Security
AI assistant runs hacker’s commands just from opening a project: critical vulnerability found in Claude Code
Claude Code, one of the most popular command-line AI coding assistants, contained critical vulnerabilities that enabled remote code execution and the theft of sensitive data, bypassing user consent. Attackers could hide malicious instructions in repository-level configuration files.
Read more about AI assistant runs hacker’s commands just from opening a project: critical vulnerability found in Claude Code
Hackers give Wall Street billionaires 5 days to panic: here's what they're demanding
A dark web countdown is ticking for Pathstone Family Office after ShinyHunters claimed it stole 641,000 sensitive records from the elite wealth manager.
Read more about Hackers give Wall Street billionaires 5 days to panic: here's what they're demanding
Odido hackers talk big game, leak emails and phone numbers
ShinyHunters, a prominent extortion group, has started leaking information allegedly stolen from Odido, the largest Dutch telecom. The agitated attackers are threatening to leak two million records every day.
Read more about Odido hackers talk big game, leak emails and phone numbers
Scattered Lapsus$ Hunters looking to hire: Who is its target employee, and how much does it pay?
The attacker collective is looking for female voices to be used in its new vishing campaign.
Read more about Scattered Lapsus$ Hunters looking to hire: Who is its target employee, and how much does it pay?
Android app detects smart glasses via Bluetooth signals
A German researcher, frustrated with the rise of covert smart glasses and the intrusion of privacy, has built an open-source Android app that detects such devices nearby using Bluetooth signals. Its sole job is just to alert users when a pair of spy-spectacles appear nearby.
Read more about Android app detects smart glasses via Bluetooth signals
ChatGPT abused for cybercrime and covert ops: OpenAI shares how threat actors leverage AI
OpenAI said it has axed clusters of accounts linked to state-backed threat actors, which were abusing ChatGPT to run influence campaigns and feed thousands of fake social media accounts that disseminated Russian and Chinese propaganda. Meanwhile, romance and recovery scammers were caught using ChatGPT accounts to generate fake identities, forge legal documents, and other materials.
Read more about ChatGPT abused for cybercrime and covert ops: OpenAI shares how threat actors leverage AI
Oops, AI did it again? Claude goes rogue and helps hack Mexico
Media reports that a hacker exploited Anthropic’s Claude chatbot to help breach multiple Mexican government agencies, stealing 150GB of sensitive data in a month-long campaign.
Read more about Oops, AI did it again? Claude goes rogue and helps hack Mexico
Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data
Websites leak Google API keys. Apps leak Google API keys. Even code repositories are full of them. What used to be a nuisance is now letting attackers access your Gemini and sensitive data, security researchers warn.
Read more about Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data
Chinese disinformation campaign targets Japan’s election and Donald Trump
In the days surrounding Japanese Prime Minister Sanae Takaichi's February election win, several dozen X accounts linked to a Chinese misinformation campaign attacked her deeply conservative views and hawkish approach to China, said a US research institute focused on national security and foreign policy.
Read more about Chinese disinformation campaign targets Japan’s election and Donald Trump
Former cybersecurity executive sentenced to 87 months in prison for selling zero-day exploits to Russia
Peter Williams, a former General Manager of US government defense contractor L3Harris’ cyber division Trenchant, has been sentenced to 87 months in prison for selling sensitive and protected zero-day exploits to a Russian cyber-tools broker.
Read more about Former cybersecurity executive sentenced to 87 months in prison for selling zero-day exploits to Russia
Massive Cisco flaw puts corporate networks at risk: CISA issues emergency order
Cisco has disclosed a maximum-severity zero-day vulnerability affecting its core network software, which threat actors have been exploiting since 2023. The US cyber authority CISA issued an emergency directive, urging agencies to secure their systems and report any unusual activity.
Read more about Massive Cisco flaw puts corporate networks at risk: CISA issues emergency order
Trump orders US diplomats to "counter unnecessarily burdensome regulations" and fight foreign data sovereignty laws
President Donald Trump's administration has ordered US diplomats to lobby against attempts to regulate US tech companies' handling of foreigners' data, saying in an internal diplomatic cable seen by Reuters that such efforts could interfere with artificial intelligence-related services.
Read more about Trump orders US diplomats to "counter unnecessarily burdensome regulations" and fight foreign data sovereignty laws
Cyberattack keeps University of Mississippi Medical Center offline through Friday
The University of Mississippi Medical Center (UMMC) will remain offline through at least Friday – and possibly longer – as a ransomware attack that has crippled seven hospitals and 35 clinics leaves patients struggling to reach care. Experts warn recovery could stretch for weeks., if not months.
Read more about Cyberattack keeps University of Mississippi Medical Center offline through Friday
Malicious NPM package racks up 50,000 infections in days, developers fully compromised
Security researchers are warning developers about a malicious npm package that mimics the popular JavaScript framework, Ember.js. In a few days, it was downloaded nearly 50,000 times, leading to complete system compromise for affected developers.
Read more about Malicious NPM package racks up 50,000 infections in days, developers fully compromised
One-click disaster: Microsoft’s Entra tokens can grant access to corporate emails, and that’s a problem
A single click could grant third-party apps permanent access to corporate email accounts without a password, putting organizations at risk of attacks.
Read more about One-click disaster: Microsoft’s Entra tokens can grant access to corporate emails, and that’s a problem
"We were breached, but the data’s gone:" Wynn Resorts attack sparks more questions than answers
Wynn Resorts has admitted a breach of its employee data, but says that the attackers deleted it. Does it mean that ShinyHunters just got paid?
Read more about "We were breached, but the data’s gone:" Wynn Resorts attack sparks more questions than answers
Google slays China's hacker dragons: state-linked spies disrupted
Google disrupted a Chinese-linked hacking group that breached at least 53 organizations across 42 countries, the company said Wednesday.
Read more about Google slays China's hacker dragons: state-linked spies disrupted
Gamers’ credit cards at risk after popular RPG Dungeon Crusher exposes data
A hit RPG game has accidentally exposed something far more valuable than loot. A misconfiguration in the game’s infrastructure left players’ purchase data accessible to anyone on the internet.
Read more about Gamers’ credit cards at risk after popular RPG Dungeon Crusher exposes data
“That’s on us:” Discord admits mistakes and hits pause after age verification fiasco
Following widespread backlash, Discord has admitted mistakes in its controversial age verification rollout and is delaying global expansion to the second half of 2026. Forced by regulations, Discord now plans to offer “multiple verification vendors,” passing on the choice to users.
Read more about “That’s on us:” Discord admits mistakes and hits pause after age verification fiasco
Cyber pros find vulnerability in Samsung Tizen OS
A vulnerability found in Samsung Tizen OS could allow users of Samsung smart TVs running that particular operating system to execute arbitrary code at an OS level on the devices, researchers say.
Read more about Cyber pros find vulnerability in Samsung Tizen OS
