Security & Lifecycle News

Anthropic confirms Claude Mythos-class models will roll out to the public

Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]

Troops’ phones gave away location data to foreign adversaries

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data

BTMOB Android malware service generates custom phishing payloads

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Six 0-days, three under active exploitation, more to come on July 14?

Snowflake buys Natoma to help freeze out rogue agents

It is the database titan’s sixth acquisition announcement since June 2025

Name That Toon Contest

IPB201: The Never-Ending Prefix Debate: Revisiting Best Current Practices

Today’s conversation centers around a new Best Current Practices (BCP) RFC draft written by Jordi Palet Martinez. Our hosts explore the document for service providers and enterpris…

FBI warns of fake FIFA websites running World Cup fraud schemes

The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and pus…

Dutch Raid Fails to Dent Russian Bulletproof Host

Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core IP address space intact.

Google, Canonical team up to certify Ubuntu images for TPU VMs

Chocolate Factory shifts Tensor Processing Unit Ubuntu support back upstream

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks

Researchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russ…

N4N056: A Wireless NAC Walkthrough

In the previous episode of N is for Networking, Jennifer “JJ” Jabbusch gave us a thorough overview of Network Access Control (NAC) for wired networks. This week we’re going wireles…

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer calle…

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certa…

Geordie Raises $30 Million for AI Security and Governance Platform

The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures. The post Geordie Ra…

Microsoft tests the 15-character limit of Windows Server admins' patience

May security update trips over hostnames of a very specific length

Europe told to cool its datacenter boom before water and power run short

Get the balance right, Grundfos says, and the region will be a shining example of how to do it without sacrificing the environment

Agentic AI Isn't Risky; the Way Orgs Deploy It Is

AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver a credential-stealing ma…

Zig creator seeks 'uncompromising perfection' before blessing 1.0

Andrew Kelley interview describes paying monthly for cloud-powered AI coding as an 'insane proposition'

Carnival Data Breach Exposed 6 Million People

Data breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on SecurityWeek.

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

Three in ten HP customers still clinging to Windows 10

Refresh cycle sluggishness is a tailwind, insists PC giant's money people

How SIEM helps MSPs reduce noise and stop threats faster

MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. …

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportuni…

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-…

Qualcomm picks bad time to pitch a $300 laptop platform

Systems based on Snapdragon C to target students, families, and small businesses

AI agents get their own phone directory built atop DNS

DNS-AID, under the auspices of the Linux Foundation, promises easier agent discovery