Vulnerabilities

CVEs, zero-days, patches, advisories

24 stories

Bearish 7

SonicWall SMA1000 Zero-Days: Patch Two CVSS 10.0 Flaws by July 17

SonicWall confirms active exploitation of two critical zero-day vulnerabilities in SMA1000 appliances. CISA adds the flaws to its KEV catalog with a three-day government remediation deadline. Details on SSRF and code injection risks, affected models, and IOCs.

Verified by 2 sources
Bearish 7

SAP July 2026 Patches: 9.9 CVSS NetWeaver Flaw, 2 More Critical Fixes

SAP's July 2026 security update addresses three critical vulnerabilities, including a 9.9-rated memory corruption in NetWeaver AS ABAP. The flaws could allow attackers to access sensitive data, disrupt operations, or hijack sessions. Security teams must prioritize patching, with workarounds available for immediate risk mitigation.

Verified by 2 sources
Neutral 8

CISA Finds 'Substantial' Vulnerabilities in Government Code Using Mythos AI, 3 Sources Say

CISA’s elite Attack Surface Evaluation team has deployed Anthropic’s Mythos AI to automatically hunt for flaws in federal codebases, already uncovering a substantial number of security vulnerabilities, according to three sources. The initiative marks a major shift toward AI-driven proactive defense for national infrastructure.

Verified by 2 sources
Bullish 7

3 Sources: CISA Deploys Anthropic Mythos AI to Audit Government Code for Bugs

CISA is using Anthropic’s AI model Mythos to scan federal code repositories for security weaknesses, uncovering a large number of vulnerabilities. The move accelerates the government’s capacity to hunt down exploitable bugs, though it raises questions about AI-driven false positives and oversight. This exclusive report signals a pivotal shift in how the U.S. defends its digital infrastructure.

Bearish 8

Mythos AI turned hours into zero-day discovery for US classified systems

An AI red-teaming exercise using Anthropic’s Mythos model identified vulnerabilities across almost all classified U.S. government networks in hours, compressing the traditional weeks-long security audit timetable. The finding points to a future where autonomous vulnerability scanners could dominate cyber defense and offense.

Verified by 2 sources
Neutral 5

Meta AI glasses block recording when LED tampered: $100 stealth ads targeted

Meta is implementing a firmware update that disables recording on its second-gen AI glasses if the capture LED is tampered with, after a black market offered $100 LED removal services. The move introduces a hardware-enforced privacy control in a consumer wearable.

Verified by 2 sources
Bullish 8

CISA’s Mythos Audits Find ‘Large Number’ of Bugs in Govt Code, 3 Sources Say

CISA is leveraging Anthropic’s advanced AI model Mythos to proactively scan government software for security flaws, revealing a significant vulnerability discovery. This adoption marks a new frontier in automated vulnerability management despite Anthropic’s fraught relationship with the Pentagon.

Verified by 2 sources
Bearish 7

1+ year-old Apple Hide My Email flaw unmasked 100% of aliases tested

A critical privacy vulnerability in Apple's Hide My Email feature went unaddressed for over a year despite responsible disclosure, leaving users exposed to email unmasking. Cybersecurity researchers from EasyOptOuts found that 100% of tested aliases were reversible, and the flaw remains active as of July 2026. Apple acknowledged the bug, but a claimed March 2026 fix failed, highlighting lapses in vulnerability management.

Verified by 2 sources
Bullish 8

IBM and OpenAI Debut AI AppSec Service with 24/7 Code Vulnerability Monitoring

IBM joins OpenAI's Daybreak Cyber Partner Program, launching an AI-driven application security service that provides continuous, read-only code analysis to identify and validate software vulnerabilities at machine speed. The managed service leverages OpenAI's frontier models and IBM Consulting Advantage to offer enterprises scalable vulnerability assessment.

Verified by 4 sources
Bearish 9

Mythos AI Uncovers Classified System Flaws in Hours, Sparking Cyber Defense Race

A testing exercise revealed Anthropic’s Mythos model can identify vulnerabilities inside classified U.S. systems in hours, a capability that reshapes the cybersecurity landscape. While the model reportedly did not exploit the flaws, the speed of discovery accelerates the imperative for AI-driven patch management and zero-trust architectures. The incident may also drive new regulatory mandates for AI red-teaming in federal systems.

Verified by 2 sources
Bullish 8

OpenAI's Patch the Planet Finds Hundreds of Bugs in 5-Day Sprint

OpenAI and Trail of Bits kick off a large-scale bug-hunting initiative for open-source projects, uncovering hundreds of vulnerabilities in a single week. The effort aims to relieve maintainers overwhelmed by AI-generated vulnerability reports and sets a new standard for AI-augmented security triage.

Verified by 2 sources
Bearish 8

86,644 FortiGate Devices Compromised in FortiBleed; CISA Alert

The FortiBleed credential campaign leveraging default and stolen passwords has compromised over 86,000 FortiGate firewalls globally. CISA warns of ongoing Russian-speaking threat actor activity, with telecom, government, and education heavily impacted.

Verified by 2 sources
Bearish 8

RoguePlanet Defender Zero-Day Has 100% Exploit Success on Some Windows Machines

A publicly dropped zero-day in Microsoft Defender, tracked as CVE-2026-50656 (CVSS 7.8), can yield SYSTEM privileges with up to 100% reliability on patched Windows 10/11, even when real-time protection is off. Microsoft is scrambling to produce a patch amid an escalating dispute with the researcher behind the PoC.

Verified by 2 sources
Bearish 8

AI Exposes 4-Year-Old Zcash Bug: 50% Token Crash Signals Cyber Threat Shift

The Zcash incident demonstrates how AI can uncover deeply hidden vulnerabilities in complex systems within days, leading to a 50% market collapse. For cybersecurity professionals, it’s a warning that AI-driven threat discovery is now operational, demanding a urgent shift to AI-augmented defense.

Verified by 2 sources
Bearish 7

Anthropic bans 2 AI models: Jailbreak risk triggers India cyber alarm

Anthropic’s suspension of its Fable 5 and Mythos 5 models, citing U.S. government directive, exposes critical cybersecurity fault lines for Indian enterprises reliant on foreign AI. The alleged jailbreak vulnerabilities, flagged by Amazon’s CEO, underscore how AI supply chains can become vectors for national security threats. Indian firms must now reassess the cyber risks of outsourcing intelligence to models they cannot audit or control.

Verified by 2 sources
Bearish 8

Anthropic Shuts Off AI for 200M+ Users Amid US Jailbreak Risk Order

The US export ban on Anthropic's Fable 5 and Mythos 5 over a vulnerability-discovery jailbreak signals a new era where AI is regulated as a cyber exploit tool. The forced global shutdown affecting hundreds of millions underscores the convergence of AI safety and cyber defense.

Verified by 3 sources
Bearish 7

Google: ShinyHunters Hit 100+ Orgs in PeopleSoft Zero‑Day; 68% Were US Universities

Google and Mandiant confirm active exploitation of CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft. The ShinyHunters group compromised roughly 300 instances, with the higher education sector bearing 68% of the impact. Oracle has only released mitigations, leaving organizations exposed to data theft and extortion.

Verified by 2 sources
Bearish 8

AI-Generated Medical Deepfakes Fool Radiologists, Raising Network Security Risks

A study from the Icahn School of Medicine reveals that AI-generated X-rays can deceive experienced radiologists and advanced AI models, including those that created them. This discovery highlights a critical cybersecurity vulnerability where synthetic images could be injected into hospital networks to manipulate diagnoses or facilitate insurance fraud.

Verified by 2 sources
Bullish 6

Mondoo Debuts AI-Driven Agentic Service to Automate Vulnerability Remediation

Mondoo has launched its Agentic Managed Vulnerability Service, a new offering designed to bridge the gap between security discovery and actual remediation. By leveraging AI-driven agents, the service aims to automate the complex process of fixing security flaws across diverse IT environments, significantly reducing the mean time to remediate (MTTR).

Verified by 3 sources
Bearish 7

Critical Vulnerabilities in SiteOrigin and Calendar Plugins Impact 600k Sites

Security researchers have identified high-severity vulnerabilities in two popular WordPress plugins, Page Builder by SiteOrigin and a widely used calendar plugin, affecting a combined 600,000 websites. The SiteOrigin flaw, rated 8.8 out of 10, presents a significant risk of unauthorized access or site takeover if left unpatched.

Verified by 2 sources
Bearish 8

Hospitals Face Ransomware Risk via Critical BeyondTrust Remo Vulnerability

U.S. federal authorities and industry officials have issued an urgent warning regarding a critical flaw in BeyondTrust Remo remote access software. The vulnerability is reportedly being leveraged by ransomware actors to target hospitals and clinics, threatening patient care and data security.

Verified by 2 sources
Bearish 8

Chinese State Hackers Weaponize Dell RecoverPoint Zero-Day Since Mid-2024

A sophisticated Chinese cyberespionage group, tracked as UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines for nearly two years. The flaw, identified as CVE-2026-22769, allowed attackers to maintain long-term persistence and conduct stealthy malware campaigns against high-value targets.

Verified by 4 sources

About Cybersecurity Vulnerabilities coverage

According to our own tracking database, this category has accumulated 24 vulnerabilities stories since coverage began. This page aggregates the latest vulnerabilities stories within our cybersecurity coverage area. Every story is cross-referenced across multiple primary sources, scored for sentiment and operational impact, and timestamped so fresh developments surface first. We track cves, zero-days, patches, advisories and surface the angles a domain expert would actually read.

Story selection follows our editorial methodology — impact scoring weights regulatory, financial, and operational developments distinctly. Sentiment is classified across five tiers via supervised classification trained on labeled industry corpora. See our glossary for term definitions and our trends index for longitudinal patterns across the cybersecurity beat.

SignalWhat it tells you
Verified by N sourcesConfidence the story isn't a single-source rumor — N≥2 means the development is independently corroborated.
Impact score (1-10)Estimated regulatory, financial, or operational impact. 8+ indicates a story experienced operators should act on.
SentimentFive-tier classification (very bullish through very bearish) trained on labeled cybersecurity-specific corpora.
Time stampRecency. Fresh stories (under 1h) render with a highlighted timestamp; stale stories (≥24h) render dimmed.