Penta Security Inc. > Blog > Charter Communications Under Data Breach from ShinyHunters

Charter Communications Under Data Breach from ShinyHunters

2026-05-27 Blog
charter communication breach

Charter Communications Under Data Breach from ShinyHunters 

U.S. telecom giant Charter Communications confirmed a data breach after extortion group ShinyHunters threatened to leak stolen data. The hackers claim they used a voice phishing attack to compromise an employee’s account, exporting 40 million customer records from Salesforce. While ShinyHunters alleges the data includes names, emails, and phone numbers, Charter maintains that no sensitive personal information or customer proprietary network information (CPNI) was stolen.

Source: Bleeping Computer

 

Anthropic’s Claude Mythos Might be Coming to Clade Code

Anthropic is preparing to publicly roll out its “Claude Mythos.” Initially restricted due to its ability to autonomously develop professional-grade cyberattacks, Mythos possesses advanced code reasoning that surpasses Opus 4.7. Some users briefly noticed the toggle to enable Mythos in the public version of Claude Code before it was taken offline. While public release was delayed for safety guardrails, Anthropic has already used it in “Project Glasswing” to uncover 10,000 high- or critical-severity vulnerabilities.

Source: Bleeping Computer

 

Penta Security’s Cloudbric Managed Rule adds Protocol Validity Protection

Penta Security has enhanced its Cloudbric Managed Rules for AWS WAF, available on AWS Marketplace rule groups, by adding a new Protocol Validity Protection feature. Unlike traditional attack detection-based approaches, this feature takes a preventive approach by verifying whether a protocol complies with standard request protocol formats, stopping the potential attacks at the source. With the addition of Protocol Validity Protection, Cloudbric Managed Rules now offers real-time validation of incoming requests.

Source: EIN Presswire

 

Ghost CMS Vulnerability Impacts Over 700 Websites

A massive cyberattack has exploited a previously patched SQL injection vulnerability (CVE-2026-26980) in the Ghost CMS, compromising over 700 websites. Threat actors used the flaw to steal Admin API keys and inject malicious JavaScript loaders into published articles via ClickFix attacks. High-profile victims include Harvard University, Oxford University, and DuckDuckGo, alongside hundreds of personal, tech, and cryptocurrency blogs.

Source: Security Week

 

 

Click here to subscribe our Newsletter

Tags: