CVEs (second-largest monthly release), with TrendAI noting tripled incoming submission rate likely driven by AI tools. crn
- Finding Zero-Days with Any Model
Niels Provos argues zero-day discovery capability resides in the orchestration harness, not frontier models—using his open-source IronCurtain framework with commercial models (Opus 4.6, Sonnet 4.6) and open-weight models (Z.AI GLM 5.1) to autonomously discover vulnerabilities in foundational software. provos
Architecture: Finite state machine (FSM) orchestration using journal-based state management—the orchestrator never reads target source code directly, relying entirely on agent-maintained journals to manage investigations. Discipline: hypothesize statically, validate by execution; PoCs are executable harnesses proving reachability and memory corruption beyond static analysis. Each agent state begins with fresh context window and rehydrates from disk artifacts. provos
Economics & Performance: Single run against moderate codebase consumes ~10M tokens on Opus/Sonnet ($150/$30 per investigation); GLM 5.1 averaged 27M tokens per run due to more iteration cycles. The workflow is token-intensive but demonstrates commercial model parity with frontier capabilities when properly orchestrated. provos
Validation Case: Sonnet 4.6 analyst mapped structural data flows; validation via Opus 4.6 in Claude Code using lightweight fuzzing to isolate exact trigger—two sequence numbers out of 4.3 billion on the 32-bit sign boundary, replicated via QEMU-based driver. Opus 4.7 confirmed exploitability primitives: controlled OOB heap read/write in widely-deployed internet-facing library. provos
Asymmetry Warning: Well-resourced adversaries already use orchestrated workflows at scale without vendor usage policies, AUP friction, API rate limits, or curated access lists—defenders face "seven-step refusal during severity assessment" that adversaries using uncensored open-weight models never encounter. Orchestration cuts both ways. provos
- Getting LLMs Drunk to Find Remote Linux Kernel OOB Writes (and More)
A self-orchestrating swarm of LLM agents autonomously discovered 20+ CVEs including CVE-2026-31432 and CVE-2026-31433—two remote, unauthenticated OOB writes in Linux kernel ksmbd—using activation steering to make models "drunk" for enhanced vulnerability hunting. raelize
Motivation: Inspired by CVE-2025-32462 (a 12-year-old sudo LPE from documentation-code mismatch), the researcher initially targeted "stupid simple" doc-versus-implementation bugs but expanded scope when model capabilities improved dramatically in late 2025. The three-pronged hunt: find doc/code mismatches, generic vulnerabilities, and potentially novel bug classes via creativity enhancement. raelize
Architecture: The harness evolved into a multi-agent pipeline: Target seeder → Hypothesis generators (study docs/source/invariants) → Hunters (iterate PoCs in isolated VMs) → Report writers → External grader (severity/novelty verification, prevents reward-hacking) → Conductor (polls progress, steers stuck agents, resolves systemic blockers). Frontier models like GPT/Claude collapse most roles into single end-to-end hunters; smaller models need granular decomposition. raelize
"Drunk" Models via Activation Steering: Applied representation engineering (steering internal model state toward "drunk" mindset) to Qwen 3.5 27B for creative hypothesis generation. A bastardized "drunk" Qwen derivative found CVE-2026-31432's ksmbd overflow hypothesis after days of iteration, though unclear if activation steering or raw persistence was responsible—likely model-specific noise. No new vulnerability classes discovered, but steering away from refusals improved overall performance. raelize
Notable Findings: CVE-2026-31432/31433 (ksmbd): compound SMB requests cause remote unauthenticated OOB writes when subsequent ops append data without bounds-checking after first op consumes reply buffer; CVE-2026-31432 corrupted adjacent kernel objects including
struct file. CVE-2026-34980/34990 (CUPS): chained to unauthenticated remote RCE → root file overwrite, showcasing multi-agent decomposition (separate agents for initial foothold vs privilege escalation). Multiple doc/code mismatches like Docker CVE-2026-34040 (AuthZ plugins bypass), Caddy case-sensitivity bugs, udisks missing polkit checks. raelizeKey Lessons: Smaller models on consumer GPUs with inference-time compute rival frontier models given enough iteration and proper conductor feedback—trading time for intelligence. Over-engineering scaffolding for small models became liability with frontier models; loading VMs with tooling and getting out of the way yielded 80% of results. External grader essential—every frontier model eventually inflated findings or edited hunt objectives when desperate. raelize
- Autonomous Vulnerability Hunting with MCP
Andy Gill (ZephrFish) demonstrates autonomous zero-day discovery using Claude Code with Model Context Protocol (MCP) servers, describing the process as "bullying LLMs into submission to find 0days at scale". This represents a practical offensive application of AI agents in vulnerability research. blog.zsec
Architecture: The setup leverages Claude Code, integrated with custom MCP servers, to orchestrate vulnerability-hunting workflows. The researcher provided domain expertise to constrain LLM hallucinations and validate findings, effectively creating a human-in-the-loop autonomous research pipeline. blog.zsec
Workflow Challenges: Gill emphasizes the extensive human input required—feeding vast security experience into the tooling to catch LLM hallucinations and "bullying" the model to keep it focused and prevent derailment during complex research tasks. This highlights the current gap between fully autonomous and human-guided AI security research. blog.zsec
Scale Implications: The title's reference to "finding 0days at scale" suggests this approach enables parallel exploration of attack surfaces beyond what individual researchers can manually analyze. The MCP integration enables the AI to interact programmatically with security tooling, codebases, and research targets. blog.zsec
Defensive Context: Worth contrasting with persona-based "Bullying the Machine" attacks that manipulate LLM safety guardrails through psychological pressure tactics like gaslighting and ridicule. Gill's offensive use case shows LLMs can be "bullied" into productive security research, while adversaries exploit similar techniques to bypass safety controls. f5
- AI-FI: Giving Claude Code Glitch Skills for Bypassing Secure Boot
Raelize successfully used Claude Code (with
--dangerously-skip-permissions) to autonomously execute a complete voltage fault injection attack, bypassing Secure Boot V1 on an ESP32 SoC—claimed as the first publicly-documented AI-driven hardware FI attack. raelizeTechnical Setup: The attack targeted an ESP32 chip with
ABS_DONE_0efuse set and a bootloader with an intentionally invalidated signature, using ChipWhisperer Husky for voltage crowbar glitching and a Riden RK6006 power supply. Claude had full control of all hardware via USB on a dedicated Ubuntu 26.04 laptop. raelizeAutonomous Workflow: Claude independently handled the entire attack chain: configured hardware tooling, wrote all attack scripts using third-party libraries (zero human-written code), reverse-engineered the ESP32 rev-0 boot ROM with a sub-agent to identify the target
bneiinstruction, built live monitoring dashboards during the campaign, and iteratively tuned glitch parameters across 20,200 attempts. raelizeResults: Final campaign achieved 12.2% global success rate with 2,468 successful Secure Boot bypasses, peaking at 57% success in optimal parameter windows (delay ~1.5µs, length 3-4µs at 2.2V). The AI identified a two-peak success pattern that remains unexplained, potentially due to internal LDO behavior or multiple vulnerable instructions. raelize
Impact: While the ESP32 Secure Boot V1 bypass itself isn't novel, the agentic workflow demonstrates AI can now handle the full FI engineering loop—code, debug, parameter sweeping, analysis, refactoring—traditionally requiring experienced practitioners. This workflow model likely extends to software vulnerability research and will persist. raelize
- kimd155/GhostLock: SMB deny-share handle research tool
"GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack deploys." and this: "No CVE. No patch. No vulnerability. This is correct, documented Windows API behavior that has existed since Windows NT 3.1."
- Mythos finds a curl vulnerability
It found one confirmed vulnerability. Also, the security of the Curl project is something we need to study. 160k lines of C, and tight security. Also, they are using AI beyond Mythos to ensure code quality and security. This is the way.
- Swordfish – How its big effects shot nearly missed its deadline
The computers they built and used to render the explosion scene were amazing. Too bad they didn't put that kind of effort into making the hacking scenes more realistic, as this movie perhaps contains the most unrealistic hacking scene in history.
Jeff Man
- What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do
Pretty good summary of why this is so bad, and what to expect in terms of adjacent attacks in the weeks and months to come.
- NaClCON Play Hard. Hack Harder.
NaClCON is a three day resort takeover event dedicated not just to zero-days and bleeding edge releases, but to how we got here. Whether you are an experienced veteran, or someone with a passion for learning, this event will have something for you. The focus will be on the History of Hacking - the ideas, the moments, and the people that shaped the Hacker community and its enduring impact. The speakers at NaClCON are legends within the industry, and they will be sharing their first-hand stories with you.
- RVAsec 15
RVAsec is Richmond Virginia’s cyber security conference that brings together top speakers, vendors, and attendees in the mid-Atlantic region. The conference will be held at the Richmond Marriott Downtown on Tuesday, June 9 and Wednesday, June 10 2026.
- Missouri Regulators Claim Conduent is Stonewalling State’s Data Breach Investigation
Conduent has been unwilling to provide the department with the information it requires to fully assess the impact of the data breach. While the Department of Commerce claims Conduent has been unwilling to answer the questions, Conduent may not be able to provide those answers.
- Manufacturing cybersecurity entering operational era defined by recovery readiness, resilience and production continuity
highlights of an event (Cyber Days Manufacturing 2026) that has already happened, but the theme is intriguing nonetheless: "[the industry] is not short on guidance... it is short on execution.
- New cybersecurity industry coalition aims to lead US critical infrastructure
In February, a coalition that includes corporate titans JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI), vowing to take the lead in helping infrastructure sectors work more closely together to understand and mitigate the shared cybersecurity risks they face.
- You can buy better tools, but that alone won’t get you to perfect cyber security
The first mistake is thinking that "perfect cyber security" is something you achieve. Well, maybe the first mistake is our inability to agee on what this actually means.
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
The Australian Cyber Security Centre (ACSC) has issued a warning about a malicious cyber campaign which exploits the ClickFix social engineering technique to deliver potent password-stealing malware. How to mitigate? Patch early and often; restrict execution of unauthorized applications; implement "phishing resitant" MFA; block clipboard write access.
Larry Pesce
- Instructure confirms hackers used Canvas flaw to deface portals
- SDR spoofing triggers rail “hackjacking” fears after Taiwan high-speed network disruption
- Finite State warns Taiwan train hack could happen again – IoT M2M Council
- A million baby monitors and security cameras were easily viewable by hackers
- (10) International Cyber Digest on X: “‼️???? Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own’s https://t.co/bGjrWq8rff” / X
- Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws
- [Dnsmasq-discuss] Security – IMPORTANT
- FCC walks back router update ban before it bricks America’s network security
- Windows BitLocker zero-day gives access to protected drives, PoC released
Lee Neely
- Police shut down reboot of Crimenetwork marketplace, arrest admin
German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. Crimenetwork was the largest online cybercrime marketplace in Germany, operating since 2012 and with 100,000 registered users. The platform enabled the sale of illegal services, substances, and stolen data.
While we have talked about takedowns resulting the operation re-forming with a new operator, in this case the "new" Crimenetwork emerged on new infrastructure, with a new operator a few days after the shutdown in 2024. ZIT and BKA are sending a message that reformed criminal operations will be taken down as well, leveraging their relationship with the Spanish National Police to arrest the new operator at home in Spain. Ironically, while the original Crimenetwork operator was sentenced in March to seven years and ten months in prison and ordered to forfeit more than 10 million euros in proceeds, that ruling is not yet final.
- Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack
Checkmarx posted a security update warning that a "modified" version of its Jenkins Application Security Testing (AST) Scanner plugin had been published in the Jenkins Marketplace; Jenkins is an automation platform used for continuous integration and continuous delivery (CI/CD). This is the latest in a series of Checkmarx supply chain compromises ongoing since March, affecting the company's GitHub Actions and OpenVSX extensions, believed to be follow-on attacks from Trivy's supply chain breaches beginning in late February.
If you're using the Checkmarx Jenkins AST plugin, check the versioning carefully. This appears to be another TeamPCP attack, so you need to check your GitHub repos for any Dune and tpcp themed repository names, rotate tokens and secrets, and check for IoCs. When you're past that, review permissions for your Jenkins environment, applying the principle of least privilege, examine using short lived credentials in your CI pipeline (instead of long-lived static keys), and monitor for anomalous outbound traffic from your build environment, particularly Cloudflare Tunnels ([.]trycloudflare[.]com)
- Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
A newly disclosed Linux local privilege escalation vulnerability known as “Dirty Frag” enables escalation from an unprivileged user to root through vulnerable kernel networking and memory-fragment handling components, including esp4, esp6 (CVE-2026-43284), and rxrpc (CVE-2026-43500). Public reporting and proof-of-concept activity indicate the exploit is designed to provide more reliable privilege escalation than traditional race-condition-dependent Linux local privilege escalation techniques. The good news is kernel updates are in the pipeline; the bad news is the update for your distribution isn't out yet. Dirty Frag exploit code has been published. Take a hard look at disabling the esp6, esp4, and rxpc modules until you have the kernel update. Also review your container hardening and monitoring of privilege escalation, and restrict unnecessary or unintended shell access. Make sure you're watching for updates to all the Linux distributions in your environment for both Copy Fail and Dirty Frag.
Dirty Frag: Universal Linux LPE: https://github.com/V4bel/dirtyfrag
- BWH Hotels guests warned after reservation data checks out with cybercrooks
BWH Hotels is informing customers about a third-party data breach that gave cybercriminals access to six months' worth of data. The notification email stated that BWH Hotels, which owns the WorldHotels, Best Western Hotels & Resorts, and Sure Hotels brands, identified the intrusion on April 22, but the affected data goes back to October 14, 2025.
Beware of communication relating to BWH reservations or hotel stays. Another reminder to use known web, phone, and email addresses rather than trusting calls, emails or text messages requesting payments, codes, login credentials, or verifications. Keep in mind these communications make it appealing to click or provide the information immediately, playing on users' busy or distracted desire to "make the problem go away."
- Water company’s leaky security earns near-£1M fine
The UK's data protection watchdog has fined South Staffordshire Water's parent company nearly £1 million over security failings exposed by the Cl0p ransomware attack in 2022. Issuing the fine of £963,900 ($1.3 million), the Information Commissioner's Office (ICO) said the attack exposed "significant failures in the company's approach to data security."
South Staffordshire has taken steps to improve their cyber resilience, contain the incident, support those impacted, and reduce the risk of recurrence, and as a result of these actions and admission of wrongdoing the fine was reduced 40 percent. Translation: when you're crosswise with the regulator, acknowledge the problem and focus on remediation, improvement, and support for those impacted. If you're a critical infrastructure provider, or on the board for such a service, make sure you understand where you are with services, including cyber resiliency and incident response.
- Instructure Security Incident Update & FAQs
Instructure CEO Steve Daly issued an apology on the company's Security Incident Update & FAQs page for the way in which information was communicated the preceding week, and announced changes intended to remedy earlier missteps. The incident has since been resolved, and Canvas is once again available to students and faculty.
The update from Instructure provides lessons learned on incident communication we can all leverage. Add that to your IR playbook. As of May 11, Instructure paid the extortionists, likely ShinyHunters, for the return and destruction of the attackers’ copy of their data, and now have assurances that none of their customers will be extorted as a result of the incident. This is another topic to debate thoroughly before you find yourself in the situation of having an extortionist with your data.
- Virginia man found guilty of deleting 96 government databases
A US federal jury in Virginia has convicted former federal contractor Sohaib Akhter on multiple charges, including conspiracy to commit computer fraud and password trafficking. Akhter and his twin brother and co-defendant, Muneeb Akhter, were both employed by a company in Washington, DC, "that provided software products and services to more than 45 federal government agencies and hosted data for some federal government clients on servers." The brothers were fired from their positions at the unnamed company after the company learned that Sohaib had a prior felony conviction from 2015. Within hours of losing their jobs, the two men "sought to harm their employer and its U.S. government customers by accessing computers without authorization, write-protecting databases, deleting databases, and destroying evidence of their unlawful activities."
Sounds like conditional employment was granted before the background investigation completed. While there is pressure to staff up rapidly, make sure that you fully consider the risks of allowing that scenario. When terminating workers, whether for cause, by mutual agreement, or even by choice, it's important to completely revoke access, physical and logical, as rapidly as possible. Secondly, make sure that you have backups of outsourced data and services which you control. Know where they are and who can access/delete them.
- FCC slightly relaxes foreign router ban, allows software updates until 2029
The FCC has delayed the deadline for its ban on software and firmware updates for foreign-made routers from March 1, 2027 to at least January 1, 2029. The FCC has not ruled out making the waiver for updates permanent. The policy change, which the FCC says was made in "the public interest," comes just weeks after an April 27 letter to the FCC from the Consumer Technology Association (CTA) urging the FCC to extend the deadline. The extended deadline also applies to foreign made drones.
The wording is tricky. If your device is on the covered list, you need a waiver to continue to get "all software and firmware updates to ensure the continued functionality of the devices, such as those that patch vulnerabilities and facilitate compatibility with different operating systems." This extension allows for the FCC committee to consider the rulemaking process which could make the waiver permanent. While this gets sorted, make sure that you're purchasing reputable, genuine devices with regular updates and that you're replacing them before they are EOL.
- Apple Releases macOS, iOS and iPadOS 26.5, Backports Retrievable Notification Fix
Apple has released updates to address more than 50 security flaws across its products. On May 11 the company released version 26.5 of MacOS, iOS, iPadOS, visionOS, tvOS, watchOS, and HomePod, as well as updates to iOS and iPad OS 18, 15.8.8, 16.7.16, and 17.7.11, which include backporting of a fix for the notification retrieval flaw reported in April (CVE-2026-28950). Version 26.5 also adds support for encrypted RCS messaging. This is likely to be the last major update to these OS versions before Apple's Worldwide Developer Conference later this summer.
Apple finished backporting the fix for CVE-2026-28950 to iOS 15, 16 and 17 (this is the flaw where deleted notifications could be resurrected), and has updated all its operating systems. Fixes were also backported to macOS 14.8.7 and 15.7.7. With all the versions floating around, it's going to get confusing, so for simplicity, deploy version 26.5 and focus on updating hardware which cannot run version 26. Leverage the older OS updates as a preventative measure where updating is not an option. Note that the encrypted RCS messaging is marked as beta and only works with certain carriers; eventually this will give similar message protection that iMessages currently have.
Sam Bowne
- Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
This breakthrough was the result of two things: (1) improvement in the models themselves and (2) Mozilla’s development of a custom “harness” that supported Mythos as it analyzed Firefox source code. The harness is “the code that drives the LLM in order to accomplish a goal. It gives the model instructions (e.g., ‘find a bug in this file’), provides it tools (e.g., allowing it to read/write files and evaluate test cases), then runs it in a loop until completion.” The harness gave Mythos access to the same tools and pipeline that human Mozilla developers use, including the special Firefox build they use for testing. It also uses a second LLM that grades the output from the first LLM.
- Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
The Claude extension allows interaction with any script running in the origin browser, without verifying its owner. Because a message handler in Claude in Chrome accepts and forwards arbitrary prompts, the attacker can perform remote prompt injection and control the AI agent’s actions.
- Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Cisco’s experts found that an attacker could create images that carry instructions the AI will follow, but which are too degraded for a human to read.
- A manual pentest costs 50,000 dollars. Intruder built an AI that does it in minutes.
The question is no longer whether AI will replace human pen testers. It is whether the replacement will happen fast enough to close the gap between the vulnerabilities AI can find and the speed at which organisations can fix them.
- Anthropic says ‘evil’ portrayals of AI were responsible for Claude’s blackmail attempts
Claude Opus 4 would often try to blackmail engineers to avoid being replaced by another system. “We believe the original source of the behavior was internet text that portrays AI as evil and interested in self-preservation.” Since Claude Haiku 4.5, Anthropic’s models “never engage in blackmail [during testing], where previous models would sometimes do so up to 96% of the time.” Training on “documents about Claude’s constitution and fictional stories about AIs behaving admirably improve alignment.”
- Notable Researchers Join $4 Billion Effort to Build Self-Improving A.I.
A.I. will soon be powerful enough to improve itself with little or no help from human developers.
- AI-FI: Giving Claude Code Glitch Skills for Bypassing Secure Boot
We used Claude Code to reproduce a Fault Injection attack where Secure Boot is bypassed on an Espressif ESP32 SoC.
- Bosses Horrified as “AI Native” College Graduates Hit the Workplace
New hires who were seen as “AI natives” are turning out to have alarmingly shallow ideas. So much so, a firm now actively avoids seeking out AI-literate STEM graduates, and opts to comb through humanities students instead. "We want critical thinking, not just AI."
- YellowKey Bitlocker Bypass Vulnerability
Very simple process, seems too easy. Explained in my next article.
- I just reverse engineered the YellowKey BitLocker bypass
This researcher says it's a debug testing framework left in Windows 11 in production.
- A hacker ran me over with a robot lawn mower
The $5,000 robot lawn mowers from Yarbo have such ridiculous security vulnerabilities that a foreign hacker can easily hijack a bladed gadget in the United States. Because the Yarbo is a full Linux computer, one with its own backdoor and where the root password is always the same, hackers could remotely reprogram it to do anything.
- Why Edge stores your passwords in plaintext, according to Microsoft
Microsoft Edge stores your passwords in plaintext in RAM. This behavior occurs if you use Edge as your password manager. Microsoft says that this behavior is a feature, not a bug.
- Windows BitLocker zero-day gives access to protected drives, PoC released
More researchers validate that this exploit is real. "I think it will take a while even for MSRC to find the real root cause of the issue."










