Microsoft is expanding the BlockContentAnalysisServices sensitivity label setting to cover all connected experiences that analyze content in Word, Excel, and PowerPoint. This update ensures that any service relying on content analysis is blocked consistently across different platforms and applications. While this enhances data privacy, it also disables helpful features like text predictions, suggested replies, and certain client-side DLP checks.

Source

A sophisticated cyber espionage group known as VerdantBamboo is targeting Linux-based appliances and managed service providers to gain persistent network access. The threat actor utilizes a specialized BSD variant of the BRICKSTORM backdoor to compromise firewalls and storage synchronization systems. These attackers specifically focus on hardware that typically cannot run endpoint detection and response software to avoid discovery.

Source

Global governments and private enterprises are investing billions to transition quantum computing from experimental science to industrial-scale technology. The United States and United Kingdom have earmarked significant funding to establish domestic quantum foundries and scale hardware production. This shift aims to integrate quantum processing units into standard data center architectures alongside existing CPUs and GPUs.

Source

The National Security Agency is reportedly integrating Anthropic’s specialized cybersecurity AI model, known as Mythos, into its intelligence and cyber operations. Approximately six Anthropic engineers have been assigned to the agency to assist with the deployment and application of this frontier technology. While the specific use cases remain classified, the partnership aims to leverage the model’s advanced capabilities for both intelligence gathering and offensive cyber maneuvers.

Source

Cisco has disclosed a critical privilege escalation vulnerability, CVE-2026-20245, affecting Catalyst SD-WAN Manager for which no patch is currently available. Attackers are actively leveraging this zero-day flaw, and Cisco has observed limited instances where exploitation resulted in unauthorized configuration changes being pushed to edge devices. This activity follows previous campaigns by threat actor UAT-8616, who utilized similar authentication bypass vulnerabilities to compromise SD-WAN systems earlier this year.

Source

A self-replicating worm named Miasma has successfully compromised 73 Microsoft GitHub repositories across several organizations, including Azure and MicrosoftDocs. GitHub staff responded by disabling access to high-profile repositories such as the Azure Functions host and various Durable Task implementations. This incident appears to be a continuation of a previous compromise, suggesting that the threat actors maintained access to credentials from earlier attacks.

Source

An autonomous AI agent recently discovered 21 previously unknown vulnerabilities in the FFmpeg media library, some of which had remained hidden for over 20 years. These flaws include heap and stack overflows in various parsers and decoders that are widely used across numerous video processing applications. The discovery highlights how AI tools can now perform deep security analysis of complex codebases at a significantly lower cost than traditional manual methods.

Source

A critical vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows attackers to execute arbitrary code through specially crafted model configuration files. The flaw bypasses the standard security setting intended to block untrusted remote code by exploiting how the library processes internal attributes during model loading. This vulnerability specifically targets the from_pretrained() function, which is a standard method used to initialize pre-trained models from the Hugging Face Hub.

Source

OpenAI is expanding the availability of Lockdown Mode to all eligible personal and self-serve ChatGPT Business accounts. This advanced security setting is designed to mitigate the risk of data exfiltration resulting from prompt injection attacks. While the feature provides enhanced protection for sensitive data, it functions by disabling several core capabilities that require external network connectivity.

Source

Microsoft has released a new update package designed to refresh the security definitions and engine within Windows installation images. These updates target WIM and VHD files as well as ISOs used for deploying operating systems across the network. By integrating these patches into the installation media, the protection gap that exists between the initial OS setup and the first online update is significantly reduced.

Source

Microsoft researchers discovered a vulnerability in Anthropic’s Claude Code GitHub Action that allowed attackers to exfiltrate sensitive CI/CD secrets. While the tool used sandboxing for command execution, its file-reading capabilities were not initially restricted by the same security boundaries. This oversight allowed the AI agent to read internal system files, such as environment variables containing API keys, when manipulated by malicious input.

Source

Cloudflare has launched new spend control features within its AI Gateway to help organizations manage rising costs associated with large language models. The tool acts as a proxy between applications and AI providers like OpenAI or Anthropic to provide visibility into token usage. It now supports the creation of budgets in dollar amounts rather than just token counts to prevent unexpected overages.

Source

Microsoft is phasing out the custom master password feature in the Edge browser's built-in password manager. Starting June 4, 2026, the browser will transition all users to device-based authentication methods for protecting saved credentials. This shift aims to eliminate the risks associated with static primary passwords that can be stolen or shared.

Source

Let’s Encrypt is developing a post-quantum-safe Web PKI infrastructure using Merkle Tree Certificates (MTCs) to address future cryptographic threats. This approach aims to provide post-quantum authentication without the significant performance penalties associated with standard post-quantum signature schemes. The organization plans to launch a staging environment for these certificates in late 2026, with full production readiness expected by 2027.

Source

A long-standing security flaw in Microsoft Outlook reportedly allows the client to downgrade secure SSL/TLS connections to unencrypted plaintext without notifying the user. This issue primarily affects the POP3 protocol when configured to use port 110, even if the option to use encryption is explicitly enabled in the settings. While confirmed in versions ranging from Outlook 2007 to 2016, it remains unclear if more recent releases of the email client are also susceptible to this behavior.

Source

Anthropic has reportedly deployed its specialized Mythos AI model to the National Security Agency to support offensive cyber operations. The company has embedded approximately six engineers within the agency to adapt the model for tasks that may include infiltrating foreign networks in regions like China and Iran. This partnership proceeds despite previous friction with the Department of Defense regarding the ethical restrictions Anthropic places on mass surveillance and autonomous weaponry.

Source

A new threat cluster identified as OP-512 is actively targeting Microsoft Internet Information Services (IIS) servers to deploy a sophisticated web shell framework. Researchers believe the group is focused on espionage and specifically selects organizations that align with Chinese intelligence priorities. This activity follows a trend of multiple China-linked threat actors focusing on IIS vulnerabilities over the past year.

Source

Anthropic is advocating for a globally coordinated slowdown in the development of advanced artificial intelligence models to address emerging safety concerns. The company warns that current progress is rapidly approaching a threshold known as recursive self-improvement, where systems could enhance their own capabilities without human intervention. Internal data suggests that AI is already significantly accelerating its own development process, creating a feedback loop that could outpace existing regulatory frameworks.

Source

OpenAI has introduced GPT-Rosalind, a frontier reasoning model designed to accelerate research in biology and drug discovery. This tool aims to assist scientists in understanding complex biological systems and developing new medical therapies. The model represents a significant shift toward using high-level intelligence to improve global health outcomes and translational medicine.

Source