🤖 AI-Driven Vulnerability Discovery Surges Across Major Vendors
Palo Alto Networks disclosed 75 vulnerabilities in May 2026, up from five per month, after scanning with frontier AI models including Anthropic's Mythos. Microsoft's MDASH identified 17 new flaws in the same period, while Mozilla fixed 423 Firefox bugs in April—nearly 20 times its 2025 average. All three participate in Anthropic's Project Glasswing testing program.
The surge strains defenders as triage and patching infrastructure wasn't built for this volume. Palo Alto estimates a three-to-five-month window before adversaries gain equivalent AI capabilities, making proactive scanning critical despite exponentially increased patch cycles.
🛰️ Open sources - closed narratives
@sitreports
Palo Alto Networks disclosed 75 vulnerabilities in May 2026, up from five per month, after scanning with frontier AI models including Anthropic's Mythos. Microsoft's MDASH identified 17 new flaws in the same period, while Mozilla fixed 423 Firefox bugs in April—nearly 20 times its 2025 average. All three participate in Anthropic's Project Glasswing testing program.
The surge strains defenders as triage and patching infrastructure wasn't built for this volume. Palo Alto estimates a three-to-five-month window before adversaries gain equivalent AI capabilities, making proactive scanning critical despite exponentially increased patch cycles.
🛰️ Open sources - closed narratives
@sitreports
🔫 Pwn2Own Berlin Day Two: Exchange Server Breached, $900K Total Payout
Day two of Pwn2Own Berlin 2026 saw researchers earn $385,750 for demonstrating 15 zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux. Orange Tsai of DEVCORE chained three bugs to achieve remote code execution as SYSTEM on Exchange, earning $200,000. Multiple Windows 11 privilege escalation flaws and attacks on AI-powered tools like Cursor and LiteLLM were also successful.
The two-day total now stands at $908,750 for 39 unique vulnerabilities, according to competition reporting. DEVCORE leads with $405,000 earned. Vendors have 90 days to patch disclosed flaws before details become public. One competition day remains with high-value targets still available.
🛰️ Open sources - closed narratives
@sitreports
Day two of Pwn2Own Berlin 2026 saw researchers earn $385,750 for demonstrating 15 zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux. Orange Tsai of DEVCORE chained three bugs to achieve remote code execution as SYSTEM on Exchange, earning $200,000. Multiple Windows 11 privilege escalation flaws and attacks on AI-powered tools like Cursor and LiteLLM were also successful.
The two-day total now stands at $908,750 for 39 unique vulnerabilities, according to competition reporting. DEVCORE leads with $405,000 earned. Vendors have 90 days to patch disclosed flaws before details become public. One competition day remains with high-value targets still available.
🛰️ Open sources - closed narratives
@sitreports
🔫 Microsoft Exchange and Windows 11 compromised at Pwn2Own Berlin
During the second day of Pwn2Own Berlin 2026, security researchers demonstrated 15 zero-day vulnerabilities across enterprise platforms, collecting $385,750 in awards. Orange Tsai of DEVCORE earned $200,000 by chaining three bugs for remote code execution with SYSTEM privileges on Microsoft Exchange, while additional exploits targeted Windows 11, Red Hat Enterprise Linux, and NVIDIA Container Toolkit.
The competition showcases critical vulnerabilities in widely deployed enterprise infrastructure before vendors receive 90-day disclosure periods to develop patches. According to reporting, AI coding agents including Cursor and OpenAI Codex were also compromised, highlighting emerging attack surfaces in development environments.
🛰️ Open sources - closed narratives
@sitreports
During the second day of Pwn2Own Berlin 2026, security researchers demonstrated 15 zero-day vulnerabilities across enterprise platforms, collecting $385,750 in awards. Orange Tsai of DEVCORE earned $200,000 by chaining three bugs for remote code execution with SYSTEM privileges on Microsoft Exchange, while additional exploits targeted Windows 11, Red Hat Enterprise Linux, and NVIDIA Container Toolkit.
The competition showcases critical vulnerabilities in widely deployed enterprise infrastructure before vendors receive 90-day disclosure periods to develop patches. According to reporting, AI coding agents including Cursor and OpenAI Codex were also compromised, highlighting emerging attack surfaces in development environments.
🛰️ Open sources - closed narratives
@sitreports
⚡ Microsoft Exchange Server Zero-Day Under Active Exploitation
Microsoft has confirmed active in-the-wild exploitation of CVE-2026-42897, a cross-site scripting vulnerability in Exchange Server with a CVSS score of 8.1. The flaw affects Outlook Web Access, allowing attackers to execute malicious JavaScript by sending specially crafted emails. The vulnerability emerged just two days after Microsoft's May 2026 Patch Tuesday, which addressed 138 other vulnerabilities but not this zero-day.
Microsoft has released temporary mitigation measures while a permanent patch is developed. Exchange Server zero-days remain high-value targets for both espionage and ransomware groups due to their central role in corporate communications and frequent internet exposure.
🛰️ Open sources - closed narratives
@sitreports
Microsoft has confirmed active in-the-wild exploitation of CVE-2026-42897, a cross-site scripting vulnerability in Exchange Server with a CVSS score of 8.1. The flaw affects Outlook Web Access, allowing attackers to execute malicious JavaScript by sending specially crafted emails. The vulnerability emerged just two days after Microsoft's May 2026 Patch Tuesday, which addressed 138 other vulnerabilities but not this zero-day.
Microsoft has released temporary mitigation measures while a permanent patch is developed. Exchange Server zero-days remain high-value targets for both espionage and ransomware groups due to their central role in corporate communications and frequent internet exposure.
🛰️ Open sources - closed narratives
@sitreports
🔫 Node-ipc npm Package Compromised in Credential Theft Campaign
Three malicious versions of node-ipc, a popular inter-process communication package with 690,000 weekly downloads, were published after an external actor compromised an inactive maintainer's account. The malware, embedded in versions 9.1.6, 9.2.3, and 12.0.1, exfiltrates cloud credentials, SSH keys, CI/CD secrets, and browser data through heavily obfuscated code that uses DNS TXT queries for stealth.
The infostealer targets AWS, Azure, GCP, Kubernetes, Docker, and development platform credentials, generating up to 29,400 DNS requests per 500KB archive to blend with normal traffic. Affected developers must immediately remove compromised versions, rotate all exposed secrets, and audit dependency lockfiles for indicators of compromise.
🛰️ Open sources - closed narratives
@sitreports
Three malicious versions of node-ipc, a popular inter-process communication package with 690,000 weekly downloads, were published after an external actor compromised an inactive maintainer's account. The malware, embedded in versions 9.1.6, 9.2.3, and 12.0.1, exfiltrates cloud credentials, SSH keys, CI/CD secrets, and browser data through heavily obfuscated code that uses DNS TXT queries for stealth.
The infostealer targets AWS, Azure, GCP, Kubernetes, Docker, and development platform credentials, generating up to 29,400 DNS requests per 500KB archive to blend with normal traffic. Affected developers must immediately remove compromised versions, rotate all exposed secrets, and audit dependency lockfiles for indicators of compromise.
🛰️ Open sources - closed narratives
@sitreports
🔫 Turla Refactors Kazuar Backdoor Into P2P Botnet Architecture
Russian APT group Turla has evolved its Kazuar backdoor into a modular peer-to-peer botnet framework designed for long-term network persistence. The retooled malware now supports decentralized command infrastructure, complicating takedown efforts and according to reporting, enabling resilient access across compromised environments.
The shift from traditional C2 to distributed nodes reflects operational maturity and anticipation of network disruption. P2P architecture allows infected hosts to relay commands laterally, sustaining access even if primary infrastructure is severed—raising the operational cost of remediation for defenders.
🛰️ Open sources - closed narratives
@sitreports
Russian APT group Turla has evolved its Kazuar backdoor into a modular peer-to-peer botnet framework designed for long-term network persistence. The retooled malware now supports decentralized command infrastructure, complicating takedown efforts and according to reporting, enabling resilient access across compromised environments.
The shift from traditional C2 to distributed nodes reflects operational maturity and anticipation of network disruption. P2P architecture allows infected hosts to relay commands laterally, sustaining access even if primary infrastructure is severed—raising the operational cost of remediation for defenders.
🛰️ Open sources - closed narratives
@sitreports
🔫 Pentagon Contracts Four Companies for 10,000 Containerized Cruise Missiles
The Defense Department awarded agreements to Anduril, CoAspire, Leidos, and Zone 5 Technologies to procure at least 10,000 low-cost cruise missiles within three years under the new Low-Cost Containerized Missiles (LCCM) program. Testing begins June 2026, with production purchases starting in 2027. Containerized missiles fit standard shipping containers, enabling covert transport and deployment from ground, maritime, or air platforms.
The initiative marks a shift toward attritable mass weapons and expanded industrial base participation beyond traditional primes. According to Defense Department reporting, vendors will scale production without Pentagon capital investment.
🛰️ Open sources - closed narratives
@sitreports
The Defense Department awarded agreements to Anduril, CoAspire, Leidos, and Zone 5 Technologies to procure at least 10,000 low-cost cruise missiles within three years under the new Low-Cost Containerized Missiles (LCCM) program. Testing begins June 2026, with production purchases starting in 2027. Containerized missiles fit standard shipping containers, enabling covert transport and deployment from ground, maritime, or air platforms.
The initiative marks a shift toward attritable mass weapons and expanded industrial base participation beyond traditional primes. According to Defense Department reporting, vendors will scale production without Pentagon capital investment.
🛰️ Open sources - closed narratives
@sitreports
🔫 Ghostwriter Resumes Campaign Against Ukrainian Government
ESET researchers documented new activity by the Belarus-aligned APT group Ghostwriter (FrostyNeighbor) targeting Ukrainian government organizations since March 2026. The campaign deploys spear-phishing emails with PDF attachments impersonating Ukrtelecom that lead to geofenced delivery infrastructure—Ukrainian IPs receive a RAR archive with JavaScript-based PicassoLoader, while others get a benign decoy document.
The attack chain features manual operator validation of victims before deploying Cobalt Strike beacons to high-value targets. Analysis shows the group maintains focus on military, defense, and government entities across Ukraine, Poland, and Lithuania, using geofencing and staged payloads to evade automated detection systems.
🛰️ Open sources - closed narratives
@sitreports
ESET researchers documented new activity by the Belarus-aligned APT group Ghostwriter (FrostyNeighbor) targeting Ukrainian government organizations since March 2026. The campaign deploys spear-phishing emails with PDF attachments impersonating Ukrtelecom that lead to geofenced delivery infrastructure—Ukrainian IPs receive a RAR archive with JavaScript-based PicassoLoader, while others get a benign decoy document.
The attack chain features manual operator validation of victims before deploying Cobalt Strike beacons to high-value targets. Analysis shows the group maintains focus on military, defense, and government entities across Ukraine, Poland, and Lithuania, using geofencing and staged payloads to evade automated detection systems.
🛰️ Open sources - closed narratives
@sitreports
🔫 Cisco SD-WAN hit by second perfect-10 authentication bypass zero-day
Cisco disclosed CVE-2026-20182, a maximum-severity vulnerability allowing unauthenticated remote attackers to gain admin privileges on Catalyst SD-WAN Controller and Manager. The flaw bypasses authentication and enables arbitrary NETCONF commands—potentially intercepting traffic, manipulating firewall rules, or disabling networks. Rapid7 confirmed exploitation in May 2026, though attribution remains unclear.
CISA added the bug to its KEV catalog, ordering federal agencies to patch within three days—a rare deadline reflecting operational urgency. Cisco confirmed no workarounds exist and urged administrators to audit auth.log files for suspicious publickey authentication.
🛰️ Open sources - closed narratives
@sitreports
Cisco disclosed CVE-2026-20182, a maximum-severity vulnerability allowing unauthenticated remote attackers to gain admin privileges on Catalyst SD-WAN Controller and Manager. The flaw bypasses authentication and enables arbitrary NETCONF commands—potentially intercepting traffic, manipulating firewall rules, or disabling networks. Rapid7 confirmed exploitation in May 2026, though attribution remains unclear.
CISA added the bug to its KEV catalog, ordering federal agencies to patch within three days—a rare deadline reflecting operational urgency. Cisco confirmed no workarounds exist and urged administrators to audit auth.log files for suspicious publickey authentication.
🛰️ Open sources - closed narratives
@sitreports
🤖 AI Agents Demonstrate Functional Exploit Development Capabilities
Researchers from UC Berkeley, Max Planck Institute, and AI labs released ExploitGym, testing whether frontier AI models can convert vulnerabilities into working exploits. Testing 898 real-world CVEs, Anthropic's Mythos Preview exploited 157 instances while OpenAI's GPT-5.5 managed 120 within two-hour windows. Both models frequently weaponized entirely different vulnerabilities than those initially provided, with Mythos deviating from intended bugs in 69 of 226 CTF scenarios.
Agents successfully bypassed ASLR and V8 sandbox protections. While GPT-5.5's safety filters blocked 88% of requests, researchers note such guardrails remain bypassable through prompt engineering.
🛰️ Open sources - closed narratives
@sitreports
Researchers from UC Berkeley, Max Planck Institute, and AI labs released ExploitGym, testing whether frontier AI models can convert vulnerabilities into working exploits. Testing 898 real-world CVEs, Anthropic's Mythos Preview exploited 157 instances while OpenAI's GPT-5.5 managed 120 within two-hour windows. Both models frequently weaponized entirely different vulnerabilities than those initially provided, with Mythos deviating from intended bugs in 69 of 226 CTF scenarios.
Agents successfully bypassed ASLR and V8 sandbox protections. While GPT-5.5's safety filters blocked 88% of requests, researchers note such guardrails remain bypassable through prompt engineering.
🛰️ Open sources - closed narratives
@sitreports
🔫 Google Discloses Full Zero-Click Exploit Chain for Pixel 10
Google Project Zero has published a complete zero-click exploit chain targeting Pixel 10 devices, beginning with CVE-2025-54957, a critical Dolby audio decoder flaw. The attack requires no user interaction—a crafted DD+ audio stream delivered via voice message automatically triggers remote code execution. Researcher Seth Jenkins chained it with a VPU driver vulnerability allowing arbitrary kernel memory access due to missing bounds validation, as detailed in the disclosure.
Google patched the VPU flaw in 71 days, but the research exposes persistent vulnerabilities in vendor-maintained kernel code. Only devices with December 2025 or later security patches are protected.
🛰️ Open sources - closed narratives
@sitreports
Google Project Zero has published a complete zero-click exploit chain targeting Pixel 10 devices, beginning with CVE-2025-54957, a critical Dolby audio decoder flaw. The attack requires no user interaction—a crafted DD+ audio stream delivered via voice message automatically triggers remote code execution. Researcher Seth Jenkins chained it with a VPU driver vulnerability allowing arbitrary kernel memory access due to missing bounds validation, as detailed in the disclosure.
Google patched the VPU flaw in 71 days, but the research exposes persistent vulnerabilities in vendor-maintained kernel code. Only devices with December 2025 or later security patches are protected.
🛰️ Open sources - closed narratives
@sitreports