Month: April 2026

Anthropic’s new cybersecurity-focused AI model, Claude Mythos, recently uncovered 271 vulnerabilities in Firefox, with the findings prompting Mozilla to release patches in Firefox version 150 this week. While over 40 CVEs were addressed, only three were officially credited to Claude – suggesting most of the bugs were lower-severity issues that don’t clear the bar for a public CVE. Mozilla’s Firefox CTO offered a grounded take on the achievement, noting that none of the bugs were beyond what “an elite human researcher” could have found, pushing back on predictions that AI will soon discover entirely novel vulnerability classes. Because of Mythos’s remarkable capabilities – Palo Alto Networks said it completed the equivalent of a year’s worth of pen testing in under three weeks – Anthropic has kept the model out of public hands, offering it only to a select group of major organizations like Microsoft, Google, Apple, and AWS through a program called Project Glasswing. Palo Alto’s chief product officer warned that within six months, similarly powerful AI security tools will likely be widespread, and organizations that haven’t prepared “will face an entirely new class of risk.”.

Read more about it here.

On April 13, 2026, Booking.com warned its customers that hackers may have accessed customer data linked to travel reservations. Exposed customer details could include names, email addresses, phone numbers, booking information and any information customers may have shared with accommodations.

“Financial information was not accessed from Booking.com’s systems, nor were guests’ physical addresses,” the company stated. “Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”

Cybersecurity firm Norton has dubbed the scams “reservation hijacks”, because criminals have contacted Booking.com customers pretending to be hotels in order to trick customers into sending them money based on bogus reservation problems.

Founded in Amsterdam in 1996, Booking.com has grown to become one of the largest one-stop digital marketplaces for vacations, where customers can book flights, accommodations, transportation, and activities. It boasts almost seven billion check-ins since 2010.

Read more about it here.

Anthropic recently confirmed that the source code for its Claude Code AI agent was accidentally exposed through a large JavaScript source map in a public npm package. This leak, totaling over 500,000 lines of TypeScript, revealed the tool’s internal orchestration logic and security protocols to the public. Tens of thousands of users quickly sought out the code, leading to a surge in unauthorized forks and re-uploads across platforms like GitHub.

Cybercriminals capitalized on the interest by creating fraudulent GitHub repositories that appear at the top of search engine results for “leaked Claude Code.” These repositories often promise unlocked enterprise features but instead deliver a Rust-based dropper containing the Vidar information-stealer and GhostSocks proxy malware. Once executed, the malicious software exfiltrates sensitive credentials and turns the infected machine into a residential proxy for further illegal traffic.

Security researchers from firms like Zscaler noted that these malicious archives are frequently updated, indicating that attackers are actively refining their delivery methods and payloads. While GitHub has since removed several of the offending accounts, the incident serves as a stark reminder of how quickly hackers exploit trending AI news to target developers. Experts urge extreme caution when downloading unofficial source code, as the rapid pace of AI development can often outrun traditional security vetting.

Read more about it here.