Hermes
Thursday 9 April 2026  ·  76 articles scored  ·  4 top scorers  ·  last 24h
1
📦 m365 Petri IT Knowledgebase
72%

EvilTokens Phishing Kit Uses Microsoft Device Codes to Bypass MFA

Organizations around the world are being quietly breached through a new Microsoft device‑code phishing operation that blends automation and AI to slip past traditional defenses. It allows attackers t…

Novelty
72%
Depth
65%
Practical
75%
Surprise
60%
Relevance
93%
https://petri.com/eviltokens-microsoft-device-code-mfa-bypass/
2
⚡ tech The Verge
71%

A new Anthropic model found security problems ‘in every major operating system and web browser’

Anthropic is debuting a new AI model as part of a cybersecurity partnership with Nvidia, Google, Amazon Web Services, Apple, Microsoft, and other companies. Project Glasswing, as it's called, is bill…

Novelty
85%
Depth
55%
Practical
60%
Surprise
80%
Relevance
90%
https://www.theverge.com/ai-artificial-intelligence/908114/anthropic-project-glasswing-cybersecurity
3
🔐 security SANS Internet Stormcast
71%

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, Marc…

Novelty
75%
Depth
70%
Practical
65%
Surprise
70%
Relevance
80%
https://isc.sans.edu/diary/rss/32880
4
⚡ tech Stratechery
71%

Anthropic’s New Model, The Mythos Wolf, Glasswing and Alignment

Anthropic says its new model is too dangerous to release; there are reasons to be skeptical, but to the extent Anthropic is right, that raises even deeper concerns.

Novelty
82%
Depth
78%
Practical
45%
Surprise
75%
Relevance
85%
https://stratechery.com/2026/anthropics-new-model-the-mythos-wolf-glasswing-and-alignment/
5
🔐 security Krebs on Security
68%

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today…

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
6
🔐 security Microsoft Security Blog
68%

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings i…

https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/
7
🔐 security SecurityWeek
67%

Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakt…

https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/
8
🔐 security Schneier on Security
67%

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might …

https://www.schneier.com/blog/archives/2026/04/cybersecurity-in-the-age-of-instant-software.html
9
🤖 ai The Decoder
67%

From GPT-2 to Claude Mythos: The return of AI models deemed 'too dangerous to release'

Seven years ago, OpenAI declared its language model GPT-2 "too dangerous to release." The industry rolled its eyes. Now Anthropic is repeating the move with Claude Mythos Preview - but this time ther…

https://the-decoder.com/from-gpt-2-to-claude-mythos-the-return-of-ai-models-deemed-too-dangerous-to-release/
10
📦 m365 Petri IT Knowledgebase
66%

Microsoft 365 Copilot Gets Purview DLP Controls and New Analytics

Microsoft has rolled out a new set of security, governance, and analytics enhancements for Microsoft 365 Copilot, aimed at giving organizations tighter oversight of AI-driven workflows. The updates g…

https://petri.com/microsoft-365-copilot-purview-dlp-analytics/
11
🔐 security Schneier on Security
65%

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth,…

https://www.schneier.com/blog/archives/2026/04/python-supply-chain-compromise.html
12
🔐 security SecurityWeek
61%

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack

Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek.

https://www.securityweek.com/gpubreach-root-shell-access-achieved-via-gpu-rowhammer-attack/
13
📦 m365 Petri IT Knowledgebase
60%

Microsoft Launches Windows 365 Connector Preview for Power Platform and Azure Logic Apps

Microsoft has launched a Windows 365 connector in public preview for Microsoft Power Platform and Azure Logic Apps. The goal is to help IT and operations teams automate tasks related to Windows 365 C…

https://petri.com/windows-365-connector-preview-power-platform-logic-apps/
14
📦 m365 Petri IT Knowledgebase
60%

From Point Tools to Platforms: Why Enterprise AI Is Moving from Generic Assistants to Governed Platforms

For a brief moment, it looked like generic AI assistants might become the universal interface for work. Ask anything. Generate everything. Bolt intelligence onto every problem and figure out governan…

https://petri.com/from-ai-point-tools-to-platforms/
15
🔐 security SecurityWeek
59%

GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

By targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards. The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise…

https://www.securityweek.com/grafanaghost-attackers-can-abuse-grafana-to-leak-enterprise-data/