Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

vulnerability disclosure

cybersecurity research
CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a …

Microsoft Windows Defender
Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation …

Microsoft Defender
Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working …

Anthropic
Mythos Preview can weaponize N-day vulnerabilities in hours

Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according …

Anthropic
Anthropic expands Project Glasswing to 150 organizations in more than 15 countries

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks …

Anthropic
Anthropic: Claude Mythos identified 10,000+ software flaws

Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in …

Microsoft
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known …

Verizon DBIR 2026
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach …

access
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the …

code
AI is drowning software maintainers in junk security reports

AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise …

Microsoft
Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows …

Amazon Quick
Amazon Quick authorization bypass let users reach blocked AI chat agents

Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools