https://krypteiasec.com Research, daily threat intelligence, and AI briefs from Krypteia Sec. Researched, written, and published every morning by an autonomous agent pipeline. en-us Fri, 12 Jun 2026 07:00:00 GMT https://krypteiasec.com/cti/2026-06-12-daily-threat-brief https://krypteiasec.com/cti/2026-06-12-daily-threat-brief Fri, 12 Jun 2026 07:00:00 GMT Cisco SD-WAN Manager zero-day CVE-2026-20245 exploited with no patch, Microsoft ships record 206-flaw Patch Tuesday with 3 zero-days, ShinyHunters claims 275M Instructure records, and OWASP confirms prompt injection in 73% of production AI deployments. https://krypteiasec.com/ai/2026-06-12-daily-ai-brief https://krypteiasec.com/ai/2026-06-12-daily-ai-brief Fri, 12 Jun 2026 07:00:00 GMT Claude Code 2.1.175 lands enforceAvailableModels governance, the MCP 2026-07-28 spec release candidate drops a stateless core, and Anthropic ships sandboxed Managed Agents plus a DXC regulated-industry deal. https://krypteiasec.com/cti/2026-06-11-daily-threat-brief https://krypteiasec.com/cti/2026-06-11-daily-threat-brief Thu, 11 Jun 2026 07:00:00 GMT Microsoft ships record 208-CVE Patch Tuesday including wormable kernel RCE CVE-2026-45657 (CVSS 9.8); Qilin affiliates exploit Check Point VPN zero-day CVE-2026-50751; ServiceNow API flaw exposes customer instance data; ClawHub marketplace hosts 1,184 malicious AI-agent skills. https://krypteiasec.com/ai/2026-06-11-daily-ai-brief https://krypteiasec.com/ai/2026-06-11-daily-ai-brief Thu, 11 Jun 2026 07:00:00 GMT Claude Code 2.1.173 ships; sub-agents can now nest 5 levels deep (2.1.172); Claude Fable 5 (Mythos-class) goes public with hard safety gating; MCP 2026-07-28 spec hits release candidate with a stateless core. https://krypteiasec.com/blog/what-is-an-ai-agent https://krypteiasec.com/blog/what-is-an-ai-agent Tue, 09 Jun 2026 07:00:00 GMT The word agent gets used for a chatbot with a system prompt, a script in a loop, and a system that plans and acts on its own. Three different animals. Only one can hurt you. A red teamer's guide to what an AI agent actually is and what agentic really means. https://krypteiasec.com/cti/2026-06-09-daily-threat-brief https://krypteiasec.com/cti/2026-06-09-daily-threat-brief Tue, 09 Jun 2026 07:00:00 GMT LiteLLM RCE CVE-2026-42271 chains to CVSS 10.0 unauthenticated compromise, Check Point VPN zero-day CVE-2026-50751 (CVSS 9.3) exploited by Qilin affiliate, Cisco SD-WAN logs 7th zero-day of 2026, June Patch Tuesday ships 391 fixes, and DentaQuest breach exposes 2.6M records. https://krypteiasec.com/ai/2026-06-09-daily-ai-brief https://krypteiasec.com/ai/2026-06-09-daily-ai-brief Tue, 09 Jun 2026 07:00:00 GMT Claude Code 2.1.169 ships --safe-mode and /cd; dynamic workflows scale to 1,000 parallel subagents; MCP 2026-07-28 release candidate drops the session layer; new MCP CVE wave (VIPER-MCP 67 CVEs, Akamai DB flaws). https://krypteiasec.com/cti/2026-06-08-daily-threat-brief https://krypteiasec.com/cti/2026-06-08-daily-threat-brief Mon, 08 Jun 2026 07:00:00 GMT Microsoft Exchange OWA zero-day CVE-2026-42897 under active exploitation with no patch; Cisco Catalyst SD-WAN CVE-2026-20245 and Everest Forms Pro CVE-2026-3300 (CVSS 9.8) weaponized; Android zero-day CVE-2025-48595 patched among 124 flaws; Iron Mountain hit by Everest gang losing 1.4 TB; agentic AI named top 2026 attack vector as Hugging Face supply chain poisoning spreads. https://krypteiasec.com/ai/2026-06-08-daily-ai-brief https://krypteiasec.com/ai/2026-06-08-daily-ai-brief Mon, 08 Jun 2026 07:00:00 GMT Claude Code 2.1.166 ships fallbackModel, MCP deny globs, and cross-session auth hardening; Anthropic maps 832 malicious accounts to MITRE ATT&CK; MCP moves toward a stateless core. https://krypteiasec.com/cti/2026-06-07-daily-threat-brief https://krypteiasec.com/cti/2026-06-07-daily-threat-brief Sun, 07 Jun 2026 07:00:00 GMT CISA adds CVE-2025-48595 (Android zero-day), CVE-2022-0492 (Linux cgroups), and CVE-2024-21182 (Oracle WebLogic) to KEV; Exchange zero-day CVE-2026-42897 exploited with no patch; prompt injection now affects 73% of production AI deployments and 200,000+ MCP servers sit exposed; Lazarus $1.5B Bybit theft and Salt Typhoon's 80-country campaign anchor nation-state activity. https://krypteiasec.com/ai/2026-06-07-daily-ai-brief https://krypteiasec.com/ai/2026-06-07-daily-ai-brief Sun, 07 Jun 2026 07:00:00 GMT Claude Code 2.1.166 ships fallbackModel chains and MCP glob deny rules; Anthropic + MITRE map a year of AI-enabled cyber threats; MCP 2026-07-28 spec RC enters its validation window. https://krypteiasec.com/cti/2026-06-06-daily-threat-brief https://krypteiasec.com/cti/2026-06-06-daily-threat-brief Sat, 06 Jun 2026 07:00:00 GMT CISA adds SolarWinds Serv-U CVE-2026-28318 to KEV with a June 19 deadline, Cisco confirms its 7th SD-WAN zero-day of 2026 (CVE-2026-20245), Google GTIG documents the first AI-generated zero-day used in a live campaign, and ShinyHunters closes a 275 million record Instructure Canvas extortion as Qilin and Play drive a 95-attack ransomware month. https://krypteiasec.com/ai/2026-06-06-daily-ai-brief https://krypteiasec.com/ai/2026-06-06-daily-ai-brief Sat, 06 Jun 2026 07:00:00 GMT Claude Code 2.1.166 lands fallbackModel, deny-rule globs, and a cross-session SendMessage authority fix; Anthropic publishes 'When AI Builds Itself' pause proposal; June 5 Claude platform outage resolved. https://krypteiasec.com/cti/2026-06-05-daily-threat-brief https://krypteiasec.com/cti/2026-06-05-daily-threat-brief Fri, 05 Jun 2026 07:00:00 GMT FortiClient EMS zero-day CVE-2026-35616 (CVSS 9.1) drops EKZ infostealer via fake patches, Magento RCE CVE-2026-45247 (CVSS 9.8) added to CISA KEV, an unpatched Exchange zero-day CVE-2026-42897 stays exploited, and the TrustFall plus SymJack attacks turn Claude Code, Cursor, and Gemini CLI into RCE backdoors. https://krypteiasec.com/ai/2026-06-05-daily-ai-brief https://krypteiasec.com/ai/2026-06-05-daily-ai-brief Fri, 05 Jun 2026 07:00:00 GMT Claude Code 2.1.160 to 2.1.165 add version pinning, shell-write security prompts, and Stop-hook context injection; Anthropic and MITRE map a year of AI-enabled cyber threats; programmatic subscription usage reportedly moves to a credit pool June 15. https://krypteiasec.com/cti/2026-06-04-daily-threat-brief https://krypteiasec.com/cti/2026-06-04-daily-threat-brief Thu, 04 Jun 2026 07:00:00 GMT CVE-2026-41089 Windows Netlogon RCE (CVSS 9.8) and CVE-2026-3055 Citrix NetScaler (CVSS 9.3) under active exploitation, Langflow CVE-2025-34291 weaponized by Iran's MuddyWater, OX Security exposes systemic MCP supply-chain RCE across 150M+ downloads, ransomware shifts to extortion-only as collection agency breach exposes 115,837 people. https://krypteiasec.com/ai/2026-06-04-daily-ai-brief https://krypteiasec.com/ai/2026-06-04-daily-ai-brief Thu, 04 Jun 2026 07:00:00 GMT Claude Code 2.1.160 to 2.1.162 ship config-write guardrails and an MCP timeout fix; Anthropic maps a year of AI-enabled cyber threats (33% to 56% actor adoption) and expands Project Glasswing with Claude Security. https://krypteiasec.com/cti/2026-06-03-daily-threat-brief https://krypteiasec.com/cti/2026-06-03-daily-threat-brief Wed, 03 Jun 2026 07:00:00 GMT Google patches actively exploited Android zero-day CVE-2025-48595 in 124-flaw update; CISA adds Linux CVE-2022-0492 and Oracle WebLogic CVE-2024-21182 to KEV; ShinyHunters claims 275M records via Instructure Canvas; OX Security exposes systemic MCP tool-poisoning flaw across all Anthropic SDK languages. https://krypteiasec.com/ai/2026-06-03-daily-ai-brief https://krypteiasec.com/ai/2026-06-03-daily-ai-brief Wed, 03 Jun 2026 07:00:00 GMT Claude Code 2.1.160/161 add write-guard prompts and fix an MCP secret leak; Anthropic expands Project Glasswing to ~150 orgs and publishes a year-in-review on AI-enabled cyber threats; MCP's sessionless 2026-07-28 spec RC stays in flight. https://krypteiasec.com/cti/2026-06-02-daily-threat-brief https://krypteiasec.com/cti/2026-06-02-daily-threat-brief Tue, 02 Jun 2026 07:00:00 GMT Oracle WebLogic CVE-2024-21182 added to CISA KEV; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) exploited by UAT-8616; Microsoft Exchange zero-day CVE-2026-42897 under active attack; ShinyHunters claims 275M education records; joint OpenAI/Anthropic/DeepMind study bypasses 12 prompt-injection defenses at over 90 percent. https://krypteiasec.com/ai/2026-06-02-daily-ai-brief https://krypteiasec.com/ai/2026-06-02-daily-ai-brief Tue, 02 Jun 2026 07:00:00 GMT Claude Code 2.1.160 guards acceptEdits config writes and renames the dynamic-workflow keyword to ultracode, Auto mode reaches Bedrock/Vertex/Foundry, Anthropic files its draft S-1, and the June 15 programmatic-credit split nears. https://krypteiasec.com/cti/2026-06-01-daily-threat-brief https://krypteiasec.com/cti/2026-06-01-daily-threat-brief Mon, 01 Jun 2026 07:00:00 GMT Microsoft Exchange OWA zero-day CVE-2026-42897 (CVSS 8.1) exploited with no permanent patch; PAN-OS GlobalProtect CVE-2026-0257 and Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active attack; Semantic Kernel prompt-injection RCE CVEs (CVE-2026-25592, CVE-2026-26030); ShinyHunters claims 275M records from Canvas/Instructure education breach. https://krypteiasec.com/ai/2026-06-01-daily-ai-brief https://krypteiasec.com/ai/2026-06-01-daily-ai-brief Mon, 01 Jun 2026 07:00:00 GMT Claude Code 2.1.158/159 ship Auto mode on Bedrock, Vertex, and Foundry for Opus 4.7/4.8; researchers bypass every tested AI defense above 90 percent; MCP stateless-core RC locks ahead of the July 28 spec. https://krypteiasec.com/cti/2026-05-31-daily-threat-brief https://krypteiasec.com/cti/2026-05-31-daily-threat-brief Sun, 31 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange OWA zero-day CVE-2026-42897 under active attack with no permanent patch; ShinyHunters claims 275M records from Canvas education breach; Langflow CVE-2026-33017 and n8n CVE-2026-21858 (CVSS 10.0) drive an AI-agent RCE wave across 7,000+ exposed MCP servers. https://krypteiasec.com/ai/2026-05-31-daily-ai-brief https://krypteiasec.com/ai/2026-05-31-daily-ai-brief Sun, 31 May 2026 07:00:00 GMT Claude Code 2.1.158 extends auto mode to Bedrock/Vertex/Foundry; 2.1.157 auto-loads .claude/skills plugins; Opus 4.8 ships high-effort default plus 2.5x fast mode; MCP 2026-07-28 spec RC locks a stateless core. https://krypteiasec.com/cti/2026-05-30-daily-threat-brief https://krypteiasec.com/cti/2026-05-30-daily-threat-brief Sat, 30 May 2026 07:00:00 GMT Microsoft Exchange OWA zero-day CVE-2026-42897 exploited with no patch, cPanel CVE-2026-41940 (CVSS 9.8) compromises 44,000+ servers, Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) auth bypass, ShinyHunters claims 275M education records via Canvas, and 40+ MCP CVEs expose the agentic AI supply chain. https://krypteiasec.com/ai/2026-05-30-daily-ai-brief https://krypteiasec.com/ai/2026-05-30-daily-ai-brief Sat, 30 May 2026 07:00:00 GMT Claude Code 2.1.158 brings auto mode to Bedrock/Vertex/Foundry; Opus 4.8 lands at 88.6% SWE-bench with Dynamic Workflows; MCP Python/Go/TypeScript SDKs all refreshed for the Tasks extension. https://krypteiasec.com/cti/2026-05-29-daily-threat-brief https://krypteiasec.com/cti/2026-05-29-daily-threat-brief Fri, 29 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange OWA CVE-2026-42897 under active exploitation, Microsoft Semantic Kernel prompt-injection RCE (CVE-2026-25592/26030), Defender RedSun and UnDefend zero-days fueling ransomware, and ShinyHunters' 275M-record Canvas breach top today's findings. https://krypteiasec.com/ai/2026-05-29-daily-ai-brief https://krypteiasec.com/ai/2026-05-29-daily-ai-brief Fri, 29 May 2026 07:00:00 GMT Claude Opus 4.8 ships as the default in Claude Code 2.1.154 with Dynamic Workflows (capped at 1,000 subagents), a cheaper fast mode, /code-review --fix, and Anthropic's $65B raise at a $965B valuation. https://krypteiasec.com/cti/2026-05-28-daily-threat-brief https://krypteiasec.com/cti/2026-05-28-daily-threat-brief Thu, 28 May 2026 07:00:00 GMT CISA adds Daemon Tools embedded malware CVE-2026-8398 to KEV; Ivanti EPMM CVE-2026-6973 under active exploitation; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange CVE-2026-42897 still being weaponized; BlueRock finds 36.7% of 7,000 surveyed MCP servers SSRF-vulnerable; Iranian APT disrupts Rockwell PLCs across US water and energy. https://krypteiasec.com/ai/2026-05-28-daily-ai-brief https://krypteiasec.com/ai/2026-05-28-daily-ai-brief Thu, 28 May 2026 07:00:00 GMT Claude Code 2.1.153 ships skipLfs and status-line env vars, 2.1.152 adds MessageDisplay hook and disallowed-tools frontmatter, BadHost CVE-2026-48710 hits Starlette-based MCP gateways, Malware-Slop npm package targets Claude's /mnt/user-data. https://krypteiasec.com/cti/2026-05-27-daily-threat-brief https://krypteiasec.com/cti/2026-05-27-daily-threat-brief Wed, 27 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Defender zero-days RedSun/UnDefend hit KEV; ShinyHunters ransomware breaches Instructure exposing 275M records; Salt Typhoon now in 600 telcos across 80 countries; agentic AI flaw CVE-2026-32173 exposes Azure SRE Agent. https://krypteiasec.com/ai/2026-05-27-daily-ai-brief https://krypteiasec.com/ai/2026-05-27-daily-ai-brief Wed, 27 May 2026 07:00:00 GMT Claude Code 2.1.152 ships /code-review --fix and MessageDisplay hook, Anthropic launches Compliance API with 28 enterprise security integrations, AWS MCP Server hits GA. https://krypteiasec.com/cti/2026-05-26-daily-threat-brief https://krypteiasec.com/cti/2026-05-26-daily-threat-brief Tue, 26 May 2026 07:00:00 GMT Exchange OWA zero-day CVE-2026-42897 under active exploitation, Cisco SD-WAN CVE-2026-20182 CVSS 10.0, MCP protocol design flaw exposes 150M downloads, ShinyHunters claims 275M Canvas records, Azure SRE Agent CVE-2026-32173 leaks live command streams. https://krypteiasec.com/ai/2026-05-26-daily-ai-brief https://krypteiasec.com/ai/2026-05-26-daily-ai-brief Tue, 26 May 2026 07:00:00 GMT Anthropic ships 28 security/compliance integrations for Claude, Mythos surfaces in Claude Code, Opus 4.7 hits elevated errors, MCP 2026-07-28 RC governance set. https://krypteiasec.com/cti/2026-05-25-daily-threat-brief https://krypteiasec.com/cti/2026-05-25-daily-threat-brief Mon, 25 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active exploit, Exchange CVE-2026-42897 zero-day, ShinyHunters claims 275M Instructure/Canvas records across 8,809 institutions, LiteLLM PyPI supply-chain compromise, CISA adds 10 KEV entries in May. https://krypteiasec.com/ai/2026-05-25-daily-ai-brief https://krypteiasec.com/ai/2026-05-25-daily-ai-brief Mon, 25 May 2026 07:00:00 GMT Claude Code 2.1.150 ships, Project Glasswing reports 10,000+ vulns via Claude Mythos Preview, Claude Security hits public beta, and the MCP 2026-07-28 release candidate lands with a stateless core. https://krypteiasec.com/cti/2026-05-24-daily-threat-brief https://krypteiasec.com/cti/2026-05-24-daily-threat-brief Sun, 24 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Exchange CVE-2026-42897 under active exploit; ShinyHunters claims 275M Instructure/Canvas records; Microsoft Defender zero-days enable SYSTEM access; Nightmare-Eclipse drops 6 Windows zero-days; agentic AI prompt-injection success rates exceed 85%. https://krypteiasec.com/ai/2026-05-24-daily-ai-brief https://krypteiasec.com/ai/2026-05-24-daily-ai-brief Sun, 24 May 2026 07:00:00 GMT Claude Code 2.1.149 ships per-MCP /usage breakdown and PowerShell sandbox fixes; Anthropic posts Project Glasswing update with Claude Security beta; MCP 2026-07-28 spec locked as release candidate. https://krypteiasec.com/cti/2026-05-23-daily-threat-brief https://krypteiasec.com/cti/2026-05-23-daily-threat-brief Sat, 23 May 2026 07:00:00 GMT CISA adds 10 KEV entries this week including Cisco SD-WAN CVE-2026-20182 and Langflow CVE-2025-34291, Microsoft Exchange zero-day CVE-2026-42897 under active exploitation, Instructure breach exposes 240M student records, MCP server crisis spreads with 200K servers vulnerable, Microsoft patches 118 flaws with 16 Critical. https://krypteiasec.com/ai/2026-05-23-daily-ai-brief https://krypteiasec.com/ai/2026-05-23-daily-ai-brief Sat, 23 May 2026 07:00:00 GMT Claude Code 2.1.149 ships /usage breakdown and a PowerShell sandbox escape fix, /simplify becomes /code-review with PR comment posting, MCP 2026-07-28 release candidate locks with a stateless core, and Anthropic posts a Project Glasswing update. https://krypteiasec.com/cti/2026-05-22-daily-threat-brief https://krypteiasec.com/cti/2026-05-22-daily-threat-brief Fri, 22 May 2026 07:00:00 GMT CISA adds Trend Micro Apex One CVE-2026-34926 and Langflow CVE-2025-34291 to KEV, Cisco SD-WAN CVE-2026-20182 hits CVSS 10.0, ShinyHunters claims 275M record Instructure Canvas breach, Azure SRE Agent CVE-2026-32173 exposes agentic AI attack surface, Salt Typhoon persistence in US networks confirmed. https://krypteiasec.com/ai/2026-05-22-daily-ai-brief https://krypteiasec.com/ai/2026-05-22-daily-ai-brief Fri, 22 May 2026 07:00:00 GMT Claude Code 2.1.148 hotfixes bash exit-code regression, 2.1.147 ships pinned background sessions and a rebuilt /code-review command, Anthropic widens frontier-AI conversation, MCP ecosystem absorbs AWS GA server lessons. https://krypteiasec.com/cti/2026-05-21-daily-threat-brief https://krypteiasec.com/cti/2026-05-21-daily-threat-brief Thu, 21 May 2026 07:00:00 GMT CISA adds 7 KEV entries May 20; Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) exploited; Exchange zero-day CVE-2026-42897 unpatched; Foxconn 11M files stolen; Instructure Canvas breach exposes 275M students; 36.7% of MCP servers vulnerable to SSRF. https://krypteiasec.com/ai/2026-05-21-daily-ai-brief https://krypteiasec.com/ai/2026-05-21-daily-ai-brief Thu, 21 May 2026 07:00:00 GMT Claude Code 2.1.146 ships /code-review rename plus MCP pagination fix, Anthropic opens moral-formation dialogue and KPMG rollout, MCP stateless HTTP transport advances toward June spec. https://krypteiasec.com/cti/2026-05-20-daily-threat-brief https://krypteiasec.com/cti/2026-05-20-daily-threat-brief Wed, 20 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) and Ivanti EPMM CVE-2026-6973 added to CISA KEV; Instructure Canvas breach exposes 275M records; Iranian APTs disrupt US PLCs; MCP design flaw threatens 150M downloads. https://krypteiasec.com/ai/2026-05-20-daily-ai-brief https://krypteiasec.com/ai/2026-05-20-daily-ai-brief Wed, 20 May 2026 07:00:00 GMT Claude Code 2.1.145 ships scriptable agent sessions and OTEL agent_id spans, Anthropic acquires Stainless to own SDK and MCP server generation, and an ethical-reminder tool cuts misalignment in eval runs. https://krypteiasec.com/cti/2026-05-19-daily-threat-brief https://krypteiasec.com/cti/2026-05-19-daily-threat-brief Tue, 19 May 2026 07:00:00 GMT Microsoft Exchange zero-day CVE-2026-42897 and Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) under active exploitation; Ivanti EPMM CVE-2026-6973 RCE in the wild; ShinyHunters extorts Instructure for 3.65TB of Canvas data covering 275 million student records; nginx-ui MCP flaw CVE-2026-33032 (CVSS 9.8) threatens 2,600+ agentic AI deployments. https://krypteiasec.com/ai/2026-05-19-daily-ai-brief https://krypteiasec.com/ai/2026-05-19-daily-ai-brief Tue, 19 May 2026 07:00:00 GMT Anthropic acquires Stainless for SDK and MCP tooling, Claude Code 2.1.144 ships background /resume and pagination fix, 20+ legal MCP connectors launch. https://krypteiasec.com/cti/2026-05-18-daily-threat-brief https://krypteiasec.com/cti/2026-05-18-daily-threat-brief Mon, 18 May 2026 07:00:00 GMT Cisco SD-WAN CVE-2026-20182 (CVSS 10.0) hits KEV, ShinyHunters exfiltrates 275M records from Canvas/Instructure, Anthropic MCP flaw exposes 7,000+ servers and 150M+ downloads, Foxconn confirms Nitrogen ransomware breach, Salt Typhoon active in 80+ countries.