SecurityWeek

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Apache has released fixes for a dozen HTTP Server and MINA vulnerabilities, including critical and high-severity RCE flaws.
The Hacker News

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...
Bleeping Computer

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that a high-severity Apache ActiveMQ vulnerability patched earlier this month is now actively exploited in attacks.
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
CNBC

Jamie Dimon says Anthropic's Mythos reveals 'a lot more vulnerabilities' for cyberattacks

Jamie Dimon said AI is a double-edged sword: “it’s made it worse, it’s made it harder,” creating new cyber vulnerabilities even as it may eventually strengthen defenses. JPMorgan Chase is testing ...
Bleeping Computer

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The ...
VentureBeat

Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

A 27-year-old bug sat inside OpenBSD’s TCP stack while auditors reviewed the code, fuzzers ran against it, and the operating system earned its reputation as one of the most security-hardened platforms ...
NBC News

The 'Vulnpocalypse': Why experts fear AI could tip the scales toward hackers

As AI grows more capable of identifying software vulnerabilities, experts are increasingly warning of a potential disaster scenario: the so-called “Vulnpocalypse.” Hackers could quickly turbocharge ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...
The Guardian

Anthropic keeps latest AI tool out of public’s hands for fear of enabling widespread hacking

AI company says purpose of its Claude Mythos model is to bolster defenses against hacking in common applications Anthropic on Tuesday said its yet-to-be-released artificial intelligence model called ...
CSOonline

Threat and Vulnerability Management

XDR is one of security's buzziest acronyms—and for good reason. XDR, which stands for eXtended Detection and Response, promises to provide more timely and accurate threat detection by gathering and ...
NPR

How AI is getting better at finding security holes

In the past few months, AI models have gone from producing hallucinations to becoming effective at finding security flaws in software, according to developers who maintain widely used cyber ...