Security researchers have admitted that Anthropic’s Mythos AI model has been able to hack macOS, bypassing Apple’s security systems in a way never previously achieved.

Mythos is an early version of a new, more powerful Claude AI model software that is yet to be made public. Anthropic’s engineers have warned that it is too good at finding security exploits to allow it into the wild.

Now, proof of its abilities has come in the form of an escalation exploit. If used correctly, the exploit could potentially allow a hacker to gain control of a Mac despite Apple’s security measures.

Detailing the news, The Wall Street Journal says that the security researchers were “excited about their discovery.” In fact, they were so impressed with what Mythos had done that they drove to Apple’s Cupertino HQ to share their findings.

Chained attacks

The researchers, from a Palo Alto-based research outfit, say that Mythos didn’t use a single attack vector in its hack. Instead, it linked two bugs macOS together in an attempt to corrupt the Mac’s memory.

The macOS operating system has been hacked in a new way

Once the macOS memory had been compromised, Mythos was then able to “gain access to parts of the device that should be inaccessible.” It’s also possible that, should the hacks then be used alongside others, the Mac as a whole could become compromised.

For its part, a company spokesperson told the WSJ that it is reviewing and validating the security team’s findings.

“Security is our top priority, and we take reports of potential vulnerabilities very seriously,” Apple reportedly said. However, Apple hasn’t yet said whether it has patched the bugs Mythos used for its hack.

In fact, it isn’t clear what Mythos did and didn’t do right now. That shouldn’t be all that surprising, with details likely to remain fuzzy until Apple has addressed the security flaws that were leveraged.

However, the report also notes that the attack couldn’t be achieved by Mythos alone. Without the skills of the hackers working alongside the AI, it is believed the hack wouldn’t have been possible.

As for Mythos, Anthropic intends for it to be used for good. Project Glasswing was launched to allow Mythos to be used as a way to identify security flaws so they can be addressed.

The idea that an AI system could improve itself, then use those improvements to improve itself again, faster, in an accelerating loop that eventually outpaces every human researcher on earth, has been a fixture of computer science folklore since at least the 1960s. For most of that time, it remained comfortably theoretical. Now someone has raised $650 million to build it.

Recursive Superintelligence, a startup founded by former leaders from Meta AI, Google DeepMind, OpenAI, Salesforce AI, and Uber AI, emerged from stealth on 13 May with a $4.65 billion valuation and a thesis that would have sounded like science fiction two years ago but now sits squarely within the Overton window of Silicon Valley ambition. The company’s stated mission: build AI systems that can autonomously discover knowledge, continuously optimise themselves, and evolve in an open-ended loop, much like biological evolution, but without the inconvenience of waiting millions of years.

The team behind the loop

The round was led by GV, Alphabet’s venture capital arm, and Greycroft, with participation from Nvidia and AMD, the two chipmakers whose hardware underpins virtually all frontier AI training. The involvement of both companies is notable: strategic investment from the firms that sell the picks and shovels suggests they see recursive self-improvement not as a theoretical curiosity but as a near-term compute customer.

The founding team is built to signal credibility. Richard Socher, the former chief scientist at Salesforce and founder of the AI search engine You.com, leads the company alongside seven co-founders: Yuandong Tian, formerly a research scientist director at Meta’s Fundamental AI Research lab (FAIR), where he led work on reinforcement learning, LLM reasoning, and AI-guided optimisation; Tim Rocktaschel, a professor of AI at University College London and former principal scientist at Google DeepMind; Alexey Dosovitskiy, one of the authors of the Vision Transformer (ViT), the 2020 paper that reshaped computer vision research; Josh Tobin, formerly of OpenAI; Caiming Xiong; Tim Shi; and Jeff Clune. Peter Norvig, co-author of Artificial Intelligence: A Modern Approach, the standard university textbook in the field, serves as an adviser.

Tian Yuandong’s involvement is particularly striking. A graduate of Shanghai Jiao Tong University who went on to earn a PhD in robotics from Carnegie Mellon, Tian spent over a decade at Meta FAIR, where his work spanned some of the most consequential problems in modern AI research. He led the DarkForest Go project, a CNN-based Go AI developed before DeepMind’s AlphaGo captured global attention, and later became lead scientist on ELF OpenGo. His departure from Meta and immediate entry into a startup pursuing the most ambitious goal in the field is itself a signal: the talent that built the current generation of AI systems is now betting that the next generation can build itself.

What recursive self-improvement actually means

The concept is deceptively simple. Instead of human researchers designing each new generation of AI, an AI system would automate parts of its own research and development process, generating improvements that in turn make it better at generating improvements. A company that achieves this first would, in theory, be able to extend its lead over competitors exponentially, because its development velocity would be compounding rather than linear.

Recursive Superintelligence has outlined a staged roadmap. The first step, according to company materials, is to train a system with the capabilities of “50,000 doctors” to automate AI scientific research itself. From there, the company plans to run what it calls a “Level 1” autonomous training system, with a public launch targeted for mid-2026. The funding will be used in part to secure the large-scale compute infrastructure required to run these experiments.

The company currently operates from offices in San Francisco and London, with a team that has expanded beyond 25 researchers and engineers. The round was described as heavily oversubscribed.

The race is already on

Recursive Superintelligence is not pursuing this thesis in isolation. The largest AI laboratories are already using their own models to accelerate research. Anthropic has said that the majority of its code is now written by Claude. OpenAI has reported that GPT-5.5 developed a parallelisation method that boosted token generation speeds by more than 20%. Google DeepMind has built AlphaEvolve, a coding agent designed for scientific and algorithmic discovery. Google co-founder Sergey Brin has reportedly described coding gains as a path to “AI takeoff” internally.

What distinguishes Recursive Superintelligence from these efforts is that none of the major laboratories has organised an entire company around recursive self-improvement as its core commercial thesis. OpenAI, Anthropic, and Google DeepMind all use AI to assist their research workflows, but their businesses are built around selling models and API access. Recursive is betting that the self-improvement loop itself is the product.

Whether that bet pays off depends on a question that remains genuinely open: whether recursive self-improvement produces the kind of runaway acceleration its proponents describe, or whether it converges on diminishing returns as each cycle of improvement yields smaller gains. Anthropic co-founder Jack Clark has estimated a roughly 60% probability that a system capable of training a more powerful successor on its own, without human involvement, will exist by the end of 2028, and a 30% chance by 2027.

For now, what is certain is the price the market has placed on the possibility. Recursive Superintelligence is four months old, has fewer than 30 employees, and has not released a product. It is valued at $4.65 billion. In the current AI investment climate, the promise of a machine that can improve itself is apparently worth more than many companies that have already built one.

Running watches have slowly evolved from being niche gadgets meant only for marathon runners into something much more mainstream. If you’re in the market for a running watch, the Garmin has something for you. The company has just launched the Garmin Forerunner 70 and Garmin Forerunner 170 series, two new running-focused smartwatches aimed at beginners and everyday fitness users. Both watches feature AMOLED displays, touchscreen support, and Garmin’s traditional five-button design that long-time users will instantly recognize.

Interestingly, Garmin isn’t positioning these as premium athlete-first devices. Instead, the focus here seems to be accessibility. The company says the new watches are designed to help users start their fitness journey while still bringing in several advanced training features from Garmin’s higher-end Forerunner lineup.

What’s the Forerunner 70 and the Forerunner 170 About?

The Garmin Forerunner 70 is built for people who want the essentials without getting overwhelmed. It comes with built-in GPS, wrist-based heart rate tracking, pace and distance monitoring, and quick workout suggestions based on fitness level and intensity preferences. Garmin is also bringing over features like Garmin Coach, daily suggested workouts, sleep tracking, Pulse Ox monitoring, HRV status, and training readiness tools. There are over 80 built-in sports modes as well, including swimming, cycling, and strength training.

Battery life also looks pretty solid. Garmin claims the watch can last up to 13 days in smartwatch mode, which is honestly refreshing in a world where most wearables still need charging every other day. The watch will be available in colors like citron, lavender, black, and whitestone.

On the other hand, the Garmin Forerunner 170 takes things a step further by adding additional recovery and performance-tracking tools. It includes features like training status, training readiness, and more structured Garmin Coach plans for runners training toward specific goals. Garmin is also launching a Music version of the watch, which will be available in brighter color variants like teal green and red pink. Battery life on the Forerunner 170 series is rated at up to 10 days in smartwatch mode.

The new Forerunner 70 and 170 series will launch in India in June 2026 after import certifications are completed. Garmin hasn’t revealed pricing yet.

HP has announced a massive refresh of its India lineup with more than 20 new products spanning laptops, tablets, AI workstations, collaboration gear, and even printers. And yes, just like every other tech launch in 2026, the letters “AI” were everywhere. Still, there are a couple of genuinely interesting products here, especially HP’s first Android tablet for India and a bizarre new “keyboard PC” that honestly looks straight out of a sci-fi setup.

HP OmniPad 12

Windows tablets are nothing new and have been on the market for ages. So, when HP announced its new OmniPad, we all thought it would be a Windows tablet for creative users. Well, it’s not. The OmniPad 12 is powered by the Qualcomm Snapdragon SM6475Q processor and runs Android, optimized for the bigger screen. The front houses a 12-inch 2K (1,200×2,000 pixels) multi-touch display with a 90Hz refresh rate and a peak brightness of 400 nits.

For cameras, HP has included a 13MP rear sensor alongside a front-facing 8MP camera for video calls. The company claims the 31Wh battery can deliver up to 18 hours of usage. Pricing starts at ₹48,999, which places the OmniPad 12 directly against Apple’s iPad Air and premium Android tablets from Samsung. We should get our hands on a review unit soon to see how well it actually stacks up.

PC in a Keyboard?

Among all the announcements, the HP EliteBoard G1a Next Gen AI PC is probably the strangest. HP describes it as the world’s first AI keyboard PC, which basically means the entire computer is built into a keyboard.

HP says the machine can deliver up to 50 TOPS of NPU performance using the AMD processor and is designed for hybrid work environments where portability and simplicity matter. While AI branding is becoming exhausting at this point, the compact form factor itself is actually pretty interesting.

EliteBook, ProBook, And OmniBook Get AI Upgrades

Beyond the bizarrness of the EliteBoard, HP has refreshed almost its entire laptop lineup in India with new processors. This includes the EliteBook X G2, EliteBook 8 G2, ProBook 4 G2, and several new OmniBook models.

The EliteBook and ProBook series are clearly aimed at enterprise users, with features like HP Wolf Security and HP Sure View privacy protection. HP claims some configurations can deliver up to 85 TOPS of AI performance, though realistically, most users will probably care more about battery life and everyday responsiveness than AI numbers alone.

The OmniBook lineup, on the other hand, targets mainstream users and creators. Models like the OmniBook Ultra 14, OmniBook X, OmniBook 5, and OmniBook 3 focus heavily on portability and AI-assisted features like posture correction, gesture controls, and smart meeting enhancements. HP is also bundling compact GaN chargers with some models, which is genuinely useful for people constantly traveling with their laptops.

New Work Stations

For professionals working with demanding AI or rendering workloads, HP has launched new Z-series workstations in India, including the HP Z8 Fury G6i, HP ZGX Nano G1n AI Station, HP Z4 G6i, and HP ZBook X G2i 16. These machines can be configured with both AMD and Intel hardware and are aimed at creators, developers, engineers, and enterprise users handling heavy workflows.

HP also announced updates to its Workforce Experience Platform (WXP), which now includes AI-driven tools for device management and workflow automation. The goal here is to help IT teams monitor devices more efficiently and identify system issues before they become major problems.

Pricing and Availability

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution.

The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS).

Three more memory corruption security issues were discovered in the same six-hour code scanning session by researchers at AI-native security company DepthFirst AI.

NGINX is a massively used web server and reverse proxy platform, powering a third of the top ranked websites. It can efficiently balance load by distributing incoming network traffic to multiple backend servers and reduce load times by caching content.

Owned and maintained by American tech firm F5, the web server is used by cloud providers, SaaS companies, banks, media platforms, e-commerce sites, and in Kubernetes clusters.

CVE-2026-42945 is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0, which has been in the project’s code for roughly 18 years.

According to DepthFirst, the vulnerability can be triggered when NGINX configurations use both the ‘rewrite’ and ‘set’ directives, a pattern the researchers say is common in API gateways and reverse proxy setups.

The flaw stems from inconsistent state handling in NGINX’s internal script engine, which processes rewrites in two passes: one to calculate the amount of memory to allocate, and one to copy the actual data.

An ‘is_args’ flag remains set after a rewrite containing ‘?’, causing NGINX to calculate buffer size using unescaped URI lengths but later write larger escaped data like ‘+’ and ‘&’, leading to a heap buffer overflow.

The researchers demonstrated unauthenticated code execution via specially crafted HTTP requests that corrupt adjacent NGINX memory pool structures, overwrite cleanup handler pointers, spray fake structures into memory via POST request bodies, and force NGINX to execute ‘system()’ during pool cleanup.

However, remote code execution was achieved on a system with the Address Space Layout Randomization (ASLR) protection against memory-based attacks turned off. This defense is active by default, but it can be disabled to increase performance in some environments, such as embedded systems and virtual machines used for analysis.

DepthFirst notes that NGINX’s multi-process architecture makes exploitation easier because worker processes inherit nearly identical memory layouts from the master process, enabling reliable heap manipulation and repeated attempts if a worker crashes.

“If our exploit fails and crashes a worker, the master process simply spawns a new one with the exact same memory layout,” the researchers explain.

“This allows us to safely try multiple times until we succeed without worrying about the worker crashing and changing the memory layout.”

“Theoretically, we could leverage this design to leak ASLR (Address Space Layout Randomization) by progressively overwriting pointers byte by byte.”

The other three flaws uncovered by DepthFirst received a medium severity rating:

• CVE-2026-42946 — excessive memory allocation in SCGI/UWSGI modules that can crash workers via ~1 TB allocations (high severity)
• CVE-2026-40701 — use-after-free in asynchronous OCSP DNS resolution handling (medium severity)
• CVE-2026-42934 — off-by-one UTF-8 parsing bug causing out-of-bounds reads (medium severity)

Impact and fixes

The vulnerabilities were discovered on April 18, 2026, and reported to the vendor on April 21.

According to F5’s security advisory, released yesterday, the flaws impact the following NGINX builds:

• NGINX Open Source versions 0.6.27 through 1.30.0
• NGINX Plus R32 through R36
• NGINX Instance Manager 2.16.0 through 2.21.1
• F5 WAF for NGINX 5.9.0 through 5.12.1
• NGINX App Protect WAF 4.9.0 through 4.16.0 and 5.1.0 through 5.8.0
• F5 DoS for NGINX 4.8.0
• NGINX App Protect DoS 4.3.0 through 4.7.0
• NGINX Gateway Fabric 1.3.0 through 1.6.2 and 2.0.0 through 2.5.1
• NGINX Ingress Controller 3.5.0 through 3.7.2, 4.0.0 through 4.0.1, and 5.0.0 through 5.4.1

Fixes were made available in NGINX Open Source 1.31.0 and 1.30.1, NGINX Plus R36 P4, and NGINX Plus R32 P6.

For those unable to upgrade, F5 recommends replacing unnamed PCRE capture groups ($1, $2, etc.) in vulnerable ‘rewrite’ rules with named captures, which eliminates the main exploitation prerequisite.

Exploitability in the real world

Some security researchers have pushed back on the real-world exploitability claims surrounding CVE-2026-42945, arguing that DepthFirst’s proof-of-concept relies on highly specific conditions that are not commonly present in default deployments.

Researcher Kevin Beaumont noted that exploitation requires a vulnerable NGINX configuration using particular rewrite patterns, the attacker must know or discover the affected endpoint, and the published RCE PoC was tested with ASLR disabled.

Beaumont stressed that the researchers’ exploit was built against a deliberately vulnerable setup and does not demonstrate reliable code execution against hardened real-world systems

AlmaLinux echoed a similar assessment in their advisory, after independently reproducing the flaw.

The Linux distribution maintainers confirmed that crashing NGINX worker processes via a crafted request is trivial and reliable, making denial-of-service attacks realistic.

However, they stated that turning the heap overflow into dependable remote code execution on systems with ASLR enabled “is not trivial,” and they do not expect a generic, reliable exploit to emerge from depthfirst’s work.

At the same time, AlmaLinux cautioned that “not easy” does not mean impossible, and the DoS potential is enough on its own to treat the issue as urgent.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

from the good-luck-with-that dept

A new “Christian” mobile phone provider named Radiant Mobile is promising to offer a wireless service that censors all LGBTQ+ content. The MVNO (mobile virtual network operator), which runs on the T-Mobile network, says it’s keen to deliver “faith-focused mobile service,” according to the company’s website.

According to NIT Technology Review, the MVNO is working alongside Israeli cybersecurity firm Allot to impose a network-level blockade of not just all pornography on the internet, but all LGBTQ+ content as well:

“We are going to create—and we think we have every right to do so—an environment that is Jesus-centric, that is void of pornography, void of LGBT, void of trans, Radiant Mobile’s founder, Paul Fisher, told MIT Technology Review.”

“Void of trans,” indeed. Good luck with all that. Porn filter systems, no matter whether device or network centric, are notoriously fickle and routinely make all manner of filtering mistakes that wind up blocking all manner of additional content. They’re also historically easy to bypass, depending on how they’re designed.

The article makes it clear that Fisher’s primary target is porn, and it sounds like censoring gay and trans related content isn’t something that’s been particularly well thought out. They’ll figure out in practice that trying to “sanitize” the internet on the network level to somehow conform to narrow worldviews isn’t technically possible, no matter what promises Allot is making to Reliant to justify their price tag:

“The technology to do this blocking is a blunt instrument: Allot groups website domains into more than a hundred categories, which include pornography but also violence, malware, gaming, and in Radiant Mobile’s case “sects,” which includes websites about Satanism. If one of its users tries to visit a website that belongs to a blocked category, the page won’t load.”

Yes, this would technically violate FCC net neutrality rules if the corrupt U.S. courts hadn’t dismantled them, but even if the rules still existed they wouldn’t have been enforced by the Trump FCC anyway. And yes, this raises all sorts of First Amendment and privacy legal questions, which is probably why T-Mobile tried to distance itself from things when contacted by MIT Technology Review:

“A representative for T-Mobile did not comment on whether these content blocks violate any of its policies. In a statement, the representative added that T-Mobile does not have a direct relationship with Radiant Mobile but instead works through the MVNO manager CompaxDigital.”

Fisher, who is apparently pivoting from a career as a supermodel agent to sell this heavily censored version of the internet to purportedly moral religious folks, is trying to strike brand partnerships with evangelical churches. Fisher’s backed by $17.5 million in investment from Compax Ventures and Roger Bringmann, a vice president at Nvidia.

There’s been a flood of these lazy MVNOs that pander to Trump zealots and operate on the T-Mobile network, not least of which is the Trump Organization’s Trump Mobile, which promised customers an expensive new Trump reskinned phone “made in America” that was being made in China and it never actually delivered (despite a lot of down payments). So: It’s all quite on brand.

Filed Under: bigots, censorship, fcc, filtering, lgbtq, mobile, mvno, net neutrality, network, paul fisher, roger bringmann, telecom, wireless

Companies: allot, compax ventures, nvidia, radiant mobile, t-mobile

• Blades of Fire has just arrived on Steam
• The game originally came out for PC via the Epic Games Store and consoles in May last year
• It comes alongside the launch of a huge content update and a 25% discount

One of the most underrated games of 2025 has just arrived on Steam alongside the release of a massive new update.

Blades of Fire first came out in May last year, releasing for PlayStation 5, Xbox Series X and Series S, and PC via the Epic Games Store. It’s a third-person action game with plenty of soulslike qualities, including a vast interconnected world, challenging enemies, and a brutal checkpointing system.

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks.

The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2].

Initial access brokers (IAB) like KongTuke typically sell company network access to ransomware operators, who use it to deploy file-theft and data-encrypting malware.

Cybercriminals have increasingly adopted Microsoft Teams in attacks, reaching out to company employees and pretending to be IT and help-desk staff.

The victims are convinced to run a malicious PowerShell command on their systems, which deploys the “ModeloRAT” malware.

ReliaQuest researchers observed this activity and say that it is a shift in tactics for KongTuke, who previously relied solely on web-based “FileFix” and “CrashFix” lures.

“This Teams activity, which appears to add to, rather than replace, that web-based approach, marks the first time we’ve seen KongTuke use a collaboration platform for initial access,” explains ReliaQuest.

“In the incidents we investigated, a single external Teams chat moved the operator from cold outreach to a persistent foothold in under five minutes.”

The campaign has been active since at least April 2026, with KongTuke rotating through five Microsoft 365 tenants to evade blocking, the researchers say.

To pass as internal IT support staff, the attacker uses Unicode whitespace tricks to make the display name appear legitimate.

The malicious PowerShell command shared via Teams downloads a ZIP archive from Dropbox that contains a portable WinPython environment, which eventually launches the Python-based malware, ModeloRAT (Pmanager.py).

The malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.

ReliaQuest notes that the ModeloRAT version used in this recent campaign has evolved compared to what was seen in previous operations, mostly in three ways:

1. A more resilient C2 architecture with a five-server pool, automatic failover, randomized URL paths, and self-update capability.
2. Multiple independent access paths, including a primary RAT, a reverse shell, and a TCP backdoor, running on separate infrastructure to preserve access if one channel is disrupted.
3. Expanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.

The researchers note that the scheduled task isn’t removed by the implant’s self-destruct routine, which wipes the other persistence mechanisms, and can persist through system reboots.

To defend against Team-initiated attacks, it is recommended to restrict external Microsoft Teams federation using allowlists to block these attempts at their start.

Additionally, administrators can use the indicators of compromise available in ReliaQuest’s report to hunt for attacks, signs of compromise, and persistence artifacts.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot