Of 206 patched vulnerabilities, 39 are classified as critical, including 56 remote code execution and 63 privilege escalation flaws, with three publicly disclosed zero-days.
AI agents fail to recognize social engineering phishing because they do not separate data paths from control paths and do not verify identities, though they partially detect technical attacks.
Validato enables organizations in critical infrastructure to document human security risks in an audit-ready manner, thereby meeting NIS2, CER, and ISO-27001 requirements.
A self-replicating worm compromises 73 Microsoft repositories through stolen administrative credentials, exploiting the trust model of GitHub and npm without leveraging software vulnerabilities.
AI agents like OpenClaw can detect technical attack vectors but fail to protect against social engineering attacks due to insufficient identity verification.
Physical AI expands the attack surface of industrial systems, as manipulated sensors or AI models can cause not only data loss but also material damage and physical harm to people.
AI systems require fundamentally new red-teaming approaches due to their probabilistic nature, which differ fundamentally from classical penetration testing.
Anthropic splits Claude Fable 5 into a public version (with safeguards) and a restrictive version (Claude Mythos 5 without security layers) for verified cybersecurity experts.
