🤠 An AI Found Thousands of Zero-Days in Every Major OS

In partnership with

Turn AI into Your Income Engine

Ready to transform artificial intelligence from a buzzword into your personal revenue generator?

HubSpot’s groundbreaking guide "200+ AI-Powered Income Ideas" is your gateway to financial innovation in the digital age.

Inside you'll discover:

• A curated collection of 200+ profitable opportunities spanning content creation, e-commerce, gaming, and emerging digital markets—each vetted for real-world potential

• Step-by-step implementation guides designed for beginners, making AI accessible regardless of your technical background

• Cutting-edge strategies aligned with current market trends, ensuring your ventures stay ahead of the curve

Download your guide today and unlock a future where artificial intelligence powers your success. Your next income stream is waiting.

Get Your Guide

This is an IT Support Group

An AI just found thousands of zero-days in every major OS. No, seriously.

GM IT pros!

Happy Tuesday! Buckle up — this one's a big deal.

-Stetson

🚨 THE BIG ONE 🚨

If you only read one thing this week, make it this.

Anthropic just dropped a bombshell. Their new AI model, Claude Mythos Preview, has autonomously discovered thousands of zero-day vulnerabilities across every major operating system and every major web browser. We're not talking about theoretical edge cases — we're talking about bugs that have been hiding in production code for decades.

Some highlights that should make your coffee taste a little more bitter this morning:

🔓 A 27-year-old bug in OpenBSD — yes, the OS literally famous for being secure. Twenty-seven years. That bug could legally rent a car.

💀 A 17-year-old RCE in FreeBSD (CVE-2026-4747) that lets anyone gain root on a machine running NFS. From the internet. Unauthenticated. The model found it, wrote the exploit, and popped a shell — all autonomously, no human involved after the initial prompt.

🌐 A full browser exploit chain — Mythos wrote a JIT heap spray that chained four vulnerabilities together to escape both renderer and OS sandboxes. From scratch. By itself.

🐧 A 16-year-old FFmpeg vulnerability and a Linux kernel exploit chain that achieves root access.

Over 99% of the discovered vulnerabilities are still unpatched. Anthropic is handling disclosure through a new initiative called Project Glasswing, partnering with AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, Palo Alto Networks, the Linux Foundation, and about 40 other organizations to get patches out before details go public. Read Anthropic's full writeup

What this means for IT pros: The patching treadmill is about to turn into a patching sprint. When these CVEs start dropping, you're going to see a wave of emergency patches across basically everything. Start prepping your change management processes now. And if you're running FreeBSD with NFS exposed to the internet... stop reading this and go fix that first.

😬 Meanwhile, Anthropic Also Leaked Their Own Source Code

In a twist that writes its own punchline, Anthropic accidentally leaked 512,000 lines of Claude Code source code through a debugging file left in a public npm package. The unobfuscated TypeScript was mirrored to GitHub and forked tens of thousands of times within hours. Anthropic called it "a release packaging issue caused by human error, not a security breach." Sure. The company discovering every zero-day on Earth also left their source map in a production npm publish. The cobbler's children have no shoes. Read more

Oh, and threat actors immediately started setting up fake Claude Code GitHub repos to deliver Vidar info-stealing malware. So if you or anyone on your team cloned anything Claude-related from an unofficial repo recently — run a scan. Yesterday.

What Else Is on Fire

🔒 Security & Patching

🚨 Fortinet EMS Zero-Day Actively Exploited
CVE-2026-35616 is a pre-auth API bypass in FortiClient EMS. Over 2,000 exposed instances found online. CISA's telling feds to patch by Friday. Read more

🇮🇷 Iranian Hackers Going After US Water & Energy PLCs
Iranian-linked APT actors are targeting internet-exposed Rockwell/Allen-Bradley PLCs on critical infrastructure networks. FBI says victims have experienced real operational disruptions and financial losses since March. Read more

🍋 Citrix Flaw Added to CISA's "Patch Now" List
CVE-2026-3055 is actively exploited in the wild. Federal agencies have until Thursday. The rest of us should probably not wait until Thursday. Read more

🧸 Hasbro Got Hacked — Recovery Could Take Weeks
The toy giant detected unauthorized network access on March 28 and took systems offline. D&D Beyond and MTG Arena are fine, but the parent company is scrambling. No word on whether data was stolen. The investigation continues. Read more

🪟 Windows & Microsoft

🔧 April Patch Tuesday Preview: Kernel Driver Trust Overhaul
Microsoft is killing trust for all kernel drivers signed by the deprecated cross-signed root program. Also incoming: Secure Boot certificate status indicators as the 2026 expiration looms. Test your drivers. Read more

💰 Microsoft 365 E7 Launches in May
Because E5 wasn't premium enough. Start prepping your license review spreadsheets. Read more

🎨 Windows 11 Settings App Getting a Redesign
Microsoft says they're "finally focusing" on design. Only took five years and countless memes about the Settings/Control Panel duality. Read more

🤖 AI Corner

📉 Only 28% of AI Infrastructure Projects Actually Pay Off
Gartner surveyed 782 I&O managers and found 1 in 5 AI projects fail outright. Persistent skill gaps are the top culprit. Maybe we should train people before we deploy the robots. Read more

💵 Q1 Startup Funding Hit $297 Billion — A Record
That's a 2.5x increase over last quarter. Seed-stage AI startups are commanding absurd valuations. The word "bubble" is apparently not in any VC's vocabulary. Read more

💾 Server DRAM Prices About to Jump 90-95%
Hyperscalers and AI infrastructure are eating global DRAM supply alive. Time for that awkward budget conversation with finance. Read more

🔧 Quick Hits

📊 Adobe Leaked 13M Customer Support Tickets — plus 15K employee records and bug bounty submissions. If you've ever filed an Adobe support ticket, congrats. Read more

🇪🇺 EU Cloud Hack Blamed on TeamPCP Group — data from at least 29 EU entities exposed. Nothing says "unified Europe" like a shared breach. Read more

📩 Fake Traffic Violation Texts Everywhere — scammers sending "Notice of Default" SMS with QR codes leading to phishing sites. Remind your users: courts don't text you QR codes.

🐧 Learn Linux the hands-on way — Shell Samurai teaches you Linux through real practice, not just reading docs. Built by yours truly. Shameless plug, zero regrets. Try it free

That's the roundup. Between an AI autonomously popping shells on 27-year-old bugs and Anthropic leaking their own source code the same month, this might be the most "we live in the future and it's terrifying" week in tech history.

Stay paranoid. Stay patched. See you next Friday 🤠