SonicWall confirms active exploitation of two critical zero-day vulnerabilities in SMA1000 appliances. CISA adds the flaws to its KEV catalog with a three-day government remediation deadline. Details on SSRF and code injection risks, affected models, and IOCs.
SAP's July 2026 security update addresses three critical vulnerabilities, including a 9.9-rated memory corruption in NetWeaver AS ABAP. The flaws could allow attackers to access sensitive data, disrupt operations, or hijack sessions. Security teams must prioritize patching, with workarounds available for immediate risk mitigation.
CISA’s elite Attack Surface Evaluation team has deployed Anthropic’s Mythos AI to automatically hunt for flaws in federal codebases, already uncovering a substantial number of security vulnerabilities, according to three sources. The initiative marks a major shift toward AI-driven proactive defense for national infrastructure.
CISA is using Anthropic’s AI model Mythos to scan federal code repositories for security weaknesses, uncovering a large number of vulnerabilities. The move accelerates the government’s capacity to hunt down exploitable bugs, though it raises questions about AI-driven false positives and oversight. This exclusive report signals a pivotal shift in how the U.S. defends its digital infrastructure.
An AI red-teaming exercise using Anthropic’s Mythos model identified vulnerabilities across almost all classified U.S. government networks in hours, compressing the traditional weeks-long security audit timetable. The finding points to a future where autonomous vulnerability scanners could dominate cyber defense and offense.
Meta is implementing a firmware update that disables recording on its second-gen AI glasses if the capture LED is tampered with, after a black market offered $100 LED removal services. The move introduces a hardware-enforced privacy control in a consumer wearable.
CISA is leveraging Anthropic’s advanced AI model Mythos to proactively scan government software for security flaws, revealing a significant vulnerability discovery. This adoption marks a new frontier in automated vulnerability management despite Anthropic’s fraught relationship with the Pentagon.
Binary coverage fuzzing can be gamed by simple loops, causing security testers to miss critical vulnerabilities. A technique using 8-bucket hit counts provides richer feedback, enabling detection of bugs that would otherwise be overlooked.
A critical privacy vulnerability in Apple's Hide My Email feature went unaddressed for over a year despite responsible disclosure, leaving users exposed to email unmasking. Cybersecurity researchers from EasyOptOuts found that 100% of tested aliases were reversible, and the flaw remains active as of July 2026. Apple acknowledged the bug, but a claimed March 2026 fix failed, highlighting lapses in vulnerability management.
IBM joins OpenAI's Daybreak Cyber Partner Program, launching an AI-driven application security service that provides continuous, read-only code analysis to identify and validate software vulnerabilities at machine speed. The managed service leverages OpenAI's frontier models and IBM Consulting Advantage to offer enterprises scalable vulnerability assessment.
A testing exercise revealed Anthropic’s Mythos model can identify vulnerabilities inside classified U.S. systems in hours, a capability that reshapes the cybersecurity landscape. While the model reportedly did not exploit the flaws, the speed of discovery accelerates the imperative for AI-driven patch management and zero-trust architectures. The incident may also drive new regulatory mandates for AI red-teaming in federal systems.
OpenAI and Trail of Bits kick off a large-scale bug-hunting initiative for open-source projects, uncovering hundreds of vulnerabilities in a single week. The effort aims to relieve maintainers overwhelmed by AI-generated vulnerability reports and sets a new standard for AI-augmented security triage.
The FortiBleed credential campaign leveraging default and stolen passwords has compromised over 86,000 FortiGate firewalls globally. CISA warns of ongoing Russian-speaking threat actor activity, with telecom, government, and education heavily impacted.
While a space-based control system would remove weather-related vulnerabilities, it opens a new celestial attack surface. Security experts warn that satellites could be jammed, spoofed, or hacked, giving remote actors a way to disrupt train operations.
A publicly dropped zero-day in Microsoft Defender, tracked as CVE-2026-50656 (CVSS 7.8), can yield SYSTEM privileges with up to 100% reliability on patched Windows 10/11, even when real-time protection is off. Microsoft is scrambling to produce a patch amid an escalating dispute with the researcher behind the PoC.
The Zcash incident demonstrates how AI can uncover deeply hidden vulnerabilities in complex systems within days, leading to a 50% market collapse. For cybersecurity professionals, it’s a warning that AI-driven threat discovery is now operational, demanding a urgent shift to AI-augmented defense.
Anthropic’s suspension of its Fable 5 and Mythos 5 models, citing U.S. government directive, exposes critical cybersecurity fault lines for Indian enterprises reliant on foreign AI. The alleged jailbreak vulnerabilities, flagged by Amazon’s CEO, underscore how AI supply chains can become vectors for national security threats. Indian firms must now reassess the cyber risks of outsourcing intelligence to models they cannot audit or control.
The US export ban on Anthropic's Fable 5 and Mythos 5 over a vulnerability-discovery jailbreak signals a new era where AI is regulated as a cyber exploit tool. The forced global shutdown affecting hundreds of millions underscores the convergence of AI safety and cyber defense.
Google and Mandiant confirm active exploitation of CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft. The ShinyHunters group compromised roughly 300 instances, with the higher education sector bearing 68% of the impact. Oracle has only released mitigations, leaving organizations exposed to data theft and extortion.
A study from the Icahn School of Medicine reveals that AI-generated X-rays can deceive experienced radiologists and advanced AI models, including those that created them. This discovery highlights a critical cybersecurity vulnerability where synthetic images could be injected into hospital networks to manipulate diagnoses or facilitate insurance fraud.
Mondoo has launched its Agentic Managed Vulnerability Service, a new offering designed to bridge the gap between security discovery and actual remediation. By leveraging AI-driven agents, the service aims to automate the complex process of fixing security flaws across diverse IT environments, significantly reducing the mean time to remediate (MTTR).
Security researchers have identified high-severity vulnerabilities in two popular WordPress plugins, Page Builder by SiteOrigin and a widely used calendar plugin, affecting a combined 600,000 websites. The SiteOrigin flaw, rated 8.8 out of 10, presents a significant risk of unauthorized access or site takeover if left unpatched.
U.S. federal authorities and industry officials have issued an urgent warning regarding a critical flaw in BeyondTrust Remo remote access software. The vulnerability is reportedly being leveraged by ransomware actors to target hospitals and clinics, threatening patient care and data security.
A sophisticated Chinese cyberespionage group, tracked as UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines for nearly two years. The flaw, identified as CVE-2026-22769, allowed attackers to maintain long-term persistence and conduct stealthy malware campaigns against high-value targets.
About Cybersecurity Vulnerabilities coverage
According to our own tracking database, this category has accumulated 24 vulnerabilities stories since coverage began. This page aggregates the latest vulnerabilities stories within our cybersecurity coverage area. Every story is cross-referenced across multiple primary sources, scored for sentiment and operational impact, and timestamped so fresh developments surface first. We track cves, zero-days, patches, advisories and surface the angles a domain expert would actually read.
Story selection follows our editorial methodology — impact scoring weights regulatory, financial, and operational developments distinctly. Sentiment is classified across five tiers via supervised classification trained on labeled industry corpora. See our glossary for term definitions and our trends index for longitudinal patterns across the cybersecurity beat.