Evaluating the Reliability of Multiple Large Language Models in Risk Assessment: A CIS Controls Based Approach

Proper implementation of technical and administrative controls reinforces an organization's cybersecurity posture and business resilience, reduces risks, and enhances governance, ultimately elevating business maturity. The dynamics of the technological landscape and emerging threats negatively...

Mythos: An AI tool too powerful for public release

Anthropic’s most capable model to date, Claude Mythos Preview aka Mythos, has been described as a “step change” in AI performance, especially on cybersecurity tasks. Anthropic tried to keep Mythos a secret until a few weeks ago, when a data leak revealed the existence of what the company said was...

Cybersecurity Risk Assessment: The Complete Guide for Security Leaders

Most security teams treat risk assessments as a compliance checkbox, a periodic exercise that generates a thick report, collects dust for six months, and then gets repeated. The result? Organizations discover their biggest exposures only after an incident, not before. A cybersecurity risk...

An Agentic Multi-Agent Architecture for Cybersecurity Risk Management

Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each age...

Henry IV, Hotspur, Hal, and hallucinations

Welcome to this week's edition of the Threat Source newsletter. " 'Tis dangerous to take a cold, to sleep, to drink; but I tell you, my lord fool, out of this nettle, danger, we pluck this flower, safety." - Hotspur, Shakespeare's Henry IV, Part 1: Act 2 Scene 3 I get it. Hotspur is the...

Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents

Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...

It’s not personal, it’s just business

Welcome to this week's edition of the Threat Source newsletter. This week, we explore how advances in agentic AI are rapidly transforming the cyber crime business. Agentic AI programming gives AI agents autonomy, allowing them to interact with external systems to collect information, make decisio...

EUVD-2025-95307

Malicious code in rina-kacang15-breki npm...

EUVD-2019-12501

Malware in sbrugna...

EUVD-2017-15209

Malware in sbrugna...

EUVD-2018-15786

Malware in sbrugna...

EUVD-2018-10169

Malware in sbrugna...

EUVD-2020-30308

Malware in sbrugna...

EUVD-2024-39557

Malicious code in bioql PyPI...

Malicious code in @sellerly-kit/theme-sellerly (npm)

The package @sellerly-kit/theme-sellerly was found to contain malicious code...

PT-2025-28861 · Red Hat +1 · Centos 7 +1

Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 Description: The Linux distribution underlying the Radiflow iSAP Smart Collector is obsolete and has reached end of life, posing a cybersecurity risk. Any unmitigated vulnerability could be...

PT-2025-26160 · Dover Fueling Solutions · Progauge Maglink Lx Console

Name of the Vulnerable Software and Affected Versions: Dover Fueling Solutions ProGauge MagLink LX Consoles affected versions not specified Description: A critical issue has been identified, allowing remote attackers to gain full control over fueling station equipment without requiring...

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...

PT-2025-22543 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromised. This issue poses a...

CVE-2025-22628 WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FolioVision Filled In filled-in allows Stored XSS.This issue affects Filled In: from n/a through = 1.9.2...