Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581

The cybersecurity world is facing a perfect storm of vulnerabilities, with AI-driven discovery accelerating threat landscapes at an unprecedented pace. A critical CVSS 10 flaw in Cisco’s SD-WAN controllers allows unauthenticated attackers to gain full admin access—already being exploited in the wild. Simultaneously, the massive education platform Canvas suffered a ransomware attack that crippled 9,000 institutions, exposing 275 million users’ data and raising alarms about supply chain risks in critical infrastructure. Microsoft’s Patch Tuesday delivered 118 CVEs, including 16 criticals, marking the first in two years without emergency zero-day fixes—evidence that AI is overwhelming traditional patch cycles. Meanwhile, a stealthy NPM backdoor in Node IPC packages exfiltrated 90 types of developer credentials, and a BitLocker bypass in WinRE allows full data recovery from discarded laptops. The real turning point? AI isn’t just finding vulnerabilities—it’s predicting them. Models like GPT-5.5 and Anthropic’s Mythos are now being used by security teams to uncover flaws faster than ever, but their public availability raises urgent ethical questions: should such powerful tools be accessible to everyone, or only the good guys? The answer, as one host argues, is both—because hiding flaws doesn’t make them secure, only invisible.