Physical AI expands the attack surface of industrial systems, as manipulated sensors or AI models can cause not only data loss but also material damage and physical harm to people.
AI systems require fundamentally new red-teaming approaches due to their probabilistic nature, which differ fundamentally from classical penetration testing.
Anthropic splits Claude Fable 5 into a public version (with safeguards) and a restrictive version (Claude Mythos 5 without security layers) for verified cybersecurity experts.
Two years after a supply-chain attack on polyfill.io, the compromised domain caused fake login prompts on websites of major brands through leftover code.
Attackers operate highly ranked fake pages for tools like Ghidra and dnSpy on Google, redirect users through TDS-controlled JavaScript to malware servers, and evade security analysis by filtering VPNs, data centers, and repeated access.
An unpatched security vulnerability in Everest Forms Pro (up to version 1.9.12) allows unauthenticated attackers to execute arbitrary PHP code on WordPress websites and take control.
An unpatched command injection vulnerability in SD-WAN Manager is being actively exploited, requiring immediate measures to close authentication gaps and monitor logs.
Cybercriminals increasingly employ professionalized automated standard methods and are becoming faster at exploiting vulnerabilities, while phishing and invisible attacks using legitimate tools are becoming the norm.
