Hermes
Wednesday 20 May 2026  ·  37 articles scored  ·  1 top scorer  ·  last 24h
1
🔐 security Microsoft Security Blog
71%

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively dist…

Novelty
75%
Depth
70%
Practical
65%
Surprise
60%
Relevance
85%
https://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/
2
🔐 security SecurityWeek
70%

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays worsen, and ransomware and third-party com…

https://www.securityweek.com/verizon-dbir-2026-vulnerability-exploitation-overtakes-credential-theft-as-top-breach-vector/
3
🤖 ai The Decoder
68%

Cloudflare says Anthropic's Mythos Preview finds exploit chains that earlier frontier models missed

Cloudflare tested Anthropic's security-focused AI model Mythos Preview across more than 50 of its own code repositories as part of Project Glasswing. The article Cloudflare says Anthropic's Mythos Pr…

https://the-decoder.com/cloudflare-says-anthropics-mythos-preview-finds-exploit-chains-that-earlier-frontier-models-missed/
4
📦 m365 Petri IT Knowledgebase
67%

Exchange Online Adds Writeback to Sync Cloud Mailbox Changes to On-Prem Active Directory

Microsoft is taking a major step toward phasing out on-premises Exchange servers with the public preview of writeback for cloud-managed remote mailboxes. The new capability resolves a long-standing i…

https://petri.com/exchange-online-writeback-cloud-mailbox-active-directory/
5
🤖 ai The Decoder
59%

Google overhauls its AI subscriptions at I/O 2026 with three tiers starting at $10 a month

Google is restructuring its AI subscriptions at I/O 2026: three tiers from $7.99 to $99.99 per month with staggered usage limits, new models like Gemini Omni, and the AI agent Gemini Spark. Instead o…

https://the-decoder.com/google-overhauls-its-ai-subscriptions-at-i-o-2026-with-three-tiers-starting-at-10-a-month/
6
🔐 security SecurityWeek
57%

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tem…

https://www.securityweek.com/microsoft-disrupts-malware-signing-service-run-by-fox-tempest/
7
🤖 ai The Decoder
56%

Anthropic adds self-hosted sandboxes and MCP tunnels to Claude Managed Agents

Anthropic is expanding Claude Managed Agents with self-hosted sandboxes and MCP tunnels. Companies can now move their AI agents' tool execution into their own infrastructure. But Anthropic isn't hand…

https://the-decoder.com/anthropic-adds-self-hosted-sandboxes-and-mcp-tunnels-to-claude-managed-agents/
8
🔐 security SecurityWeek
56%

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based at…

https://www.securityweek.com/legacy-windows-tool-mshta-fuels-surge-in-silent-malware-attacks/
9
🤖 ai The Decoder
54%

Google's I/O announcements: new models, a cloud agent that never sleeps, and a redesigned Gemini app

Google used its I/O developer conference to unveil a wave of new AI products. The highlights: a new model called Gemini 3.5 Flash, a multimodal model called Gemini Omni, and a personal agent named Ge…

https://the-decoder.com/googles-i-o-announcements-new-models-a-cloud-agent-that-never-sleeps-and-a-redesigned-gemini-app/
10
🔐 security SecurityWeek
54%

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking app…

https://www.securityweek.com/critical-vulnerability-exposes-industrial-robot-fleets-to-hacking/
11
🤖 ai VentureBeat AI
54%

Google just redesigned the search box for the first time in 25 years — here’s why it matters more than you think.

For a quarter century, the Google search box has been one of the most recognizable interfaces in computing: a thin white rectangle, a blinking cursor, a few typed words, and a list of blue links. On …

https://venturebeat.com/technology/google-just-redesigned-the-search-box-for-the-first-time-in-25-years-heres-why-it-matters-more-than-you-think
12
🤖 ai The Decoder
53%

Prominent AI researcher Andrej Karpathy picks Anthropic over former home OpenAI to get back into frontier LLM research

Andrej Karpathy, one of the biggest names in AI, is joining Anthropic. The former OpenAI core team member and Tesla Autopilot architect says he wants to get back into R&D, calling the next few years …

https://the-decoder.com/prominent-ai-researcher-andrej-karpathy-picks-anthropic-over-former-home-openai-to-get-back-into-frontier-llm-research/
13
🔐 security SecurityWeek
53%

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region. The post 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa appeared …

https://www.securityweek.com/201-arrested-in-crackdown-on-cybercrime-in-middle-east-north-africa/
14
🤖 ai The Decoder
53%

Agora-1 turns the N64 classic GoldenEye into a playable AI simulation for four players

Odyssey has released Agora-1, a world model that lets up to four players act simultaneously in an AI-generated world—tested on the N64 classic GoldenEye. Two separate models handle game state simulat…

https://the-decoder.com/agora-1-turns-the-n64-classic-goldeneye-into-a-playable-ai-simulation-for-four-players/
15
🔐 security SecurityWeek
51%

Unpatched ChromaDB Vulnerability Can Lead to Server Takeover

The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover …

https://www.securityweek.com/unpatched-chromadb-vulnerability-can-lead-to-server-takeover/