The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
'Zealot' Demo Shows AI Executing a Full Cloud Attack Chain End-to-End
A staged exercise dubbed Zealot illustrates how an AI agent can chain together the discrete steps of a cloud intrusion — reconnaissance, credential abuse, later
1,300+ SharePoint servers still exposed to actively exploited spoofing zero-day
Shadowserver's scans show more than 1,300 internet-facing Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft disclo
Anthropic quietly A/B tested pulling Claude Code from Pro tier, then backtracked
Anthropic ran an unannounced pricing experiment on roughly 2% of new Pro-tier signups, gating Claude Code behind the $100/month Max plan. The test caught wider
Bomgar RMM Exploitation Surge Exposes Downstream Supply Chain Blast Radius
Attackers are escalating exploitation of BeyondTrust's Bomgar remote monitoring and management platform, turning a trusted administrative tool into a privileged
BRIDGE:BREAK: 22 Flaws Expose 20,000+ Serial-to-IP Converters to Takeover
Researchers disclosed 22 vulnerabilities, collectively dubbed BRIDGE:BREAK, affecting serial-to-IP converters manufactured by Lantronix and Silex. These devices
Checkmarx Supply Chain Hit: Poisoned KICS Docker Images and VS Code Extensions
Attackers published malicious artifacts masquerading as Checkmarx's KICS infrastructure-as-code scanner, seeding both Docker registries and the VS Code Marketpl
Cohere Terrarium sandbox flaw lets AI-generated code escape the container as root
A vulnerability in Cohere's Terrarium, the sandboxed Python execution environment used to run code produced by AI agents, allowed attackers to break out of the
Cross-App Permission Stacking Creates Hidden Privilege Escalation Paths
Modern SaaS environments rarely fail because of a single over-permissioned integration. They fail because individually reasonable grants — a calendar read here,
France's ANTS document agency breached, 19M records allegedly up for sale
The Agence nationale des titres sécurisés (ANTS), the French Interior Ministry body that issues passports, national IDs, driver's licenses, and immigration pape
GoGra Linux backdoor abuses Microsoft Graph API and Outlook for C2
Symantec has identified a Linux build of the GoGra backdoor attributed to Harvester, a state-aligned espionage group active since 2021 against telecom, governme
Google Patches Critical RCE in Antigravity AI Development Tool
Google has shipped a fix for a critical remote code execution vulnerability in Antigravity, its AI-powered development platform. The flaw allowed attackers to e
Graph API code change exposes race condition in Universal Print share creation
Microsoft has attributed an ongoing Universal Print outage (UP1287359) to a recent Microsoft Graph API code change that increased Entra ID directory replication