Anthropic has launched Claude Security to defend against the very same rapid AI-powered exploits facilitated by its own offensive-leaning models like Claude Mythos. While the industry scrambles to patch a massive cPanel zero-day that has already compromised over 40,000 servers, we are witnessing the emergence of a firefighter-arsonist dynamic where AI labs dictate the pace of threats while also selling the proprietary solutions. Relying on these corporations to police their own tools creates a dangerous conflict of interest, suggesting that if we allow the developers of exploitation engines to manage our defenses, we’re effectively subsidizing an AI arms race where the public loses and the vendors hold all the matches.

Subscribe to this newsletter
View our Services

Anthropic introduced Claude Security to help defenders keep up with a surge in AI-powered cyberattacks. As models like Mythos drastically reduce the time needed to exploit vulnerabilities, similar tools will likely spread among criminals and nation-state actors. Claude Security aims to give security teams the capabilities needed to respond to this new, faster threat landscape.
https://securityaffairs.com/191532/ai/anthropic-launches-claude-security-to-counter-rapid-ai-powered-exploits.html

A critical authentication-bypass vulnerability in cPanel & WebHost Manager, CVE-2026-41940, has compromised over 40,000 servers. This zero-day vulnerability allows unauthenticated attackers to gain administrative access, compromising configurations, databases, and websites. Exploitation began in late February, with a spike in activity following public disclosure. The Shadowserver Foundation reported significant numbers of affected systems, primarily in the US, France, and the Netherlands. Users are urged to update to patched versions of cPanel to mitigate risks and follow guidelines for identifying potential compromises.
https://briefly.co/anchor/Information_security/story/over-40000-servers-compromised-in-ongoing-cpanel-exploitation

Cybersecurity firm Darktrace has been tracking a new campaign detected by its CloudyPots honeypot network on 18 March 2026. The activity involved attempts to access a misconfigured Jenkins server, a common developer tool. However, rather than targeting source code, the attackers used the access to build a DDoS botnet aimed at gaming infrastructure.
https://hackread.com/hackers-jenkins-ddos-botnet-gaming-servers/

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses.
https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html

A major coding error in the VECT 2.0 ransomware is permanently destroying victim data, leaving no way for files to be recovered even if the ransom is paid. New findings from Check Point Research (CPR) and Halcyon reveal that while the hackers behind the project tried to build a professional-looking tool, their basic mistakes have turned this ransomware into a wiper that simply ruins data.
https://hackread.com/paying-ransom-vect-2-0-ransomware-destroys-data/

Build American AI, a nonprofit linked to a super PAC bankrolled by executives at OpenAI and Andreessen Horowitz, is funding a campaign to spread pro-AI messaging and stoke fears about China.
https://www.wired.com/story/super-pac-backed-by-openai-and-palantir-is-paying-tiktok-influencers-to-fear-monger-about-china/

Hacktivists have claimed responsibility for taking down the public-facing infrastructure of popular Linux operating system distribution Ubuntu, as well as Canonical, the company that develops and maintains the software. The attack began on Thursday, and affected services that Ubuntu users rely on.
https://techcrunch.com/2026/05/01/ubuntu-services-hit-by-outages-after-ddos-attack/

Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along with tools for spoofing, voice cloning, antibot protection, geolocation tricks, and two-factor authentication bypass support.
https://securityaffairs.com/191646/cyber-crime/bluekit-phishing-kit-enables-automated-phishing-with-40-templates-and-ai-tools.html

Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The incident, first reported by La Repubblica, has raised fresh concerns about the growing reach of Chinese-linked cyber operations in Europe.
https://securityaffairs.com/191638/apt/salt-typhoon-breach-ibm-subsidiary-in-italy-a-warning-for-europes-digital-defenses.html

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th.
https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an investigation with forensic experts and notified law enforcement. While the exact data accessed remains unclear, Trellix stated there is no evidence that its source code has been altered or exploited.
https://securityaffairs.com/191584/data-breach/trellix-discloses-the-breach-of-a-code-repository.html

Cybersecurity researchers at Guardio Labs have discovered a massive phishing operation that uses Google’s own infrastructure to hijack Facebook accounts. This research reveals a Vietnamese-linked operation code-named AccountDumpling that has already compromised over 30,000 users globally.
https://hackread.com/google-appsheet-facebook-accountdumpling-scam/

Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ransomware attacks. Both pleaded guilty to conspiracy involving extortion. A third individual, Angelo Martino, also admitted involvement in the scheme and is currently awaiting sentencing that is scheduled for July 9. The case highlights how even security experts can take part in cybercrime activities.
https://securityaffairs.com/191591/cyber-crime/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.
https://thehackernews.com/2026/05/poisoned-ruby-gems-and-go-modules.html

SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, and crash devices. One vulnerability is rated high severity, two are medium.
https://securityaffairs.com/191527/security/sonicwall-patches-three-sonicos-flaws-in-gen-6-7-and-8-firewalls-patch-them-now.html