AI-Built Ransomware Toolkit Automates EDR Evasion in 2026

EDR Bypass Ransomware

AI-Built Ransomware Toolkit Automates EDR Evasion, Leverages Claude Agents for Attack Development Researchers at Sophos have uncovered an active threat actor operating a fully functional, AI-built ransomware toolkit that automates Active Directory (AD) reconnaissance, systematically tests endpoint detection bypass techniques, and uses multiple AI agents, including one powered by Claude Opus 4.5, to build and … Read more

CVE-2026-41089: Critical Windows Netlogon RCE Exploited

Active Directory Vulnerability

CVE-2026-41089: Critical Windows Netlogon RCE Flaw Now Actively Exploited A critical Windows Netlogon remote code execution flaw is now being actively weaponized in the wild, three weeks after Microsoft shipped the patch. CVE-2026-41089, carrying a near-perfect CVSS score of 9.8, allows unauthenticated attackers to seize full SYSTEM-level control of any unpatched Windows domain controller by … Read more

Microsoft 365 Outage Blocks Teams and Office Web File Access

Microsoft-outage

Microsoft 365 Outage Blocks Teams and Office Web Access A Microsoft 365 outage struck organizations worldwide on June 1, 2026, blocking users from opening files in Microsoft Teams and Office for the web. Microsoft confirmed the incident through its official Microsoft 365 Status channel on X, directing administrators to incident notice MO1329446 in the Microsoft … Read more

Microsoft enforces registered-only authentication for Entra ID

Microsoft-Entra-ID-Changes-auth

Microsoft Entra ID SSPR Will Only Accept Registered Authentication Methods Starting September 2026 Microsoft has formally notified customers that a significant shift is coming to how Microsoft Entra ID handles identity verification during Self-Service Password Reset (SSPR). Under Message Center update MC1325414, the company is moving to a model where only explicitly registered authentication methods … Read more

PAN-OS GlobalProtect Auth Bypass CVE-2026-0257 Exploited

PAN-OS GlobalProtect Authentication Bypass CVE-2026-0257 Is Being Actively Exploited Right Now A confirmed, in-progress attack campaign is targeting enterprise VPN infrastructure globally, and Canadian organizations are directly in the line of fire. Palo Alto Networks has confirmed that CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw carrying a CVSS score of 7.8, is under active exploitation. … Read more

Gentlemen RaaS Uses SYSTEM Scheduled Task to Encrypt Drives

The Gentlemen Ransomware Abuses Windows SYSTEM Tasks to Encrypt Entire Networks The Gentlemen ransomware is a growing and technically sophisticated threat that Canadian organizations in healthcare, finance, education, and transportation cannot afford to overlook. Published in a new analysis by Microsoft Threat Intelligence, this ransomware-as-a-service (RaaS) platform combines self-propagation, SYSTEM-level privilege abuse, and double extortion … Read more

Anthropic Confirms Claude Mythos AI Models Coming to Public

Anthropic Confirms Claude Mythos AI Models Are Coming to the General Public Anthropic has confirmed that it will bring Claude Mythos-class models to general public availability, ending one of the most tightly controlled AI model restrictions in the industry. The company withheld the model from public release since April 2026, citing the risk that a tool capable … Read more

GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks

GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks A threat group tracked as GreyVibe is actively using commercial AI platforms, including ChatGPT and Google Gemini, to build convincing attack lures and develop a custom suite of malware tools targeting military, government, civilian, and business organizations. Cybersecurity firm WithSecure identified and reported the campaign in January … Read more

Microsoft Zero-Day Feud: Six Windows Flaws Disclosed

Six Windows Zero-Days Dropped Without Warning; Three Are Now Actively Exploited Three Windows zero-day vulnerabilities disclosed publicly without prior notice to Microsoft are now being actively exploited in the wild. The situation has triggered a sharp public response from Microsoft and a growing controversy over vulnerability disclosure ethics, GitHub account takedowns, and a researcher threatening … Read more

AI-Driven LLM Agent Exploits Marimo RCE to Dump Databases

AI-Powered LLM Agent Exploits Marimo RCE and Dumps Internal Database in Under Two Minutes Researchers have documented the first confirmed intrusion in which a large language model (LLM) agent autonomously executed a complete post-exploitation chain, moving from a single exposed notebook server to a fully exfiltrated internal database in fewer than 120 seconds. The attack, … Read more