Flat OT networks facilitate lateral attack propagation; endpoint-level enforcement stops these movements more effectively than network segmentation alone.
After weeks of exclusion, the EU now gains access to Anthropic’s Mythos hacking AI model, while the Commission works on a formal action plan for such systems.
Dense CVE situation: Cisco Secure Firewall, FortiGate backdoor, Linux kernel privilege escalation, PAN-OS actively exploited. Plus three supply-chain incidents, CISA credential leak, and new AI attack classes—what belongs on the CISO desk this week.
Three threads shaped May: the AI Omnibus and first high-risk guidelines from Brussels, Claude 4.8 with KPMG scaling as commercial proof, and a wave of supply-chain incidents from Nx-Console to axios — what began in May becomes operational in June.
Lapsus$ stole source code from Vodafone and published it, demonstrating the gang’s operationalization and highlighting the critical need to secure source code and developer assets within zero-trust infrastructure.