Skip to main content

mastodon - Link to source

The attribution for Mastodon's CVE-2026-46349 (CVSS 5.3, retracted boost reissuance) is interestingly reported as:

"This security issue has been reported by Doyensec in collaboration with Claude and Anthropic Research"

Is this how they say "Mythos" without revealing that Doyensec is one of the undisclosed Project Glasswing members?

github.com/mastodon/mastodon/s…

w.on-t.work/activitypub/may-20… says:

"Doyensec has contacted us on *behalf* of Anthropic".
#security #mastoadmin #mythos #ai #glasswing


LD-Signature Bypass via JSON-LD Named-Graph Restructuring

### Summary Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers t...
GitHub
#security #ai #mastoadmin #mythos #glasswing