Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Anthropic: All your zero-days are belong to Mythos

What Anthropic is describing is literally a zero-day engine: "Engineers at Anthropic with no formal security training have ...

Anthropic says its latest AI model is too powerful for public release and that it broke containment during testing

Anthropic said on Tuesday that it has halted the broader release of its newest AI model, Mythos, due to concerns that it is ...
SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...
Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...