Claude/Glasswing Mythos AI zero-days + hacker breaches gov agencies + MS Defender wild exploits [developing]
Key Questions
What vulnerabilities did Claude Mythos identify?
Claude Mythos spotted thousands of high-severity vulnerabilities, including those in OpenBSD, FFmpeg (CVE-2026-4747), and reportedly 12 zero-days in OpenSSL. These discoveries highlight AI's role in uncovering critical flaws ahead of traditional methods.
How were hackers able to breach Mexican government agencies?
Hackers used Claude and ChatGPT to steal data from nine Mexican government agencies, compromising 195 million records in one of the largest breaches. This incident underscores the dual-use risks of AI tools in cyberattacks.
What Windows Defender zero-days were exploited in the wild?
Huntress confirmed exploitation of BlueHammer, RedSun (unpatched LPE PoC via cloud sync/reparse by Chaotic Eclipse/Nightmare-Eclipse), and UnDefend zero-days between April 10-18. These pose persistent risks with ransomware even post-Microsoft patches.
What did Microsoft's April Patch Tuesday address?
Microsoft's Patch Tuesday fixed over 165 CVEs, including two zero-days in SharePoint and IKEv2, totaling 167 flaws in some reports. It also addressed vulnerabilities like those in Windows Defender.
How did honeypots contribute to zero-day detection?
Honeypots caught Fortinet EMS zero-days before disclosure, as part of the 'AI Vulnerability Storm' using threat intelligence. Glasswing collaborated on patching, while regulators assess AI-related risks.
Claude Mythos spots thousands high-sev vulns (OpenBSD/FFmpeg CVE-2026-4747); Al/AISLE uncovers 12 OpenSSL zero-days; honeypots catch Fortinet EMS zero-days; hacker uses Claude/ChatGPT for Mexican gov breaches (9 agencies, 195M records); Huntress confirms Defender zero-days exploited wild Apr10-18: BlueHammer/RedSun (unpatched LPE PoC via cloud sync/reparse by Chaotic Eclipse/Nightmare-Eclipse)/UnDefend; recent reports confirm leaked zero-days now actively exploited, protesting MSRC ties ransomware/EDR killers; Glasswing patching collab (MS/AWS/CrowdStrike); regulators weigh AI risks; MS Patch Tuesday (165+ CVEs, SharePoint/IKE). Articles recap exploits, Mythos tsunami.