Newsletter 2026-05-12

Posted on May 12, 2026

Another Week, another round of interesting news. This time with different views on the Claude Mythos results from Mozilla and Curl


Citizenlab has compiled studies on telco network surveillance. Very comprehensive, but also very interesting.


Talos has identified a previously unknown attacker using the CloudZ RAT with a plugin “Pheno” that’s used to check if the Phone Link application is being used under Windows. The goal is probably to obtain credentials and possibly also OTP codes.


An interesting article on how tools for validating images are being used to present real images as manipulated images.


Jakob Wolffhechel conducted a 9-week audit of the management stack of XenServer. This resulted in 89 (!) vulnerabilities. If I saw correctly, all with GCVEs. Some low and medium findings, but also various high and criticals. Worth taking a look, especially if you’re dealing with it.


Qilin had an OpSec problem that Ctrl-Alt-Intel used to take a closer look at parts of current operations.


And because it’s something different, today Ruby Gems and Go modules have been compromised.


Newton Paul went hunting for internet-facing C2 frameworks and found, among other things, an Android C2 that apparently isn’t known yet.


SynAcktiv was able to inject a reverse shell into the Philips Hue Bridge at Pwn2Own, and that over the Zigbee channel. Through cleverly chosen triggers, they could reliably trigger the attack.


Talos shows in their blog post how VOIP numbers are structured and how they’re reused in scam campaigns.


Nico Dekens describes the problems that are becoming increasingly apparent for many OSINT professionals. Source verification is becoming increasingly difficult as information is being placed more deliberately and disinformation campaigns (partly with the help of AI) are becoming easier.


GitHub looked at how to monitor and make token usage more efficient in agent-based workflows. Removing unnecessary software is once again an advantage here.


Daniel Stenberg comments on the results Mythos found in curl and clarifies that it’s significantly fewer than many expected/feared (depending on perspective). But also makes clear that AI-assisted bug hunting delivers significantly better results than classic scanners.


Mozilla also addresses the results and apparently has “stronger results” in Firefox 150. To just quote this: “Of the 271 bugs we announced for Firefox 150: 180 were sec-high, 80 were sec-moderate, and 11 were sec-low.”


Read you next week