PCWorld reports that Google Chrome 148 patches over 150 security vulnerabilities across desktop and mobile platforms, with 22 classified as critical. The update addresses 66 Use-after-free vulnerabilities that could potentially allow attackers to exploit browser memory, though none were actively exploited. Users should immediately update their Chrome browsers through Help About Google Chrome to protect against these security flaws.

An ethical hacker who just won major prizes at a prestigious international competition says her days of competing could be numbered due to the rise of AI tools like Claude Mythos. Valentina Palmiotti - better known as Chompie - was the most successful individual at the annual Pwn2Own hacking competition in Berlin. She told BBC News that, for now, AI tools were helping her to win bug bounties - money given to hackers who spot vulnerabilities in online systems before they can be exploited by cyber-criminals. But she said systems like Mythos were so powerful that even champion hackers like her would soon struggle to compete with them. AI has shaken the cyber-security world, with concerns focussing on Mythos in particular.

As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. A decade ago, programs to reward researchers for submitting software vulnerability findings were just starting to go mainstream. Vulnerability disclosure and "bug bounty" programs represented a paradigm shift years in the making--moving institutions from hostility and defensiveness about security research findings to acknowledgement that receiving input and releasing fixes was necessary. When Apple finally announced a bug bounty in 2016, the top reward was $200,000. It rose to $1 million in 2019 and $2 million last year .

The company has published an update about Project Glasswing, a month after its launch. Anthropic has published an initial report for Project Glasswing, the cybersecurity initiative it launched in April that aims to prevent AI cyberattacks with, well, AI. The initiative is powered by Claude Mythos Preview, the company's unreleased model, which Anthropic says has already helped its partners find more than ten thousand vulnerabilities overall just a month after Glasswing's launch. In addition, it says most of its partners have each found hundreds of critical-or high-severity vulnerabilities in their software using the model. The company said that its partners' rate of bug-finding has increased by more than a factor of ten.

Why the world's banks are so worried about Anthropic's latest AI model The legendary American bank robber Willie Sutton spent 40 years robbing banks because, as he claimed in his autobiography, he loved doing it. And when asked why he chose banks of all places to rob, he allegedly replied "Because that's where the money is." Back in 2017, I wrote a book predicting it wasn't just lovable rogues like Sutton who would soon be robbing banks, but artificial intelligence (AI). That day, it appears, could now be about to arrive. Banks around the world are seriously worried cyber criminals will soon take advantage of the latest advances in AI to try to rob them.

Does'federated unlearning' in AI improve data privacy, or create a new cybersecurity risk? As the capacity of artificial intelligence (AI) increases at an exponential rate, so do concerns about the privacy of user data . Increasingly, organizations around the world are adopting something called federated unlearning that enables AI training without centralizing sensitive data. This allows hospitals, banks and government agencies to collaborate while keeping data local -- an approach that's regarded as a major advance in privacy . Federated unlearning promises that user data can be removed from a trained AI system .

Microsoft released its May Patch Tuesday update addressing 120 security vulnerabilities across Windows and Office, with 30 classified as critical including dangerous remote code execution flaws. PCWorld reports that Office received fixes for 27 vulnerabilities, nearly double April's count, with four critical Word flaws exploitable through preview panes without opening files. Critical Windows vulnerabilities in DNS client and Netlogon services require immediate patching, though Microsoft states none are currently exploited in the wild. Yesterday was May's Patch Tuesday, meaning Microsoft released new updates that addressed 120 security vulnerabilities. In addition to Windows and Office, Microsoft's cloud services were also affected.

OpenAI has just launched Daybreak, a cybersecurity initiative that's clearly the company's competitor to Anthropic's Project Glasswing . If you'll recall, Glasswing uses Anthropic's unreleased AI model, Claude Mythos Preview, to provide its clients' cyber defense needs. It's been promising, so far: Mozilla revealed in April that Mythos helped it find and patch 271 vulnerabilities in the latest release of the Firefox browser. OpenAI says Daybreak uses its various AI models, including its specialized security agent Codex. In its announcement, the company explained that Daybreak is built around the premise that cyber defense should be built into software from the start and not just revolve around finding and fixing vulnerabilities.

We can now add cybercrimes to the list of growing concerns associated with artificial intelligence. Google's Threat Intelligence Group (GTIG) said it discovered, for the first time ever, a threat actor using a zero-day exploit that it believes was developed by AI. Zero-day vulnerabilities are often the most dangerous since they're unknown to the targets, leaving them with zero days to prepare for the attack. Google said in the report the threat actor was planning to use it in a mass exploitation event, but its proactive discovery may have prevented its use. Google added that it doesn't believe its own Gemini models were used, but still has high confidence an AI model was part of discovering the vulnerability and weaponizing an exploit.

This update matters significantly as it patches over double the vulnerabilities from the previous version, covering high-risk, medium-risk, and low-risk security issues. Chrome automatically updates across Windows, macOS, Android, and iOS platforms, though users can manually check via Help menu for immediate protection.