Leaders warn that AI bug hunting outpaces humanity’s ability to defend systems

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

A widening chorus of financial regulators, AI developers, and open-source software leaders is warning that frontier AI systems are beginning to overwhelm traditional cybersecurity processes, raising fears that machine-driven vulnerability discovery could outpace the world’s ability to patch and defend critical systems.

The strongest warning yet came from the UK Treasury, Bank of England, and Financial Conduct Authority, which urged financial firms to take “active steps” against increasingly capable frontier AI-driven cyber threats. Regulators said current AI systems already exceed skilled human practitioners in “speed, scale, and cost” for certain cyber tasks and warned that defensive systems may need to operate at “comparable speed to AI-driven attacks.”

The concern intensified following reports that Anthropic has agreed to brief members of the Financial Stability Board — the G20-linked body chaired by Bank of England Governor Andrew Bailey — on vulnerabilities identified by the company’s highly restricted Claude Mythos Preview model. Regulators increasingly fear that advanced AI systems could expose weaknesses in the global banking system faster than institutions can remediate them.

Those fears are no longer theoretical. In the open-source world, Linux creator Linus Torvalds warned that AI-powered bug hunting has made the Linux security mailing list “almost entirely unmanageable,” with maintainers drowning in a flood of AI-assisted vulnerability reports that are often difficult and time-consuming to validate. The surge suggests that AI systems are already straining human-centered vulnerability disclosure and triage processes. (Muvija M and Suban Abdulla / Reuters, Martin Arnold / Financial Times, and Simon Sharwood / The Register)

Related: Benzinga, Business Insider, The Next Web, Reuters, The Paypers, Bank of England, Insurance Journal, Resultsense, Finextra,  lkml.orgl, Ghacks, Cyber Security News, XDA Developers, Neowin, Linuxiac, Slashdot, The Stack, Infosecurity Magazine

Researchers at Symantec now believe that a sophisticated malware strain known as Fast16, first discovered by SentinelOne, was secretly used to sabotage nuclear weapons development efforts, most likely in Iran, years before Stuxnet became public.

Unlike Stuxnet, which physically damaged centrifuges, Fast16 targeted scientific simulation software used to model nuclear detonations and altered the output of those simulations so researchers would falsely conclude their designs were failing.

The malware specifically manipulated calculations related to explosive pressure and nuclear supercriticality, introducing fake errors at critical moments in the simulations. Because the false data appeared legitimate and was synchronized across multiple systems, scientists and engineers would have had little reason to suspect sabotage rather than flaws in their own work.

Symantec researchers believe the operation dates to around 2005 and likely represented an early phase of the broader covert cyber campaign against Iran’s nuclear ambitions. Evidence pointing to Iran includes references to uranium physics, the use of LS-DYNA simulation software associated with Iranian weapons research, and the timing of the attacks during the height of Iran’s suspected weapons development efforts.

Experts view Fast16 as one of the earliest known examples of cyber operations designed not to destroy machines directly but to undermine scientific research itself by corrupting trusted technical data and misleading researchers into wasting years pursuing false conclusions. (Kim Zetter / Zero Day)

Related: SECURITY.COM, SentinelOne, r/cybersecurity, GBHackers

Open source analytics and visualization company Grafana Labs says an attacker gained access to part of its GitHub environment after obtaining a compromised token, allowing the threat actor to download the company’s codebase and attempt an extortion demand, which Grafana rejected.

Even with source code involved, Grafana stressed that the incident did not reach customer environments. The company said its review found no signs that customer data or personal information had been accessed during the breach, and no evidence that customer operations were affected.

The decision not to pay the attacker was another part of the company’s public statement. Grafana cited long-standing FBI guidance, which warns that ransom payments do not guarantee stolen data will be recovered or kept private. The agency has repeatedly argued that paying extortion demands encourages more attacks by giving cybercriminals a financial incentive. (Waqas / HackRead)

Related: CyberSecurityNews, CyberPress, GBHackers, Silicon Republic, Security Week, The Register, Techzine

DeFi protocol Verus is facing an ongoing exploit targeting its Ethereum bridge that has drained roughly $11.58 million so far, according to multiple blockchain security firms.

On-chain security platform Blockaid reported the attack, identifying the attacker's address as "0x5aBb…D5777." The stolen funds were stored in wallet address "0x65C…C25F9," Blockaid wrote.

Blockchain security firm Peckshield reported that the Verus-Ethereum bridge has been drained for 103.6 tBTC, 1,625 ETH, and 147,000 USDC. It added that the attacker subsequently swapped the stolen assets for 5,402 ETH, worth about $11.4 million.

Peckshield also noted that the attacker's address was initially funded with 1 ETH via Tornado Cash about 14 hours ago.

GoPlus, another security company, also flagged that the attacker appeared to have sent a low-value transaction to the bridge contract and called a specific function to have the bridge contract batch-transfer the reserve assets to the drainer.

"It is highly likely to be cross-chain message validation/signature forgery, withdrawal logic bypass, or access control flaw," said GoPlus.

The Verus team said in its Discord channel that the Verus network has halted, "with most block-generating nodes taking themselves offline after encountering byproducts of the attack as designed."

"Developers are investigating exactly how the attack was carried out and determining next steps," the team added. (Timmy Chen / The Block)

Related: Crypto Potato, crypto.news, CoinDesk, Crypto Briefing, Forklog

A hotel check-in system called Tabiq left more than 1 million customer passports, driver’s licenses, and selfie verification photos on the open web after a security lapse.

The data is now offline after TechCrunch alerted the company responsible.

The hotel check-in system is maintained by the Japan-based tech startup Reqrea. According to its website, Tabiq is used in several hotels across Japan and relies on facial recognition and document scanning to check guests in.

Independent security researcher Anurag Sen contacted TechCrunch earlier this week after discovering that the system was leaking the sensitive documents of hotel guests from around the world. Sen said this was because the startup set one of its Amazon cloud-hosted storage buckets, which the check-in system uses to store customer data, to be publicly accessible. The data inside could be viewed by anyone using a web browser, without needing a password, by knowing only the bucket name: “tabiq.”

Sen alerted TechCrunch in an effort to help notify the company. Reqrea locked down the storage bucket after TechCrunch reached out to both the company and Japan’s cybersecurity coordination team, JPCERT. (Zack Whittaker / TechCrunch)

Related: Zamin

US officials suspect Iranian hackers breached automatic tank gauge (ATG) systems used by gas stations to monitor fuel storage tanks.

The hackers allegedly accessed systems that were exposed online without password protection and, in some cases, altered display readings — though not actual fuel levels. Officials and experts say the activity did not cause physical damage, but it raised concerns because compromised monitoring systems could theoretically conceal dangerous conditions like gas leaks.

However, investigators may never be able to definitively attribute the hacks to Iran because the attackers left little forensic evidence behind.

The affected systems were sitting online without password protection, and the intrusions only altered display readings rather than actual fuel levels. No physical damage or injuries were known to have occurred.

Moreover, some experts suggest Iran may not have possessed the access or operational capability needed to carry out more destructive attacks. (Sean Lyngaas / CNN)

Related: Jerusalem Post, Security Magazine, Newsweek, International Business Times

According to CrowdStrike's 2026 Financial Services Threat Landscape Report, North Korea’s army of cyber operatives stole a record $2 billion in digital assets last year, fueled by the largest financial theft ever reported—$1.46 billion stolen in a single operation from crypto exchange Bybit. 

The attackers pulled off the heist by compromising a software developer’s laptop at a third-party platform the Dubai-based Bybit relied on, and then stealing the developer’s credentials and ultimately draining the assets from the exchange, according to the FBI. 

That $1.46 billion payload was the most spectacular strike in what turned out to be a record 2025. North Korea-linked cyber groups stole a combined $2.02 billion last year, up 51% year-over-year, according to CrowdStrike. The stolen billions were almost certainly laundered and will be used to fund the regime’s military and nuclear weapons programs. (Amanda Gerut / Fortune)

Related: Business Wire, CrowdStrike, BeInCrypto, cryptonews.net, Cyber Magazine, AI Magazine, FinTech Magazine

France’s tourism industry was hit by a string of cyberattacks over the weekend, with ‘Gîtes de France’ the latest to announce it has been the victim of an operation.

The breach gave a hacker access to the information of potentially 389,000 clients who have used the website to book a stay at a gîte across Europe.

“A security incident resulted in unauthorised access to certain data related to customer booking records,” said the website in a press release given to Agence France Presse.

Information that hackers gained access to includes customers' names, dates, and number of nights they stayed at a location, email addresses, phone numbers, and postal addresses. However, no banking information was collected, say Gîtes de France.

It includes people who booked with the company between 1995 and 2026, but “only a few French departments are concerned,” said the group. This reportedly includes Guadeloupe, Cantal, and Haute-Garonne.

It is the third booking website to be affected by a security breach in recent days, following the Pierre & Vacances-Center Parcs group on Friday and Belambra – operator of 44 holiday clubs in France – on Saturday.

Belambra confirmed that information obtained in the cyberattack included 41,000 detailed booking reports, 42,000 customer bookings, and 360,000 data points from bookings relating to children.

Pierre & Vacances-Center Parcs group said the breach on its end saw information about 1.6 million bookings taken.

All three groups will file complaints with France’s public prosecutor and the CNIL (Commission nationale de l'informatique et des libertés) over the incidents. (Zane Lilley / The Connexion)

Related: Caliber

OpenAI appears to be shifting toward a more supportive stance on meaningful state-level AI safety regulation after facing criticism for backing an Illinois bill that included liability protections for AI companies.

That earlier bill, SB 3444, would have shielded companies from liability if they met minimal transparency requirements, prompting backlash from AI safety advocates who viewed it as overly favorable to industry interests.

OpenAI is now distancing itself from that position. In written testimony to the Illinois Senate, OpenAI representative Caitlin Niedermeyer said the company does not support the bill’s liability safe harbor provision and explained that OpenAI had originally supported the legislation because it contributed to broader AI safety coordination rather than because of the liability protections themselves.

OpenAI has gone further by joining Anthropic in supporting a stronger Illinois bill, SB 315, which focuses on catastrophic AI risks and would require major AI companies to create and follow formal frontier safety frameworks. Unlike some earlier proposals, the bill also includes third-party audits to verify compliance, a provision that AI safety groups strongly support and that industry actors had previously resisted. (Shakeel Hashim / Transformer)

Related: Scribd

Microsoft confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors.

This known issue is caused by insufficient free space on the EFI System Partition (ESP), which results in the update automatically rolling back on affected devices.

"This issue affects devices with limited free space on the EFI System Partition (ESP), especially when the device has 10 MB or less space available," Microsoft said.

"On affected devices, the installation might proceed through the initial phases but fail during the reboot phase at approximately 35–36% completion."

Users impacted by these installation problems also see the "Something didn't go as planned. Undoing changes." message when the installation rolls back, and may find log entries pointing to insufficient ESP free space.

While Microsoft is still working to resolve this issue, it advised affected customers to mitigate it using the Known Issue Rollback (a Windows feature that reverses buggy updates pushed via Windows Update). (Sergiu Gatlan / Bleeping Computer)

Related: GBHackers, Cyber Press, Windows Latest, Beta News, Forbes, Windows Central

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw.

Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows.

The latest exploits follow the researcher's previous disclosure of the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) as zero-day flaws, both of which began to be exploited in the wild shortly after being publicly disclosed.

As in previous cases, the researcher stated that the decision to publicly disclose the YellowKey and GreenPlasma vulnerabilities, along with guidance on how to leverage them, was driven by dissatisfaction with Microsoft’s handling of bug reports.

Chaotic Eclipse, or Nightmare-Eclipse on GitHub, said that they will keep leaking exploits for undocumented Windows vulnerabilities, even promising “a big surprise” for the next Patch Tuesday.

Independent security researcher Kevin Beaumont confirmed that the YellowKey exploit is valid and agreed that BitLocker has a backdoor. He recommended using a BitLocker PIN and a BIOS password as a mitigation. (Bill Toulas / Bleeping Computer)

Related: GitHub, Forbes, Security Affairs

Researchers at Depth First report that an 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution.

The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS).

Three more memory corruption security issues were discovered in the same six-hour code scanning session by researchers at AI-native security company DepthFirst AI.

CVE-2026-42945 is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0, which has been in the project’s code for roughly 18 years.

According to DepthFirst, the vulnerability can be triggered when NGINX configurations use both the ‘rewrite’ and ‘set’ directives, a pattern the researchers say is common in API gateways and reverse proxy setups.

Fixes were made available in NGINX Open Source 1.31.0 and 1.30.1, NGINX Plus R36 P4, and NGINX Plus R32 P6.

For those unable to upgrade, F5 recommends replacing unnamed PCRE capture groups ($1, $2, etc.) in vulnerable ‘rewrite’ rules with named captures, which eliminates the main exploitation prerequisite. (Bill Toulas / Bleeping Computer)

Related: Depth First, Security Affairs, Cyber Press, CSO Online, Security Week

The Polish government is urging public officials and "entities within the National Cybersecurity System" to stop using Signal, directing them to instead use an encrypted messenger developed by a leading Polish research organization.

The government stated that Signal comes with security risks, including social engineering attacks orchestrated by advanced persistent threat (APT) groups.

"National-level Computer Security Incident Response Teams (CSIRTs) have identified phishing campaigns conducted by APT groups linked to hostile state agencies," the Polish government says. "These attacks target, among others, public figures and government employees."

Offering examples of these social engineering campaigns, the government said attackers impersonate Signal support staff and abuse this perceived trust to take over victims' accounts. (Connor Jones / The Register)

Related: Gov.pl

Pwn2Own Berlin 2026 has come to an end, and participants earned a total of nearly $1.3 millon for exploits targeting Windows, Linux, VMware, Nvidia, and AI products.

According to TrendAI’s Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 unique vulnerabilities. Nearly $750,000 of the total amount was won by the first two teams: Devcore and StarLabs SG.

The two teams also received the highest payouts for a single exploit chain. Devcore earned $200,000 for a remote code execution exploit with System privileges on Microsoft Exchange, and $175,000 for a Microsoft Edge sandbox escape. It also received $100,000 for exploiting Microsoft SharePoint.

StarLabs SG won $200,000 for a VMware ESX exploit that included a cross-tenant code execution add-on. VMware was at the event and noted last week that Pwn2Own participants can earn up to $200,000 for ESX exploits.

The third-place team, Out Of Bounds, earned a total of $95,750. (Eduard Kovacs / Security Week)

Related: Zero Day Initiative, BleepingComputer, CyberInsider, Security Affairs, Notebookcheck, Forbes, Infosecurity Magazine

One of America's leading computer science researchers, Peter G. Neumann, died on Saturday at the age of 93 following complications related to a fall, still working full-time on a Pentagon-supported advanced computer security design, which is being adopted by companies such as Google and Microsoft.

“Peter Neumann is both one of the last of the old guard and a pointer to the future,” said Whitfield Diffie, a mathematician and cryptographer who is the co-inventor of public key cryptography. “He describes himself as having had a 70-year career in computer science, starting with his graduation from Harvard, and he has always advocated starting with hardware designed to support security.”

Neumann had been a frequent critic of the lax attitudes the industry has maintained toward both computer security and individual digital privacy.

“I’m fundamentally an optimist with regard to what we can do with research,” he said. “I’m fundamentally a pessimist with respect to what corporations that are fundamentally beholden to their stockholders do, because they’re always working on short-term appearance.” (John Markoff / The New York Times)

Best Thing of the Day: Some Things Still Work at the FBI

The FBI on Friday issued two timely alerts, one addressing the attacks on learning management systems, specifically Canvas, by ShinyHunters, and the other delivering data involving cryptocurrency kiosks at the state level.

Worst Thing of the Day: Time to Overhaul the ICO?

According to the Open Rights Group, under John Edwards’ leadership, the UK's ICO has seen a steady erosion of independence and regulatory integrity, which has affected its ability to effectively oversee public bodies' use of personal data.

Bonus Worst Thing of the Day: Agreeing With Steve Bannon

A letter signed by Steve Bannon and conservative anti-AI activists Amy Kremer, Brendan Steinhauser, and other loyal allies of Donald Trump is urging him to test and approve the most powerful AI models before they're released.

Closing Thought