Hermes
Saturday 9 May 2026  ·  30 articles scored  ·  5 top scorers  ·  last 24h
1
🤖 ai The Decoder
74%

Mozilla's agentic AI pipeline turns Claude Mythos Preview loose and finds 271 unknown Firefox vulnerabilities

Anthropic's Claude Mythos Preview uncovered 271 previously unknown security vulnerabilities in Firefox 150, including bugs up to 20 years old. Mozilla describes an agentic pipeline where the AI build…

Novelty
88%
Depth
65%
Practical
60%
Surprise
85%
Relevance
85%
https://the-decoder.com/mozillas-agentic-ai-pipeline-turns-claude-mythos-preview-loose-and-finds-271-unknown-firefox-vulnerabilities/
2
🤖 ai The Decoder
73%

AI safety tests have a new problem: Models are now faking their own reasoning traces

Anthropic's Natural Language Autoencoders make Claude Opus 4.6's internal activations readable as plain text. Pre-deployment audits show that models often recognize test situations and deliberately d…

Novelty
85%
Depth
70%
Practical
55%
Surprise
85%
Relevance
80%
https://the-decoder.com/ai-safety-tests-have-a-new-problem-models-are-now-faking-their-own-reasoning-traces/
3
📦 m365 Petri IT Knowledgebase
73%

Microsoft Security Without a Rulebook: The Problem with “Require Compliant Device”

Microsoft is increasingly making security‑critical decisions on behalf of organizations and not through policy, but through defaults. The “Require compliant device or hybrid-joined device” Conditiona…

Novelty
60%
Depth
75%
Practical
85%
Surprise
50%
Relevance
90%
https://petri.com/problem-with-require-compliant-device/
4
🤖 ai The Decoder
72%

OpenAI opens GPT-5.5-Cyber to vetted security researchers

OpenAI is releasing GPT-5.5-Cyber, a model variant that rejects far fewer security requests and even actively executes exploits against test servers. Access is limited to verified defenders of critic…

Novelty
82%
Depth
55%
Practical
65%
Surprise
80%
Relevance
90%
https://the-decoder.com/openai-opens-gpt-5-5-cyber-to-vetted-security-researchers/
5
🔐 security Microsoft Security Blog
71%

Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability e…

Novelty
70%
Depth
70%
Practical
80%
Surprise
50%
Relevance
80%
https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
6
🔐 security SANS Internet Stormcast
66%

Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)

Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred…

https://isc.sans.edu/diary/rss/32968
7
🔐 security SecurityWeek
63%

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to…

https://www.securityweek.com/vulnerability-in-claude-extension-for-chrome-exposes-ai-agent-to-takeover/
8
⚡ tech The Verge
53%

Here is Yarbo’s promise to fix the robot mower that ran me over

Yesterday, I told you how a hacker ran me over with a robot lawn mower. We explained how thousands of these bladed Chinese robots, made by Yarbo, could be hijacked with ease - exposing people's GPS c…

https://www.theverge.com/tech/926989/yarbo-robot-lawn-mower-hack-company-update-security-promise
9
⚡ tech The Verge
51%

DOGE used ChatGPT in a way that was both dumb and illegal, judge rules

The Department of Government Efficiency's cancellation of over $100 million in grants was unconstitutional, according to a ruling on Thursday. In the 143-page decision, US District Judge Colleen McMa…

https://www.theverge.com/policy/927071/doge-chatgpt-grants-canceled
10
🔐 security SecurityWeek
51%

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared…

https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/
11
🔐 security SecurityWeek
49%

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatm…

https://www.securityweek.com/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants/
12
🔐 security SecurityWeek
49%

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared fir…

https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
13
⚡ tech The Verge
49%

Apple reportedly has a deal to use Intel-made chips again

Apple and Intel reached a "preliminary agreement" for Intel to make chips for Apple hardware, The Wall Street Journal reported Friday. Apple had famously moved on from Intel-powered computers with it…

https://www.theverge.com/tech/926988/apple-intel-chips
14
🔐 security SecurityWeek
47%

AI Firm Braintrust Prompts API Key Rotation After Data Breach

Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on S…

https://www.securityweek.com/ai-firm-braintrust-prompts-api-key-rotation-after-data-breach/
15
🔐 security SecurityWeek
45%

Ransomware Group Takes Credit for Trellix Hack

RansomHouse has published several screenshots to demonstrate access to internal Trellix services. The post Ransomware Group Takes Credit for Trellix Hack appeared first on SecurityWeek.

https://www.securityweek.com/ransomware-group-takes-credit-for-trellix-hack/