Anthropic has released Claude Fable 5 and Mythos 5, with Fable 5 being the widely available version equipped with safety classifiers that prevent misuse, while Mythos 5 remains restricted to trusted partners due to its advanced vulnerability detection capabilities. Security experts say the release doesn't fundamentally change the threat landscape, as similar AI capabilities likely already exist in other labs and potentially in adversaries' hands. The consensus is that organizations should focus on security fundamentals like segmentation, multifactor authentication, and faster patching rather than panicking about the new release.

The University of Nottingham has confirmed a major data breach after the ShinyHunters hacker group leaked gigabytes of stolen files from its systems. The compromised data includes roughly 455,000 unique email addresses along with sensitive personal information such as passport numbers, financial records, addresses, and details about ethnicity, disabilities, and citizenship status affecting current students and alumni across the university's UK, China, and Malaysia campuses. The university is working with UK law enforcement and the Information Commissioner's Office to investigate the breach and has begun contacting those affected.

Security researcher Nightmare Eclipse has released a new Windows BitLocker bypass exploit called GreatXML that exploits a vulnerability in Microsoft Defender's offline scan functionality. The exploit allows attackers to bypass BitLocker encryption and gain SYSTEM-level access through Recovery Mode on any Windows machine where Defender's offline scan was initiated at least once. This is the latest in a series of zero-day exploits released by the researcher, who has expressed frustration with Microsoft's vulnerability disclosure program, forcing the company to scramble patches for multiple publicly disclosed security flaws.

Splunk and Palo Alto Networks released patches Wednesday for multiple vulnerabilities across their products, with the most severe being a critical flaw in Splunk Enterprise that could allow unauthenticated attackers to create and modify files through an unprotected database service endpoint. Palo Alto addressed a high-severity credential validation issue in its Cortex platforms, while Splunk fixed over a dozen vulnerabilities including bugs that could enable remote code execution and data theft. Neither company has seen evidence of these flaws being actively exploited in the wild.

The FBI has seized 13 websites that were allegedly part of a Chinese espionage operation to recruit American workers with access to classified information. The fake consulting company sites used AI-generated photos and stolen identities to appear legitimate, posting bogus job openings on platforms like LinkedIn to target current and former government employees with security clearances, offering cryptocurrency payments for sensitive information. Western intelligence agencies, including the Five Eyes alliance, recently warned that Chinese military intelligence has been increasingly using this tactic across English-speaking countries to extract non-public government information.

Siemens is alerting customers that patch files for its Desigo CC building management system are being incorrectly flagged as malware by multiple antivirus engines. The company believes the false positives are triggered by a PowerShell script in the patch that performs file system operations, registry modifications, and runs with elevated privileges, though Siemens has verified the files are legitimate and digitally signed. This marks at least the second time Siemens has encountered issues with third-party security software incorrectly identifying its industrial control system products as threats.

Threat actors are actively exploiting a high-severity vulnerability in Langflow, a popular low-code AI development platform, that allows remote code execution through an unpatched path traversal flaw. The vulnerability, tracked as CVE-2026-5027, is particularly dangerous because Langflow enables unauthenticated auto-login by default, meaning attackers can exploit the flaw without credentials by simply sending an unauthenticated request to obtain a session token. With approximately 7,000 Langflow instances exposed to the internet, the attack surface is significant, and security researchers warn this represents a growing trend of hackers targeting the infrastructure used to build and deploy AI applications.

OnyxC2 is a sophisticated malware-as-a-service stealer available for as little as 250 dollars per month that gives even non-technical cybercriminals enterprise-grade theft capabilities. The malware can target roughly 210 applications and extensions across nine categories including browsers, password managers, two-factor authentication tools, cryptocurrency wallets, and business systems like FTP and email clients, turning a single compromised workstation into persistent access across a victim's entire digital life. Researchers found the malware remarkably stealthy, with samples returning clean on VirusTotal, and note it's sold and supported like a legitimate commercial product complete with customer support and ready-made lures.

CISA has issued a new directive requiring federal agencies to prioritize patching security vulnerabilities based on risk level rather than using traditional severity scores. The directive builds on CISA's Known Exploited Vulnerabilities catalog and sets aggressive timelines for remediation, with the most critical flaws in publicly exposed systems requiring patches within just three days if they can be automated by attackers. Federal agencies must also update their vulnerability management policies, automate reporting, and inventory their externally-accessible assets to support more effective network defense.

Alert fatigue has become a serious security threat as overwhelmed SOC analysts struggle with massive volumes of alerts that lack proper context and prioritization, leading to both missed threats and employee burnout. The problem is worsening as AI-powered attacks generate even more alerts while human analysts can't keep pace with the volume. Security experts increasingly recommend using AI-driven automation to correlate and contextualize alerts into unified attack narratives, allowing analysts to focus on strategic decision-making rather than repetitive triage tasks.