Search

theverge.com › ai-artificial-intelligence › 921198

Anthropic rolls out its codebase-scanning security tool for businesses.

Claude Security uses the Opus 4.7 model to scan a business’s codebase for vulnerabilities and issue a fix. This tool is rolling out to enterprise customers globally and isn’t…

Apr 30, 2026 · Emma Roth

Top stories

bleepingcomputer.com

Max severity Ivanti Sentry vulnerability now exploited in attacks

2d ago

bleepingcomputer.com

Ivanti: Max severity Sentry flaw allows code execution as root

3d ago

bleepingcomputer.com

Cisco warns of critical Unified CM flaw with PoC exploit code

1w ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

1w ago

arstechnica.com › ai › 2026 › …

Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts

…coded conditionals you’d need to bypass with code.” It’s worth keeping in mind that users had simple security solutions available, even with the Meta AI support chatbot being exploited. The…

Jun 1, 2026 · Jeremy Hsu

pcworld.com › article › 3108242

Security expert publishes Windows exploit after Microsoft went silent

A security researcher reported a vulnerability to Microsoft. But when the company didn't respond quickly enough, he went public with real exploit code.

Apr 7, 2026 · By Laura Pippig

appleinsider.com › articles › 26 › …

You are out of time to update: Severe iOS hack code leaks to everyone

…The exploit relied on Safari and WebKit for initial code execution, after which it escaped multiple sandbox layers before fully compromising an iPhone or iPad. Apple ended up patching the exploit with…

Mar 23, 2026 · Marko Zivkovic

Discussions and forums

Hacker News · u/cayleyh · 3w ago

Ask HN: Are advances in AI going to push Linux to a micro-kernel?

This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…

4 9

Hacker News · u/introvertmac · Dec 3, 2025

Tell HN: Compliance is not equal to Security

For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…

1 1

r/netsec · u/unknownhad · May 10, 2026

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

Hacker News · u/honeylabs · 3w ago

Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server

I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…

4 2

bleepingcomputer.com › news › security

18-year-old NGINX vulnerability allows DoS, potential RCE

…Three more memory corruption security issues were discovered in the same six-hour code scanning session by researchers at AI-native security company DepthFirst AI. NGINX is a massively used web server…

May 14, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…12 AM A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was…

May 24, 2026 · Bill Toulas

theverge.com › tech › 940416

Microsoft is threatening legal action for disclosing exploits

…the company, posting proof-of-concept exploit code. Some of their posts suggest that they’re a disgruntled former employee. But what caught cyber security researcher Kevin Beaumont’s eye was how…

May 30, 2026 · Terrence O'Brien

tomshardware.com › tech-industry › cyber-security

Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes — LLM-assisted bug-hunting ushers in a new cyberworld order

…The vast majority of security exploits are rooted in specific bad programming habits, something a bot excels at noticing quickly and repeatedly. Both aforementioned exploits for the Linux kernel took advantage of…

May 12, 2026 · Bruno Ferreira

theverge.com › tech › 922243

Severe Linux Copy Fail security flaw uncovered using AI scanning help

Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called “Copy Fail” that allows any user to give themselves administrator privileges.  The exploit, publicly disclosed as…

May 1, 2026 · Stevie Bonifield

bleepingcomputer.com › news › security

Google fixes one actively exploited Android zero-day, 124 flaws

Google fixes one actively exploited Android zero-day, 124 flaws By Sergiu Gatlan June 2, 2026 07:10 AM Google has released the June 2026 Android security patches to address 124 vulnerabilities…

Jun 2, 2026 · Sergiu Gatlan