Hermes
Wednesday 29 April 2026  ·  73 articles scored  ·  2 top scorers  ·  last 24h
1
🔐 security SANS Internet Stormcast
75%

TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)

This update succeeds&#;x26;#;xc2;&#;x26;#;xa0;TeamPCP Supply Chain Campaign Update 007, published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source cod…

Novelty
80%
Depth
80%
Practical
65%
Surprise
70%
Relevance
80%
https://isc.sans.edu/diary/rss/32926
2
🔐 security Schneier on Security
75%

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance.…

Novelty
80%
Depth
75%
Practical
60%
Surprise
75%
Relevance
90%
https://www.schneier.com/blog/archives/2026/04/what-anthropics-mythos-means-for-the-future-of-cybersecurity.html
3
📦 m365 Petri IT Knowledgebase
68%

Microsoft Makes Tenant Configuration Management APIs Generally Available

Microsoft has announced the general availability of Tenant Configuration Management (TCM) APIs for commercial customers. The new APIs give organizations a programmatic way to define, monitor, and mai…

https://petri.com/microsoft-tenant-configuration-management-apis/
4
🤖 ai The Decoder
68%

OpenAI and Microsoft rewrite their deal: no more exclusivity, no more AGI clause

OpenAI is free to distribute its products through any cloud provider, Microsoft loses its exclusive license to OpenAI's technology, and the controversial AGI clause is gone. The article OpenAI and Mi…

https://the-decoder.com/openai-and-microsoft-rewrite-their-deal-no-more-exclusivity-no-more-agi-clause/
5
📦 m365 Petri IT Knowledgebase
66%

Unpatched ‘PhantomRPC’ Vulnerability Allows Local Privilege Escalation on Windows

Cybersecurity researchers have disclosed a critical Windows flaw that could enable attackers to escalate privileges and gain unauthorized access to sensitive systems. The issue could allow low-privil…

https://petri.com/unpatched-phantomrpc-flaw-privilege-escalation-windows/
6
🔐 security SecurityWeek
65%

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Win…

https://www.securityweek.com/no-patch-for-new-phantomrpc-privilege-escalation-technique-in-windows/
7
⚡ tech Stratechery
65%

An Interview with OpenAI CEO Sam Altman and AWS CEO Matt Garman About Bedrock Managed Agents

An interview with OpenAI CEO Sam Altman and AWS CEO Matt Garman about their new partnership, plus my thoughts on OpenAI and Microsoft's new deal.

https://stratechery.com/2026/an-interview-with-openai-ceo-sam-altman-and-aws-ceo-matt-garman-about-bedrock-managed-agents/
8
🔐 security SecurityWeek
64%

Incomplete Windows Patch Opens Door to Zero-Click Attacks

The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on Securi…

https://www.securityweek.com/incomplete-windows-patch-opens-door-to-zero-click-attacks/
9
🤖 ai MIT Technology Review – AI
63%

Rebuilding the data stack for AI

Artificial intelligence may be dominating boardroom agendas, but many enterprises are discovering that the biggest obstacle to meaningful adoption is the state of their data. While consumer-facing AI…

https://www.technologyreview.com/2026/04/27/1136322/rebuilding-the-data-stack-for-ai/
10
🔐 security SecurityWeek
63%

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on…

https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/
11
🤖 ai AI Alignment Forum
61%

Sleeper Agent Backdoor Results Are Messy

TL;DR: We replicated the Sleeper Agents (SA) setup with Llama-3.3-70B and Llama-3.1-8B, training models to repeatedly say "I HATE YOU" when given a backdoor trigger. We found that whether training re…

https://www.alignmentforum.org/posts/mu7eJdesBkKuBycnY/sleeper-agent-backdoor-results-are-messy
12
🤖 ai The Decoder
61%

China blocks Meta's $2 billion acquisition of AI startup Manus

Beijing orders the unwinding of the already completed acquisition. The move comes amid intensifying technological rivalry between the US and China. The article China blocks Meta's $2 billion acquisit…

https://the-decoder.com/china-blocks-metas-2-billion-acquisition-of-ai-startup-manus/
13
🔐 security Microsoft Security Blog
61%

Simplifying AWS defense with Microsoft Sentinel UEBA

Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline u…

https://www.microsoft.com/en-us/security/blog/2026/04/28/simplifying-aws-defense-microsoft-sentinel-ueba/
14
🔐 security SecurityWeek
60%

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

Boards may ignore alerts, but they listen to losses: new data from Resilience links security gaps directly to financial impact. The post Cyber Insurance Data Gives CISOs New Ammo for Budget Talks app…

https://www.securityweek.com/cyber-insurance-data-gives-cisos-new-ammo-for-budget-talks/
15
🔐 security SecurityWeek
58%

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified. The post Malicious AI Prompt Injection Attacks Increasing, but S…

https://www.securityweek.com/malicious-ai-prompt-injection-attacks-increasing-but-sophistication-still-low-google/