GreyVibe compensates for technical deficits through intensive use of commercial AI tools, enabling attack scaling that would normally require substantial personnel resources.
CISA confirms active exploitation of the remote code execution vulnerability CVE-2026-45247 in Magento cache extension and calls on federal agencies to remediate.
CHERRL enables reproducible analysis of reward hacking mechanisms through controlled bias injection and automatic detection of exploitation onset in LLM-based training.
Anthropic expands Mythos access to 150 new organizations; security experts warn of structural changes driven by frontier AI models and the risk of vulnerability chaining.
CVE-2025-48595 in the Android Framework enables privilege escalation already being exploited on devices running Android 14 or newer and is being actively weaponized by commercial spyware and state-sponsored actors against journalists and decision-makers.
GitHub passed unscoped OAuth tokens to the VSCode browser instance, allowing attackers to access all private repositories of a developer via manipulated Jupyter Notebook extensions.