Security tooling releases, open-source projects, and defensive utilities.
35 items
YARA-X released versions 1.18.0 and 1.19.0 with three improvements and two bug fixes. This is standard maintenance on the widely-used open-source malware detection and classification tool.
Cisco Talos explores how AI can transform threat intelligence operations by converting unstructured intelligence reports into easily queryable datasets, potentially improving detection speed and analyst efficiency.
Anthropic is testing mobile support for Claude Cowork, enabling users to manage long-running AI tasks from smartphones. This represents a shift in how conversational AI assistants are deployed across device ecosystems.
OpenAI is expanding its Daybreak initiative by releasing an improved GPT-5.5-Cyber model to trusted defenders for identifying and patching software vulnerabilities across large codebases. This represents a maturing capability in AI-assisted security testing that could reshape how organisations approach vulnerability discovery.
SecurityWeek is hosting a webinar on attack techniques that circumvent multi-factor authentication and evade detection systems. The event highlights a growing capability gap where conventional MFA implementations no longer provide adequate protection against sophisticated threat actors.
Unit 42 researchers have identified a previously unknown macOS Tahoe 26 forensic artifact that records user menu selections system-wide. This discovery is significant for digital forensics and incident response teams seeking to reconstruct user behaviour during investigations.
Unit 42 research demonstrates practical techniques for disabling or manipulating cloud logging services (AWS CloudTrail, Azure Monitor, GCP Cloud Logging) to evade detection. This represents a critical post-compromise capability that undermines forensic investigation and compliance monitoring.
Anthropic has released Claude Fable 5, a new AI model based on its Mythos architecture, with unspecified availability constraints. The security implications of this release remain unclear from the available information.
Emphere has raised $2.1 million to commercialise AI-driven vulnerability remediation tools for software companies. This reflects growing industry investment in automating the time-consuming patch and fix cycle.
Microsoft has released an open-source fork of Windows Terminal integrating AI capabilities directly into the terminal environment. The security implications of embedding AI-assisted command execution into a privileged context require careful evaluation.
Opal Security has raised $23 million in Series B funding to develop AI-native identity governance solutions, bringing total funding to $59 million. This reflects growing enterprise investment in automating identity access management through machine learning.
OWASP has released CVE Lite CLI, a free open-source command-line tool that scans project dependencies for known vulnerabilities. This represents a practical contribution to supply-chain security tooling for developers.
Microsoft released Coreutils for Windows at Build 2026, bringing native Linux command-line utilities to Windows. This development simplifies cross-platform development workflows but introduces new attack surface and dependency management concerns for Windows environments.
YARA-X, the modernised Rust implementation of the YARA malware detection language, reached version 1.17.0 with performance improvements and a single bugfix. This routine release reflects ongoing maintenance of a critical tool in the security analyst's arsenal.
AppOmni has released Marlin AI, a tool that autonomously investigates SaaS security misconfigurations and traces their blast radius across enterprise environments, stopping short of automatic remediation. This represents incremental progress in scaling SaaS security operations but raises questions about investigation accuracy and false positive rates.
The FBI has warned of Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain unauthorised access to Microsoft 365 environments. The service has been actively used in campaigns since at least April 2024.
Quantum Bridge secured $8 million in Series A funding for quantum-safe key distribution technology, bringing total capitalisation to $16 million. This reflects accelerating investment in post-quantum cryptography solutions ahead of anticipated quantum computing threats.
Frame Security, a security awareness and training platform, has emerged from stealth with $50M in funding from prominent venture firms. This reflects sustained investor interest in addressing human-centric security risks rather than purely technical vulnerabilities.
YARA-X, the Rust-based malware analysis pattern matching engine, released version 1.16.0 with 4 improvements and 4 bug fixes. This is routine maintenance with no security implications identified.
Microsoft is replacing Windows 11's legacy Run dialog with a modern variant featuring dark mode and claimed performance improvements. This is a user experience refresh with no direct security implications, though modernisation efforts occasionally surface adjacent hardening opportunities.
NAKIVO released v11.2 with enhanced ransomware detection capabilities, faster replication, and support for vSphere 9 and Proxmox VE 9.0. This reflects the broader industry trend of backup vendors integrating proactive threat detection as ransomware operators increasingly target backup infrastructure.
A recent Microsoft Edge update introduced a bug that disables right-click paste functionality in Microsoft Teams desktop client chats, degrading user productivity across organisations relying on both products.
Google is expanding its use of Gemini AI models to detect and block malicious ads across its advertising platforms as threat actors refine evasion techniques. This represents an incremental defensive improvement in an ongoing arms race rather than a structural shift in ad ecosystem security.
US and Indonesian authorities shut down the W3LL phishing service and arrested its developer in the first joint enforcement action targeting a phishing kit provider. This represents a shift toward coordinated international takedowns of infrastructure that enables mass credential theft campaigns.
EvilTokens is a commercialised malicious service that automates Microsoft device code phishing attacks, enabling attackers to steal authentication tokens and compromise corporate accounts at scale without requiring passwords.
DShield Cowrie honeypot analysis shows that session duration, command count, and disconnect patterns can distinguish automated attacks from manual reconnaissance. Defenders can use these signals to identify fingerprinting attempts and refine threat intelligence collection.
Multiple security vendors announced new products and features at RSAC 2026 (days 3-4), representing typical conference-cycle releases rather than responses to critical threats or novel attack patterns.
GitHub is integrating machine learning-based bug detection into Code Security alongside CodeQL, extending vulnerability coverage to languages and frameworks not fully addressed by pattern-matching SAST. This represents a shift in how platforms approach detection breadth at scale.
Betterleaks, a new open-source secrets scanner, offers an alternative to Gitleaks for identifying hardcoded credentials in code repositories and files. This reflects ongoing community demand for robust secret detection tooling in DevSecOps pipelines.
Microsoft is investigating widespread synchronization and connection failures in classic Outlook desktop client, affecting email delivery and user productivity across enterprise deployments.
Hackers have adopted CyberStrikeAI, an open-source AI security testing platform, to breach Fortinet FortiGate firewalls, demonstrating a significant shift in attack methodologies leveraging advanced AI tools.
Google open-sourced an AI-powered fuzzing platform that has already discovered over 300 vulnerabilities in critical open-source software, offering automated vulnerability discovery capabilities to the broader security community.
The rapid rise of Chinese AI lab DeepSeek's open-source models has sparked significant security and data privacy concerns, with researchers identifying exposed databases and questionable data handling practices.
Google is introducing the Text Fragment feature in Chrome's PDF reader, allowing users to share specific parts of long PDFs more easily. This could potentially lead to improved collaboration but may also introduce new attack vectors if not properly secured.
Tenable's buggy differential plugin updates caused global outages of Nessus vulnerability scanner agents, requiring manual upgrades for revival.