<?xml version="1.0" encoding="UTF-8"?><feed
	xmlns="http://www.w3.org/2005/Atom"
	xmlns:thr="http://purl.org/syndication/thread/1.0"
	xml:lang="en-US"
	>
	<title type="text">Security | The Verge</title>
	<subtitle type="text">The Verge is about technology and how it makes us feel. Founded in 2011, we offer our audience everything from breaking news to reviews to award-winning features and investigations, on our site, in video, and in podcasts.</subtitle>

	<updated>2026-05-12T13:26:52+00:00</updated>

	<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/cyber-security" />
	<id>https://centraltech.webbfinanceiro.com/rss/cyber-security/index.xml</id>
	<link rel="self" type="application/atom+xml" href="https://centraltech.webbfinanceiro.com/rss/cyber-security/index.xml" />

	<icon>https://platform.theverge.com/wp-content/uploads/sites/2/2025/01/verge-rss-large_80b47e.png?w=150&amp;h=150&amp;crop=1</icon>
		<entry>
			
			<author>
				<name>Jess Weatherbed</name>
			</author>
			
			<title type="html"><![CDATA[Canvas owner reaches &#8216;agreement&#8217; with hackers to secure stolen data]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/928470/instructure-canvas-hack-shinyhunters-ransom-agreement" />
			<id>https://centraltech.webbfinanceiro.com/?p=928470</id>
			<updated>2026-05-12T09:26:52-04:00</updated>
			<published>2026-05-12T09:23:10-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[Instructure, the company behind the Canvas learning management platform, says it has "reached an agreement" with hackers that breached its systems last week to prevent stolen data from being leaked online. The ShinyHunters hacking group claimed responsibility for the attack before Canvas was briefly taken offline. The group threatened to publish 3.5 terabytes of student [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="An image showing green lockers, with pixels coming out of one of them." data-caption="" data-portal-copyright="Image: The Verge" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2025/05/STK419_DEEPFAKE_CVIRGINIA_J.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">Instructure, the company behind the Canvas learning management platform, says it has "<a href="https://www.instructure.com/incident_update#:~:text=STATUS%20UPDATE">reached an agreement</a>" with hackers that breached its systems last week to prevent stolen data from being leaked online. </p>
<p class="has-text-align-none">The ShinyHunters hacking group claimed responsibility for the attack before <a href="https://centraltech.webbfinanceiro.com/tech/926458/canvas-shinyhunters-breach">Canvas was briefly taken offline</a>. The group threatened to publish 3.5 terabytes of student data if ransom demands for a "settlement" weren't met. Now, Instructure says the stolen data has been returned as part of its unspecified "agreement" with the hackers, alongside a promise that "no Instructure customers will be extorted as a result of this incident."</p>
<p class="has-text-align-none">"We un …</p>
<p><a href="https://centraltech.webbfinanceiro.com/tech/928470/instructure-canvas-hack-shinyhunters-ransom-agreement">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Stevie Bonifield</name>
			</author>
			
			<title type="html"><![CDATA[OpenAI just released its answer to Claude Mythos]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/928342/openai-daybreak-security-ai" />
			<id>https://centraltech.webbfinanceiro.com/?p=928342</id>
			<updated>2026-05-11T19:05:51-04:00</updated>
			<published>2026-05-11T19:05:01-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="AI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Anthropic" /><category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="OpenAI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization's code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="Sam Altman with OpenAI logo on green background." data-caption="" data-portal-copyright="Image: Cath Virginia / The Verge, Getty Images" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/04/STK201_SAM_ALTMAN_CVIRGINIA2A.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">OpenAI is launching <a href="http://openai.com/daybreak/">Daybreak</a>, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that <a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/891022/openais-codex-updates-focus-on-security-and-open-source">launched in March</a> to create a threat model based on an organization's code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher risk ones.</p>
<p class="has-text-align-none">Its launch comes just over a month after rival Anthropic announced <a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/908114/anthropic-project-glasswing-cybersecurity">Claude Mythos</a>, a security-focused AI model it claimed was too dangerous to publicly release and only shared privately as a part of its own initiative, dubbed Project Glasswing. Still, that didn't stop at leas …</p>
<p><a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/928342/openai-daybreak-security-ai">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Stevie Bonifield</name>
			</author>
			
			<title type="html"><![CDATA[Google stopped a zero-day hack that it says was developed with AI]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/928007/google-ai-zero-day-exploit-stopped" />
			<id>https://centraltech.webbfinanceiro.com/?p=928007</id>
			<updated>2026-05-11T12:28:15-04:00</updated>
			<published>2026-05-11T12:09:42-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="AI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Google" /><category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[For the first time, Google says it has spotted and stopped a zero-day exploit developed with AI. According to a report from Google Threat Intelligence Group (GTIG), "prominent cyber crime threat actors" were planning to use the vulnerability for a "mass exploitation event" that would have allowed them to bypass two-factor authentication on an unnamed [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="Photo illustration of a brain on a circuit board in red." data-caption="" data-portal-copyright="Illustration by Cath Virginia / The Verge | Photos from Getty Images" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/chorus/uploads/chorus_asset/file/25330660/STK414_AI_CHATBOT_H.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">For the first time, Google says it has spotted and stopped a zero-day exploit developed with AI. According to a report from <a href="https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access">Google Threat Intelligence Group</a> (GTIG), "prominent cyber crime threat actors" were planning to use the vulnerability for a "mass exploitation event" that would have allowed them to bypass two-factor authentication on an unnamed "open-source, web-based system administration tool." </p>
<p class="has-text-align-none">Google's researchers found hints in the Python script used for the exploit that indicated help from AI, like a "hallucinated CVSS score" and "structured, textbook" formatting consistent with LLM training data. The exploit takes advantage of  …</p>
<p><a href="https://centraltech.webbfinanceiro.com/tech/928007/google-ai-zero-day-exploit-stopped">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Sean Hollister</name>
			</author>
			
			<title type="html"><![CDATA[A million baby monitors and security cameras were easily viewable by hackers]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/926487/meari-technology-hack-baby-monitor-security-camera" />
			<id>https://centraltech.webbfinanceiro.com/?p=926487</id>
			<updated>2026-05-11T21:44:40-04:00</updated>
			<published>2026-05-11T12:00:00-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Report" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[A baby's eyes peer directly into the camera lens. A kid with a striped shirt looks up, then away. A boy in a policeman's costume, a gold star on his chest. A messy bedroom that reminds me of my own daughters, with an unmade bunk bed, a little girl's hat and headband, and Hello Kitty [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="" data-caption="If your baby monitor looks something like this, it’s probably a Meari. | Image: Meari" data-portal-copyright="Image: Meari" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/meari-baby-monitor-2.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
	If your baby monitor looks something like this, it’s probably a Meari. | Image: Meari	</figcaption>
</figure>
<p class="has-drop-cap has-text-align-none">A baby's eyes peer directly into the camera lens. A kid with a striped shirt looks up, then away. A boy in a policeman's costume, a gold star on his chest. A messy bedroom that reminds me of my own daughters, with an unmade bunk bed, a little girl's hat and headband, and Hello Kitty plastered on the wall.</p>
<p class="has-text-align-none">One thought repeats in my mind: <em>I shouldn't be seeing this</em>. <em>No stranger should. </em></p>
<p class="has-text-align-none">But bad actors could've easily spied on all these locations - and a million more - because many of Meari Technology's Wi-Fi baby monitors and security cameras were absurdly insecure. If you had access to one of those cameras, you theoretically had access to t …</p>
<p><a href="https://centraltech.webbfinanceiro.com/tech/926487/meari-technology-hack-baby-monitor-security-camera">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Emma Roth</name>
			</author>
			
			<author>
				<name>Jess Weatherbed</name>
			</author>
			
			<title type="html"><![CDATA[Canvas is online again after ShinyHunters threaten to leak schools’ data]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/926458/canvas-shinyhunters-breach" />
			<id>https://centraltech.webbfinanceiro.com/?p=926458</id>
			<updated>2026-05-08T06:42:54-04:00</updated>
			<published>2026-05-07T17:29:27-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[The Instructure-owned learning management platform, Canvas, is now online again after it went down following a massive data breach that impacted student names, email addresses, ID numbers, and messages. Before systems were restored, students who attempted to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="Graphic illustration of students walking down a hallway in school." data-caption="" data-portal-copyright="Cath Virginia / The Verge | Photos from Getty Images" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/chorus/uploads/chorus_asset/file/25332725/STK419_DEEPFAKE_CVIRGINIA_L.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">The Instructure-owned learning management platform, Canvas, is now online again after it went down following a massive data breach that <a href="https://status.instructure.com/incidents/9wm4knj2r64z">impacted student names</a>, email addresses, ID numbers, and messages. Before systems were restored, students who attempted to access the system on Thursday <a href="https://www.reddit.com/r/UTSA/comments/1t6lsdw/canvas_got_hacked/">saw a message</a> from the hacking group ShinyHunters, which claimed responsibility for the attack:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="has-text-align-none">ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some "security patches." If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber  …</p></blockquote>
<p><a href="https://centraltech.webbfinanceiro.com/tech/926458/canvas-shinyhunters-breach">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Sean Hollister</name>
			</author>
			
			<title type="html"><![CDATA[A hacker ran me over with a robot lawn mower]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/925696/yarbo-robot-lawn-mower-hack-remote-control-camera-access-mqtt" />
			<id>https://centraltech.webbfinanceiro.com/?p=925696</id>
			<updated>2026-05-11T18:40:45-04:00</updated>
			<published>2026-05-07T12:00:00-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Report" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[I'm lying in the dirt. It's coming for me. Then, with a lurch, it's climbing up my chest. If Andreas Makris doesn't stop the 200-pound robot lawn mower in time, it could drag its blades across my body. Makris certainly can't reach over and hit the emergency stop button - he's nearly 6,000 miles away, [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="" data-caption="A Yarbo lawnmower with a trimmer attachment. | Image: Yarbo" data-portal-copyright="Image: Yarbo" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/yarbo-lawnmower.webp?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
	A Yarbo lawnmower with a trimmer attachment. | Image: Yarbo	</figcaption>
</figure>
<p class="has-drop-cap has-text-align-none">I'm lying in the dirt. It's coming for me. Then, with a lurch, it's climbing up my chest. If Andreas Makris doesn't stop the 200-pound robot lawn mower in time, it could drag its blades across my body.</p>
<p class="has-text-align-none">Makris certainly can't reach over and hit the emergency stop button - he's nearly 6,000 miles away, having hacked this robot from the other side of the planet, to demonstrate the gaping security holes in Yarbo's robot lawn mowers. And I've made the questionable decision of lying down in the mower's path - to see just how far Makris, the security researcher who discovered those flaws, is able to push the mower.</p>
<img src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/robot-lawnmower.webp?quality=90&amp;strip=all&amp;crop=0,0,100,100" alt="" title="" data-has-syndication-rights="1" data-caption="&lt;em&gt;Yep, that's me. &lt;/em&gt; | Animation by Sean Hollister / The Verge" data-portal-copyright="Animation by Sean Hollister / The Verge">
<p class="has-text-align-none">By the time the mower touches m …</p>
<p><a href="https://centraltech.webbfinanceiro.com/tech/925696/yarbo-robot-lawn-mower-hack-remote-control-camera-access-mqtt">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Robert Hart</name>
			</author>
			
			<title type="html"><![CDATA[Researchers gaslit Claude into giving instructions to build explosives]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/923961/security-researchers-mindgard-gaslit-claude-forbidden-information" />
			<id>https://centraltech.webbfinanceiro.com/?p=923961</id>
			<updated>2026-05-05T17:21:36-04:00</updated>
			<published>2026-05-05T09:13:08-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="AI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Anthropic" /><category scheme="https://centraltech.webbfinanceiro.com" term="Report" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[Anthropic has spent years building itself up as the safe AI company. But new security research shared with The Verge suggests Claude's carefully crafted helpful personality may itself be a vulnerability. Researchers at AI red-teaming company Mindgard say they got Claude to offer up erotica, malicious code, and instructions for building explosives, and other prohibited [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="Claude logo with graphic data visualizations." data-caption="" data-portal-copyright="Image: Cath Virginia / The Verge, Getty Images" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/01/STKB364_CLAUDE_2_A_7d58b5.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">Anthropic has spent years <a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/917644/anthropic-claude-mythos-breach-humiliation">building itself up</a> as the safe AI company. But <a href="https://mindgard.ai/blog/claude-offers-up-instructions-to-make-explosives">new security research</a> shared with <em>The Verge</em> suggests Claude's carefully crafted <a href="https://centraltech.webbfinanceiro.com/news/760561/anthropic-claude-ai-chatbot-end-harmful-conversations">helpful personality</a> may itself be a vulnerability.</p>
<p class="has-text-align-none">Researchers at AI red-teaming company Mindgard say they got Claude to offer up erotica, malicious code, and instructions for building explosives, and other prohibited material they hadn't even asked for. All it took was respect, flattery, and a little bit of gaslighting. Anthropic did not immediately respond to <em>The Verge</em>'s request for comment.   </p>
<p class="has-text-align-none">The researchers say they exploited "psychological" quirks of Claude stemming from its ability  …</p>
<p><a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/923961/security-researchers-mindgard-gaslit-claude-forbidden-information">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Stevie Bonifield</name>
			</author>
			
			<title type="html"><![CDATA[Severe Linux Copy Fail security flaw uncovered using AI scanning help]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/tech/922243/linux-cve-2026-3141-copy-fail-exploit" />
			<id>https://centraltech.webbfinanceiro.com/?p=922243</id>
			<updated>2026-05-01T12:55:16-04:00</updated>
			<published>2026-05-01T12:55:16-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="Linux" /><category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called "Copy Fail" that allows any user to give themselves administrator privileges. The exploit, publicly disclosed as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring "no per-distro offsets, no version checks, no [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="Devil face on a computer motherboard." data-caption="" data-portal-copyright="Image: Cath Virginia / The Verge, Getty Images" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2025/09/STK414_AI_CVIRGINIA_I__0008_6.png?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called "Copy Fail" that allows any user to give themselves administrator privileges.  The exploit, <a href="https://copy.fail/">publicly disclosed</a> as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring "no per-distro offsets, no version checks, no recompilation," according to Theori, the security firm that uncovered it. </p>
<p class="has-text-align-none"><a href="https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/"><em>Ars Technica</em></a> points out this blog post where DevOps engineer Jorijn Schrijvershof <a href="https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/">explains</a> that what makes Copy Fail "unusually nasty" is the likelihood for it to go unnoticed by monitoring t …</p>
<p><a href="https://centraltech.webbfinanceiro.com/tech/922243/linux-cve-2026-3141-copy-fail-exploit">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Tom Warren</name>
			</author>
			
			<title type="html"><![CDATA[GitHub rushed to fix a critical vulnerability in less than six hours]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/news/920295/github-remote-code-execution-vulnerability-fix" />
			<id>https://centraltech.webbfinanceiro.com/?p=920295</id>
			<updated>2026-04-29T06:15:23-04:00</updated>
			<published>2026-04-29T06:04:25-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="AI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Microsoft" /><category scheme="https://centraltech.webbfinanceiro.com" term="News" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI models to uncover a vulnerability in GitHub's internal git infrastructure that could have allowed attackers to access millions of public and private code repositories. "Our security team immediately began validating the bug bounty report. Within [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="An illustration of the GitHub logo" data-caption="" data-portal-copyright="Image: Alex Castro / The Verge" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2025/10/acastro_220504_STK121_0001.jpg?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-text-align-none">GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. <a href="https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854">Wiz Research used</a> AI models to uncover a vulnerability in GitHub's internal git infrastructure that could have allowed attackers to access millions of public and private code repositories.</p>
<p class="has-text-align-none">"Our security team immediately began validating the bug bounty report. Within 40 minutes, we had reproduced the vulnerability internally and confirmed the severity," <a href="https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/">explains Alexis Wales</a>, GitHub chief information security officer. "This was a critical issue that required immediate action."</p>
<p class="has-text-align-none">GitHub's engineering team developed a fix and deployed it jus …</p>
<p><a href="https://centraltech.webbfinanceiro.com/news/920295/github-remote-code-execution-vulnerability-fix">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
			<entry>
			
			<author>
				<name>Yael Grauer</name>
			</author>
			
			<title type="html"><![CDATA[Attack of the killer script kiddies]]></title>
			<link rel="alternate" type="text/html" href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai" />
			<id>https://centraltech.webbfinanceiro.com/?p=915660</id>
			<updated>2026-04-28T08:29:07-04:00</updated>
			<published>2026-04-28T07:00:00-04:00</published>
			<category scheme="https://centraltech.webbfinanceiro.com" term="AI" /><category scheme="https://centraltech.webbfinanceiro.com" term="Security" /><category scheme="https://centraltech.webbfinanceiro.com" term="Tech" />
							<summary type="html"><![CDATA[Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA's Artificial Intelligence Cyber Challenge (AIxCC). The tools had scanned 54 million lines of actual software code that DARPA had injected with artificial flaws. The teams were capable enough to [&#8230;]]]></summary>
			
							<content type="html">
											<![CDATA[

						
<figure>

<img alt="" data-caption="" data-portal-copyright="Joseph Rogers / The Verge" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2026/04/rogers-script-kiddies-ANIMATION.gif?quality=90&#038;strip=all&#038;crop=0,0,100,100" />
	<figcaption>
		</figcaption>
</figure>
<p class="has-drop-cap has-text-align-none">Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA's Artificial Intelligence Cyber Challenge (AIxCC). The tools had scanned 54 million lines of actual software code that DARPA had injected with artificial flaws. The teams were capable enough to identify most of the artificial bugs, but their automated tools went beyond that - they found more than a dozen bugs that DARPA hadn't inserted at all.</p>
<p class="has-text-align-none">Even before the security earthquake that Anthropic delivered this month with Claude Mythos - the new AI model that seems to find vulnerabilities  …</p>
<p><a href="https://centraltech.webbfinanceiro.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai">Read the full story at The Verge.</a></p>
						]]>
									</content>
			
					</entry>
	</feed>
