New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html

ONE SENTENCE SUMMARY:

OpenAI’s ChatGPT Lockdown Mode reduces prompt-injection data exfiltration risk by restricting networked tools, while adding session management controls.

MAIN POINTS:

  1. Introduces optional Lockdown Mode for eligible personal accounts to mitigate prompt-injection exfiltration.
  2. Targets users handling sensitive data needing stronger protection guarantees.
  3. Available across Free, Go, Plus, Pro, and self-serve Business plans.
  4. Limits tools connecting to web or external services to reduce outbound data leakage.
  5. Builds on sandboxing and controls against URL-based exfiltration techniques.
  6. Focuses on removing exfiltration pathways, not preventing prompt injections outright.
  7. Leaves memory, file uploads, and conversation sharing behavior unchanged.
  8. Disables or restricts browsing, images, deep research, agent mode, canvas networking, and downloads.
  9. Mutually exclusive with Developer Mode; enabling one automatically disables the other.
  10. Adds session review/logout feature with device, app, location, timing, and trust indicators.

TAKEAWAYS:

  1. Activate Lockdown Mode when sensitive data exposure would be high impact.
  2. Expect reduced functionality as a tradeoff for fewer outbound exfiltration routes.
  3. Recognize residual risk from apps, capability combinations, or novel techniques.
  4. Understand prompt injections can still manipulate outputs even without data theft.
  5. Use new session-management tooling to detect and respond to account compromise quickly.

HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/hexstrike-ai-red-team-tool/

ONE SENTENCE SUMMARY:

HexStrike AI v6.0 is an MCP-based framework enabling autonomous pentesting and BOAZ evasion payloads via 127 tools.

MAIN POINTS:

  1. Forked HexStrike AI v6.0 introduces MCP-driven cybersecurity automation for red team operations.
  2. FastMCP server bridges LLMs with a curated offensive security toolchain.
  3. Intelligent Decision Engine selects tools and executes multi-phase assessments with minimal guidance.
  4. Supports Claude Desktop, Cursor, VS Code Copilot, Roo Code, partial 5ire, others.
  5. Integrates BOAZ multilayer AV/EDR evasion via five dedicated MCP tools.
  6. BOAZ includes 77+ process-injection loaders across syscall, stealth, memory guard, threadless, VEH/VCH, userland.
  7. Provides 12 encoding schemes including AES, ChaCha20, RC4, XOR, UUID, Base45/64/58.
  8. Implements bypass techniques: API unhooking, ETW patching, LLVM obfuscation with Akira/Pluto.
  9. Ships 127 tools; 53 auto-installed, 74 manual due to licensing/dependencies/platform constraints.
  10. Full setup needs ~24GB and 60–90 minutes, dominated by LLVM obfuscator builds.

TAKEAWAYS:

  1. AI agents can compress days of manual pentest orchestration into minutes of automated workflows.
  2. BOAZ integration turns scanning into an end-to-end stealth payload pipeline.
  3. Operational readiness depends on significant installation effort and selective manual tool provisioning.
  4. Documentation restricts use to authorized engagements, bug bounties, CTFs, and approved red teams.
  5. LLM orchestration frameworks create dual-use risk by scaling offensive actions with reduced oversight.

Cybersecurity Hygiene Reinforced by the 2026 Verizon DBIR

Source: Blog Feed – Center for Internet Security

Author: unknown

URL: https://www.cisecurity.org/insights/blog/cybersecurity-hygiene-reinforced-by-the-2026-verizon-dbir

ONE SENTENCE SUMMARY:

Verizon’s 2026 DBIR shows CIS Controls and Benchmarks improve cyber hygiene, reducing exposure and countering prevalent modern attack techniques effectively.

MAIN POINTS:

  1. DBIR links common breach patterns to foundational security hygiene gaps across organizations.
  2. CIS Controls provide prioritized, actionable safeguards aligned to real-world attack paths.
  3. CIS Benchmarks harden system configurations, shrinking misconfiguration-driven compromise opportunities.
  4. Mapping DBIR top threats to CIS safeguards helps focus limited resources on highest risks.
  5. Strong identity, access management, and MFA reduce credential theft and account takeover impact.
  6. Vulnerability and patch management limit exploitation windows used by ransomware and initial access brokers.
  7. Secure configuration baselines improve consistency across cloud, endpoints, servers, and network devices.
  8. Continuous monitoring and logging support faster detection and response to prevalent intrusion techniques.
  9. Backup, recovery, and resilience controls blunt ransomware business impact and downtime.
  10. Governance and measurement using CIS frameworks enable repeatable hygiene improvements over time.

TAKEAWAYS:

  1. Prioritizing CIS Controls is a practical way to address the most frequent DBIR attack patterns.
  2. Implementing CIS Benchmarks reduces preventable breaches caused by insecure default configurations.
  3. Aligning security programs to evidence-based reports improves decision-making and investment justification.
  4. Standardized baselines and continuous verification are essential for sustaining cybersecurity hygiene.
  5. Combining prevention, detection, and recovery controls provides better defense against modern, multi-stage attacks.

Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense

Source: Tenable Blog

Author: Vlad Korsunsky

URL: https://www.tenable.com/blog/anthropic-claude-mythos-tenable-joins-project-glasswing

ONE SENTENCE SUMMARY:

Tenable joins Anthropic’s Project Glasswing to benchmark Claude Mythos Preview, enhancing exposure management while studying frontier AI risks, controls, and governance.

MAIN POINTS:

  1. Project Glasswing collaboration evaluates Claude Mythos Preview for cybersecurity defender advantage.
  2. Advanced reasoning is benchmarked for attack path analysis, exposure prioritization, and remediation.
  3. Tenable aims to reduce overload from escalating findings and expanding attack surfaces.
  4. Frontier AI could accelerate offensive capabilities, pressuring defensive operations soon.
  5. Research will explore Mythos Preview for reinforcing analysis and strengthening Tenable’s internal security.
  6. Mythos will be compared with other models to challenge assumptions and uncover risk patterns.
  7. Defender differentiation depends on contextualized insights, not exclusive access to one AI model.
  8. Exposure management platforms may ingest frontier-model telemetry as a new security signal source.
  9. Organizations inherit risk from third-party AI they didn’t build, expanding the AI attack surface.
  10. Tenable One already integrates Claude Compliance API and Claude-powered workflows via Tenable Hexa AI.

TAKEAWAYS:

  1. Benchmarking frontier reasoning can materially improve prioritization and remediation decisions.
  2. Preparing for widely available attacker-grade AI requires faster, coordinated enterprise remediation.
  3. Combining AI signals with asset intelligence and attack paths drives better risk reduction.
  4. Understanding model behaviors informs practical controls, governance, and internal security practices.
  5. Partnerships like Glasswing accelerate responsible translation of AI advances into customer value.

Hackers Are After the Gaps in Your Vulnerability Program: Here’s Their Playbook

Source: BleepingComputer

Author: Sponsored by Flare

URL: https://www.bleepingcomputer.com/news/security/hackers-are-after-the-gaps-in-your-vulnerability-program-heres-their-playbook/

ONE SENTENCE SUMMARY:

Underground tutorial by “Hercules” teaches novices to find, validate, and monetize vulnerabilities, spreading widely and challenging defenders’ patching programs worldwide.

MAIN POINTS:

  1. Forum post presents a simple end-to-end workflow: scan, assess, exploit, monetize.
  2. Author emphasizes tracking newly disclosed high-impact flaws like RCE, auth bypass, ATO.
  3. Guidance includes locating exposed systems and verifying vulnerability status at scale.
  4. Nuclei framework and community templates are promoted for fast, automated discovery.
  5. Tutorial explicitly separates “legal” disclosure paths from “illegal” exploitation choices.
  6. Plain-language tone lowers barriers, framing hacking as learnable through practice, not theory.
  7. Responses show beginners seeking mentorship, private contact, and applied guidance.
  8. Method’s popularity led to reposts and discussion across four additional underground forums.
  9. Monetization options include paid disclosure, underground sales, or direct exploitation for access.
  10. Discussion highlights defender patching delays and the persistent risk of legacy vulnerabilities.

TAKEAWAYS:

  1. Simplified, repeatable playbooks can scale cybercrime more than novel techniques.
  2. Rapid patching and exposure management matter most for reachable critical vulnerabilities.
  3. Old, unmaintained platforms remain profitable targets because novices can exploit known CVEs.
  4. Well-designed paid disclosure programs can shift incentives toward reporting over exploitation.
  5. Threat intelligence should monitor tutorial传播 and recruitment behaviors, not just IOCs.

Top 6 Claude Security Risks to Watch as AI Becomes Your Employees’ Operating System

Source: Cloud Security Alliance

Author: unknown

URL: https://www.akto.io/blog/claude-security-risks

ONE SENTENCE SUMMARY:

Claude’s expanding privileges create shadow AI, connector, skills, and code risks requiring comprehensive discovery, governance, IAM, SDLC controls, and monitoring.

MAIN POINTS:

  1. Unapproved Claude usage exposes proprietary, financial, and legal data without organizational visibility or guardrails.
  2. Missing SSO and acceptable-use policies prevents understanding data flows and regulatory compliance status.
  3. Claude Projects act as unmanaged repositories for sensitive documents, access sharing, and connectors.
  4. Organizations often cannot identify uploaded files, project access holders, or active connector activity.
  5. MCP connectors expand attack surface by enabling direct access to Slack, GitHub, Drive, Jira, Notion.
  6. OAuth scopes and authentication boundaries are frequently over-permissioned by users for convenience.
  7. Cowork introduces autonomous AI actions, complicating accountability, policy enforcement, and auditing requirements.
  8. Claude Code skills create supply-chain risks; plain-English prompts can drive data exfiltration.
  9. Studies found high vulnerability rates in Claude-generated code, increasing production security defects.
  10. Platform flaws in Claude Code enable malicious repositories to trigger command execution and key compromise.

TAKEAWAYS:

  1. Perform enterprise-wide asset discovery to inventory Claude usage across web, desktop, Code, and Cowork.
  2. Treat Projects as persistent data stores and enforce DLP with classification and real-time monitoring.
  3. Govern MCP/connector enablement with security review, least privilege, and token-usage visibility.
  4. Apply secure SDLC gates to AI-generated code, skills, extensions, and autonomous workflows.
  5. Build continuous audit trails for AI activity, access patterns, and sensitive-data exposure across all surfaces.

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

Source: Attackers exploit Palo Alto GlobalProtect flaw days after disclosure | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4179847/attackers-exploit-palo-alto-globalprotect-flaw-days-after-disclosure.html

ONE SENTENCE SUMMARY:

Attackers exploit CVE-2026-0257 in Palo Alto GlobalProtect, bypassing authentication via forged cookies, accelerating patch urgency and zero-trust scrutiny.

MAIN POINTS:

  1. Active in-the-wild exploitation followed Palo Alto’s initial medium-severity disclosure within days.
  2. Rapid7 observed successful VPN access across customers, without confirmed lateral movement.
  3. CVE-2026-0257 impacts GlobalProtect remote-access VPN on PAN-OS devices.
  4. Exploitation reportedly began May 17, shortly after fixes and mitigations were published.
  5. Palo Alto raised CVSS to 7.8, marked “attacked,” and set highest urgency.
  6. Vulnerability enables credential-less authentication bypass by forging a trusted cookie.
  7. Sessions appear legitimate, complicating detection compared with typical intrusion methods.
  8. Root cause: decrypted cookie contents trusted without signature verification.
  9. Exposure requires specific configuration: override cookies enabled and shared certificate usage.
  10. CISA added it to KEV, ordering rapid remediation for federal agencies.

TAKEAWAYS:

  1. Treat auth-bypass flaws on remote-access gateways as critical, regardless of base scoring.
  2. Audit GlobalProtect configurations for authentication override cookies and certificate reuse.
  3. Patch immediately and apply mitigations; exploitation can start days after disclosure.
  4. Strengthen monitoring for suspicious “legitimate” VPN sessions that may be forged.
  5. Improve asset visibility and configuration governance to reduce edge-device exposure during zero-trust transitions.

7 tabletop exercise mistakes that sabotage incident response

Source: 7 tabletop exercise mistakes that sabotage incident response | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4179644/7-tabletop-exercise-mistakes-that-sabotage-incident-response.html

ONE SENTENCE SUMMARY:

Effective cyber tabletop exercises require clear objectives, realistic ambiguity, business-specific detail, right stakeholders, and testing interdependent decisions—not compliance theater alone.

MAIN POINTS:

  1. Running tabletops without measurable objectives rewards improvisation and obscures plan effectiveness.
  2. Generic ransomware scripts cause exercises to drift into discussion rather than readiness testing.
  3. Practicing only familiar incidents leaves teams unprepared for ambiguous, conflicting real-world signals.
  4. Introducing incomplete information forces decision-making under uncertainty, mirroring actual breach conditions.
  5. Scenarios must reflect your environment, priorities, past incidents, and industry threats.
  6. Missing stakeholders—legal, communications, HR, operations, executives—creates gaps in ownership and escalation.
  7. Capturing stalls, unclear decision rights, and absent voices should drive iterative improvements.
  8. Technical implausibility erodes buy-in; attack chains must logically connect to real architecture.
  9. Overly theoretical prompts high-level answers, hiding tooling gaps, authority limits, and communication breakdowns.
  10. Stress-test handoffs and dependencies across teams and vendors using risks from the organization’s register.

TAKEAWAYS:

  1. Define success criteria around escalation, notification, decision rights, and recovery prioritization before the exercise.
  2. Design ambiguity deliberately so participants practice choosing actions with partial, conflicting data.
  3. Tailor scenarios to business realities and include all real incident stakeholders.
  4. Ground narratives in technically accurate details that match systems, logs, and likely attacker paths.
  5. Measure outcomes, document friction points, and update plans and future tabletops to close gaps.

Microsoft Defender Vulnerability Management gets a smarter exposure score

Source: Help Net Security

Author: Anamarija Pogorelec

URL: https://www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/

ONE SENTENCE SUMMARY:

Microsoft Defender Vulnerability Management updates exposure scoring using exploitability signals and asset context to better prioritize remediation actions.

MAIN POINTS:

  1. Updated exposure score shifts focus from vulnerability severity to remediation prioritization.
  2. Model combines vulnerability risk, exploitability signals, and asset context for representativeness.
  3. EPSS is used to estimate 30-day exploitation likelihood for CVEs.
  4. Normalized CVE data from multiple sources improves scoring consistency.
  5. Device exposure reflects all vulnerabilities on a device, weighted by risk and context.
  6. Remediation activities more directly reduce device exposure scores under the new model.
  7. Asset context includes internet-facing status and criticality to influence prioritization.
  8. Identical vulnerabilities can warrant different responses depending on affected asset exposure and business value.
  9. Organization-level score is derived from individual asset scores for better environment-wide representation.
  10. Asset-CVE-level remediation impact calculations improve prediction and tracking of score changes.

TAKEAWAYS:

  1. Prioritization improves by emphasizing “where to fix first” rather than only “how severe.”
  2. Exploitability-driven scoring helps surface vulnerabilities more likely to be exploited soon.
  3. Context-aware weighting concentrates attention on high-risk, internet-exposed, or critical devices.
  4. Score shifts after enabling the model require treating results as a new, non-comparable baseline.
  5. Daily score updates and 24-hour remediation lag affect how quickly improvements appear in reporting.

Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/pentest-swarm-ai-tool/

ONE SENTENCE SUMMARY:

Pentest Swarm AI is an AGPL open-source stigmergic swarm pentesting platform coordinating tools via a shared blackboard, producing scoped reports.

MAIN POINTS:

  1. Introduces an autonomous pentesting platform using swarm intelligence, not fixed multi-agent pipelines.
  2. Provides coordinated access to offensive tools like nmap, nuclei, and ProjectDiscovery suite.
  3. Implements stigmergy with a PostgreSQL/pgvector blackboard and pheromone-weighted findings.
  4. Enables emergent attack chaining where findings automatically trigger other agents’ actions.
  5. Achieves decentralization through per-agent trigger predicates, avoiding orchestrator rewrites.
  6. Ships stable with multiple ProjectDiscovery tools plus fully parsed nmap XML scope validation.
  7. Plans Wave 2 adapters for sqlmap, Burp MCP bridge, Metasploit, and ZAP.
  8. Supports Claude, Ollama air-gapped deployments, and any OpenAI-compatible model.
  9. Generates reports in Markdown, HTML, JSON, and SARIF via a dedicated report agent.
  10. Enforces defense-in-depth scoping, deduplication, and CVSS v3.1 scoring for safe automation.

TAKEAWAYS:

  1. Stigmergic blackboard coordination replaces centralized planners, improving adaptability and parallel discovery.
  2. Emergent behaviors can form exploit chains dynamically from recon and classification signals.
  3. Strict scope enforcement at tool and executor layers reduces risk in CI/CD and bug bounties.
  4. Model flexibility allows cost-privacy tradeoffs, including no-GPU cloud usage or offline Ollama deployments.
  5. AGPL-3.0 licensing incentivizes community contribution by requiring SaaS forks to release improvements.

Grading on a curve: How to assess a pentest

Source: The Red Canary Blog: Information Security Insights

Author: Brian Donohue

URL: https://redcanary.com/blog/testing-and-validation/pentesting/

ONE SENTENCE SUMMARY:

Effective defense disrupts multi-stage attack chains by prioritizing high-fidelity, intent-rich behaviors, not exhaustive detection of every atomic action.

MAIN POINTS:

  1. Breaches result from campaigns of sequential actions, not single attacker successes.
  2. Detecting any critical step can hinder adversaries, evict threats, and prevent incidents.
  3. Depth and redundancy help, but complete coverage of all behaviors isn’t required.
  4. Testing is often misused as an exhaustive scorecard demanding alerts for every action.
  5. Real threats are adaptive, persistent campaigns; emulations are usually partial and constrained.
  6. Defensive focus should be “detect to disrupt” by breaking the attack chain early.
  7. Early or mid-chain detection can outperform noisy reconnaissance detection in outcomes.
  8. Isolated atomic events lack context; patterns reveal malicious intent and progression.
  9. High-fidelity TTPs like LSASS dumping and persistence provide reliable intervention points.
  10. Over-alerting to catch everything increases false positives and reduces analyst effectiveness.

TAKEAWAYS:

  1. Measure success by stopping attacker objectives, not by maximizing alert counts.
  2. Prioritize chokepoints and intent-rich techniques that reliably indicate malicious progression.
  3. Treat pentests and red teams as validation inputs, not comprehensive real-threat replicas.
  4. Use contextual correlation to distinguish benign activity from adversary behavior patterns.
  5. Expand coverage thoughtfully to scale, avoiding alert floodgates that bury true threats.

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Source: Cisco Talos Blog

Author: David J. Bianco

URL: https://blog.talosintelligence.com/introducing-evidenceforge-synthetic-security-logs-that-dont-look-as-fake/

ONE SENTENCE SUMMARY:

EvidenceForge generates realistic, causally consistent, multi-format synthetic security logs with ground truth, enabling training, detection validation, and scalable analytics development.

MAIN POINTS:

  1. High-quality labeled datasets are essential for training responders, validating detections, and building models.
  2. Production telemetry raises compliance issues, while public datasets are anonymized, stale, and over-reused.
  3. Self-generated attack simulations require real infrastructure, time, and scale poorly for scenario variety.
  4. Many synthetic generators emit independent events, breaking cross-source coherence and causal storytelling.
  5. EvidenceForge uses a canonical SecurityEvent model to synchronize fields across all emitters.
  6. Shared contexts enforce consistency for PIDs, LogonIDs, timestamps, and network identifiers like Zeek UIDs.
  7. Scenario YAML defines hosts, users, topology, and optional attack storylines for deterministic generation.
  8. Engine outputs 20+ correlated formats spanning Windows, Linux, network, and EDR telemetry.
  9. Rule engine inserts prerequisite protocol events with realistic timing for causal correctness.
  10. Background noise, red herrings, and bursty timing models improve realism and analyst training value.

TAKEAWAYS:

  1. Canonical event modeling solves the “logs don’t line up” problem across heterogeneous telemetry sources.
  2. Deterministic generation with seeded randomness enables repeatable datasets for regression testing detections.
  3. Sensor-placement modeling produces realistic network visibility gaps, mirroring real monitoring limitations.
  4. AI-assisted scenario authoring reduces expertise burden while scripts guarantee field-level consistency at scale.
  5. Companion ENVIRONMENT and GROUND_TRUTH documents provide analyst context and verifiable labels for evaluation.

Article from cybersecuritynews.com

Source:

Author: unknown

URL: https://cybersecuritynews.com/pyrsistencesniper/

ONE SENTENCE SUMMARY:

Unable to summarize: no article text provided, only a URL, preventing extraction of PyrsistenceSniper details and key security implications.

MAIN POINTS:

  1. The request includes only a link, without accessible article content to analyze.
  2. No headline, author, publication date, or context was provided with the URL.
  3. Key technical details about “PyrsistenceSniper” cannot be verified from the input.
  4. Threat actor attribution information is unavailable without the article body.
  5. Indicators of compromise (IOCs) were not provided for extraction or summarization.
  6. Malware behavior, persistence methods, and TTPs cannot be derived from the URL alone.
  7. Affected platforms, versions, and environments remain unknown without source text.
  8. Suggested mitigations, detections, or YARA/Sigma rules cannot be summarized.
  9. Impact assessment, exploitation chain, and infection vectors are absent from the input.
  10. Any summary would require the article content pasted or otherwise supplied.

TAKEAWAYS:

  1. Provide the full article text to enable accurate security summarization.
  2. Include IOCs and TTPs when sharing reports for actionable defensive use.
  3. Add context like date and scope to improve relevance of threat intelligence.
  4. Supply key excerpts if paywalls or scraping restrictions block access.
  5. Verify source content before drawing conclusions about a named threat or tool.

The Alert Firehose Finally Meets Its Match

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2026/05/the-alert-firehose-finally-meets-its.html

ONE SENTENCE SUMMARY:

Agentic AI-enhanced NDR converts high-volume network telemetry into correlated, prioritized detections, reducing false positives and accelerating SOC response.

MAIN POINTS:

  1. Legacy NDR earned a “noisy” reputation from raw visibility and SIEM-overloading alerts.
  2. Manual tuning demands during deployment often determined whether NDR became actionable or overwhelming.
  3. Agentic AI autonomously gathers context, triages alerts, and correlates evidence across events.
  4. High data volume shifts from burden to advantage when AI can analyze thousands of signals.
  5. Correlation links low-severity activities into threat narratives humans typically miss.
  6. AI produces prioritized detections with supporting network evidence for immediate analyst context.
  7. Automation reduces dependency on extensive manual tuning by learning detection improvements.
  8. Example scenario: hundreds of anomalies collapse into four actionable detections after AI triage.
  9. Effective operations still require baselining, ongoing tuning, and SOC workflow integration.
  10. Data quality drives AI security outcomes more than model choice, improving accuracy and findings.

TAKEAWAYS:

  1. Reputational “noise” issues reflect earlier operational realities, not modern AI-enabled NDR performance.
  2. Correlation at scale is the differentiator that turns telemetry into actionable threat stories.
  3. Maintaining an updated baseline prevents environmental changes from becoming false-positive generators.
  4. Feeding other SOC tools with pre-correlated NDR outputs reduces downstream alert fatigue.
  5. Success depends on deployment discipline plus high-fidelity network data powering AI-driven analysis.

FBI warns of Kali Oauth stealers

Source: FBI warns of Kali Oauth stealers | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4176464/fbi-warns-of-kali-oauth-stealers.html

ONE SENTENCE SUMMARY:

FBI warns Kali365 phishing steals Microsoft 365 OAuth tokens, bypasses MFA via device authorization, urging conditional access blocks and transfer restrictions.

MAIN POINTS:

  1. FBI alerted organizations about a new Kali365-enabled phishing wave targeting Microsoft 365 accounts.
  2. Kali365 captures OAuth access tokens rather than stealing usernames or passwords.
  3. Bypassing multi-factor authentication occurs because valid tokens authenticate without credential interception.
  4. Attackers impersonate trusted cloud document-sharing services in convincing phishing emails.
  5. Victims are instructed to enter a specific code on a legitimate Microsoft website.
  6. Entered code authorizes the attacker’s device to access the victim’s Microsoft account.
  7. Mitigation includes conditional access policies blocking device code flow for most users.
  8. Exceptions should be narrowly granted only for essential business processes needing code flow.
  9. Blocking authentication transfer policies prevents rights handoff from corporate PCs to mobile devices.
  10. World Economic Forum data shows phishing is CEOs’ top concern and growing across organizations.

TAKEAWAYS:

  1. Token-based phishing can defeat MFA without ever capturing user credentials.
  2. Legitimate login pages don’t guarantee safety when attackers abuse device authorization workflows.
  3. Conditional access controls are central to reducing exposure to device code phishing.
  4. Preventing authentication transfers limits attackers’ ability to persist across devices.
  5. Rising phishing volume makes rapid policy hardening and user awareness critical.

Varonis Announces Integration with the Claude Compliance API

Source: Varonis Blog

Author: Nolan Necoechea

URL: https://www.varonis.com/blog/claude-compliance-api-integration

ONE SENTENCE SUMMARY:

Varonis Atlas integrates Claude Compliance API to monitor enterprise AI use, investigate sessions, detect threats, and govern data-driven risk.

MAIN POINTS:

  1. Integration brings Claude Enterprise and Claude Platform activity into Varonis Atlas AI Security.
  2. Claude Enterprise supports knowledge work across legal, engineering, marketing, finance, and support.
  3. Claude Platform enables building, deploying, and operating AI applications, tools, and agents.
  4. Compliance API integration strengthens monitoring, misuse investigation, and AI risk assessment with context.
  5. Continuous monitoring covers chats, uploaded files, and projects for centralized oversight.
  6. Detection identifies sensitive data exposure, jailbreak attempts, and suspicious prompts during sessions.
  7. Session-level investigations replay full chronological chats to understand intent and context.
  8. Atlas captures Claude Platform admin, configuration, resource activity, plus audit events for investigation.
  9. Real-time alerts surface risky behavior linked to policy violations and session activity.
  10. Proactive AI pen testing stress-tests assistants and agents for prompt injection and jailbreak vulnerabilities.

TAKEAWAYS:

  1. Centralizing Claude activity in Atlas improves security team visibility and governance across AI usage.
  2. Session-context monitoring helps distinguish benign mistakes from intentional misuse.
  3. Administrative observability on Claude Platform supports auditing and incident investigations.
  4. Linking AI interactions to data sensitivity and permissions enables better risk prioritization and remediation.
  5. Atlas aims for end-to-end AI security across inventory, testing, runtime guardrails, and compliance reporting.

Tenable One deepens third-party integrations with new Open Connector for unified risk visibility

Source: Tenable Blog

Author: Nathan Dyer

URL: https://www.tenable.com/blog/new-tenable-one-open-connector-extends-third-party-integrations-unified-risk-visibility

ONE SENTENCE SUMMARY:

Tenable One Open Connector ingests unsupported security data, automates mapping and correlation, eliminates silos, and improves exposure visibility.

MAIN POINTS:

  1. Security data fragmentation across many tools prevents unified organizational risk visibility.
  2. Tenable One aims to centralize exposure management across on-prem, cloud, IoT, OT, identity, and AI.
  3. Over 300 validated Tenable One Connectors already integrate many third-party security products.
  4. Open Connector extends ingestion to unsupported tools, spreadsheets, and internal homegrown systems.
  5. Unified visibility reveals contextual relationships, enabling identification of dangerous attack paths.
  6. Broader ingestion supports holistic risk analysis and more accurate exposure prioritization.
  7. Platform flexibility reduces vendor lock-in and supports evolving heterogeneous security stacks.
  8. Automated ingestion keeps risk decisions based on continuously current data, reducing manual updates.
  9. Customizable field mapping allows combining, splitting, and organizing data for tailored insights.
  10. Ingested data is normalized, deduplicated, and correlated for consistent cross-source comparisons.

TAKEAWAYS:

  1. Eliminating silos improves detection of cross-domain attacker pathways and true business risk.
  2. Integrating niche tools and internal databases expands coverage beyond official vendor integrations.
  3. Continuous automated uploads prevent stale data from distorting exposure management decisions.
  4. User-controlled mapping enables analytics aligned to business context rather than vendor templates.
  5. An open connector strategy helps teams keep preferred tools without sacrificing unified visibility.

Microsoft releases open-source tools to operationalize AI agent safety

Source: Microsoft releases open-source tools to operationalize AI agent safety | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4175592/microsoft-releases-open-source-tools-to-operationalize-ai-agent-safety-2.html

ONE SENTENCE SUMMARY:

Microsoft open-sourced Rampart and Clarity to shift AI agent safety into continuous testing and documented design validation workflows.

MAIN POINTS:

  1. Microsoft announced two open-source tools to operationalize safety engineering for agentic AI.
  2. Ram Shankar Siva Kumar argued AI safety must be continuous, not periodic checkpoints.
  3. Agents now have operational privileges, increasing impact of failures and security incidents.
  4. New agent risks include prompt injection, unsafe tool use, privilege escalation, and autonomy mishaps.
  5. Rampart converts red-team findings into repeatable tests executed throughout development and deployment.
  6. Built atop PyRIT, Rampart supports structured adversarial and benign scenario automation.
  7. CI/CD integration aims to catch regressions as agents evolve and configurations change.
  8. Rampart targets cross-prompt injection, unsafe data handling, and insecure tool execution paths.
  9. Clarity validates pre-code assumptions about behavior, permissions, tool interactions, and trust boundaries.
  10. Clarity outputs markdown decision logs in .clarity-protocol/ for PR review and diffable governance.

TAKEAWAYS:

  1. Continuous, automated safety checks are becoming essential as agents gain real-world privileges.
  2. Repeatable red-team tests reduce “one-and-done” reviews and help prevent security regressions.
  3. Capturing design assumptions early strengthens trust boundaries and permission scoping decisions.
  4. Treating safety artifacts like code enables collaboration, review, and accountability in repositories.
  5. Rampart and Clarity align with Microsoft’s broader agent governance strategy, including OWASP-oriented controls.

Microsoft patches two zero-day flaws in Defender

Source: Microsoft patches two zero-day flaws in Defender | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4175970/microsoft-patches-two-zero-day-flaws-in-defender.html

ONE SENTENCE SUMMARY:

Microsoft patched two exploited Microsoft Defender zero-days enabling privilege escalation or protection disruption, urging updates to specific engine/platform versions.

MAIN POINTS:

  1. Emergency fixes address two zero-day flaws in Microsoft Defender malware protection components.
  2. Local attackers can obtain SYSTEM privileges or break antimalware service functionality.
  3. Either outcome helps malware evade detection and increases attacker control.
  4. CISA added CVE-2026-41091 and CVE-2026-45498 to the KEV catalog.
  5. Inclusion in KEV indicates exploitation was observed in the wild.
  6. Researchers link issues to RedSun and UnDefend GitHub exploits by “Nightmare Eclipse.”
  7. CVE-2026-41091 resides in mpengine.dll within the Microsoft Malware Protection Engine.
  8. Improper link resolution before file access underlies CVE-2026-41091; CVSS 7.8 high severity.
  9. CVE-2026-45498 affects MsMpEng.exe, central to real-time monitoring with kernel drivers.
  10. Recommended minimum versions: MPE 1.1.26040.8+ and platform 4.18.26040.7+.

TAKEAWAYS:

  1. Rapid patching is critical because active exploitation against endpoints has been detected.
  2. Verifying component versions matters since platform binaries update less frequently than signatures.
  3. Endpoint fleets using Defender or related products share exposure due to common code components.
  4. Local privilege escalation plus defense disruption creates a powerful combination for malware operations.
  5. Deploying the engine update also remediates an additional RCE, CVE-2026-45584.

Critical vulnerability in Cisco Secure Workload rated at maximum severity

Source: Critical vulnerability in Cisco Secure Workload rated at maximum severity | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4175913/critical-vulnerability-in-cisco-secure-workload-rated-at-maximum-severity.html

ONE SENTENCE SUMMARY:

Cisco Secure Workload on-prem has a CVSS 10 auth-bypass REST API flaw granting site-admin control, requiring immediate patching.

MAIN POINTS:

  1. Vulnerability enables attackers to gain site admin privileges and compromise endpoints.
  2. Cisco Secure Workload controls zero trust, micro-segmentation, and network visibility across enterprises.
  3. Threat actors likely will scan aggressively for exposed, unpatched internal API endpoints.
  4. Site-admin access could modify or dismantle security policies, opening previously restricted pathways.
  5. Multi-tenant deployments face cross-tenant impact, expanding potential exposure across business units or customers.
  6. CVE-2026-20223 has CVSS 10.0, allowing unauthenticated remote authentication bypass.
  7. Crafted HTTP requests to internal REST APIs instantly confer site admin privileges.
  8. Root cause is insufficient validation and authentication on REST API endpoint access.
  9. No workarounds exist; only software updates remediate the issue.
  10. SaaS is already patched, while on-prem customers must upgrade to fixed releases.

TAKEAWAYS:

  1. Prioritize emergency patching for on-prem Secure Workload as if responding to an active incident.
  2. Upgrade targets: 4.0→4.0.3.17, 3.10→3.10.8.3, 3.9 and earlier→migrate forward.
  3. Focus assessment on internal REST API exposure rather than the web management interface.
  4. Treat multi-tenant environments as higher-risk due to potential cross-tenant “blast radius.”
  5. Verify patch status promptly despite no known exploitation reported at disclosure time.

Microsoft shares mitigation for YellowKey Windows zero-day

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/

ONE SENTENCE SUMMARY:

Microsoft issued mitigations for YellowKey BitLocker zero-day, detailing registry, WinRE, and TPM+PIN changes to reduce exploitation risk.

MAIN POINTS:

  1. YellowKey is a Windows BitLocker zero-day enabling access to protected drives.
  2. Anonymous researcher “Nightmare Eclipse” disclosed it and released a proof-of-concept exploit.
  3. Exploitation uses crafted FsTx files on USB/EFI, booting into WinRE.
  4. Holding CTRL reportedly triggers an unrestricted shell against BitLocker-protected volumes.
  5. Microsoft tracks YellowKey as CVE-2026-45585 and published interim mitigations.
  6. Guidance includes removing autofstx.exe from Session Manager BootExecute registry value.
  7. Mitigation requires reestablishing BitLocker trust for WinRE using CVE-2026-33825 procedures.
  8. Analyst explanation: blocking autofstx.exe stops NTFS replay deleting winpeshl.ini.
  9. Microsoft recommends switching encrypted devices from TPM-only to TPM+PIN pre-boot authentication.
  10. For unencrypted devices, enforce additional startup authentication via Intune/Group Policy settings.

TAKEAWAYS:

  1. Treat WinRE and boot-time paths as critical attack surfaces for BitLocker bypasses.
  2. Implement registry and WinRE trust hardening immediately while awaiting a security update.
  3. Enforcing TPM+PIN materially raises the bar against pre-boot local bypass techniques.
  4. Public PoCs increase likelihood of real-world exploitation, demanding rapid configuration changes.
  5. Validate security controls beyond pentest “reachability,” including detection and configuration effectiveness.

Varonis: The Platform Advantage for Security

Source: Varonis Blog

Author: efeldman@varonis.com (Eugene Feldman)

URL: https://www.varonis.com/blog/platform-advantage

ONE SENTENCE SUMMARY:

Varonis argues unified data, AI, and email security platform reduces risk, stops cross-system attacks, and lowers costs versus siloed tools.

MAIN POINTS:

  1. Board-level data security is essential to sustain AI initiatives, innovation, and competitive advantage.
  2. Stitched-together point tools are costly, inefficient, and ineffective against modern multi-system attacks.
  3. Varonis offers one platform spanning data security, AI security, and email security capabilities.
  4. DSPM continuously finds sensitive data, access permissions, and usage across the data estate.
  5. DAM provides agentless database threat and policy-violation monitoring with fast deployment.
  6. DAG enforces least-privilege at scale to reduce overprivileged, exploitable access.
  7. DLP and DDR prevent exfiltration and detect ransomware/insiders using behavioral baselines.
  8. AI SPM, runtime guardrails, and AI governance secure agents/models, prompts, and compliance evidence.
  9. Email Social Engineering Defense blocks phishing/BEC and ties attempts to recipient blast radius.
  10. Unified telemetry, identity graph, and automated remediation improve outcomes and reduce MTTR and TCO.

TAKEAWAYS:

  1. Consolidating security into a single platform improves cross-domain visibility and actionable context.
  2. Correlation across SaaS, cloud, databases, and identities is critical for detecting OAuth abuse.
  3. Preventing AI-driven data exposure requires native sensitivity and permission awareness.
  4. Automated containment actions can minimize blast radius while supporting rollback and dependency checks.
  5. Replacing 5–8 tools can cut integration debt, analyst workload, and compliance reporting effort.

Cybercrime service disrupted for abusing Microsoft platform to sign malware

Source: BleepingComputer

Author: Lawrence Abrams

URL: https://www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/

ONE SENTENCE SUMMARY:

Microsoft disrupted Fox Tempest’s malware-signing service abusing Azure Artifact Signing, revoking certificates, seizing infrastructure, and aiding ransomware campaigns worldwide operations.

MAIN POINTS:

  1. Azure Artifact Signing lets developers obtain Microsoft-backed signatures for released software.
  2. Fox Tempest exploited the service to issue short-lived code-signing certificates for malware.
  3. Over 1,000 certificates and hundreds of Azure tenants/subscriptions supported the MSaaS business.
  4. A U.S. Southern District of New York lawsuit underpinned the disruption action.
  5. Microsoft seized signspace[.]cloud, blocked hosting, and took hundreds of related VMs offline.
  6. Signed binaries impersonated Teams, AnyDesk, PuTTY, and Webex to appear legitimate.
  7. Oyster loaders installed signed malware that enabled Rhysida ransomware deployment on victims.
  8. Threat actors including Vanilla Tempest, Storm-0501, Storm-2561, and Storm-0249 used the service.
  9. Operators likely used stolen U.S./Canada identities to pass Artifact Signing verification.
  10. Telegram marketing offered access for 5,000–9,000 USD-equivalent bitcoin, generating millions in profit.

TAKEAWAYS:

  1. Code-signing trust can be operationalized as a criminal “service” when onboarding controls are bypassed.
  2. Short validity certificates still meaningfully increase malware success by suppressing OS and user suspicion.
  3. Rapid revocation and infrastructure takedowns reduce blast radius, but abuse can scale quickly in cloud ecosystems.
  4. Defenders should treat “signed” as a signal, not proof of safety, and validate publisher reputation.
  5. Cross-industry coordination plus legal action can effectively dismantle enabling platforms for ransomware affiliates.

Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation

Source: Vulnerabilities and Threat Research – Qualys Security Blog

Author: Saeed Abbasi

URL: https://blog.qualys.com/vulnerabilities-threat-research/2026/05/19/inside-the-2026-verizon-dbir-what-one-billion-records-revealed-about-vulnerability-remediation

ONE SENTENCE SUMMARY:

Verizon’s 2026 DBIR shows remediation capacity hitting a human-speed limit as KEV workload explodes, demanding autonomous, machine-speed risk operations.

MAIN POINTS:

  1. Qualys contributed analysis of over one billion anonymized vulnerability remediation records to DBIR.
  2. DBIR uses survival analysis to track KEV remediation over time, not year-end snapshots.
  3. Remediation performance improved across 2022–2024 DBIR cycles at multiple curve milestones.
  4. The 2025 cycle reversed gains: 35% open at Day 28 versus 27% prior.
  5. Long-tail exposure hardened at 9%, equating to roughly 47 million lingering instances.
  6. Median detection-to-closure stayed at nine days, indicating defender effort didn’t decline.
  7. KEV-linked instances increased 7.7x in four years, from 68.7M to 527.3M.
  8. Day-28 open backlog surged from 31M to 184M instances, overwhelming built capacity.
  9. Top performers patch before KEV listing using risk prioritization and threat-context scoring.
  10. Proposed solution shifts to autonomous remediation via machine-speed “Risk Operations Center” pipelines.

TAKEAWAYS:

  1. Measuring vulnerability lifecycles with survival curves reveals systemic backlog dynamics obscured by snapshots.
  2. Scaling volume, not weaker execution, is driving defenders behind despite stable closure speed.
  3. Proactive remediation improved in output but fell in rate because workload grew faster.
  4. Human-gated remediation appears capped by a practical “speed of light” limit.
  5. Closing the structural gap requires architectural automation, not incremental staffing or tooling.

Lyrie: Open-source autonomous pentesting agent

Source: Help Net Security

Author: Sinisa Markovic

URL: https://www.helpnetsecurity.com/2026/05/18/lyrie-ai-autonomous-pentesting-agent/

ONE SENTENCE SUMMARY:

Lyrie is an open-source autonomous pentesting agent and ATP identity protocol, accelerating security workflows with encryption, scanners, and PoC generation.

MAIN POINTS:

  1. Manual pentesting weeks-long effort is compressed into a single CLI-driven autonomous workflow.
  2. Lyrie 3.1.0 adds XChaCha20-Poly1305 memory encryption for sensitive threat data.
  3. Seven new PoC generators cover prompt injection, auth bypass, CSRF, open redirect, races.
  4. Additional PoCs address secret exposure and cross-site execution attack scenarios.
  5. Three deep scanners introduced: Rust analysis, taint engine processing, AI code review.
  6. Repository now includes 25 tested commands across security ops, binary analysis, governance.
  7. Packaging splits into lyrie-omega Python CLI and @lyrie/atp TypeScript Node SDK.
  8. Installation supports one-line script or separate pip and npm methods.
  9. lyrie hack runs phases from recon through exploitation, PoC generation, and reporting.
  10. Agent Trust Protocol uses Ed25519, delegation, revocation, multisig, with IETF submission planned.

TAKEAWAYS:

  1. Autonomous agents can meaningfully reduce pentest time and required specialized staffing.
  2. Memory encryption and tested command coverage improve operational safety and reliability.
  3. Built-in PoC generation broadens validation for web and LLM-specific vulnerabilities.
  4. SARIF output enables straightforward integration with GitHub Code Scanning pipelines.
  5. ATP provides a practical standard for agent identity, authorization scope, and tamper detection.