Potential Game-Changer in EU as Mythos AI Access Opens Up
Preview access to the potent (and concerning) new Mythos AI is being expanded to at least 150 organizations, to include the first access for members of the EU.
Preview access to the potent (and concerning) new Mythos AI is being expanded to at least 150 organizations, to include the first access for members of the EU.
The researcher asserts that they approached Microsoft privately with the zero-day vulnerabilities ahead of their public disclosure, but the company was not interested in listening to them. Microsoft, in turn, has said that the researcher’s actions are “unacceptable” and even “criminal” in providing attackers with a road map to immediate use of the vulnerabilities.
A stark warning has been issued by the European Central Bank (ECB) to the region’s financial outlets; start spending more on cybersecurity and readiness, or be taken advantage of by the new LLMs coming soon.
Verizon’s Data Breach Investigations Report (DBIR) for 2026 has been released, and the single most interesting piece of information is the new prevalence of attackers leading with vulnerability exploitation. This is the first time in 19 years that credential abuse has not been the leading initial breach cause.
NGINX has been available since 2004 and the critical vulnerability that was uncovered is thought to have been present since 2008. The open source web server is a very popular tool for load balancing and serving static content, with estimates putting almost a third of the world’s most popular websites down as users.
While there is no official word as of yet and a decision has reportedly not been reached, inside sources at CISA say that high-level discussions about setting the time limit for remediating known critical vulnerabilities (KEVs) to just three days are taking place.
The level of trust that one can give to AI agents is once again in question, with recent news that Anthropic managed to include Claude Code source code in a software update for the world to see.
Google warns organizations should expect that, at minimum, threat actors that have already stolen encrypted materials will potentially be able to start cracking them with quantum computing techniques by 2029 in what will likely be the opening chapter of Q-Day.
Strava fitness app is once again in the news as a French officer seems to have obliviously used it during a run on the deck of France’s only aircraft carrier, giving away its position.
Foreign-made consumer-grade internet routers are now blocked from sale in the US by default, and will need to undergo a special approval process that comes with a thumbs-up from the DoW or DHS. While the ban applies globally, the main national security rationale is to reduce dependency on equipment coming from China.