zero-day vulnerabilities
Coverage of zero-day vulnerabilities in the Nexus archive.
- Twenty One Zero-Days in FFmpeg
A research report by DepthFirst identifies 21 zero-day vulnerabilities in the FFmpeg multimedia framework, highlighting potential security risks.
- AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
An autonomous AI agent discovered 21 previously unknown vulnerabilities in FFmpeg, a widely used media library. Simultaneously, Google released Chrome 149, which includes patches for 429 security bugs, marking the most ever in a single Chrome update.
- Acer working to patch max severity zero-days in Wave 7 routers
Acer is addressing two maximum-severity zero-day vulnerabilities in its Wave 7 mesh routers. The company is working to patch these critical security flaws affecting the router models.
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft advocates for Coordinated Vulnerability Disclosure (CVD), urging researchers to share findings with vendors before public disclosure. This follows a researcher, Chaotic Eclipse, disclosing multiple zero-day vulnerabilities, prompting Microsoft's public criticism of uncoordinated disclosures.
- Microsoft warns of new Defender zero-days exploited in attacks
Microsoft has begun rolling out security patches for two Defender vulnerabilities that were actively exploited in zero-day attacks. The patches address critical security flaws in Microsoft Defender that attackers have been leveraging in real-world campaigns.
- Anthropic's Mythos AI found over 2,000 unknown software vulnerabilities in just seven weeks of testing
Anthropic's Mythos AI discovered over 2,000 previously unknown software vulnerabilities in seven weeks, prompting restricted access to trusted partners like Microsoft and Google. The tool's efficiency highlights a paradigm shift in cybersecurity, as AI-driven vulnerability discovery outpaces traditional methods and threatens existing security frameworks.
- Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150
Mozilla revealed that Anthropic's Mythos Preview model identified 271 zero-day vulnerabilities in Firefox 150 before its release. Firefox CTO Bobby Holley highlighted this as a potential turning point for defenders in the cybersecurity arms race.
- Privilege Elevation Dominates Massive Microsoft Patch Update
Microsoft released a major patch update addressing 165 vulnerabilities, with over half being elevation-of-privilege bugs. Two zero-day vulnerabilities were included in the critical security fixes.
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Microsoft released security updates in April 2026, addressing 167 flaws and two zero-day vulnerabilities. The patches are part of their regular Patch Tuesday updates, aimed at improving system security.
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't
Anthropic restricted its Mythos Preview AI model after it autonomously discovered and exploited zero-day vulnerabilities across major operating systems and browsers. Security experts warn similar capabilities may proliferate soon, with CrowdStrike reporting an average eCrime breakout time of 29 minutes.
- Anthropic's mysterious Mythos AI threatens to upend the infosec world
Anthropic's new AI model, Mythos, claims to identify and exploit zero-day vulnerabilities with advanced capabilities. The announcement has sparked debate about whether it represents a groundbreaking security threat or pre-IPO hype.
- Project Glasswing and open source software: The good, the bad, and the ugly
Project Glasswing, a coalition of tech giants, is using Anthropic's Mythos AI to identify and fix vulnerabilities in open source software. The initiative faces scrutiny as The Reg highlights the AI's ability to generate zero-day vulnerabilities, raising concerns about security risks.
- Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
Anthropic's Mythos Preview model can identify and exploit critical zero-day vulnerabilities, but the company claims to have implemented controls to manage its use. The article questions whether these safeguards can prevent the technology from falling into the wrong hands.
- Anthropic: All your zero-days are belong to Mythos
Anthropic's AI model Mythos can generate zero-day vulnerabilities, which the company has withheld from the public to prevent internet disruption. The article highlights AI as a new security threat surpassing previous concerns like quantum computing.
- Storm-1175 Deploys Medusa Ransomware at 'High Velocity'
Storm-1175, a financially motivated cybercrime group, has deployed Medusa ransomware using N-day and zero-day vulnerabilities in high-speed campaigns. Microsoft has reported the group's exploitation of these vulnerabilities to accelerate their attacks.