# Top Stories

Anthropic's Mythos AI model discovered 271 zero-day vulnerabilities in Firefox 150, with Mozilla's CTO claiming the AI is "every bit as capable" as the world's best security researchers. This represents a significant advancement in AI-powered vulnerability discovery that could accelerate both defensive research and potential exploitation capabilities.

Three proof-of-concept exploits targeting Windows Defender are being used in active attacks to turn Microsoft's built-in security platform into an attacker tool, with two of the vulnerabilities remaining unpatched. This demonstrates how core security tools can become vectors for compromise, undermining fundamental endpoint protection assumptions.

Tyler Robert Buchanan, a 24-year-old British national and senior Scattered Spider member nicknamed "Tylerb," pleaded guilty to wire fraud conspiracy and aggravated identity theft for summer 2022 SMS phishing attacks that compromised at least a dozen major tech companies and stole tens of millions in cryptocurrency. He faces up to 22 years in federal prison for his role as what researchers called "the glue that held this gang together."

Check Point researchers discovered a SystemBC C2 server linked to The Gentlemen ransomware operation controlling a botnet of over 1,570 victims. SystemBC establishes SOCKS5 network tunnels to facilitate lateral movement and data exfiltration, highlighting the infrastructure supporting modern ransomware-as-a-service operations.

Forescout Research identified 22 vulnerabilities collectively named BRIDGE:BREAK affecting Lantronix and Silex serial-to-IP converters, with nearly 20,000 vulnerable devices exposed online. These flaws could allow attackers to hijack industrial control systems and tamper with operational technology data exchanges.

CISA added a new Catalyst SD-WAN Manager vulnerability to its Known Exploited Vulnerabilities catalog as actively exploited, giving federal agencies until April 25, 2026 to secure their systems. This follows a pattern of SD-WAN infrastructure being targeted in ongoing attack campaigns.

Over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability, according to Shadowserver Foundation monitoring. The actively exploited flaw demonstrates the persistence of unpatched enterprise messaging infrastructure as attack vectors.

Google patched a critical prompt injection vulnerability in its Antigravity AI-based IDE tool that enabled sandbox escape and arbitrary code execution through insufficient input sanitization in the find_by_name file-searching function. The flaw combined Antigravity's file-creation capabilities with poor input validation to bypass security restrictions.

Angelo Martino, 41, a former DigitalMint ransomware negotiator from Florida, pleaded guilty to collaborating with BlackCat ransomware operators in 2023, helping extract $75.3 million in ransom payments from five victim companies. This marks the third cybersecurity professional to admit involvement in ransomware schemes, highlighting insider threat risks in incident response.

France Titres, the French government agency responsible for issuing and managing administrative documents, disclosed a data breach after threat actors claimed the attack and offered to sell citizen data. The breach affects the agency that handles official French identity and administrative documentation, potentially exposing sensitive citizen information.