NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order

Anthropic's Fable, a public version of its cybersecurity model Mythos, imposes strict guardrails that restrict requests related to cybersecurity topics. Researchers, including IBM's Valentina Palmiotti, have criticized these limitations for preventing even benign tasks, such as reading blog posts.

Blue41 assisted Bunq in securing its AI assistant from spearphishing risks by identifying an indirect prompt injection vulnerability that could exploit a bank transfer to facilitate phishing attacks. This vulnerability is indicative of a broader architectural issue affecting multiple banks.

The US National Security Agency is utilizing Anthropic’s Mythos for conducting cyber attacks. Mythos is an AI tool designed to enhance capabilities in cybersecurity operations.

RootsShell is a platform designed for security professionals to share and discuss vulnerabilities, exploits, and security research. It includes community-driven content with user-generated posts and comments to facilitate knowledge exchange.

The 2026 U.S. Midterms face significant cyber threats primarily from disinformation campaigns rather than direct attacks on voting machines. Voter influence operations are increasingly manipulating the information environment through misleading narratives and fake content on social media and search engines.

Microsoft's GitHub has banned security researcher Nightmare-Eclipse after they posted zero-day Windows exploits. The researcher claims this action has ruined their life and has promised further retaliation against the company.

Nightmare Eclipse has publicly shared proof of concept exploits for security vulnerabilities in Microsoft products, claiming to have attempted to report them. The ongoing dispute highlights criticisms of Microsoft's handling of zero-day exploits and the quality of its products.

macOS Tahoe 26.5 includes security updates that address vulnerabilities affecting the operating system. These updates enhance system security and protect user data from potential threats.

CVE-2024-YIKES outlines a series of vulnerabilities that led to significant security incidents. The report details the technical specifics of the vulnerabilities and their impact on affected systems.