Anthropic just released two AI models. Same technology. Different rules.
The powerful one: locked for governments and approved partners.
The public one: ask for offensive security help.
It quietly routes you to a weaker model instead.
The attacker targeting your hospital has no such limits.
The security industry made this exact mistake in 2000.
We wrote about why that failed — and what actually worked:
https://t.co/HIHUIQrVEN
Found a vulnerability and got a CVE assigned (CVE-2026-48747)
The flaw is a Signature Algorithm Downgrade in the mailomat-mailer component, allowing an attacker to achieve complete Signature Forgery.
https://t.co/NfV1wHdO9w
#CVE#Symfony#AppSec#BugBounty
Introducing Daybreak: frontier AI for cyber defenders.
Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software.
A step toward a future where security teams can move at the speed defense demands.
Here's the exploit in action, using the RedSun PoC
(note this is demostrated in virtual machines and this is purely for educational purposes, please don't repilcate the exploit on any systems you are not permited to do so)
the Red Sun vulnerability is genuinely one of the funniest bugs i've seen in a while
Windows Defender finds a malicious file with a cloud tag and instead of quarantining or deleting it...
it helpfully rewrites the file back to its original location
the antivirus. protecting you. by restoring the malware.
the PoC abuses this to overwrite system files and escalate to admin privileges
the core idea is brilliant in the most embarrassing way possible
sometimes the best vulnerabilities aren't clever exploits
they're just Microsoft being Microsoft
Windows defender has been compromised.
right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing
your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector
ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on
thread