Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

Most CISOs Report Pressure to Bury Bad Security News

Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.

The Beginning of the End of Social Engineering

AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.

US Cracks Down on Anthropic AI Models Amid Abuse Concerns

Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models.

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

Claude Fable 5 Doesn't Change the Mythos Security Story

Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explained.

Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.