This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse

A weekly security roundup covering several notable incidents: a researcher releases a Windows Defender zero-day (RedSun) out of frustration with Microsoft's response; the 'Hazy Hawk' group hijacks university and government DNS CNAME records to serve ad spam; the Bitwarden CLI was compromised in an ongoing supply chain attack stealing auth tokens and SSH keys; Anthropic's restricted Mythos AI model was accessed via social engineering of a contractor; Nextcloud ends its bug bounty program due to AI-generated low-quality reports; Apple patches iOS to fix a notification database flaw that exposed Signal messages; and Sri Lanka's Finance Ministry confirms $2.5M stolen via a redirected debt payment.