#cybersecurity

Mistral AI CEO Arthur Mensch told a French inquiry that letting foreign frontier models scan military code bases could create a security dependency Europe may struggle to reverse.

Researchers at Qualys disclosed CVE-2026-46333, a Linux kernel information-disclosure bug that can expose SSH host private keys and password hashes under specific conditions.

Researchers at Carnegie Mellon University say a new benchmark measuring real V8 exploitation found Anthropic's Claude Mythos Preview well ahead of OpenAI's GPT-5.5, though at far higher cost.

A new Apple-focused workplace analysis points to AI as an increasingly important force in how Mac administrators prepare for cyber threats, even as the details of that shift are still being worked out.

A $117.5 million class action settlement tied to Comcast’s 2023 Xfinity breach is now in front of affected customers, putting the focus on eligibility, verification, and the scale of consumer data exposure.

Microsoft has unveiled MDASH, a model-agnostic security system that uses specialized AI agents to scan code, debate exploitability, and validate findings with proof-based testing.

OpenAI says a broader compromise of the TanStack npm ecosystem affected two employee devices, triggered credential rotation and deployment restrictions, and now requires macOS users to update OpenAI apps by June 12, 2026

A Palisade Research study found that AI agents could move across intentionally vulnerable machines, steal credentials, and launch working replicas, though experts say the immediate danger is criminal misuse, not runaway,

Google’s Threat Intelligence Group says it identified the first known case of a threat actor using AI to discover and weaponize a zero-day vulnerability, and says the planned mass attack was stopped.

Google says AI-assisted cyberattacks have rapidly moved from an emerging concern to an industrial-scale threat, with criminal groups and state-linked actors using commercial models to refine and scale operations.

A malicious repository hosted on Hugging Face reportedly posed as an OpenAI release, spreading infostealer malware to Windows systems before it was removed.

US Cyber Command is requesting a major jump in AI funding for FY27, arguing that machine-speed analysis and response are becoming essential across offensive and defensive cyber missions.

The U.S. Federal Communications Commission has pushed back a planned firmware cutoff for certain foreign-made drones and routers, allowing critical software updates through January 1, 2029.

A cyberattack on Canvas parent company Instructure reportedly exposed personal data and messages from a platform used across schools and universities, reigniting concerns about centralized education technology.

A cyberattack knocked Canvas offline during a critical stretch of the academic calendar, disrupting exams, coursework, and grading while some schools kept the platform blocked even after broad service returned.

OpenAI has introduced GPT-5.5-Cyber, a less-restricted model variant for authorized security researchers, allowing tasks such as exploit development and malware analysis under a tiered access system.

A breach and extortion attempt targeting education software company Instructure forced Canvas into maintenance mode, interrupting access for schools across the United States during a critical point in the academic calend

Senior Pentagon technology officials say highly capable cyber models could compress software patching from weeks to seconds, creating a race in which defense may benefit as much as offense.

A RedAccess review of web apps created with tools including Lovable, Replit, Base44, and Netlify found thousands with little or no access control, with many exposing sensitive corporate and personal information.

Microsoft says Edge storing saved passwords in plaintext in memory is expected browser behavior, but the disclosure is intensifying debate over how convenience and security should be balanced.