The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Sunday 24 May 2026

Anthropic's AI Just Found 10,000 Critical Bugs. The Vulnerability Economy Will Never Be the Same.

Anthropic's AI found 10,000 critical software flaws in a month — and that changes the economics of vulnerability research forever.

Lead story

Anthropic's AI Just Found 10,000 Critical Bugs. The Vulnerability Economy Will Never Be the Same.

Anthropic has quietly dropped one of the most consequential security disclosures in years. Project Glasswing — the company's defensive AI initiative using its Claude Mythos model — has uncovered more than 10,000 high- or critical-severity vulnerabilities in widely deployed, "systemically important" software in roughly a single month of operation. That's not a typo. Ten thousand serious bugs. One month.

To put that in perspective: the entire CVE database added around 29,000 entries across all of 2023. A single AI initiative just produced more than a third of that volume — in critical findings alone — in thirty days.

What Glasswing actually does isn't magic, but it is a meaningful step change. Anthropic pointed Claude Mythos at software that underpins large chunks of the internet — think widely used open-source libraries, infrastructure tooling, and the kind of foundational code that nobody audits because it's been "working fine for twenty years." The model performed automated code review and vulnerability discovery at a scale no human security team could replicate, then flagged high-confidence findings for human validation before coordinated disclosure.

The implications fork in two directions. The optimistic read: defenders now have an AI-powered auditor that can blanket the most critical software in existence, systematically closing the attack surface before adversaries find it. Responsible disclosure at this scale, if it works, is genuinely historic.

The pessimistic read: the same capability exists for offence. If Anthropic's model can find 10,000 bugs in a month, a well-resourced adversary running a similar model without the ethical guardrails can find them too — and quietly exploit them rather than disclose. The race between AI-assisted offence and AI-assisted defence just got a lot more visible.

There's also a coordination problem. Ten thousand critical vulnerabilities means ten thousand vendor notifications, ten thousand patch timelines, ten thousand potential windows where knowledge of a flaw exists but a fix doesn't. That process has historically been messy even for single high-profile bugs. Doing it at industrial scale will stress-test the entire disclosure ecosystem in ways we've never seen.

For Australian organisations, the relevance is direct. Many of the software packages most likely targeted by Glasswing — open-source infrastructure, web frameworks, database layers — are exactly what sits behind Australia's critical infrastructure operators, government agencies, and the digital supply chains covered under the SOCI Act. If a patch wave is coming, asset owners need to be ready to move fast.

Watch for the actual CVE disclosures to start landing in bulk. If Glasswing found 10,000 critical bugs in month one, the coordinated disclosure queue is now enormous. Expect a sustained period of high-velocity patching across the open-source ecosystem — and watch for threat actors who may have found the same bugs independently to accelerate exploitation before fixes ship.

The broader question isn't whether AI will transform vulnerability research. It already has. The question is whether the defence side can move faster than the offence side once the same tools are table stakes for everyone.

Also today

'Underminr' Flaw Lets Attackers Masquerade C2 Traffic as Trusted Domains

Security researchers have disclosed a vulnerability affecting roughly 88 million domains that allows attackers to disguise malicious command-and-control traffic behind legitimate, trusted domain names — effectively rendering DNS-based filtering blind to the activity. The technique exploits how certain DNS configurations are inherited or delegated, letting a threat actor route traffic through a trusted namespace without owning it. It's the kind of flaw that blends into normal traffic by design, making detection particularly difficult. Many Australian organisations rely on DNS filtering as a core network defence layer — this finding is worth a close look for security teams reviewing their detection coverage.

SecurityWeek

Laravel-Lang PHP Packages Hijacked to Deliver Cross-Platform Credential Stealer

Attackers have compromised multiple widely used Laravel-Lang PHP localisation packages — including laravel-lang/lang and laravel-lang/http-statuses — to deliver a cross-platform credential-stealing framework. The attackers abused GitHub version tags rather than modifying published package contents directly, a clever bypass of integrity checks that many developers implicitly trust. The affected packages have millions of downloads and are embedded in Laravel applications across industries worldwide. Laravel is one of the most popular PHP frameworks in use across Australian web development shops and government-adjacent digital services, making this a tangible supply chain risk for local teams.

Bleeping Computer

npm Rolls Out 2FA-Gated 'Staged Publishing' to Block Supply Chain Attacks

GitHub has made staged publishing generally available on npm, requiring a human maintainer to pass a two-factor authentication challenge before any new package version goes live. The feature is a direct response to the wave of supply chain attacks that have hit the npm ecosystem — including last week's TeamPCP campaign. It adds a meaningful human-in-the-loop gate between a compromised maintainer account and a malicious package reaching millions of downstream developers. The move won't stop determined attackers who have full account access, but it significantly raises the cost of automated publishing attacks that rely on stolen session tokens or API keys.

The Hacker News

LiteSpeed cPanel Plugin CVE-2026-48172: CVSS 10 Flaw Under Active Exploitation

A maximum-severity privilege escalation bug in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild. Tracked as CVE-2026-48172 with a perfect CVSS 10.0 score, the flaw allows any cPanel user — including a compromised low-privilege account — to execute arbitrary scripts as root. LiteSpeed is one of the most common web server setups on shared hosting platforms globally, meaning the attack surface here is enormous. Hosting providers and managed service companies with cPanel deployments should treat this as an emergency patch item; exploitation is not theoretical.

The Hacker News

Drupal Core SQL Injection Added to CISA's Known Exploited Vulnerabilities Catalogue

CISA has added a critical SQL injection flaw in Drupal Core — CVE-2026-9082 — to its Known Exploited Vulnerabilities catalogue after confirming active exploitation in the wild. The bug affects all supported versions of Drupal and carries a CVSS score of 6.5. While the score looks moderate, SQL injection against a CMS core means direct database access, potential data exfiltration, and in many configurations, remote code execution via file uploads. Drupal powers a significant number of Australian government websites and university portals; site owners should patch immediately and check logs for signs of prior exploitation.

The Hacker News

Packagist Attack Infects 8 PHP Packages with Linux Malware via GitHub Releases

A coordinated supply chain campaign has poisoned eight Packagist (PHP/Composer) packages with code that fetches and executes a Linux binary hosted on GitHub Releases. The clever wrinkle: the malicious payload wasn't inserted into composer.json — where most integrity tooling would catch it — but into package.json, targeting projects that also ship JavaScript alongside PHP. This cross-ecosystem obfuscation technique makes automated detection significantly harder. The campaign comes as the PHP and JavaScript supply chain ecosystems are already under elevated scrutiny following the Laravel-Lang compromise published the same day.

The Hacker News

CISA Opens Public Nominations for Its Known Exploited Vulnerabilities Catalogue

CISA has launched a public nomination form allowing security researchers, vendors, and industry partners to submit bugs they believe should be added to the Known Exploited Vulnerabilities catalogue. Until now, additions were largely driven by CISA's internal monitoring and threat intel sharing — meaning community-identified exploitation evidence often took weeks to be reflected in the KEV list. Opening nominations directly shortens that lag, giving defenders faster signal on bugs being actively exploited in the wild. Given that Australia's ACSC frequently mirrors KEV guidance in its own advisories, faster KEV updates should benefit Australian defenders downstream.

The Record

Dirty Frag, Copy Fail, Fragnesia: AI Is Accelerating a Linux Kernel Vulnerability Trend

The Register has a sharp analysis of a cluster of recently disclosed Linux kernel memory management vulnerabilities — nicknamed Dirty Frag, Copy Fail, and Fragnesia — arguing they represent the early signs of a worrying trend. The common thread: AI-assisted code analysis tools are systematically surfacing a category of subtle memory fragmentation and copy-on-write bugs that human auditors have historically missed. The piece raises a pointed question — are these bugs genuinely more common in modern kernels, or is AI just getting better at finding what was always there? The answer matters for how defenders prioritise kernel patching cycles.

The Register

Jailbroken Gemini Helped a Russian-Speaking Fraudster Drain MAGA Crypto Wallets

A Russian-speaking threat actor used a jailbroken instance of Google's Gemini AI to run pump-and-dump crypto schemes and social engineering attacks that drained at least one victim's cryptocurrency wallet. The attacker specifically targeted politically aligned communities, apparently reasoning that ideological affinity made targets more susceptible to certain investment narratives. The case is notable as a concrete, documented example of a financially motivated criminal operationalising a jailbroken frontier model — not as a theoretical attack surface, but as an active fraud tool. Regulators in Australia's AUSTRAC and the ACSC have both flagged AI-assisted financial fraud as an emerging threat vector.

The Register

NVIDIA's Nemotron Diffusion Models Promise Near-Instant Text Generation

NVIDIA's Nemotron Labs has published research on diffusion-based language models claiming to generate text at speeds approaching the theoretical limits of the approach — a significant departure from the autoregressive token-by-token generation that underpins GPT-style models. Diffusion language models generate entire sequences in parallel rather than one token at a time, which can dramatically reduce latency. The tradeoff has historically been output quality, but NVIDIA's paper claims to have closed much of that gap. If the results hold up to scrutiny, this could shift the architecture conversation in AI inference — particularly relevant for applications where response latency is the binding constraint.

Hugging Face

AI Reconstructed Dead Pilots' Voices From Spectrograms — and the NTSB Shut Down Its Own Database

Researchers used AI to reconstruct the voices of pilots killed in crashes by processing spectrogram images of cockpit voice recorder data published in NTSB accident dockets. The reconstructed audio was detailed enough that the US National Transportation Safety Board temporarily locked down public access to its entire docket system while it assessed the implications. The episode sits at the intersection of privacy, AI capability, and open-government data — and it's a reminder that data published in one format (spectrograms) can be reverse-engineered in ways regulators didn't anticipate. Australia's ATSB publishes similar accident investigation materials and may face equivalent questions.

TechCrunch

Sources consulted