The attack centers on forging error reports embedded with malicious instructions trusted implicitly by AI coding agents when sent by the Sentry MCP server. The trouble is, anyone can send an error report to a target with the Sentry DSN credential widely found out in the open.
The scope of data theft is pretty severe once the Copilot vulnerability chain is successfully exploited, allowing the attacker to quickly rifle through a target’s Microsoft business environment for sensitive files.
Recent fake data breach reports for Discord and VRChat filed with the state of Maine have demonstrated that data breach reporting portals can instead become a source of fast-spreading disinformation if not managed properly.
A record-setting fine of 624 billion won just handed down for ecommerce giant Coupang’s 2025 data breach demonstrates that South Korea’s privacy regulators continue to move in an even more strict direction.
An anonymous source has come forward to claim that Anthropic now has engineers embedded with the NSA providing training and ongoing support to its cyber operations. The new Mythos AI, along with all other Anthropic products, are supposed to be under a ban for use by federal agencies and their contractors.
AI models will be evaluated to determine if they are threat capable enough to be considered “covered.” If they are, the government would request up to 30 days with them for private testing and evaluation before they are released to the public.
Preview access to the potent (and concerning) new Mythos AI is being expanded to at least 150 organizations, to include the first access for members of the EU.
The researcher asserts that they approached Microsoft privately with the zero-day vulnerabilities ahead of their public disclosure, but the company was not interested in listening to them. Microsoft, in turn, has said that the researcher’s actions are “unacceptable” and even “criminal” in providing attackers with a road map to immediate use of the vulnerabilities.
A stark warning has been issued by the European Central Bank (ECB) to the region’s financial outlets; start spending more on cybersecurity and readiness, or be taken advantage of by the new LLMs coming soon.
Verizon’s Data Breach Investigations Report (DBIR) for 2026 has been released, and the single most interesting piece of information is the new prevalence of attackers leading with vulnerability exploitation. This is the first time in 19 years that credential abuse has not been the leading initial breach cause.