Cyberscope Launches “Cyberscan AI” to Make Smart Contract Audits Free, Faster, and Accessible

AI-powered product targets one of Web3’s biggest bottlenecks: turning noisy security alerts into validated vulnerabilities ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
GitHub

Wapiti - Web Vulnerability Scanner

In order to work correctly, Wapiti needs Python 3.12, 3.13 or 3.14. All Python module dependencies will be installed automatically if you use the setup.py script or pip install wapiti3 See INSTALL.md ...
Scientific American

What is Mythos, Anthropic’s unreleased AI model, and how worried should we be?

In the wake of Anthropic’s announcement of its latest artificial intelligence model, Mythos, on April 7, the company has stood by an unusual decision: refusing to release it to the public. Not since ...
CNBC

Jamie Dimon says Anthropic's Mythos reveals 'a lot more vulnerabilities' for cyberattacks

Jamie Dimon said AI is a double-edged sword: “it’s made it worse, it’s made it harder,” creating new cyber vulnerabilities even as it may eventually strengthen defenses. JPMorgan Chase is testing ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect itself

CERT-EU has attributed a major data breach at the European Commission to cybercrime group TeamPCP, which exploited a supply chain attack on the open-source security tool Trivy to steal 92 GB of ...
Bleeping Computer

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
CSOonline

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

‘If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says. Attackers have compromised the widely used open-source ...
Ars Technica

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers ...
SiliconANGLE

Anthropic launches an institute to tackle AI risks

Anthropic PBC today announced the formation of the Anthropic Institute, a business unit tasked with studying the risks posed by artificial intelligence. The unit will bring three of the company’s ...