Vulnerabilities uncovered in secret US government systems and software during testing of Mythos

The US Government confirmed what the community already knows - Mythos is a true beast.
Agence France-Presse

LTM Joins Athena, a Chainguard-led Industry Coalition to Help Secure Open Source Software ...

LTM, the Business Creativity partner to the world’s largest enterprises, has joined Athena, a new industry coalition led by Chainguard, focused on protecting open source software from the rising ...
CSO Online

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
TMCnet

Linux Foundation and Industry Leaders Launch Akrites to Defend Critical Open Source ...

Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone ...
CSO Online

Hole in widely-used FFmpeg codec could crash media servers or enable RCE

Research from JFrog into the software supply chain vulnerability points to the need for better visibility into applications, ...
Ars Technica

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with ...
Dark Reading

Tackling Vulnerabilities & Errors Head-on for Proactive Security

In its latest "Data Breach Investigations Report," Verizon made the lighthearted, Taylor Swift-inspired quip that it's "entering its vulnerability era." Why? Verizon's new data found that hackers ...
Wired

Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think

Anthropic said this week that the debut of its new Claude Mythos Preview model marks a critical juncture in the evolution of cybersecurity, representing an unprecedented existential threat to existing ...
CNET

Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can't Use It

With its new Claude Mythos Preview model, the company is pulling together tech giants for a new cybersecurity consortium, Project Glasswing. Omar Gallaga has covered technology, digital culture and ...
Infosecurity-magazine.com

Software Vulnerabilities Take Almost Nine Months to Patch

The average fix time for software security vulnerabilities has risen to eight and a half months, a 47% increase over the past five years, according to Veracode’s latest State of Software Security ...
Computer Weekly

Microsoft expands bug bounty scheme to include third-party software

Microsoft is to expand its bug bounty scheme to reward people for finding high-risk security vulnerabilities that could impact the security of Microsoft’s online services. The company is extending its ...