Cyber Threat Intelligence Report

This week, we briefed our clients on Anthropic's announcement of Claude Mythos Preview and its alleged ability to discover and exploit vulnerabilities.

 KEY TAKEAWAYS 

• Claude Mythos Preview claims to find 0-days and craft exploits autonomously. 

• Critical and high-severity vulnerabilities in Adobe, SAP, Microsoft, Cisco, nginx-ui, and protobufjs, plus updates to CISA KEV, patch now!

The Legend of Mythos

On April 7, Anthropic announced a new general-purpose language model "Claude Mythos Preview". What sets this model's capabilities apart from any other previous model is its alleged ability to not only discover new vulnerabilities in software, but quickly craft working exploits for these new vulnerabilities. The capabilities of this model are so powerful and potentially dangerous, Anthropic has temporarily halted public release. They have instead created Project Glasswing, where the model was shared with "Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks in an effort to secure the world's most critical software."

If the claims made by Anthropic are true, the dreaded day where AI systems can allow effectively any user (including threat actors) to rapidly identify vulnerabilities and craft working exploit code is here. Even if this specific model does not quite live up to the hype, this is an early warning signal to the cybersecurity community that things are about to rapidly change. While we may eventually get to a point where defenders are equally armed with AI tools to identify and remediate these new vulnerabilities, there will almost certainly be a period of time where there is a gap in capabilities between attackers and defenders. 

The Claim

Anthropic's claims for the capabilities of this model are staggering, and if true will have major implications across the cybersecurity landscape. In order to convey the weight of these claims, instead of paraphrasing, we are including the full quote from the announcement:

"During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so. The vulnerabilities it finds are often subtle or difficult to detect. Many of them are ten or twenty years old, with the oldest we have found so far being a now-patched 27-year-old bug in OpenBSD—an operating system known primarily for its security.

The exploits it constructs are not just run-of-the-mill stack-smashing exploits (though as we’ll show, it can do those too). In one case, Mythos Preview wrote a web browser exploit that chained together four vulnerabilities, writing a complex JIT heap spray that escaped both renderer and OS sandboxes. It autonomously obtained local privilege escalation exploits on Linux and other operating systems by exploiting subtle race conditions and KASLR-bypasses. And it autonomously wrote a remote code execution exploit on FreeBSD’s NFS server that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain over multiple packets.

Non-experts can also leverage Mythos Preview to find and exploit sophisticated vulnerabilities. Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit. In other cases, we’ve had researchers develop scaffolds that allow Mythos Preview to turn vulnerabilities into exploits without any human intervention."

The Reality So Far

While access to Mythos has so far been closely guarded, there has been some public research regarding its capabilities. In a report titled "Our evaluation of Claude Mythos Preview's cyber capabilities", the UK's AI Security Institute ran Mythos and several other AI models against a variety of Capture-the-Flag (CTF) environments. Several key takeaways from these tests include:

• Mythos Preview completed over 95% of the "beginner-level" CTF tasks
• Mythos Preview succeeded 73% of the time against "expert-level" tasks, something no model could complete before April 2025.
• The Institute created a special cyber range called "The Last Ones" (TLO) that simulated a 32-step corporate network attack simulation. Mythos Preview completed all 32 steps in 3 out of 10 attempts and averaged 22 out of 32 steps.

It should be noted that the simulated environment emulated a "small, weakly defended and vulnerable" set of enterprise systems. The research also showed that token limitations hindered its capabilities. More tokens equaled more success. While the tool was not perfect, it outperformed all other AI models in the test and surpassed all previous testing results.

Additionally, per the BBC, the U.S. Treasury confirmed it had raised the issue of Mythos Preview's capabilities with major banks, strongly encouraging them to test it on their systems before any public release of the model. The model's capabilities are advanced enough that the global financial market is taking the threat of it very seriously.

How to Protect Your Organization

Organizations are going to have to rethink and modernize their approach to cybersecurity. In a recent blog by Google Threat Intelligence titled "Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Ever", they outline the "Modern, AI-Integrated Defensive Roadmap". While the full details of this are beyond the scope of this article, Google suggests the following for organizations:

• Secure Your Code - This includes protecting code repositories, continuously scanning code for vulnerabilities, and implementing frameworks such as Wiz's SDLC Infrastructure Threat Framework (SITF).
• Move to Automated Security Operations - The volume of automated attacks are going to continue to rise, causing analyst fatigue and burnout. Automating as much as possible will reduce burnout and lower time to remediation.
• Reduce Attack Surface - Reduce exposure of internet-facing systems, implement zero-trust architectures, maintain network segmentation to reduce blast radius.
• Maintain Continuous Asset Discovery and Posture Management - Organizations must know where all of their assets are. Annual or quarterly scans are no longer sufficient. Organizations must eliminate blind spots and shadow IT/AI.
• Expand Automated Scanning Coverage - Automated vulnerability scanning should cover every major operating system in use.
• Enhance Network Device Patching and Limit Connectivity - Implement automated processes to reduce time to patch. Block unnecessary outbound connections from internal network devices. Baseline which outbound connections are normal in order to alert against anomalies.
• Formalize Emergency Remediation SLAs - Define remediation SLAs based on severity, exposure, and asset criticality.
• Secure AI Agents and Implement SAIF - AI agents create and expand the attack surface. Organizations should adopt frameworks such as Google's Secure AI Framework (SAIF) to guide deployment of AI models and applications.

Whether or not Claude Mythos Preview fully lives up to the hype, it is clear that AI is at the precipice of fundamentally shifting the cybersecurity paradigm. These threats can no longer be ignored and need to be taken very seriously. Organizations have a very narrow window of time before these tools are released to the general public. Organizations need to push beyond cybersecurity fundamentals and embrace the new AI paradigm in order to protect themselves.

Resources:

• https://red.anthropic.com/2026/mythos-preview/

• https://www.anthropic.com/glasswing
  

• https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities
  

• https://cloud.google.com/blog/topics/threat-intelligence/defending-enterprise-ai-vulnerabilities
  

• https://www.wiz.io/blog/sitf-sdlc-threat-framework
  

• https://www.saif.google/secure-ai-framework
  

• https://www.wiz.io/blog/claude-mythos
  

• https://www.bbc.com/news/articles/c2ev24yx4rmo

Vulnerability Roundup

Adobe Releases Emergency Fix for Acrobat 0-day

On April 11, Adobe published a security update to address a zero-day vulnerability in their Adobe Acrobat software. Tracked as CVE-2026-34621, the flaw allows malicious PDF files to bypass sandbox restrictions and invoke privileged JavaScript APIs which can potentially lead to arbitrary code execution. No user interaction is required other than opening the malicious PDF file. Evidence of malicious file samples suggest this vulnerability has been exploited in the wild since at least December 2025. Affected versions are:

• Acrobat DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
• Acrobat Reader DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
• Acrobat 2024 versions 24.001.30356 and earlier (fixed in 24.001.30362 on Windows, 24.001.30360 on Mac)

No workarounds are available; only the security update addresses the vulnerability. Administrators are urged to patch as soon as possible.

• https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-34621
  

• https://www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/

Critical SQL Injection Flaw in SAP

Among the 20 Security Notes disclosed by SAP on their April 2026 Patch Day is a critical SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse. Tracked as CVE-2026-27681, the flaw allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed by the program. This can allow the threat actor to extract sensitive data as well as delete or corrupt database content. The fix can be found in SAP Security Note #3719353. Administrators are urged to patch as soon as possible.

• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html
  

• https://onapsis.com/blog/sap-security-notes-april-2026-patch-day/
  

• https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html
  

• https://pathlock.com/blog/security-alerts/sap-patch-day-april-2026-critical-sql-injection-authorization-flaws/
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-27681  

Patch Tuesday SharePoint Zero-Day

As part of the April Patch Tuesday, Microsoft addressed a zero-day "spoofing" vulnerability in Microsoft SharePoint. Tracked as CVE-2026-32201, successful exploitation can allow an attacker to "view some sensitive information and make changes to disclosed information". Microsoft so far has not shared details on exactly how this was exploited, or the scale at which it was exploited. However, since it is under active exploitation, administrators are urged to apply the Patch Tuesday fixes as soon as possible.

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-32201
  

• https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html

BlueHammer, Redsun, and UnDefend

Over the last two weeks, a series of vulnerabilities and corresponding proof-of-concept code was released by a researcher going by "Nightmare-Eclipse" on GitHub. All three of the vulnerabilities target Windows Defender. The first vulnerability, known as "BlueHammer", is a privilege escalation vulnerability in Defender that allows attackers to gain SYSTEM privileges. This flaw is tracked as CVE-2026-33825 and was addressed in the latest Patch Tuesday by Microsoft. However, two more flaws were disclosed by the researcher.

A flaw known as "UnDefend" is a denial of service vulnerability that when executed prevents Windows Defender from receiving updates, and has an "aggressive" mode that when executed in certain conditions can cause Defender to stop responding altogether.

The last flaw disclosed is known as "RedSun", and is also a privilege escalation vulnerability. There is currently no fix for this vulnerability, and has already been observed to be exploited in the wild. The exploit works by abusing a feature in Windows Defender where "cloud-tagged" files are rewritten without validating the target path, allowing files to be written to C:\Windows\System32 with SYSTEM-level privileges. This vulnerability allegedly works on all Windows 10 and 11 as well as Windows Server 2019+.

• https://x.com/HuntressLabs/status/2044882050314817880
  

• https://www.picussecurity.com/resource/blog/bluehammer-redsun-windows-defender-cve-2026-33825-zero-day-vulnerability-explained
  

• https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html
  

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
  

• https://infosec.exchange/@wdormann/116412019416916182
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-33825 

Multiple Critical Vulnerabilities in Cisco ISE

Last week, Cisco released several security advisories addressing critical vulnerabilities in Cisco Webex Services, Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The flaw for Cisco Webex, tracked as CVE-2026-20184, affected the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services. It allowed an unauthenticated remote attacker to impersonate any user on the device. This vulnerability was addressed by Cisco and customers do not need to patch. However, Cisco recommends customer action for "affected organizations that are using trust anchors with their SSO integration" by uploading a new identity provider (IdP) SAML certificate to Control Hub. Instructions for this process can be found here.

A pair of vulnerabilities, tracked as CVE-2026-20147 and CVE-2026-20148, affect Cisco ISE and Cisco ISE-PIC, and allow an authenticated remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. The attacker must have valid administrative credentials to successfully exploit these vulnerabilities. The table below shows affected versions and their corresponding fixed version:

A separate pair of vulnerabilities, tracked as CVE-2026-20180 and CVE-2026-20186, affect Cisco ISE, and allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system of an affected device. In order to successfully exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials. The table below shows affected versions and their corresponding fixed version:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
  

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
  

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
  

• https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html
  

• https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-20184
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-20147
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-20148
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-20180
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-20186

Critical nginx-ui Vulnerability Under Active Exploitation

Researchers at Pluto Security recently disclosed details on a critical vulnerability in nginx-ui that is codenamed "MCPwn". nginx-ui is a graphical web interface that assists administrators in managing nginx servers. Tracked as CVE-2026-33032, the flaw is an authentication bypass vulnerability that allows threat actors to seize control of the Nginx service. The flaw resides in a lack of authentication on the "/mcp_message" API endpoint. Per the disclosure, the attack can be successfully carried out with just two requests:

• An HTTP GET request to the /mcp endpoint to establish a session and obtain a valid session ID.
• An HTTP POST request to the vulnerable /mcp_message endpoint using the new session ID to invoke any MCP tool without authentication

Successful exploitation can allow an attacker to restart nginx, create/modify/delete nginx config files, and trigger automatic config reloads, effectively allowing for complete nginx service takeover.

Per the disclosure from Pluto security, affected versions are v2.3.3 and earlier, with the fixed version being v2.3.4. As this vulnerability is under active exploitation, administrators are urged to patch as soon as possible.

• https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/
  

• https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-33032

Critical Flaw in Protobuf JavaScript Library

Security researchers at Endor Labs have shared details on a critical vulnerability in protobuf.js, the most widely used JavaScript runtime for Protocol Buffers, which is a data format used by applications in the cloud to exchange information. This library is commonly used in Google Cloud, Firebase, and most other modern cloud platforms. It is often installed as a hidden dependency of other popular libraries. This vulnerability has not been assigned a CVE, but is tracked as GHSA-xq3m-2v4x-88gg, the identifier assigned by GitHub, and has a CVSS score of 9.4. Per the Endor Labs research, the vulnerability can be exploited by the attacker supplying a malicious configuration file (protobuf schema) to the target application. Affected versions are protobufjs <= 8.0.0 and <= 7.5.4. Fixed versions are 8.0.1 and 7.5.5. While this has not been confirmed to be exploited in the wild yet, proof-of-concept code is widely available. Administrators are urged to update this library as soon as possible.

• https://www.endorlabs.com/learn/the-dangers-of-reusing-protobuf-definitions-critical-code-execution-in-protobuf-js-ghsa-xq3m-2v4x-88gg
  

• https://www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-library-enables-javascript-code-execution/ 

CISA KEV Additions

The following vulnerabilities were added to CISA's Known Exploited Vulnerabilities Catalog in the last 2 weeks:

• CVE-2026-34197 - Apache ActiveMQ Improper Input Validation Vulnerability
• CVE-2026-32201 - Microsoft SharePoint Server Improper Input Validation Vulnerability
• CVE-2009-0238 - Microsoft Office Remote Code Execution
• CVE-2026-34621 - Adobe Acrobat and Reader Prototype Pollution Vulnerability
• CVE-2026-21643 - Fortinet FortiClient EMS SQL Injection Vulnerability
• CVE-2020-9715 - Adobe Acrobat Use-After-Free Vulnerability
• CVE-2023-36424 - Microsoft Windows Out-of-Bounds Read Vulnerability
• CVE-2023-21529 - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
• CVE-2025-60710 - Microsoft Windows Link Following Vulnerability
• CVE-2012-1854 - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
• CVE-2026-1340 - Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
• CVE-2026-35616 - Fortinet RortiClient EMS Improper Access Control Vulnerability

This report is provided FREE to the cybersecurity community.

Visit our Cyber Threat Intelligence Blog for additional reports.

Subscribe to be notified of future Reports:

NOTE
We have enhanced our report with data from SOCRadar. You may need to register to view their threat intelligence content.