Apple has unveiled a new security feature that will automatically change passwords that have been identified as compromised, marking a significant step forward in the company’s efforts to protect users from the consequences of data breaches and credential theft. The feature, which is integrated into Apple’s native password management infrastructure, is designed to remove the burden of manual password hygiene from users by proactively detecting when a saved password has appeared in a known data breach and initiating the replacement process without requiring the user to take action themselves. The development represents one of the most ambitious attempts by a major technology platform to automate a security task that has historically relied on users being both aware of and responsive to breach notifications.

The automatic password changing capability works by leveraging Apple’s existing breach detection mechanisms, which monitor saved credentials against databases of known compromised passwords, and then interfacing directly with supported websites and services to negotiate a password change on the user’s behalf. The feature is understood to utilise passkey and password autofill infrastructure already present within Apple’s ecosystem, allowing it to navigate the password reset flows of compatible websites automatically and generate a new strong password that is saved directly back into the user’s keychain. The seamless nature of the process is intended to ensure that users remain protected even if they are unaware that their credentials have been compromised or are unlikely to act promptly upon receiving a breach alert.

Security researchers at Varonis have discovered that OpenClaw, an AI agent platform, is susceptible to phishing attacks that can trick the system into surrendering sensitive user data, raising serious concerns about the security posture of autonomous AI agents as they become more deeply embedded in enterprise workflows. The vulnerability highlights a growing and largely underappreciated attack surface that emerges when AI agents are granted access to sensitive information and permitted to act autonomously on behalf of users. Rather than targeting human users directly, attackers are instead crafting malicious inputs designed to manipulate the AI agent itself into divulging data it should not be sharing.

The attack technique exploits the inherent tendency of large language model based agents to follow instructions embedded within content they process, a class of vulnerability commonly referred to as prompt injection. By embedding malicious instructions within documents, emails, or web pages that the AI agent is directed to interact with, an attacker can effectively redirect the agent’s behaviour, causing it to exfiltrate user data, execute unintended actions, or relay sensitive information back to the attacker. The OpenClaw findings demonstrate that even well-designed AI agent architectures can be undermined when insufficient guardrails are in place to distinguish between legitimate task instructions and adversarially crafted inputs.

The discovery serves as a timely warning to organisations deploying AI agents across their operations that the security considerations extend well beyond traditional endpoint and network protections. As AI agents continue to proliferate across industries, the research community is calling for greater standardisation around agent security frameworks to ensure that the productivity gains these tools offer are not achieved at the expense of organisational data security.

Anthropic has made its latest AI model, Claude Fable 5, available to users free of charge, though the complimentary access window is only being offered for a limited time before the model transitions to a usage-based pricing structure. The rollout marks another step forward in Anthropic’s ongoing efforts to push the boundaries of its Claude model family, with Fable 5 expected to deliver meaningful improvements across reasoning, coding, and natural language understanding tasks compared to its predecessors. The temporary free access period appears designed to give developers and organisations an opportunity to evaluate the model’s capabilities before committing to the costs associated with ongoing usage under the new pricing model.

One of the most notable characteristics of Claude Fable 5 is its token consumption rate, which is understood to be significantly higher than any other model currently available in Anthropic’s lineup. This elevated token usage reflects the model’s increased computational demands and the greater depth of processing it applies to each request, meaning that users will need to carefully account for token expenditure when planning workloads once the usage-based pricing regime comes into effect. For organisations running high-volume or complex tasks, the cost implications of Fable 5’s token appetite could be considerable compared to lighter models in the Claude family.

The limited free access window is likely to drive strong interest amongst developers and enterprises eager to benchmark Fable 5 against their specific requirements before pricing kicks in. Users are being encouraged to take full advantage of the complimentary access period to thoroughly test the model’s performance across their intended use cases before transitioning to the paid tier.

GitHub has announced a series of significant security enhancements to the npm package registry in a determined effort to combat the growing threat of software supply chain attacks, with the changes introducing restrictions to how npm handles package installation and dependency resolution. Starting in version 12, npm install will no longer automatically run preinstall, install, or postinstall scripts from dependencies unless they have been explicitly approved by the user. This change also extends to native module builds triggered through node-gyp, as well as prepare scripts from Git, local file, and linked dependencies, effectively closing off a widely exploited avenue for malicious code execution during the package installation process.

In a further tightening of dependency controls, npm install will cease fetching dependencies from Git repositories, whether direct or transitive, unless explicitly permitted by the user. GitHub identified this as a critical security gap, noting that a Git dependency’s .npmrc file could previously be used to manipulate which Git executable was invoked, even in environments where install scripts had been disabled. By removing this code execution pathway entirely, GitHub aims to significantly reduce the ability of threat actors to smuggle malicious behaviour into projects through seemingly legitimate Git-based dependencies.

The third major change targets remote URL dependencies, with npm install no longer resolving dependencies fetched from remote URLs such as HTTPS tarballs unless they have been explicitly authorised. This restriction applies to both direct and transitive dependencies, addressing a longstanding concern that remote URL resolution could be abused to silently introduce unvetted or malicious code into a project’s dependency tree without the developer’s knowledge.

Taken together, the three changes represent a meaningful shift towards a more explicitly permissioned and security-conscious approach to package management within the npm ecosystem.

Cybersecurity researchers have uncovered a severe remote denial-of-service vulnerability, dubbed the “HTTP/2 Bomb,” that affects some of the world’s most widely used web server infrastructure, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by OpenAI Codex and reported by security firm Calif, the vulnerability exploits HTTP/2’s default configuration by chaining together two well-known techniques, a compression bomb and a Slowloris-style connection hold, to devastating effect. The attack targets HPACK, HTTP/2’s header compression scheme, where a single byte transmitted over the wire can trigger a full header allocation on the server, repeated thousands of times per request, whilst a zero-byte flow-control window prevents the server from ever freeing the consumed memory.

The scale of the potential damage is alarming, with researchers demonstrating that a single home computer on a standard 100Mbps internet connection could render a vulnerable server completely inaccessible within seconds. More critically, a single attacking client is capable of consuming and holding up to 32GB of server memory against Apache HTTPD and Envoy in approximately 20 seconds. What distinguishes the HTTP/2 Bomb from previously known variants is its novel amplification method, which exploits per-entry bookkeeping allocations around nearly empty headers rather than stuffing large values into compression tables, effectively bypassing existing decoded-size limits that servers had implemented to guard against earlier attacks.

Patches are currently available for NGINX, with users advised to upgrade to version 1.29.8 or above, and for Apache HTTPD via mod_http2 version 2.0.41. However, Microsoft IIS, Envoy, and Cloudflare Pingora have no patches available at the time of writing, leaving a significant portion of global web infrastructure exposed. Organisations unable to apply patches immediately are strongly urged to disable HTTP/2 entirely as a temporary mitigation measure.

Hackers have successfully exploited a critical vulnerability in Meta’s AI customer support bot to seize control of high-profile Instagram accounts, including those belonging to the Obama White House and the Chief Master Sergeant of the U.S. Space Force. Instructions detailing the remarkably simple exploit began circulating on Telegram channels on 31 May 2026, accompanied by a video demonstrating how attackers could trick Meta’s AI support assistant into resetting account passwords without proper verification. The technique involved using a VPN connection with an IP address near the target’s usual location, initiating a password reset request, and then manipulating the AI support bot into linking the account to a new email address, after which a one-time reset code was dispatched to the attacker’s chosen address.

Meta moved quickly to contain the damage, confirming on Twitter/X that the issue had been resolved and that affected accounts were being secured. The company pushed an emergency patch over the weekend, with security blog thecybersecguru.com clarifying that no back-end database had been breached. The vulnerability was attributed to Meta’s decision to deploy a conversational AI layer to handle common account recovery workflows, a measure originally intended to reduce friction for legitimate users struggling to regain access to their accounts amid the platform’s notoriously poor human support infrastructure.

AI bots are just as susceptible to social engineering as human support staff, and similar attacks are likely to become far more common. Crucially, the hackers themselves confirmed that their exploit failed against any accounts with multi-factor authentication enabled, so make sure you have MFA setup for all accounts that offer them.

Google has rolled out a significant security upgrade to its Chrome browser, extending session cookie theft protection to all users in a move aimed at combating one of the most prevalent techniques used by cybercriminals to hijack online accounts. The feature, previously available only to select users, is designed to prevent attackers from stealing session cookies, which are small files stored in a browser that keep users logged into websites and online services. By targeting these cookies, threat actors have long been able to bypass multi-factor authentication and gain unauthorised access to accounts without ever needing a victim’s password.

The protection works by binding session cookies to the device on which they were created, making them significantly harder to exploit even if they are successfully intercepted or stolen by malicious software. This approach directly counters a technique known as “pass-the-cookie” attacks, which have become increasingly popular amongst cybercriminals and state-sponsored threat actors alike. The update represents a meaningful step forward in browser-level security, particularly as infostealers and other malware strains designed to harvest session cookies have surged in use across the threat landscape in recent years.

Google’s decision to make the feature available to all Chrome users rather than a limited cohort is greatly welcomed as a proactive measure to protect everyday Australians and organisations from account takeover attacks. Ensure your Chrome browser is updated to the latest version to take full advantage of the new protections.

Threat actors have found a novel way to abuse ChatGPT’s conversation sharing feature, using publicly accessible share links to host convincing fake outage pages designed to deceive unsuspecting users. The technique takes advantage of the legitimate ChatGPT platform’s credibility, allowing attackers to craft and distribute malicious content through shared conversation links that appear authentic at first glance. Security researchers identified the campaign as a particularly deceptive method of social engineering, given that the links originate from OpenAI’s own domain, making them harder for users and security tools to flag as suspicious.

The fake outage pages are designed to mimic legitimate service disruption notifications, prompting visitors to download what appears to be a fix or update, which in reality delivers malware to the victim’s device. By leveraging a trusted and widely recognised platform like ChatGPT, attackers significantly increase the likelihood that targets will interact with the malicious content without hesitation. The campaign highlights a growing trend of cybercriminals exploiting popular AI platforms as delivery mechanisms for malware, capitalising on the rapid mainstream adoption of these tools.

Anthropic is broadening its cutting-edge AI program to Australian shores, with the company confirming that local organisations are now included in its Project Glasswing early access initiative. The expansion brings the total number of participating organisations to up to 150 across more than 15 countries, all gaining access to Anthropic’s powerful Claude Mythos Preview model. Access remains tightly controlled, with participation limited to organisations involved in defending critical infrastructure or operating across key sectors including power, water, healthcare, communications, financial services, and national security.

Claude Mythos Preview has already demonstrated significant cybersecurity capabilities, having been credited with identifying thousands of vulnerabilities at varying severity levels across open-source code bases. The model’s potential in the security space has drawn considerable attention, particularly following Microsoft’s own AI-powered MDASH vulnerability scanner discovering four critical remote code execution flaws in the Windows operating system in May 2026. However, Anthropic has noted that the model appears less effective when applied to extensively vetted code bases, suggesting its strengths are more pronounced in broader vulnerability discovery efforts.

Anthropic has stressed that its primary concern surrounding Mythos-class models is the risk of them being released publicly without adequate safeguards to prevent misuse. The company warned that threat actors are already leveraging large language models to uncover new and potentially devastating vulnerabilities at scale, making it “imperative cyber defenders adapt to maintain pace.” Anthropic also acknowledged it will likely not be the only AI firm to release models of this class, underscoring the urgency for responsible deployment frameworks across the industry.

Artificial intelligence is rapidly transforming the cybersecurity landscape, offering defenders powerful new tools to detect, respond to, and mitigate digital threats at unprecedented speed and scale. According to guidance published by the Australian Signals Directorate (ASD) through the Australian Cyber Security Centre (ACSC), AI technologies present significant opportunities for organisations to bolster their cyber defences in ways that were previously impossible with traditional security approaches.

Among the most promising applications highlighted by the ASD are AI’s capabilities in threat detection and analysis, where machine learning models can identify anomalous behaviour across vast networks far faster than human analysts. AI-powered systems can process enormous volumes of security data in real time, flagging potential intrusions, malware activity, and vulnerabilities before they escalate into full-scale breaches. The guidance also points to AI’s role in automating routine security tasks, freeing up skilled cybersecurity professionals to focus on more complex and strategic challenges.

However, the ASD also cautions that the integration of AI into cyber defence is not without its risks, emphasising that secure-by-design principles must be applied when deploying AI-driven security tools. Organisations are encouraged to carefully evaluate AI solutions, ensuring they are implemented responsibly and with appropriate oversight. As both defenders and adversaries increasingly turn to AI, the race to leverage these technologies securely and effectively is becoming one of the defining challenges of modern cybersecurity.