GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon
https://ift.tt/NiYBwhD
Submitted May 12, 2026 at 03:14AM by MelangeBot
via reddit https://ift.tt/vPYFVOR
https://ift.tt/NiYBwhD
Submitted May 12, 2026 at 03:14AM by MelangeBot
via reddit https://ift.tt/vPYFVOR
Zenodo
GhostLock: SMB Deny-Share Handles as a Zero-Privilege Availability Weapon
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. This paper presents a fundamentally different availability attack that achieves the same business disruption without writing a single encrypted byte…
OpenAI announces Daybreak, "frontier AI for defenders"
https://ift.tt/4m8hRue
Submitted May 12, 2026 at 04:52AM by medoic
via reddit https://ift.tt/MFhieSw
https://ift.tt/4m8hRue
Submitted May 12, 2026 at 04:52AM by medoic
via reddit https://ift.tt/MFhieSw
OpenAI
Daybreak | OpenAI for cybersecurity
Deploy AI for cyber defense with GPT-5.5 and Codex Security to identify threats, generate patches, and verify remediation across code and systems.
How do Fortune 10 SOCs handle incident response with 15 people instead of 150? Energy-Based Models.
https://ift.tt/OjiBMP8
Submitted May 12, 2026 at 08:00AM by lord_sql
via reddit https://ift.tt/rPq576d
https://ift.tt/OjiBMP8
Submitted May 12, 2026 at 08:00AM by lord_sql
via reddit https://ift.tt/rPq576d
www.securesql.info
Autonomous Incident Response at Scale: How Energy-Based Models & TAME Replace LLM Guessing in Security
Why do Fortune 10 SOCs with 15 people outpace teams 10x their size? They've stopped using autoregressive LLMs for threat modeling, response, and recovery. Instead,...
New ipTIME Pre-Auth RCE in CWMP
https://ift.tt/g8SlxuJ
Submitted May 12, 2026 at 01:46PM by SSDisclosure
via reddit https://ift.tt/s1cSQlh
https://ift.tt/g8SlxuJ
Submitted May 12, 2026 at 01:46PM by SSDisclosure
via reddit https://ift.tt/s1cSQlh
SSD Secure Disclosure
ipTIME Pre-Auth RCE in CWMP - SSD Secure Disclosure
Summary An unauthenticated attacker can remotely execute arbitrary code via the CWMP protocol on the ipTIME router. Vendor Response We have tried to reach out to the vendor through multiple channels (email and via KISA) but have not been able to receive any…
Postmortem: TanStack npm supply-chain compromise
https://ift.tt/43hL28p
Submitted May 12, 2026 at 01:46PM by Code-Painting-8294
via reddit https://ift.tt/E8M3DTI
https://ift.tt/43hL28p
Submitted May 12, 2026 at 01:46PM by Code-Painting-8294
via reddit https://ift.tt/E8M3DTI
Tanstack
Postmortem: TanStack npm supply-chain compromise | TanStack Blog
On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm.…
Curl lead developer Daniel Stenberg provides insightful feedbacks from Mythos analysis results
https://ift.tt/KiYA8x5
Submitted May 12, 2026 at 03:06PM by qwerty0x41
via reddit https://ift.tt/3cV6hKI
https://ift.tt/KiYA8x5
Submitted May 12, 2026 at 03:06PM by qwerty0x41
via reddit https://ift.tt/3cV6hKI
daniel.haxx.se
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not…
I spent a weekend trying to get OpenClaw to leak my own personal data and it caught me immediately...
https://ift.tt/PToI2D0
Submitted May 12, 2026 at 06:03PM by choochilla44
via reddit https://ift.tt/iP7Zyap
https://ift.tt/PToI2D0
Submitted May 12, 2026 at 06:03PM by choochilla44
via reddit https://ift.tt/iP7Zyap
ShiftMag
I Tried to Get OpenClaw to Betray Me. The Model Caught Me on the First Try - ShiftMag
A hands-on OpenClaw experiment reveals that AI agent security hinges on model quality, showing how prompt injection defenses weaken across cheaper LLM tiers.
AI Vulnerability Research and the Fuzzer Era Déjà Vu
https://ift.tt/kPbcR1p
Submitted May 12, 2026 at 09:28PM by Void_Sec
via reddit https://ift.tt/W1D7OIL
https://ift.tt/kPbcR1p
Submitted May 12, 2026 at 09:28PM by Void_Sec
via reddit https://ift.tt/W1D7OIL
VoidSec
AI Vulnerability Research and the Fuzzer Era Déjà Vu: Why the Numbers Are Only Half the Story - VoidSec
AI-assisted vulnerability research is the fuzzer era all over again. Same spike, same plateau. Here is why bug counts are only half the story.
Malicious Coding Agent Skills and the Risk of Dynamic Context | Datadog Security Labs
https://ift.tt/heAn8Ns
Submitted May 12, 2026 at 09:40PM by RedTermSession
via reddit https://ift.tt/b6s52RO
https://ift.tt/heAn8Ns
Submitted May 12, 2026 at 09:40PM by RedTermSession
via reddit https://ift.tt/b6s52RO
Datadoghq
Malicious Coding Agent Skills and the Risk of Dynamic Context
Learn how malicious Claude Code skills can abuse dynamic context commands to execute before model-level prompt injection defenses can intervene.
Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim
https://ift.tt/g2QCP5V
Submitted May 12, 2026 at 11:11PM by fede_k
via reddit https://ift.tt/ZEfNVQ1
https://ift.tt/g2QCP5V
Submitted May 12, 2026 at 11:11PM by fede_k
via reddit https://ift.tt/ZEfNVQ1
Xbow
XBOW - Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim
XBOW discovered CVE-2026-45185, a critical unauthenticated RCE in Exim, and used the disclosure window to test how far human and autonomous exploit development could go.
The Algorithm Goes to War: Inside the AI Cyberweapon Revolution That Governments Cannot Stop
https://ift.tt/d4QtKHL
Submitted May 12, 2026 at 11:07PM by monotvtv
via reddit https://ift.tt/jfgXIoa
https://ift.tt/d4QtKHL
Submitted May 12, 2026 at 11:07PM by monotvtv
via reddit https://ift.tt/jfgXIoa
Novara Press
The Algorithm Goes to War: Inside the AI Cyberweapon Revolution That Governments Cannot Stop - Novarapress
AI cyberwar autonomous agents are already inside US infrastructure. How nation-states weaponize AI — and what comes next.