Access-Control

🟠 High | Source: The Hacker News Agentic AI systems are increasingly being deployed in defence and security networks, but this introduces new attack surfaces — illustrated by reports that an unauthorised group claimed access to Anthropic’s Claude Mythos model within hours of a limited technical preview. The incident highlights that AI capabilities in high-stakes environments are only as secure as the infrastructure underpinning them. Without robust access controls, segmentation, and identity governance, agentic AI deployments can become a significant liability rather than a force multiplier. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in OpenSSH versions before 10.3 (CVE-2026-35414) means the authorised_keys principals option is not handled correctly in certain edge cases where a principals list is combined with a Certificate Authority that uses comma characters in specific ways. This could allow unintended principals to authenticate, potentially granting unauthorised SSH access to affected systems. The issue is particularly relevant to cloud environments where certificate-based SSH authentication is used at scale. ...

🟢 Low | Source: AWS What’s New AWS IoT Device Management has enhanced its connectivity status API to include detailed MQTT session data, such as session timeout and expiry values, plus optional socket-level details including IP addresses, ports, and VPC endpoint IDs. Unlike the AWS IoT Core GetConnection API, which only retains data for 30 minutes post-disconnect, this API stores connection history indefinitely, improving long-term auditability. Access to sensitive socket-level information is controlled via IAM policies, allowing organisations to limit visibility to authorised teams. ...