Security Bite Podcast: Atomic Stealer is blurring the line between infostealers and trojans on Mac
セキュリティビットポッドキャスト: Atomic Stealerは、Mac上の情報盗難者とトロイアンの間のラインをぼやしています
Kali Linux vs BackTrack: The Dark Side Evolution – Master Modern Penetration Testing in 2026 + Video
Introduction: The journey from BackTrack to Kali Linux represents a paradigm shift in professional penetration testing. While BackTrack laid the foundation with its raw, command-driven power, Kali…
Biometrics Are Becoming the Operating System of Identity
Biometrics have evolved from a security tool into the core infrastructure of identity, shifting authentication from what people know to what they are and how they behave. Advances in AI, sensors, and data analysis now enabl… #hackernews#news
The latest update for #LevelBlue includes "What the Data Says CIOs, CTOs, and CISOs Must Act on in 2026" and "Beyond the Fence: Securing Our Skies from the Drone Threat".
Sam Altman, godfather of ChatGPT and co-founder and chief executive of OpenAI, told Axios earlier this month: “Our job is maybe one of the more automatable jobs.”
*Then why the hell do we pay them so goddamned much money?* trib.al/QMqJQvB
The latest update for #WatchGuard includes "#ZeroTrust According to the NSA: From Initial Access to Continuous Control" and "WatchGuard and Halo Partner to Simplify #MSP#SecurityOperations".
165 Critical Flaws and One Active Exploit: Microsoft’s April Patch Tsunami Demands Immediate Action + Video
Introduction Microsoft’s April 2025 security update addresses a staggering 165 vulnerabilities, including one already under active exploitation and eight rated ‘Critical’. With threat actors…
"Defunct startups are being liquidated for their Slack archives, Jira tickets, and email threads—operational exhaust that AI labs now treat as premium training data."
The latest update for #Tines includes "You proved the value, finance is backing the growth: bringing Story copilot into the AI credit framework" and "Tines achieves the ISO trifecta; ISO 27001, ISO 27701, and ISO 42001 certification".
The latest update for #KnowBe4 includes "Early Results From KnowBe4's #AI Agents Show Easier Administration and Lower Cyber Risk" and "New KnowBe4 Agent Risk Manager Addresses Pervasive AI Agent Risk".
“Anthropic’s decision not to immediately share its powerful new artificial intelligence model with Australian businesses or authorities leaves the country dangerously exposed to hackers, warns Australia’s former top cybersecurity adviser.” www.afr.com/technology/a...
Introduction: As cyber threats grow in velocity and sophistication, Security Operations Centers (SOCs) must evolve beyond signature-based detection. Integrating artificial intelligence with traditional IT…
The latest update for #Securonix includes "Complexity in the Stack Is Slowing Down Decisions" and "From Zoomin to Fluid Topics: Evolving the Securonix Documentation Experience".
Brain-computer interfaces are advancing from clinical research into early practical use, offering major medical benefits while raising urgent concerns about neu #neuroscience
The latest update for #Veracode includes "Seamless #DevSecOps for GitLab: Security Built Into Every Pipeline" and "Why Securing #AI Code Generation is Critical for #AppSec".
The latest update for #BitSight includes "Analyzing the RondoDox Botnet: A DDoS and Mining Threat" and "How to Build a Security #Compliance Audit Process that Works All Year Round".
The latest update for #SignMyCode includes "OpenAI Revokes macOS Code Signing Cert After Axios Supply Chain Hit [Actions Required]" and "Microsoft Advancing #Windows Driver Security: Ending Cross-Signed Kernel Driver Trust".
The latest update for #ProtectoAI includes "How to Secure #AI Agents Accessing Enterprise Data: A Complete Guide" and "How to Ensure Data Security in RAG Systems".
Unveiling Anthropic’s Mythos: The AI Model that Has Wall Street on Edge Few innovations have stirred as much conversation and concern as Anthropic’s latest creation: the Mythos AI model. Reveal...
The latest update for #Netwrix includes "Netwrix achieves OPSWAT Gold Certification for Encryption across #Windows, macOS, and #Linux" and "Data access governance explained: visibility, control, and automation".
The TechBeat: Why "Build an AI Agent" Is the Wrong Starting Point for AI Systems (4/16/2026)
The HackerNoon Techbeat highlights trending tech stories. One article argues against starting AI systems by building AI agents, citing the need for architecture and human intera… #anthropic#gemini#openai
Zero to OSCP+: Exploiting Active Directory, Linux PrivEsc & Pivoting Like a Pro – Hands-On CTF Training + Video
Introduction: The OSCP+ certification demands more than theoretical knowledge—it requires practical mastery of real-world attack chains, from initial enumeration to domain compromise.…
OpenAI says more women than men now use ChatGPT, flipping an 80-20 male split at launch
OpenAI reports that women now comprise the majority of ChatGPT users, reversing the initial 80-20 male-dominated user split from the platform's launch. The company also estimates China's…
Russia hits European thermal power plant in attempted ‘destructive’ cyberattack – Pro-Kremlin hackers are engaging in ‘riskier and more reckless behavior’ in latest attempt to cripple Western critical infrastructure #Russia#Europeanthermalpowerplant
This month’s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.
💻 OpenAI and Google lead the AI race as top investment winners, with OpenAI's $110B funding from Nvidia/Amazon rivals battling Google's surging TPU/Gemini edge.[1][4]
AI is both spear and shield. Anthropic's Mythos just proved no software is secure, uncovering thousands of zero-days. The real product insight? Build ahead of the model—framework first, engine second. #AI #Cybersecurity #ProductDesign
A study shows advanced AI models often withhold crucial medical advice from patients in need, leading to dangerous outcomes. The research highlights a gap in AI safety measures, prompting reform in training and evaluation to prevent omission harm.
OpenAI Targets Pharma Giants With Purpose-Built AI Model OpenAI has introduced an artificial intelligence model that is purpose-built for scientific research and drug discovery. The new GPT-Rosalin...
OpenAI updated Codex with agent-like features—including macOS background app operation, in-app web browsing, image generation, new plugins, scheduling and opt-in memory—positioning it as a direct rival to Anthropic's Claude Code, with EU and enterprise rollouts coming soon.
OpenAI revamped Codex with agentic features — parallel background agents on Mac with cursor control, an in-app browser, preview memory, image-generation and 90+ plugin integrations — and added pay-as-you-go ChatGPT Enterprise and Business pricing.
Sources: Cerebras plans to make its IPO public as soon as Friday, aiming to raise $3B+ at a $35B+ valuation, a 60% premium to its $22B February valuation (The Information)
THE DEATH OF THE STATIC STAR: AI ‘SYNTH-ACTORS’ TAKE THE LEAD
Apple TV+’s breakout hit "Your Friends & Neighbors" breaks reality barriers by casting a fully autonomous, generative AI persona for Season 3, capable of improvising unique dialogue for every individual subscriber. The announcement that…
Huntress SOC Exposes Nightmare-Eclipse Trinity: BlueHammer, RedSun & UnDefend – Are Your Endpoints Already Compromised? + Video
Introduction: The Huntress Security Operations Center (SOC) has recently detected active exploitation of three novel techniques – BlueHammer, RedSun, and UnDefend –…
A study presents In-Context Steered Policy Optimization (ICPO), enhancing Reinforcement Learning for Large Reasoning Models by improving trajectory diversity without expert models, thus advancing reasoning and stability in complex problem-solving.
US agencies are seeking restricted Anthropic Mythos access as cyber-risk planning moves from theory to operations. Here’s what teams should do next. https://aintelligencehub.com/articles/us-agencies-seeking-anthropic-mythos-access-april-2026?utm_source=bluesky&utm_… #AI#Cybersecurity#EnterpriseAI
90 Minutes to Breach: The SOC Analyst’s Playbook for Stopping Ransomware Before It Encrypts + Video
Introduction: Ransomware attacks now move from phishing email to full encryption in just 90 minutes—yet most SOC teams still monitor alerts in silos, relying on rule‑based detections that miss the…
Mozilla launches Thunderbolt, an open-source AI client for users and businesses who want to run their own self-hosted AI infrastructure, available on GitHub (Kyle Orland/Ars Technica)
RedSun Exploit: How Hackers Abuse Windows Defender to Gain SYSTEM Privileges – and How to Stop It + Video
Introduction A proof-of-concept (PoC) exploit named RedSun was recently released on GitHub, demonstrating a local privilege escalation from a non‑privileged user to SYSTEM on Windows by…
Maybe anthropic really will eliminate all security researchers. Good time to go back to school. But OBBBA has eliminated grad plus loans😕 maybe swing it with part time work and thrifting
The Real Lesson from OpenAI’s Top Customers: Tokens Aren’t Spend. They’re Leverage
OpenAI’s top token-consuming organizations reveal a shift: AI is now embedded in core workflows, letting startups rival enterprises in cognitive capacity. Tokens per employee, not total vol… #hackernews#news#openai
The AI discourse in large part is super poisoned (for a few good reasons, and many bad reasons). I am always happy to see essays where people work through thoughts on LLMs in longer form.
Created with Gemini AI here are some great examples representing the theme of Vegetables of a crowned cauliflower, a crowned kale and some crowned Brussel Sprouts 🥬 🥬 💚 💚
A Chief Data Officer learns that general-purpose AI like ChatGPT and Gemini can create impressive outputs but fail in production due to non-determinism and missing infrastructure context. The solution: shift to domain-specific generative AI,… #chatgpt#gemini#gpt
AI-Generated Clickbait Floods Google Discover: How Hackers Weaponize 113 Domains to Push Malicious Alerts + Video
Introduction: Google Discover – the personalized content feed on Android home screens and Chrome’s new tab page – has become the latest attack vector for cybercriminals. Threat actors…
This research explores how humans behave when competing against Large Language Models (LLMs) in strategic games. The study uses a monetary-incentivized experiment, comparing human behavior in a "p-beauty contest" against both humans and LLMs. The stu… #hackernews#llm#news
NEW: Apple’s marketing chief for the Apple Watch, AirPods, Home and Health — Stan Ng — is retiring, the latest changing of the guard at the company. He’s been at Apple for 31 years and was a mainstay under both Jobs and Cook. www.bloomberg.com/news/article...
Here’s this week’s’ Better Offline monologue. I discuss how AI labs’ dangerous rhetoric around AI capabilities and job loss is antagonizing society, and that de-escalation starts with Altman and Amodei talking about LLMs as normal software. podcasts.apple.com/us/podcast/b... linktr.ee/betteroffline
OpenAI is making several updates to its Codex AI coding agent. Codex is now able to operate desktop Mac apps with its own cursor, seeing what's on the screen, clicking, and typing to complete tasks. Codex can run multiple agents on the Mac in parallel, without interfering with the user's o..
The latest update for #ForwardNetworks includes "How Forward Helps You Respond to CVE-2025-53521 and the CISA KEV Listing for F5 BIG-IP #APM" and "How Forward Networks Helps You Respond to CISA Emergency Directive 26-03".
Geese, ganders, pots, kettles
'Anthropic’s critics, then, are not simply engaging in a cheap shot when they note Anthropic’s stance on copyright seems to have changed. The company has, by necessity, been forced to adopt close to the opposite position as its lawyers argued during Bartz v. Anthropic.'
The latest update for #Teleport includes "EU #AI Act #Compliance: Requirements, Risks, and What to Document" and "From Plaintext, to BLESS, to Identity: The Evolution of Secure Remote Access".
The latest update for #SumoLogic includes "92% of security leaders say their #SIEM is effective. 51% say it's exceptional. What's living in that gap?" and "Your #AI SOC still needs a SIEM. Here's why that won't change.".
The humans behind AI truly will destroy our world.
How do you get to the point of unironically using the name of a scientific hero, whose role in science was purposefully hidden by those who stole & profited from her work, to personify their own profit-seeking exploitation of others’ work?
Microsoft Defender’s AI Agent Security: The Game-Changer You Can’t Ignore + Video
Introduction: As enterprises rapidly deploy AI agents—from Microsoft Foundry to third‑party marketplaces and custom line‑of‑business tools—each agent becomes a potential attack surface for data exfiltration, prompt…
"NVD is deprioritizing, EUVD is nascent but may go the same way, and other CVE programs, such as MITRE, have had funding scares." "That era is officially over." - way to go @nistcybersecurity.bsky.social
Cybercriminals Hit Freight and Trucking Companies In Cargo Theft Scheme Organized crime groups are increasingly utilizing advanced cyberattack methods to hijack physical freight. According to newly...
AI and Executive Protection: New Risks, New Defenses
Discover how AI is weaponizing executive data for hyper-personalized phishing and learn how security teams can use defensive AI to flip the script on attackers. #hackernews#news
Foreign hackers are looking to exploit vulnerabilities in Americans' internet routers, and the FBI is offering tips for securing your home or office routers.
Critical 0-Day Alert: RedSun Exploit Turns Microsoft Defender Against Itself — Full SYSTEM Compromise in Seconds + Video
Introduction A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed "RedSun," weaponizes the antivirus’s own file restoration logic to grant attackers full…
How to Build a DIY USB Keylogger with ESP32-S3 (DuckLogger Tutorial) Have you ever wondered how easy it is to build your own DIY USB keylogger from scratch? Using widely available and affordable ha...
Interesting take on the impact that LLMs are making on security: "to harden a system we need to spend more tokens discovering exploits than attackers spend exploiting them"
Data Centres: The Silent Digital Crime Scene – How Unsecured Servers Become Cybercriminals’ Goldmine + Video
Introduction: Modern data centres, especially multi-tenant environments, present a paradox: they are designed to consolidate and protect data, yet minor configuration lapses turn them into…
The UK faces a growing gap in legal protections for ethical hackers & #CyberSecurity professionals compared to international peers. Experts warn this legislative lag could hinder national defense efforts. #CYBERUK#Infosec#UKTech
Anthropic's latest flagship model, Opus 4.7, has officially arrived in Microsoft 365 Copilot, GitHub Copilot and Microsoft Foundry. #Microsoft#Anthropic#Opus
CVE-2026-21643 FortiGhost – Unauthenticated SQL Injection to Remote Code Execution on FortiClient EMS – Critical Patch Now! + Video
Introduction: FortiClient Enterprise Management Server (EMS) is a centralized management solution for Fortinet's endpoint security products, widely deployed in…
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Publisher claims misconfigured Salesforce-hosted page leaked data
Textbook giant McGraw Hill has landed on a ransomware crew's leak site after an alleged Salesforce-linked misconfiguration s… #hackernews#news
Splunk Unleashed: Master SOC Analytics, Threat Hunting, and SIEM Workflows in 2024 + Video
Introduction: Splunk is the industry’s leading SIEM platform, transforming raw machine data into actionable security intelligence for SOC teams. Mastering its end-to-end workflow—from log ingestion and…
A cyberattack on Poland's power grid hit 30 facilities, exposing critical infrastructure vulnerabilities and reminding us of our heavy reliance on technology and its potential risks.
## Can LLMs Score Medical Diagnoses and Clinical Reasoning as well as Expert Panels? ##
It appears so... "LLM Jury" has high correlation with the original score of a panel of human experts. Another human panel ("Re-score panel") does not correlate as much.
Anthropic's Claude Opus 4.7 makes a big leap in coding, while deliberately scaling back cyber capabilities
Anthropic released Claude Opus 4.7, its new flagship model that shows significant improvements in coding performance. The company intentionally reduced certain…
Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 Attacks Just three days after the April 8, 2026, disclosure of a critical pre-authorization remote code execution (RCE) vul...
Anthropic MCP 'design flaw' puts 200k servers at risk claims researcher | Bug or feature? | Updated guidance, not patching, is sufficient? | The Register
Using a layered cybersecurity strategy to protect healthcare organizations Cybersecurity risks continuously evolve as threat actors leverage new technologies, such as artificial intelligence (AI), ...
Anthropic Launches Claude Opus 4.7 Capable of Solving the Most Difficult Tasks Anthropic has officially launched Claude Opus 4.7, its latest flagship AI model designed to handle highly complex soft...
ArXiv math.OC Optimization and Control@optb0t.bsky.social
🔄 Updated Arxiv Paper
Title: Using deep learning to construct stochastic local search SAT solvers with performance bounds
Authors: Maximilian J. Kramer, Paul Boes, Jens Eisert
12 years ago I wrote how the internet is being protected by two guys named Steve. Today, the situation isn't all that different, except those handful of volunteers are being swamped by AI systems finding holes in our digital systems. My essay for @bloomberg.comwww.bloomberg.com/news/article...
Controversial question: will solo founders ship more products than full dev teams this year? This demo was built with Emergent.sh in one session. No dev team, no weeks of setup. Vibe coding is changing everything. https://app.emergent.sh/landing/?via=humai
Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?
The author investigated Carberp's leaked source code, discovering personally attributable Indicators of Compromise (IoCs). These IoCs spurred an Open Source Intelligence (OSINT) investigation … #hackernews#news
When Dutch security services detained four Russian intelligence officers in The Hague in 2018, they uncovered a rental car filled with burner phones and close-access hacking equipment. smallwarsjournal.com/2026/04/15/g...
OpenAI has announced plans to roll out an early version of GPT-Rosalind, its AI reasoning model designed to support research across biology, drug discovery, and translational medicine.
Linux Foundation Europe@linuxfoundationeu.bsky.social
⏰ Last call! CFP for the Open Source Policy & Ecosystem Forum closes TODAY.
📍 8 June 2026 | Brussels
Join policymakers, industry & open source leaders shaping Europe’s digital sovereignty.
👉 Submit now: events.linuxfoundation.org/open-source-...#OSPEForum
Codex can now operate between apps. Where are the boundaries? OpenAI is rolling out a major update to the Codex desktop app for users signed in with ChatGPT. Personalization features, including con...
How to Build Your Own SentinelWatch: A Step-by-Step Guide to Creating a French Cyber Threat Intelligence Feed for Sales Teams + Video
Introduction: In today’s threat landscape, sales teams need real-time, digestible cyber intelligence to drive client conversations—ransomware outbreaks, critical…
The EU unit tasked with scrutinizing Anthropic’s new elite hacking AI model lacks access to the technology and the experts needed to stave off a looming cybersecurity crisis.
Every platform giant is becoming a security company. As every enterprise is becoming more and more tech-enabled, the responsibility for protecting data, identities, and infrastructure starts to fall on the platforms where that work happens. ventureinsecurity.net/p/every-sign...
Some organisations risk losing their Cyber Essentials certifications because of difficulties implementing multi-factor authentication, but there is a solution....
👉 [read]
A year on from the Marks & Spencer cyber attack, we look back at the incident, consider the lessons learned and ask if the retail sector is any more secure today...
👉 [read]
"Britain’s AI minister dinged OpenAI for halting a major data center project in the UK and blaming the decision on the country’s energy costs and regulation."
A friend told me earlier tonight that there's some documentary where some guy thought to ask AI boosters, "Well, how do you intend your children to interact with this technology?"
And all of them were like, "Never thought about that."
And he described this as an optimistic documentary.
A critical Nginx UI vulnerability with Model Context Protocol support is being exploited for full server takeover without authentication, posing a significant threat
Opus 47 Drops with Game-Changing AI Security Guardrails – Here’s How to Test Them + Video
Introduction: Anthropic has officially launched Opus 4.7, a major upgrade released on April 16, 2026, designed to tackle complex software engineering while embedding rigorous new cybersecurity safeguards.…
I tried the new Gemini Mac app — and Google dropped the ball with two essential features Gemini works well on Mac — it just doesn’t do enough to become essential. Google had the chance of doi...
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...] #hackernews#news
Hidden risks in Chinese cellular modules grow across US critical infrastructure as market dominance amplifies exposure industrialcyber.co/analysis/hid...
Anthropic released Claude Opus 4.7 with stronger coding, high‑resolution vision, improved long‑context reliability, new cyber safeguards, and unchanged pricing, replacing Opus 4.6 across platforms.
Boston Metro Weather Forecast Bot@boston-4castbot.bsky.social
NWS Boston (via Facebook): Today will be cooler in the interior, though highs there will still climb into the 70s. Towards the coast, 50s and 60s are expected. Scattered showers and an isolated thunderstorm or two may develop later this afternoon. [Link]#MaWX
Even those who are happy to use #AI to pretend they're Hayao Miyazaki are probably a bit uncertain about unleashing an unpredictably powerful new model on their own bank accounts... I plan to download all my statements, talk to my bank, maybe switch if I can find a bank that doesn't use Mythos.
Salesforce drops the UI layer to become an AI agent first platform. Instead of dealing with a predefined monolithic application UI, users will create the “experience layer” they need with vibe coding. This will kill lots of jobs in system integration companies.
Cisco ISE Under Siege: Critical 99 RCE Flaw Leaves Enterprise Networks Wide Open—Patch Now Or Perish + Video
Introduction: Cisco Identity Services Engine (ISE) serves as the primary gatekeeper for enterprise networks, controlling which users and devices gain access and enforcing security policies.…
‘We experimented with efforts to differentially reduce these capabilities’: Anthropic toned down Opus 4.7’s cyber uses in wake of Claude Mythos release www.itpro.com/security/ant...
“An AI Vibe Coding Horror Story”: a non-technical user used an AI coding agent to build a patient management app with an exposed DB, client-side access control, and patient audio sent to US AI APIs. Good case study for governance + baseline security checks before prod.
Finance leaders warn over Mythos as UK banks prepare to use powerful Anthropic AI tool. Release of new Claude model, so far limited to US firms, will expand to British institutions in coming days. www.theguardian.com/technology/2...
