The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

Archive

Every brief we've published. Most recent first.

Saturday 6 June 2026

Cisco's SD-WAN Problem Is Now a Pattern, Not an Incident

Cisco's seventh SD-WAN zero-day of 2026 is being actively exploited with no patch in sight — and the World Food Programme breach just put 600,000 vulnerable Gazan families' data in the wrong hands.

Friday 5 June 2026

The $0 AI Worm: Why the Threat Doesn't Need a Frontier Model

Researchers proved you don't need a fancy frontier model to build a self-spreading AI worm — a free open-source LLM will do just fine.

Thursday 4 June 2026

When Your Notifications Become the Attacker's Keyboard

A poisoned notification from WhatsApp or Slack could hijack Google Gemini's voice assistant — no malicious app required.

Wednesday 3 June 2026

Trump's AI Executive Order Is Mostly a Handshake — and That Might Be the Point

Trump signs a watered-down AI executive order, Anthropic opens its most powerful model to 150 critical infrastructure operators, and a one-line Microsoft code flaw put billions of Android downloads at risk.

Tuesday 2 June 2026

When the Support Bot Becomes the Attacker's Best Friend

Meta's AI support chatbot handed hackers the keys to high-profile Instagram accounts — and it's the clearest sign yet that AI-powered customer service is a security product, not just a convenience one.

Monday 1 June 2026

Dutch Police Dismantle a 17-Million-Device Botnet — and It's a Timely Reminder of How Big "Big" Really Is

Dutch police tear down a 17-million-device botnet, a WordPress plugin is handing strangers the keys to your site, and Nvidia's Jensen Huang takes the Computex stage with Microsoft ARM ambitions in tow.

Sunday 31 May 2026

Russia's Sanctions-Busting Tech Grab Is Now a Cyber Problem, Not Just a Trade One

Russian intelligence is running an aggressive global tech-acquisition campaign as sanctions bite, Microsoft is threatening researchers over zero-day disclosures, and a Palo Alto VPN flaw just moved from "patch soon" to "actively exploited."

Saturday 30 May 2026

The AI-Assisted Hack: When the LLM Does the Post-Breach Heavy Lifting

An attacker used an LLM agent to automate post-breach cloud credential theft — and it's the clearest sign yet that AI is changing what happens after the initial compromise, not just before it.

Friday 29 May 2026

Anthropic Is Worth Almost $1 Trillion. Here's Why That Number Is Doing a Lot of Heavy Lifting.

Anthropic closes a $65 billion Series H at a $965 billion valuation — and drops a new model the same day, because why not.

Thursday 28 May 2026

The Extortion Gang That Skips the Phishing Email and Walks Through the Front Door

Ransomware crews are now showing up at law firm offices in person — and Australia's court transcription offshore scandal shows the tactic isn't as far-fetched here as it sounds.

Wednesday 27 May 2026

The "BadHost" Bug Hiding Inside Millions of AI Agents

A critical flaw in the Starlette web framework — 325 million weekly downloads — puts millions of AI agents at risk of server-side request forgery, and Iran's internet is flickering back to life after a 90-day blackout.

Tuesday 26 May 2026

Three Supply Chain Attacks at Once: GitHub, npm, PyPI, and Crates.io Are All on Fire

The Megalodon supply chain attack has infected 5,500+ GitHub repos via fake automated commits — and it's running alongside at least two other simultaneous package-poisoning campaigns.

Monday 25 May 2026

A Decade-Old Linux Kernel Flaw Just Got a Very Unwanted Comeback

A decade-old Linux privilege escalation bug resurfaces, Ghost CMS is under active mass exploitation, Amazon's always-on AI wearable raises hard privacy questions, and CBA's AI is doing the 2am on-call shift so engineers don't have to.

Sunday 24 May 2026

Anthropic's AI Just Found 10,000 Critical Bugs. The Vulnerability Economy Will Never Be the Same.

Anthropic's AI found 10,000 critical software flaws in a month — and that changes the economics of vulnerability research forever.

Saturday 23 May 2026

Inside the Week Law Enforcement Tore Down the Cybercrime Infrastructure Stack

Law enforcement dismantled a criminal VPN used by 25 ransomware groups, arrested a Kimwolf botnet operator, and seized 800 servers from a bulletproof hoster — a rare good week for the takedown scoreboard.

Friday 22 May 2026

AI-Assisted Kernel Exploit Lands on Apple Silicon — and It Won't Be the Last

An AI model helped find and exploit a kernel memory corruption bug in Apple's M5 chip — and TeamPCP's supply chain attack spree has now claimed GitHub, npm, and hundreds more organisations in its wake.

Thursday 21 May 2026

One Bad Extension, 3,800 Repos: The GitHub Breach That Indicts the Entire Developer Tooling Ecosystem

A poisoned VS Code extension breached 3,800 GitHub internal repositories — and it's a masterclass in how supply chain attacks now eat the ecosystem from the inside.

Wednesday 20 May 2026

The Cobbler's Children: CISA Left Its Own Credentials in a Public GitHub Repo for Six Months

CISA — America's cyber defence agency — left SSH keys, plaintext passwords, and AWS credentials in a public GitHub repo for six months, and Congress wants answers.

Tuesday 19 May 2026

No Patch, Active Exploitation: Microsoft Exchange Zero-Day Hits OWA Mailboxes

A zero-day in Microsoft Exchange is being actively exploited with no patch in sight — and today's brief covers a Windows SYSTEM-privilege exploit, a pre-Stuxnet nuclear sabotage tool, Anthropic's quiet SDK land-grab, and a Victorian phone scammer who finally got two years.

Monday 18 May 2026

Grafana's Source Code Was Stolen and Used as Leverage — Here's What Actually Happened

Grafana's codebase was downloaded by an attacker who then tried to extort the company — and a new phishing kit is bypassing MFA to hijack Microsoft 365 accounts at scale.

Sunday 17 May 2026

Secret Blizzard's Kazuar Grows Up: Russia's Most Patient Backdoor Is Now a P2P Botnet

Secret Blizzard's Kazuar backdoor has evolved into a modular P2P botnet — and a critical NGINX flaw just got a public exploit while Microsoft quietly buried an Azure vulnerability report without a CVE.

Saturday 16 May 2026

ChatGPT Wants Your Bank Login: OpenAI's Personal Finance Play Is the Biggest Trust Bet in AI Yet

ChatGPT wants access to your bank account — and the Musk v. Altman trial just wrapped up asking whether we should trust the people building this stuff.

Friday 15 May 2026

Cerebras Cracks the Market: AI Chip Darling's $5.5B IPO Is the Shot in the Arm the Tech Listings Market Needed

Cerebras goes public at double the price, Cisco fires 4,000 while posting record revenue, and a Foxconn ransomware hit signals manufacturing's worsening cyber crisis — Friday's brief has range.

Thursday 14 May 2026

The Bug-Finding Machine: How AI Rewrote Patch Tuesday

AI is now finding bugs faster than humans can patch them — and this week's Patch Tuesday is the proof.

Wednesday 13 May 2026

The Worm That Signed Its Own Warrants: Mini Shai-Hulud's Six-Minute Supply Chain Blitz

A self-propagating supply chain worm tore through npm and PyPI in minutes, poisoning packages from TanStack, Mistral AI, and others — and it was signed.

Tuesday 12 May 2026

The First AI-Written Zero-Day Just Got Caught in the Wild

Google caught the first confirmed AI-generated zero-day in the wild — and it was heading for a mass 2FA-bypass event before anyone got hurt.

Monday 11 May 2026

Bleeding Llama: The Ollama Flaw That Could Leak Your Entire AI Server's Memory

A critical memory-leak vulnerability in Ollama threatens 300,000+ AI servers globally — and the attackers abusing Claude.ai to spread Mac malware just reminded us that AI platforms are now the attack surface.

Sunday 10 May 2026

The AI Trust Problem: How a Fake OpenAI Repo Gamed Hugging Face and Won

A fake OpenAI repo hit Hugging Face's trending list and delivered infostealer malware — proving that AI's most trusted platforms are now prime real estate for supply chain attacks.

Saturday 9 May 2026

275 Million Students, One Breach, Zero Good Timing: The Canvas Catastrophe

ShinyHunters brings down Canvas for 9,000 schools right before finals — and the data they're holding over Instructure's head is far more sensitive than a list of email addresses.

Friday 8 May 2026

When Your AI Coding Agent Becomes the Attacker: The TrustFall Vulnerability

AI coding agents are becoming a supply chain attack vector — and the tools you trust most may be the easiest to compromise.

Thursday 7 May 2026

Palo Alto's Unpatched Firewall Zero-Day Is Being Exploited Right Now

A Palo Alto PAN-OS zero-day with a 9.3 CVSS is being actively exploited — and there's still no patch.

Wednesday 6 May 2026

Australia Builds the Review Board America Threw Away

Australia just launched its own Cyber Incident Review Board — modelled on the US body the Trump administration quietly disbanded — and the timing couldn't be more pointed.

Tuesday 5 May 2026

Five Eyes to Enterprises: Your Agentic AI Is Running Ahead of Your Security

Five Eyes agencies warn agentic AI is moving faster than enterprise safety controls — and that's the least of today's problems.

Monday 4 May 2026

When Your Antivirus Breaks Your Certificates: Microsoft Defender's DigiCert False Positive

Microsoft Defender's false-positive storm is quarantining legitimate DigiCert certificates across Windows fleets — and the US military just signed seven AI companies onto classified systems.

Sunday 3 May 2026

Trellix Got Hacked. Yes, the Cybersecurity Company.

A cybersecurity vendor getting hacked is always awkward — and Trellix's source code breach is the kind of story that makes defenders question the tools they trust.

Saturday 2 May 2026

DDoS Meets Extortion: Pro-Iran Group Holds Ubuntu.com Hostage

A pro-Iran hacktivist crew turned a DDoS against Canonical into a ransomware-style shakedown — and kept Ubuntu.com dark for over 24 hours during a critical patch window.

Friday 1 May 2026

cPanel's Zero-Day Was Live for Months Before Anyone Said a Word

A critical cPanel authentication bypass has been exploited in the wild since February, OpenAI follows Anthropic in locking down its most dangerous AI cyber tool, and the Linux "Copy Fail" flaw is shaking multi-tenant infrastructure everywhere.

Thursday 30 April 2026

Claude Mythos Found 271 Firefox Zero-Days. Let That Sink In.

Anthropic's Claude Mythos AI model found 271 zero-days in Firefox — and that changes what "vulnerability research" means forever.

Wednesday 29 April 2026

One Git Push to Own GitHub: CVE-2026-3854 Is the RCE Flaw Defenders Need to Patch Now

A critical GitHub RCE flaw lets any authenticated user pop a shell with one git push — and that's just the start of a busy day in security.

Tuesday 28 April 2026

OpenAI Breaks Up With Microsoft — Exclusively

OpenAI severs its exclusive Microsoft cloud tie, the 15-year-old OpenSSH root flaw finally surfaces, and a forgotten malware framework just rewrote the history of cyber sabotage.

Monday 27 April 2026

Itron Breach Puts Utility Infrastructure Security Back Under the Microscope

Itron's breach puts critical utility infrastructure in the spotlight, while Apple navigates the post-Cook era and robots learn to stop hurting themselves.

Sunday 26 April 2026

Before Stuxnet, There Was 'fast16': Researchers Uncover a Lost Chapter of Cyberwarfare History

A pre-Stuxnet sabotage framework surfaces, Google bets $40B on Anthropic, and a new Teams-based malware campaign is quietly emptying inboxes.

Saturday 25 April 2026

The Firewall That Became the Front Door: FIRESTARTER Backdoor Survives on Federal Cisco Devices

A firewall backdoor that outlasts patches, Google bets $40B on Anthropic, DeepSeek closes the frontier gap, and a pre-Stuxnet sabotage tool gets its first public autopsy.

Friday 24 April 2026

Anthropic Locked Down Its Most Dangerous AI. Then It Leaked Anyway.

Anthropic's Claude Mythos escaped its own containment, OpenAI shipped GPT-5.5, and a supply chain attack quietly poisoned the Bitwarden CLI — welcome to your Friday.

Thursday 23 April 2026

The npm Worm That Spreads Itself: Supply Chain Attacks Just Got Scarier

A self-replicating worm is quietly colonising npm; ransomware gangs are experimenting with post-quantum crypto; and SpaceX just offered $60 billion for an AI coding tool.

Wednesday 22 April 2026

Lazarus Group Pulls Off $290M KelpDAO Heist in Sophisticated Infrastructure Attack

North Korea's Lazarus Group steals $290M from KelpDAO, a Scattered Spider ringleader pleads guilty, and Anthropic's new cyber model is already sparking a CEO spat.

Tuesday 21 April 2026

Tim Cook Is Out. What Happens to Apple Now?

Tim Cook announces his exit from Apple, Anthropic's Mythos model lands at the NSA, and a supply-chain hack at Context.AI cascades into a breach at Vercel — a busy 24 hours across tech and security.

Monday 20 April 2026

ShinyHunters Claims Vercel Breach via Compromised AI Tool

Vercel's breach traces back to a compromised AI tool, NIST quietly retreats from scoring low-priority CVEs, and AI vendors shrug off prompt injection as a feature — busy Monday.

Sunday 19 April 2026

Proof-of-Concept Published for Critical RCE Bug in protobuf.js — Patch Now

A critical RCE flaw in protobuf.js puts millions of JavaScript apps at risk, Grinex blames spies for a $13.7M hack, and Cerebras files for an IPO.