Anthropic’s decision to withhold the Claude Mythos Preview has punctured the usual celebratory arc of model announcements. Rather than rushing to commercialize another frontier AI, the company says Mythos demonstrated capabilities that could be exploited to find and chain high-severity vulnerabilities in widely used systems—so serious that Anthropic is choosing limited, defensive deployment over general release. A startling discovery in
Latest Articles

Microsoft Extends Windows 10 Extended Security Updates Through October 2027
Microsoft has quietly extended its consumer Extended Security Updates (ESU) program for Windows 10, pushing the cutoff for critical security patches out another year to October 12, 2027. The move gives millions of users who have not yet migrated to Windows 11 additional time to receive important and critical security fixes, while Microsoft continues to encourage upgrades to the newer OS. For those already enrolled in the consumer ESU program, coverage continues automatically under the new end date. What the…
Continue readingOpenAI Codex Command-Injection Flaw: How GitHub Tokens Were Exposed and What Teams Must Do Now
The rise of AI coding assistants has simplified developer workflows, but a recent discovery shows those conveniences can carry serious risk. Researchers at BeyondTrust found a critical command-injection vulnerability in OpenAI Codex that could be exploited to steal GitHub access tokens. The flaw demonstrates how an overlooked parsing detail — a branch name passed into a container setup script —
Critical RCE in Ninja Forms File Upload Exposes ~50,000 WordPress Sites
A recently disclosed vulnerability in the popular Ninja Forms “File Upload” addon has placed roughly 50,000 WordPress sites at risk of full takeover. Tracked as CVE-2026-0740 and carrying a CVSS score of 9.8, the flaw allows unauthenticated arbitrary file uploads — a straightforward path to remote code execution (RCE) for attackers. Site owners who rely on the affected plugin must
Microsoft fixes Classic Outlook bug that blocked some email sends
Microsoft has rolled out a server-side fix for a recent Classic Outlook problem that prevented some users from sending messages through Outlook.com. The issue caused non-delivery warnings and error codes for affected accounts, and the company says the change has been in production as of April 3, 2026. What happened Some Classic Outlook users received non-delivery reports (NDRs) with error
Researcher Publishes Windows Defender 0-Day ‘BlueHammer’ LPE Proof‑of‑Concept
A security researcher using the handle Chaotic Eclipse has publicly released a working proof‑of‑concept for a Windows zero‑day local privilege escalation (LPE) exploit called “BlueHammer.” The disclosure, accompanied by full source code on GitHub, was confirmed as functional by vulnerability researcher Will Dormann and demonstrates that a low‑privileged local user can escalate to NT AUTHORITYSYSTEM on affected machines. The release
Microsoft removes Support and Recovery Assistant from Windows — what it means
Microsoft has removed the Support and Recovery Assistant (SaRA) from Windows, according to recent reports. Once a handy troubleshooting companion for Office and other Microsoft products, SaRA helped users diagnose and fix a variety of common issues. Its absence changes the options available to end users and IT teams when problems arise, but there are practical alternatives and steps you





