Now Playing
NGINX CVE-2026-42945 Exploited, Anthropic Mythos Opens & Canvas Breach Resolved
Audio is available on Spreaker — see link below.
CVE-2026-42945 moves from disclosure to active exploitation in under 72 hours as attackers target NGINX's rewrite module across millions of exposed servers. Plus: Anthropic expands Project Glasswing sharing rules and the Canvas LMS breach reaches a rare resolution.
Audio is available on Spreaker — see link below.
CVE-2026-42945 moved from theoretical to actively exploited in under seventy-two hours. That's the lead this morning, and it's the clearest illustration we've had in a while of just how compressed the window between disclosure and exploitation has become.
Shifting to AI-assisted security research, Anthropic has made a notable policy change around Project Glasswing. Until now, partners in that controlled initiative were restricted in what they could share externally.
The Canvas learning management system incident has reached a resolution that's unusual enough to flag. Instructure has confirmed the threat actor involved in the global security breach returned the stolen data and destroyed their copies.
Three things worth tracking from here. On NGINX Rift, the question isn't whether exploitation is happening.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.