BBC News | Champion ethical hacker warns AI tools like Mythos will make competing harder

AI generated summary, Read the full article for complete information.

Champion ethical hacker Valentina Palmiotti, known as “Chompie,” won the 2024 Pwn2Own Berlin competition by exploiting systems for prize money, but she warns that powerful new AI tools such as Anthropic’s Claude Mythos could soon make human‑only hacking contests impractical. While AI assistants like Claude Code currently help her and other researchers work faster, the emergence of more advanced models promises to automate many “lower‑hanging‑fruit” bugs, leaving only the very best hackers able to discover novel vulnerabilities. Fellow champion Orange Tsai sees AI as a useful research aid that can free up time but believes human creativity will still be essential. Both experts agree that if AI‑driven tools are responsibly released to defenders, they could tilt the balance against offensive hackers, though criminals are already experimenting with AI to accelerate attacks. The overall sentiment is that AI will raise the bar for security research, benefitting defenders while making traditional bug‑bounty hunting increasingly challenging.

Read more: https://www.bbc.com/news/articles/c3r2zjpryzro?at_medium=RSS&at_campaign=rss

#ValentinaPalmiotti #ClaudeMythos #Pwn2Own #OrangeTsai #AI

BBC News | Champion ethical hacker warns AI tools like Mythos will make competing harder

AI generated summary, Read the full article for complete information.

Valentina Palmiotti, known as “Chompie,” was the top individual at this year’s Pwn2Own hacking competition in Berlin, winning cash prizes by exploiting a Nvidia‑linked system and a Linux‑based target; she credits AI tools such as Claude Code for accelerating her work but warns that newer models like Anthropic’s Claude Mythos—and upcoming versions such as GPT 5.5 Cyber—could soon outpace even champion human hackers, making “lower‑hanging fruit” scarce and relegating ethical hackers to a niche where only the very best can still discover novel bugs. Fellow competitor Orange Tsai shares a more optimistic view, seeing AI as a powerful assistant that can augment research while still relying on human creativity, but both agree that the rise of advanced AI will raise the bar for security research, potentially benefitting defenders if the tools are released responsibly, even as criminal actors also begin to exploit AI for attacks.

Read more: https://www.bbc.com/news/articles/c3r2zjpryzro?at_medium=RSS&at_campaign=rss

#ValentinaPalmiotti #OrangeTsai #ClaudeMythos #GPT55 #Pwn2Own

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.

This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one #GitHub employee's device leads to 3,800 internal repositories exfiltrated — by #TeamPCP, the same group that poisoned 170 npm and #PyPI packages last week. #Grafana gets breached via a token nobody rotated after the TanStack attack, itself a TeamPCP operation. A GitHub Action used by thousands of projects gets compromised and starts exfiltrating CI/CD credentials. And somewhere in a public GitHub spreadsheet, CISA contractor credentials — including #AWS GovCloud keys — sat waiting to be found.

These aren't four separate incidents. They're one incident with four manifestations. The supply chain isn't a vector anymore; it's the terrain. Developer tooling, CI/CD pipelines, third-party actions, tokens issued and forgotten — all of it is now actively mapped and exploited with a persistence that makes the traditional "patch and move on" response look quaint. The Verizon DBIR dropped this week noting that third-party compromise is surging. The week's news was already illustrating the point before the report landed.

→ Week #21/2026 also covers: fast16 predated #Stuxnet and corrupted nuclear simulations quietly, #Pwn2Own Berlin paid $1.3M for 47 bugs, and #Bluesky got hijacked for Russian propaganda.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2026-the-supply-chain-didn-t-break-it-was-walked

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

📢 Pwn2Own Berlin 2026 : 47 zero-days exploités, 1,298,250 $ de récompenses
📝 ## 🏆 Contexte

Source : BleepingComputer, publié le 18 mai 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-05-19-pwn2own-berlin-2026-47-zero-days-exploites-1298250-de-recompenses/
🌐 source : https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/
#Pwn2Own #TTP #Cyberveille

Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at #Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.

Read: https://hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/

#CyberSecurity #BugBounty #Vulnerability #AI #0day

Hackers earn $1,298,250 for 47 zero-days at #Pwn2Own Berlin 2026

https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/

#cybersecurity

🔥 Pwn2Own Berlin 2026 ends with:
💰 $1.29M awarded
⚠️ 47 zero-days exploited
🎯 Microsoft Exchange, Windows 11, VMware ESXi, AI coding agents, Red Hat Linux all successfully hacked.
Enterprise + AI attack surfaces keep expanding.

Source: https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/

Follow @technadu for more.

#InfoSec #Pwn2Own #ZeroDay