Artificial Intelligence
Anthropic confirms Claude Mythos-class models will roll out to the public
Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. Mythos was announced in April as a restricted model and was made available only to select companies, including security researchers. At that time, Anthropic cited major “security” risks with […]
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
A likely Russian threat group tracked as GreyVibe has been using AI-generated lures and a rich set of custom malware tools to target entities in the military, government, civilian, and business sectors. The cyberespionage campaign has been active since at least August 2025 and appears to align with Russian state interests, although researchers cannot confidently […]
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it. ChromaDB is an open-source vector database and AI retrieval […]
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185, the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a user-after-free (UAF) flaw triggered during the TLS […]
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS). […]
Google: Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged to bypass the two-factor authentication (2FA) protection in a popular open-source, web-based system administration tool that remains unnamed. Although the attack was foiled before the mass exploitation […]
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. The repository briefly reached #1 on Hugging Face and accumulated 244,000 downloads before the platform responded to reports and removed it. The Hugging Face platform lets developers and researchers share AI models, […]
Fake Claude AI website delivers new ‘Beagle’ Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. The threat actor advertises Claude-Pro as a “high-performance relay service designed specifically for Claude-Code” developers. The fake website is a simplistic attempt at mimicking the legitimate site for the popular Claude large language […]
New Bluekit phishing service includes an AI assistant, 40 templates
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. Available templates can be used to target email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger). What makes the kit stand out is the […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL injection issue that occurs during LiteLLM’s proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM […]