JadePuffer: The First Ransomware Attack Run Entirely by AI
JadePuffer is the first ransomware attack run end-to-end by an AI agent, with no human operator. The break-in techniques were old; the operator wasn't.
JadePuffer is the first ransomware attack run end-to-end by an AI agent, with no human operator. The break-in techniques were old; the operator wasn't.
A leaked database of working Fortinet VPN and admin credentials โ CISA counts roughly 74,000 affected devices โ is being used to break into networks. Upgrading FortiOS doesn't retroactively fix the weak password hashes; here's what to check and do.
Anthropic's most powerful public model matches or beats Opus across the board โ then quietly hands its riskiest queries back to Opus to keep them safe.
Claude blocked a routine web search about an npm vulnerability and pointed me to Anthropic's Cyber Verification Program. I applied out of curiosity โ and the approval came back so fast that a human almost certainly never read it.
Trump signed an order asking AI companies to voluntarily hand the government a 30-day look at their most powerful models before release. It explicitly bars any mandatory licensing โ making the whole thing a request, not a rule.
An attacker took over Instagram accounts by asking Meta's AI support assistant to add an email and issue a password reset โ no phishing, no breach. The damage was small. The mechanism is the warning.
The patch for a Linux root exploit called Dirty Frag turned out to hide a second one. Fragnesia was found by an AI auditing tool โ a clean illustration of why the page-cache-write bug class keeps outrunning the people patching it.
A steady stream of Google Cloud customers keep waking up to four- and five-figure Gemini API bills, racked up in hours by attackers who scraped Maps or Firebase keys from public code. Google has set a June 19, 2026 cutoff to block unrestricted keys from Gemini entirely. Here is what the recurring pattern looks like, and what to do this week.
CVE-2026-23918 is a double-free in Apache 2.4.66's mod_http2. Two frames crash the worker. On Debian and the official Docker image, the same bug becomes a viable RCE path. The fix shipped May 4.
Mozilla published the first concrete result from Anthropic's Project Glasswing: 271 vulnerabilities fixed in Firefox 150, including a 20-year-old bug. Healthcare IT runs on patch cadences that are about to look very slow.