According to a report from the company's Frontier Red Team, during testing, Opus 4.6 identified over 500 previously unknown zero-day vulnerabilities-flaws that are unknown to people who wrote the software, or the party responsible for patching or fixing it-across open-source software libraries. Notably, the model was not explicitly told to search for the security flaws, but rather it detected and flagged the issues on its own.
infosec in brief T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers. A record 73 entries were included in this year's competition at Automotive World in Tokyo, and, while not all were successful, Trend Micro's Zero Day Initiative still ended up paying out more than $1 million to successful competitors. For those unfamiliar with the structure of a Pwn2Own competition, ethical hackers and security experts enter with plans to perform a certain exploit, which they must do in a limited time.
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware attack.
CVE-2025-53771 is a SharePoint Server spoofing vulnerability allowing attackers to impersonate trusted users or resources, while CVE-2025-53770 permits remote code execution.
