Microsoft Releases Emergency Patches for Critical ASP.NET Flaw

Article Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/

• Microsoft released an emergency fix for a critical vulnerability in its web software that could allow malicious actors obtain system-level access on affected devices.
• A bug in the validation code causes integrity checks to run on incorrect data, or not running at all, allowing for malicious payloads to appear legitimate.
• Attackers can exploit this vulnerability to create fake login information and impersonate users, such as administrators. This allows them to access data, modify data, and achieve privileged access on the system.
• Microsoft recommends patching this vulnerability immediately and redeploying affected applications.

Vercel Confirms Security Breach After Customer Accounts Were Compromised

Article Link: https://cyberpress.org/vercel-confirms-security-breach-after-customer-accounts-were-compromised/

• Web application hosting platform Vercel confirmed it was breached after attackers used a third-party AI tool to gain access to internal systems.
• Attackers compromised Context.ai and then utilized a misconfigured Google Workspace to gain access to a Vercel employee’s account. They then pivoted into more sensitive environments.
• The organization confirmed that customer accounts were impacted by the breach and advised customers to rotate secrets immediately.
• Vercel is continuing to investigate the breach and recommends that customers enforce multi-factor authentication (MFA), rotate secrets, and audit activity logs for unusual activity.

‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack

Article Link: https://www.darkreading.com/cyber-risk/zealot-shows-ai-execute-full-cloud-attacks

• Researchers at Palo Alto’s Unit 42 demonstrated that AI agents are capable of carrying out full cyberattacks against cloud systems with only simple text instructions.
• The AI agent autonomously executed a complete attack chain, including scanning systems, identifying vulnerabilities, exploiting them, and exfiltrating data.
• While this was a controlled test, the AI completed a full cyberattack from vulnerability discovery to exfiltration of data within 3 minutes of gaining access.
• This proof of concept highlights the challenge defenders face, as attacks can occur faster than humans can realistically respond. The increased speed and efficiency make common misconfigurations more dangerous.
• The research team noted that there were instances of the agent fixating on irrelevant targets that a human attacker would have ignored, however they believe this would be easily addressed as attack models continue to advance.

A Group of Users Leaked Anthropic’s AI Model Mythos by Reportedly Guessing Where It Was Located

Article Link: https://fortune.com/2026/04/23/anthropic-mythos-leak-dario-amodei-ceo-cybersecurity-hackers-exploits-ai/

• Anthropic’s unreleased AI model Mythos, which the company has claimed is too powerful to release, was accessed by an unauthorized group of users shortly after it was announced.
• The group leveraged access through a third-party contractor then used previously leaked information about Anthropic’s systems to find the model.
• Mythos is designed to find software vulnerabilities, and its efficiency and effectiveness has been demonstrated by companies such as Mozilla.
• While it was originally designed to improve cybersecurity defenses, the tool could also be used by malicious actors to increase the scale and speed of attacks.
• The unauthorized access by this group raises concerns that hacker groups or nation-state actors could gain access to the model.

The AI Era Demands a Different Kind of CISO

Article Link: https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/

• The cybersecurity industry and cyber threats continue to evolve at an almost unprecedented pace, and traditional security methods no longer accurately address the real risk of the AI era.
• AI tools, like Anthropic’s Mythos, can identify and exploit weaknesses much faster, sometimes in minutes and with minimal human interaction.
• The gap between attacker speed and defender response continues to grow. This puts organizations at risk of missing threats or responding too slowly, giving malicious actors an advantage.
• The continuously changing nature of cloud and software-as-a-service environments also increases risk and can reduce visibility for defenders in some instances.
• Real-time monitoring, well-implemented identity and access controls, faster detection, and automated response capabilities can help defenders detect and stop attacks, reducing the damage attackers can do.

Lazarus Hackers Weaponize AI In Sneaky Coding Challenge Attacks On Devs

Article Link: https://cyberpress.org/lazarus-ai-coding-backdoor-trap/

• The North Korea-linked hacker group Lazarus has launched a campaign targeting developers with fake job offers and coding tests that are used to deploy malware.
• Attackers pose as recruiters, using AI tools to create fake companies, write malware, and create a realistic and scalable scam.
• The group also uses known malware tools like BeaverTail and OtterCookie, to steal passwords, browser data, and cryptocurrancy wallet information, as well as gain remote access to affected systems.
• The attack shows how malicious actors can combine social engineering, AI, and existing tools to efficiently scale attacks and make them hard to detect.

Bitwarden NPM Package Hit in Supply Chain Attack

Article Link: https://www.securityweek.com/bitwarden-npm-package-hit-in-supply-chain-attack/

• Bitwarden’s command-line interface (CLI) NPM package was compromised as a part of a supply chain attack. This is being exploited to inject malicious code used to install and run a payload that steals credentials from affected systems.
• The malware targets Azure, AWS, GitHub, Google Cloud, and NPM, harvesting credentials. It uses stolen GitHub tokens to create repositories in victim accounts and exfiltrate additional data using HTTPS or GitHub itself.
• This attack is part of a larger open-source software supply chain attack, including the Checkmarx breach which researchers linked to this incident.
• Bitwarden reports no end-user vault compromise at this time, however stolen credentials and secrets stored in GitHub repositories can result in attacks extending beyond the initial compromise.
• Additional information: https://cybernews.com/security/checkmarx-popular-tools-spread-credential-stealing-malware/

Home Security Giant ADT Data Breach Affects 5.5 Million People

Article Link: https://www.bleepingcomputer.com/news/security/home-security-giant-adt-data-breach-affects-55-million-people/

• ADT confirmed a breach led to the theft of about 5.5 million customer records. The leak includes names, emails, phone numbers, addresses, and in some cases the last 4 numbers of social security numbers and tax IDs.
• Attackers used a voice phishing attack to compromise an employee’s single sign on account then accessed Salesforce to steal the data.
• The company reported that at this time no payment data or bank information was affected and that security systems were not compromised. However, the data did include some personally identifiable information.
• ShinyHunters claims to have performed the breach as a part of a larger campaign targeting major organizations with social engineering-based attacks.
• Additional information: https://www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/