Aggregator

2026年6月5日，上海明捷万丽酒店二层宴会厅

Die MetaRheinMainChaosDays (MRMCD) sind eine seit 2004 jährlich stattfindende Konferenz des

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Two independent studies found that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have outpaced every trend line researchers were tracking. No one is sure if this is a one-time leap or the new normal.

The post Researchers say AI just broke every benchmark for autonomous cyber capability appeared first on CyberScoop.

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]

The committee held a closed briefing Wednesday with company reps, and more oversight is in the works.

The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop.

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Malicious npm Package Lets Attackers Capture Refreshed Tokens
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open Source
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

Medical Board Urged State to Ditch Pilot, Citing Patient Safety Concerns
The state of Utah is forging ahead with a pilot program that allows patients with chronic conditions to autonomously refill medication prescriptions using an artificial intelligence-powered telehealth platform despite opposition from its state medical licensing board.

Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in Vulnerabilities
AI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.

The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]

Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script ...

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through ...

Currently trending CVE - Hype Score: 1 - In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP ...