Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data

, , ,

A hacker exploited Anthropic’s AI chatbot, Claude, to breach Mexican government agencies, stealing 150 gigabytes of sensitive data, including taxpayer and voter records. The hacker used Claude to identify vulnerabilities, write scripts, and automate data theft, bypassing Claude’s guardrails by posing as a bug bounty hunter. The attack highlights the growing trend of cybercriminals using AI tools to enhance their hacking capabilities.

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises

, , ,

New research reveals a series of attacks, named AirSnitch, that bypass Wi-Fi encryption and client isolation, allowing attackers to intercept and manipulate data between connected clients. The attacks exploit vulnerabilities in the lowest levels of the network stack, specifically targeting the interaction between Layers 1 and 2. AirSnitch enables bidirectional man-in-the-middle attacks, potentially compromising sensitive data and enabling advanced cyberattacks.

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

Software Vulnerabilities Are Being Weaponized Faster Than Ever

, , ,

VulnCheck reports that software vulnerabilities are being weaponized rapidly, with a 16.5% increase in exploits linked to 10,500 CVEs in 2025, partly due to AI-generated proof-of-concept code. Less than 1% of vulnerabilities were exploited, complicating threat assessment for security teams. Notably, over 50% of ransomware CVEs were zero-days. Major vulnerabilities include React2Shell (236 exploits) and a Microsoft Sharepoint flaw (36 exploits).

https://www.cybersecuritydive.com/news/software-vulnerabilities-are-being-weaponized-faster-than-ever/813096/

1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads

, ,

1Campaign is a cloaking platform that helps attackers bypass Google Ads screening and evade security researchers. It uses real-time visitor filtering, fraud scoring, and geographic targeting to keep phishing and crypto drainer pages online longer. The platform enables ad fraud at scale by allowing attackers to impersonate legitimate brands in Google Ads campaigns.

https://www.varonis.com/blog/1campaign

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files

, , ,

Check Point Research identified critical vulnerabilities in Anthropic’s Claude Code enabling remote code execution and API key theft through malicious project configurations. Attackers can exploit Hooks and Model Context Protocol to execute unauthorized commands and intercept API communications. All discovered vulnerabilities have been remediated by Anthropic. Developers must carefully scrutinize project configurations to prevent configuration-based attacks, treating them with the same caution as executable code.

https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/

Threat Intelligence Supply Chain Is Full of Weak Links

,

Researchers from Georgia Tech found the threat intelligence supply chain vulnerable to adversarial actions and proposed improvements for data sharing. China's recent ban on foreign security software strains the global threat intelligence ecosystem, which was already weak. The study identified shortcomings in data sharing among infosec vendors, revealing most vendors conduct shallow analysis and delay information dissemination. A proposed system could enhance trust and data provenance, enabling better global cooperation in cybersecurity amidst geopolitical tensions.

https://www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/

Refund Scam Impersonates Avast to Harvest Credit Card Details

,

A phishing scam impersonating Avast tricks users into providing credit card details for a fake €499.99 refund. The scam employs a realistic site design, urgency tactics, and live chat support to deceive victims. Signs of such scams include unrecognized charges, urgent cancellation notices, and requests for complete card information. If victimized, contact your bank, dispute unauthorized charges, and enhance security practices.

https://www.malwarebytes.com/blog/threat-intel/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

, , ,

A new variant of Atomic macOS Stealer (AMOS) is being distributed through malicious OpenClaw skills, exploiting AI agentic workflows to trick users into installing the malware. The malware, disguised as a harmless skill, uses a fake dialogue box to request the user’s password and then exfiltrates sensitive data, including Apple and KeePass keychains, user documents, and system information. TrendAI™ Managed Detection and Response (MDR) customers are protected from this threat.

https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Fake Zoom Meeting “Update” Silently Installs Surveillance Software

, ,

Fake Zoom meeting website installs surveillance software, Teramind, on Windows without user consent. Visitors encounter a fraudulent Zoom interface that prompts an automatic update, leading to malicious file download. The stealthily installed software monitors user activity without knowledge, resembling legitimate business surveillance tools. Users are advised not to open suspicious files from the site and to check for unauthorized installations. This exploit illustrates the rising trend of attackers using legitimate software for illicit purposes.

https://www.malwarebytes.com/blog/scams/2026/02/fake-zoom-meeting-update-silently-installs-surveillance-software

Man Accidentally Gains Control of 7,000 Robot Vacuums

,

A software engineer, Sammy Azdoufal, accidentally accessed the live feeds of nearly 7,000 connected DJI Romo robot vacuums while trying to control his own with a gaming controller. His development efforts revealed a significant security flaw, allowing him to view camera and microphone data from many vacuums. Azdoufal reported the bug, which DJI has since fixed, highlighting ongoing cybersecurity concerns as more households adopt smart technology.

https://www.popsci.com/technology/robot-vacuum-army/

Identity Verification Systems Are Struggling With Synthetic Fraud

,

Identity verification systems face issues with synthetic fraud as fake and expired IDs appear in transactions, especially in fast onboarding and remote transactions. Intellicheck's analysis of nearly 100 million transactions shows a 97.85% average verification success rate, concealing significant industry differences. Key fraud sources include expired credentials and synthetic identities, exacerbated by AI capabilities. Industries like alcohol retail and online-only banks exhibit the highest failure rates. Organizations are encouraged to focus on identity verification metrics to preempt fraud. The need for advanced, multi-layered verification technologies is emphasized as traditional methods fail to counteract evolving fraud tactics.

https://www.helpnetsecurity.com/2026/02/23/analysis-identity-verification-fraud-report/

Lessons From AI Hacking: Every Model, Every Layer Is Risky

, , ,

Hillai Ben Sasson and Dan Segev, researchers at Wiz, discovered vulnerabilities in every major AI platform they targeted over two years of research. Their findings, to be presented at the RSAC Conference, highlight the importance of focusing on AI infrastructure security across model training, inference, application, and cloud layers. The researchers emphasize the need for regular security reviews and compliance checks to address the rapidly evolving threat landscape.

https://www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky

Facebook Ads Spread Fake Windows 11 Downloads That Steal Passwords and Crypto Wallets

, , , ,

Malicious Facebook ads mimicking Microsoft promote fake Windows 11 downloads, leading users to download malware instead of updates. This malware stealthily collects passwords and cryptocurrency data. It employs sophisticated evasion techniques, targeting regular users while avoiding detection by security systems. If affected, users should avoid logging in to accounts, scan their devices, change passwords on a secure device, and take precautions with any financial information. Security teams are advised to block phishing domains and monitor for specific malware signatures.

https://www.malwarebytes.com/blog/scams/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets

Dramatic Escalation Frequency and Power of in DDoS Attacks

,

Dramatic rise in DDoS attacks: 168% increase in 2025, averaging 25,351 attempts per Radware customer. Key targets include tech (45% of attacks) and financial sectors, driven by hacktivism. Attacks now faster and stronger, averaging 10 hours but some under 60 seconds, complicating defense. Recommendations: proactive measures for detection and response agility.

https://www.infosecurity-magazine.com/news/ddos-escalation-frequency-power/

Amazon: AI-assisted Hacker Breached 600 FortiGate Firewalls in 5 Weeks

, ,

Russian-speaking hacker used AI to breach 600 Fortinet firewalls in 55 countries within five weeks, exploiting weak credentials and exposed interfaces without zero-day exploits. The attack involved automating access and reconnaissance tasks with AI-generated tools, leading to stolen configurations and credentials. Recommendations for FortiGate admins include disabling internet exposure of management interfaces and enabling MFA.

https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

Scroll to Top