ai – Page 4 – Cybersecurity.watch

A hacker exploited Anthropic’s AI chatbot, Claude, to breach Mexican government agencies, stealing 150 gigabytes of sensitive data, including taxpayer and voter records. The hacker used Claude to identify vulnerabilities, write scripts, and automate data theft, bypassing Claude’s guardrails by posing as a bug bounty hunter. The attack highlights the growing trend of cybercriminals using AI tools to enhance their hacking capabilities.

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files

ai, claude, mcp, vulnerability

Feb 26 2026

Check Point Research identified critical vulnerabilities in Anthropic’s Claude Code enabling remote code execution and API key theft through malicious project configurations. Attackers can exploit Hooks and Model Context Protocol to execute unauthorized commands and intercept API communications. All discovered vulnerabilities have been remediated by Anthropic. Developers must carefully scrutinize project configurations to prevent configuration-based attacks, treating them with the same caution as executable code.

https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

ai, apple, malware, threats

Feb 25 2026

A new variant of Atomic macOS Stealer (AMOS) is being distributed through malicious OpenClaw skills, exploiting AI agentic workflows to trick users into installing the malware. The malware, disguised as a harmless skill, uses a fake dialogue box to request the user’s password and then exfiltrates sensitive data, including Apple and KeePass keychains, user documents, and system information. TrendAI™ Managed Detection and Response (MDR) customers are protected from this threat.

https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Lessons From AI Hacking: Every Model, Every Layer Is Risky

ai, cloud security, risk management, vulnerability

Feb 23 2026

Hillai Ben Sasson and Dan Segev, researchers at Wiz, discovered vulnerabilities in every major AI platform they targeted over two years of research. Their findings, to be presented at the RSAC Conference, highlight the importance of focusing on AI infrastructure security across model training, inference, application, and cloud layers. The researchers emphasize the need for regular security reviews and compliance checks to address the rapidly evolving threat landscape.

https://www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky

Amazon: AI-assisted Hacker Breached 600 FortiGate Firewalls in 5 Weeks

ai, breach, incident

Feb 22 2026

Russian-speaking hacker used AI to breach 600 Fortinet firewalls in 55 countries within five weeks, exploiting weak credentials and exposed interfaces without zero-day exploits. The attack involved automating access and reconnaissance tasks with AI-generated tools, leading to stolen configurations and credentials. Recommendations for FortiGate admins include disabling internet exposure of management interfaces and enabling MFA.

https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

I Hacked ChatGPT and Google’s AI – And It Only Took 20 Minutes

ai, chatgpt, google, vulnerability

Feb 22 2026

User hacked ChatGPT and Google's AI in 20 minutes. Demonstrated that AI tools can easily be manipulated to spread misinformation, even about serious topics. Created a fake ranking of “best tech journalists at eating hot dogs,” and AI accepted it as fact. Experts say AI is now easier to trick, raising concerns about misinformation's impact on public safety. Solutions include enhancing disclaimers and promoting critical thinking when using AI for information.

https://www.bbc.co.uk/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes

Vibe Password Generation: Predictable by Design

ai, password

Feb 21 2026

LLM-generated passwords seem strong but are insecure due to their predictable nature, as LLMs are designed to predict tokens, not create random characters. Users unknowingly use these weak passwords, mistaking them for secure options. Testing reveals that popular LLMs like GPT, Claude, and Gemini generate passwords with predictable patterns and low entropy, risking brute-force attacks. Recommendations include avoiding LLM-generated passwords and prioritizing secure password generation methods in coding contexts.

https://www.irregular.com/publications/vibe-password-generation

Anthropic Rolls Out Embedded Security Scanning for Claude

ai, claude, coding

Feb 21 2026

Anthropic introduces Claude Code Security, an AI tool for scanning codebases for vulnerabilities and suggesting patches. Initially available to select enterprise users after extensive testing, it aims to automate software security reviews. The tool improves vulnerability detection, with promises of faster discovery and reduced error rates, though experienced human oversight is still recommended for complex issues. Users must apply for access and agree to scan only their own code.

https://cyberscoop.com/anthropic-claude-code-security-automated-security-review/

Android Malware Taps Gemini to Navigate Infected Devices

ai, android, google, malware, threats

Feb 20 2026

Android malware named PromptSpy employs generative AI (Gemini) for adaptive navigation on infected devices. It mainly functions to deploy remote access via VNC, utilizing natural language prompts to interact with user interfaces, enhancing the malware's versatility across different devices. Developed by Chinese speakers, PromptSpy is still largely theoretical, with no live telemetry reports from ESET, but suspected distribution domains hint at potential real-world application. The malware can intercept security codes, record screens, and prevent uninstallation, indicating a disturbing evolution in Android threats.

https://www.theregister.com/2026/02/19/genai_malware_android/

Microsoft Says Bug Causes Copilot to Summarize Confidential Emails

ai, microsoft, security controls, vulnerability

Feb 20 2026

Microsoft 365 Copilot bug since January causes AI to incorrectly summarize confidential emails, bypassing DLP policies. A code error allows emails marked with confidentiality labels to be processed, prompting Microsoft to initiate a fix. As of mid-February, they continue monitoring the situation but have not disclosed the full impact or timeline for resolution.

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/

Huntr

Feb 19 2026

Huntr is the first bug bounty platform focused on AI/ML, allowing security researchers to report vulnerabilities in open-source AI/ML apps, libraries, and model formats. It features over 240 programs with bounties up to $1500. Users can join and engage via Discord to contribute to the security of AI/ML projects.

https://huntr.com/

Manipulating AI Memory for Profit: The Rise of AI Recommendation Poisoning

ai, threats

Feb 19 2026

AI Recommendation Poisoning exploits AI memory to influence recommendations by embedding hidden instructions in prompts. Companies use malicious URLs in “Summarize with AI” buttons, instructing AIs to remember them favorably, leading to biased outputs. The trend poses risks as poisoned AIs provide slanted advice on critical topics, affecting users' decisions without their awareness. Microsoft has begun implementing protections against these attacks, but research indicates widespread attempts across various industries to manipulate AI assistants.

https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/

Are Hackers Trying to Utilize Gemini AI’s Capabilities for Malicious Purposes?

ai, google, threats

Feb 18 2026

Hackers are attempting to exploit Gemini AI for cyberattacks, as highlighted in a Google Threat Intelligence report. While direct cloning hasn’t succeeded, state-sponsored groups are using AI tools for sophisticated hacks. The private sector is also interested in Gemini’s proprietary technology for development, raising concerns about intellectual property theft. Despite growing reliance on AI, Americans remain distrustful, fearing privacy violations and data exploitation.

https://www.pandasecurity.com/en/mediacenter/are-hackers-trying-to-utilize-gemini-ais-capabilities-for-malicious-purposes/

Infostealer Malware Found Stealing OpenClaw Secrets for First Time

ai, malware

Feb 18 2026

Infostealer malware has been detected stealing sensitive data from OpenClaw, an AI assistant framework, marking a new trend in targeting personal AI configurations. The stolen files include API keys and login information, with a potential full compromise of victims' digital identities. Hudson Rock identified the malware as having similarities to the Vidar infostealer. As OpenClaw gains traction, its configuration files, containing sensitive authentication secrets, are increasingly being targeted by cybercriminals.

https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/

EU Parliament Blocks AI Features Over Cyber, Privacy Fears

ai, cloud, eu, regulation

Feb 17 2026

EU Parliament disables AI features on devices due to cybersecurity and data protection concerns, as risks from cloud data sharing are evaluated. Lawmakers advised caution with personal devices too.

https://www.politico.eu/article/eu-parliament-blocks-ai-features-over-cyber-privacy-fears/