Security This Week

FortiBleed campaign exposes 75,000 Fortinet firewalls worldwide

Anthropic rolls out Claude Fable 5, but it's available for a limited time

Claude Code’s GitHub Actions Vulnerability Lets Attackers Compromise Any Repository

FBI warns of in-person data theft attacks from extortion gang

First public macOS kernel memory corruption exploit on Apple M5

New Linux 'Dirty Frag' zero-day gives root on all major distros

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

Anthropic investigates unauthorized Mythos access by Discord group

AI chatbots used tactical nuclear weapons in 95% of AI war games, launched strategic strikes three times!

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

FCC bans foreign routers, putting enterprise network risk in focus

Researchers uncover iPhone spyware capable of penetrating millions of devices.

Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges

Anthropic ditches its core safety promise in the middle of an AI red line fight with the Pentagon

Exploitable Flaws Found in Cloud-Based Password Managers

iPhone Lockdown Mode is so good even the FBI can’t crack it

Hacking Moltbook: The AI Social Network Any Human Can Control

How to get Doom running on a pair of earbuds

New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale

New China Linked VoidLink Linux Malware Targets Major Cloud Providers

ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants

MongoDB warns admins to patch severe vulnerability immediately

PornHub extorted after hackers steal Premium member activity data

Attackers hit React defect as researchers quibble over proof

An ingenious Apple Service hoax is convincing users their account is under attack

Anthropic claims of Claude AI-automated cyberattacks met with doubt

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

No one pays ransomware demands anymore - so attackers have a new goal. Also: Ransomware Surge in Europe: Cybercriminals Exploit GDPR Penalties, Target Key Sectors

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright

Skynet-1A: Military Spacecraft Launched 56 Years Ago Has Been Moved By Persons Unknown

Carl, Duane, and Patrick recorded this week's episode in front of a live audience at CyberSecurity Intersection, a cyber conference held at Universal Studio in Orlando, FL the week of October 5.

Japan's beer giant Asahi Group cannot resume production after cyberattack

U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Hackers left empty-handed after massive NPM supply-chain attack

Salt Typhoon pwned 'nearly every American'

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Security researcher driven by free nuggets unearths McDonald's security flaw — changing 'login' to 'register' in URL prompted site to issue plain text password for a new account