3+ hour, 59+ min ago  (86+ words) Anthropic's zero day machine "Mythos" triggers hype, criticism'thestack.technology Canny marketing but "vulnpocalypse" fears are real Anthropic claims its new, unreleased frontier model, dubbed "Mythos", is so powerful at identifying exploitable zero days in software that it can't yet be…...

6+ day, 8+ hour ago  (9+ words) New ransomeware protections for Google Drive in GA'thestack.technology...

1+ week, 3+ hour ago  (11+ words) Anthropic cites "developer error" for jaw-dropping Claude Code leak'thestack.technology...

6+ day, 23+ hour ago  (26+ words) Google patches third Chrome zero day in a month'thestack.technology Chrome has already seen half as many zero days this year as it did in 2025....

1+ week, 1+ day ago  (492+ words) This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package." Certain releases of Axios, one of the most downloaded packages in the entire npm ecosystem, have been compromised in a supply chain attack....

1+ week, 4+ day ago  (271+ words) IOCs published by F5 today point to sophisticated attacks in which the threat group is disabling the SELinux kernel security module, gaining control over the management interface, and likely gaining full control over software that "secures and manages user access to…...

2+ week, 1+ day ago  (994+ words) A supply chain breach of security scanner Trivy, which is built into many CI/CD pipelines, has escalated into a broad set of attacks on the npm ecosystem and the compromise of downstream Kubernetes clusters. Trivy, which has been starred…...

2+ week, 2+ day ago  (823+ words) There's a growing belief in many quarters that AI will outright kill off the Security Operations Center (SOC) " making human analysts redundant as AI agents analyse logs, fire off alerts, and trigger incident response actions; although the maturity here is…...

2+ week, 5+ day ago  (379+ words) Customers running Oracle's Identity Manager (OIM) and Web Services Manager software are exposed to a critical pre-auth RCE vulnerability. The flaw isn't known to be exploited yet "but an out-of-band emergency patch suggests Big Red thinks it's coming soon. Per…...

3+ week, 2+ hour ago  (36+ words) $12.5 million for open source security from Big Tech firms'thestack.technology New speakers confirmed for The Stack Summit: NYC on April 16! New grant funding will support maintainers being buried in AI-generated bug report slop....