VulnHub

Real-time Cybersecurity News

Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities

Infosecurity Magazine
Critical

Overview

Anthropic has launched Project Glasswing, an initiative aimed at using its Claude Mythos Preview AI to autonomously detect and fix previously undiscovered vulnerabilities in critical software. This project addresses a significant concern in cybersecurity, as many vulnerabilities remain unaddressed until they are exploited by attackers. By leveraging AI, Anthropic hopes to enhance the security of various software systems, potentially reducing the risk of breaches and attacks. This proactive approach could benefit organizations that rely on critical software, as it aims to minimize the window of exposure for undetected vulnerabilities. The implications of this technology could be far-reaching, as it addresses a growing need for automated security solutions in a rapidly evolving threat landscape.

Key Takeaways

  • Affected Systems: Critical software systems, not specified which vendors or products are included.
  • Timeline: Newly disclosed

Original Article Summary

Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software

Impact

Critical software systems, not specified which vendors or products are included.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

darkreading

HackerOne has decided to pause its bug bounty programs due to challenges in the remediation process for open-source vulnerabilities. Traditionally, finding bugs was the main hurdle, but with the rise of automated discovery tools, fixing these bugs has become the bigger issue. Bug bounties, which reward researchers for identifying security flaws, do not currently cover the costs associated with remediation. This decision could impact the security of various open-source projects, as it may discourage researchers from reporting vulnerabilities if there is no support for fixing them. The situation raises concerns about how effectively vulnerabilities can be addressed in an increasingly automated environment.

Apr 8, 2026

New macOS stealer campaign uses Script Editor in ClickFix attack

BleepingComputer

A new campaign is targeting macOS users with the Atomic Stealer malware, using the Script Editor to execute commands in a method similar to a previous ClickFix attack. This tactic tricks users into running malicious scripts, which can lead to sensitive data being stolen. The attack primarily affects macOS computers, putting users’ personal information at risk. Security researchers are urging users to be cautious about running scripts from untrusted sources, as this method can bypass some security measures. Awareness and vigilance are key, as these types of attacks can lead to significant data breaches if not addressed promptly.

Apr 8, 2026

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for U.S. government agencies to patch a serious vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw has been exploited in attacks since January, making it a significant risk for federal systems. Agencies have only until Sunday to address this issue, underscoring the urgency to protect sensitive data from potential breaches. The vulnerability affects the Ivanti EPMM software, which is widely used for managing mobile devices. Failure to patch could leave these systems open to further exploitation by attackers, which could have serious implications for national security.

Apr 8, 2026

Hack-for-hire spyware campaign targets journalists in Middle East, North Africa

CyberScoop

A research collaboration between Access Now, Lookout, and SMEX has uncovered a troubling spyware campaign targeting journalists in the Middle East and North Africa. The campaign is believed to be linked to a group called Bitter, which is suspected of having connections to the Indian government. The spyware, identified as ProSpy, poses a significant risk to the privacy and safety of journalists in the region, as it can be used to monitor their communications and activities. This incident raises serious concerns about the increasing use of hack-for-hire services to silence critical voices and undermine press freedom. The implications of this spyware campaign extend beyond individual journalists, potentially affecting the broader landscape of media and freedom of expression in these areas.

Apr 8, 2026

ComfyUI instances hijacked for cryptomining and proxy botnet

SCM feed for Latest

Threat actors are actively targeting vulnerable ComfyUI deployments using a custom Python scanner to hijack instances for cryptomining and to create a proxy botnet. This malicious activity involves scanning cloud IP ranges to find systems that haven't been secured. Once compromised, these systems can be exploited for unauthorized cryptomining, which can lead to significant financial losses for the affected users and businesses. The ease of access for attackers highlights a concerning gap in cloud security practices. Organizations using ComfyUI should ensure their deployments are properly configured and secured to prevent these types of attacks.

Apr 8, 2026

Fraud Rockets Higher in Mobile-First Latin America

darkreading

Cyber fraud is escalating in Latin America, particularly among mobile users. Attackers are quickly taking control of compromised devices, leading to account takeovers and unauthorized fund transfers. This rapid sequence of events often occurs faster than many financial institutions can respond, leaving victims vulnerable to significant financial losses. The trend is concerning as it highlights the growing sophistication of cyber fraud in a region that is increasingly reliant on mobile technology for banking and transactions. Users and financial institutions must remain vigilant and adopt stronger security measures to protect against these threats.

Apr 8, 2026