Tag

Cyber Security

All articles tagged with #cyber security

FBI builds a 22,000-square-foot cyber-range town to train for attacks
security26 days ago

FBI builds a 22,000-square-foot cyber-range town to train for attacks

Last year the FBI opened the Kinetic Cyber Range in Huntsville, Alabama—a 22,000-square-foot replica town with a hotel, gas station, hospital, and a data center with 200 servers—that is cut off from the internet to safely simulate real-world cyberattacks for training and research, including forensic work on car systems, hospital networks, power grids, and home networks; the bureau released a video this week giving the public its first look inside.

Emergency Chrome Patch Closes In-the-Wild Zero-Day Exploit
cyber-security1 month ago

Emergency Chrome Patch Closes In-the-Wild Zero-Day Exploit

Google issued an emergency Chrome security update (Windows/macOS: 149.0.7827.102/103; Linux: 149.0.7827.102) patching 74 vulnerabilities, including a critical zero-day in the V8 engine that was observed exploited in the wild (CVE-2026-11645). The release also fixes 17 Critical flaws across core subsystems after a broad security audit, with many use-after-free memory issues that could enable remote code execution. An external researcher “303f06e3” discovered the zero-day, for which Google awarded $55,000; update guidance is to manually install the patch now via Help → About Google Chrome and relaunch, with enterprise admins urged to push the update to endpoints promptly as automatic rollout continues.

NSA taps Anthropic Mythos for cyber operations amid AI governance clash
technology1 month ago

NSA taps Anthropic Mythos for cyber operations amid AI governance clash

The Financial Times reports that Anthropic has embedded around half a dozen forward-deployed engineers inside the NSA to guide and tailor Mythos for potential offensive cyber use, though it’s not clear if they’re aiding live operations. The arrangement occurs as Anthropic fights government restrictions on Claude models and expands Mythos access abroad, highlighting the growing role of AI in national security and cyber capabilities.

Urgent Patch Urged as Windows Netlogon CVE-2026-41089 Sees Active Exploitation
cyber-security1 month ago

Urgent Patch Urged as Windows Netlogon CVE-2026-41089 Sees Active Exploitation

The critical Windows Netlogon remote code execution vulnerability CVE-2026-41089 is now actively exploited in the wild, allowing unauthenticated code execution on domain controllers via crafted Netlogon requests. Microsoft released patches for supported Windows Server versions as part of May 2026 Patch Tuesday, and advisories urge rapid deployment, enhanced monitoring, and tighter network segmentation to mitigate risk of domain takeover.

Iran weaponizes Western AI to sharpen cyber warfare
world1 month ago

Iran weaponizes Western AI to sharpen cyber warfare

Western AI models such as OpenAI’s ChatGPT and Google’s Gemini are increasingly used by Iran’s security apparatus to accelerate cyber operations, enabling malware development, multilingual phishing, and faster, larger-scale attacks; Iran is also building an offline national AI platform to endure internet outages and enhance drone, missile guidance, and electronic warfare, while OpenAI and other providers work to curb abuse. Analysts say Iran’s use of AI spans research, translation, and planning, signaling a rising capability that lags behind Western powers but is closing the gap amid ongoing regional tensions.

Active Exploitation of PAN-OS Authentication Bypass CVE-2026-0257 Prompts Urgent Patch
cyber-security1 month ago

Active Exploitation of PAN-OS Authentication Bypass CVE-2026-0257 Prompts Urgent Patch

PAN-OS and Prisma Access are being exploited for CVE-2026-0257, a remote authentication bypass in the non-default Authentication Override feature that lets attackers forge session cookies and bypass login to establish unauthorized GlobalProtect VPN connections. Rapid7 has documented two exploitation waves in May 2026, with indicators including spoofed MAC aa:bb:cc:dd:ee:ff and IPs tied to the waves (e.g., 104.207.144.154; 146.19.216.119/120/125). CISA added the flaw to KEV on May 29, 2026. Patches are available for PAN-OS versions 12.1.4-h6/12.1.7, 11.2.12, 11.1.15, 10.2.18-h6 and Prisma Access 11.2.7-h13+ (or later) or 10.2.10-h36+. Mitigations include disabling authentication override if not needed, using a dedicated cookie-encryption certificate, hunting for IOCs in VPN/GlobalProtect logs, and applying MDR detection rules (e.g., “Suspicious Authentication – Palo Alto GlobalProtect Cookie Authentication to Local Admin Account”). Despite a medium CVSSv4 score, rapid remediation is urged due to active exploitation and a public PoC.

AI Discovers 10,000+ Zero-Days in Glasswing Cyberdefense Initiative
cyber-security1 month ago

AI Discovers 10,000+ Zero-Days in Glasswing Cyberdefense Initiative

Anthropic revealed that Glasswing, powered by Claude Mythos Preview, autonomously identified over 10,000 high- and critical-severity zero-day vulnerabilities across critical software in its first month, with more than 50 tech partners including Microsoft, Apple, Google, and Cloudflare. Cloudflare alone found about 2,000 bugs (400 high/critical); Mozilla patched 271 Firefox vulnerabilities, while many disclosures have not been patched upstream, highlighting a severe patch-delivery bottleneck. The findings underscore the need for stronger defenses and faster triage, as Mythos-class models remain restricted to defenders, with Claude Security in public enterprise beta and industry groups rolling out supporting tools to cope with the AI-driven vulnerability deluge.

Anthropic to brief global regulators on AI-driven cyber gaps in finance
technology1 month ago

Anthropic to brief global regulators on AI-driven cyber gaps in finance

Anthropic will brief the Financial Stability Board on cyber vulnerabilities exposed by its Claude Mythos Preview AI, following a request from Bank of England Governor Andrew Bailey. The briefing aims to discuss Mythos’ capabilities as regulators push for sound AI-adoption practices in finance. Anthropic says Mythos has identified thousands of high-severity vulnerabilities across major operating systems and browsers, with about 40 organisations having access to Mythos (including Amazon, Microsoft and JPMorgan Chase) and wider distribution limited after White House input. Regulators, IMF and UK authorities are urging faster patching to mitigate AI-driven cyber risks to the global financial system.

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows
cyber-security1 month ago

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution
cyber-security1 month ago

18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution

A severe heap-buffer-overflow bug in NGINX’s ngx_http_rewrite_module (CVE-2026-42945, CVSS 9.2) allows unauthenticated remote code execution when rewrite and set directives are used together, affecting NGINX Open Source 0.6.27–1.30.0 and several F5/NGINX products; a working PoC is public. Patch guidance includes upgrading to NGINX 1.30.1 or 1.31.0 and auditing configurations that combine rewrite+set directives, with a recommendation to add a WAFlayer until patching is complete. Additional related CVEs include CVE-2026-42946 (high severity, memory corruption), CVE-2026-40701 (medium, use-after-free), and CVE-2026-42934 (medium, out-of-bounds read).

Fragnesia: Local Linux kernel flaw lets unprivileged users gain root access
cyber-security1 month ago

Fragnesia: Local Linux kernel flaw lets unprivileged users gain root access

Security researchers disclosed Fragnesia, a local privilege-escalation vulnerability in the Linux kernel (Dirtyfrag family) that lets an unprivileged user escalate to root by abusing ESP-in-TCP ULP handling and corrupting the kernel page cache, effectively enabling an in-memory overwrite of /usr/bin/su to spawn a root shell without altering on-disk binaries. The flaw affects virtually all kernels affected by Dirtyfrag up to May 13, 2026; upstream patches exist, but unpatched systems remain at risk. Mitigations include unloading/disabling the affected ESP modules (esp4, esp6, rxrpc) via a dirtyfrag.conf and flushing caches or rebooting to drop the modified page cache. A public PoC on GitHub lowers the barrier to exploitation, so applying the patch promptly is critical.

Microsoft 365 Copilot Flaws Lead to Data Exposure, Cloud Fix Deployed
cyber-security2 months ago

Microsoft 365 Copilot Flaws Lead to Data Exposure, Cloud Fix Deployed

Microsoft disclosed and fully mitigated three critical cloud-side information-disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Edge (CVE-2026-26129, CVE-2026-26164, CVE-2026-33111). The flaws—rooted in improper handling of special elements and command injection—could allow leakage of sensitive enterprise data over the network. Mitigations are deployed at the service level; no patches or admin actions are required. Security teams should review Copilot data access permissions and enforce least-privilege to reduce exposure from future flaws.

Edge Starts Up With All Passwords Exposed in RAM, Security Researchers Warn
cyber-security2 months ago

Edge Starts Up With All Passwords Exposed in RAM, Security Researchers Warn

A security researcher disclosed that Microsoft Edge decrypts and loads every saved password into plaintext within the browser’s process memory at startup, unlike Chrome which decrypts on demand and uses App-Bound Encryption. This creates a wide attack surface in shared or multi-user environments since credentials are present in memory for the entire session, even though Edge still prompts for re-authentication to view passwords. Microsoft says the behavior is by design, leaving security teams to consider disabling or mitigating this risk until Edge adopts on-demand decryption and stronger protections.

Microsoft Defender Misclassifies DigiCert Root Certificates as Malware
cyber-security2 months ago

Microsoft Defender Misclassifies DigiCert Root Certificates as Malware

Microsoft Defender’s late-April 2026 signature update wrongly flagged two DigiCert root certificates as malware (Trojan:Win32/Cerdigent.A!dha), quarantining their entries in Windows’ AuthRoot/Certificates store and risking SSL/TLS validation and code-signing for enterprise software. A corrective definition update (.430) began restoring the certificates, with automatic remediation rolling out and admins advised to verify restoration via certutil and Advanced Hunting logs. This incident underscores the risks of false positives in automated security responses targeting core Windows components.

Mythos AI Triggers Cross-Sector Push to Guard Infrastructure
technology2 months ago

Mythos AI Triggers Cross-Sector Push to Guard Infrastructure

Anthropic’s Mythos AI, rolled out to a select group of firms, accelerates vulnerability detection and patching, raising alarms that rapid, cross‑sector coordination between governments and business is needed to defend critical infrastructure like hospitals, banks and utilities from new threats and potential autonomous attack agents while managing patch downtime.