Meridiano
Three critical vulnerabilities in Anthropic's Claude Code AI tool exposed developers to machine takeover and credential theft by simply opening a malicious project repository. The flaws, which have been fixed, involved malicious configuration files executing commands without user consent. This incident highlights significant security risks in AI-powered development tools, which can introduce new attack surfaces into software supply chains.
Articles infosec
Showing articles 106 - 120 of 167 total (matching filters).
-
infosec 5 -
infosec 5The seizure of the RAMP cybercrime forum by U.S. authorities has fragmented the ransomware ecosystem, forcing actors to migrate to new platforms. Two emerging forums, the closed and paid T1erOne and the more open Rehub, are filling the void, attracting different segments of ransomware groups. This fragmentation reduces defenders' visibility, requiring them to adapt by monitoring actor migration and recruitment signals across multiple platforms instead of a single centralized forum. The main topics covered are the law enforcement action against RAMP, the resulting shift in ransomware operations to new forums, and the implications for cybersecurity defense strategies.
-
infosec 3The PCI Security Standards Council's first annual report highlights that threats to payment systems are accelerating in sophistication and scale. The report emphasizes the council's increased focus on global collaboration, training, and transparency to address these risks. It notes that payment security has become a core business concern, moving beyond niche compliance. The evolving, complex payments ecosystem introduces risks like fragmentation between innovation and security.
-
infosec 6Google disrupted the infrastructure of a suspected China-linked cyber espionage group, UNC2814, which breached at least 53 organizations globally. The group used a novel backdoor called GRIDTIDE that abused the Google Sheets API to disguise its command-and-control communications. Key topics covered include the group's tactics, the technical details of the GRIDTIDE malware, and Google's actions to terminate the attacker's projects and infrastructure.
-
infosec 5Cybersecurity researchers disclosed critical vulnerabilities in Anthropic's Claude Code AI assistant that could allow remote code execution and API credential theft. The flaws, which exploit configuration mechanisms like hooks and environment variables, enable attackers to execute arbitrary commands and steal API keys simply by having a user open a malicious repository. Three specific vulnerabilities were detailed, including two high-severity code injection flaws and an information disclosure issue, all of which have been patched in subsequent software updates. The incident highlights an expanded threat model where merely opening an untrusted project in an AI development environment can compromise security.
-
infosec 6Malicious Next.js repositories are being used to target developers through fake job interviews, aiming to establish remote code execution and persistent command-and-control access on infected machines. Microsoft researchers linked this activity to a broader cluster of threats, associated with North Korea's Lazarus APT, that use job-themed lures to infiltrate developer workflows. The campaign's objective is to compromise systems containing high-value assets like source code and cloud access. The attack employs methods like abusing Visual Studio Code automation or embedding obfuscated code into development assets to retrieve and execute malicious payloads.
-
infosec 5The cybercrime group Scattered LAPSUS$ Hunters (SLH) is recruiting women with financial incentives to conduct voice phishing attacks against IT help desks, aiming to increase their success rate through social engineering. The group, known for sophisticated attacks to bypass multi-factor authentication, uses these methods to gain initial access, move laterally within networks, and exfiltrate data, sometimes deploying ransomware. They heavily rely on legitimate tools and services to evade detection. Organizations are advised to enhance help desk training, enforce strict verification, and harden MFA policies. The main topics covered are the group's new recruitment tactic, its attack methods, and recommended defensive measures.
-
infosec 3The article outlines common failures in security triage processes and how top teams address them. Key issues include making decisions without concrete evidence, inconsistent outcomes due to analyst seniority, and delays that give attackers more time. The proposed solution centers on using interactive sandboxes to obtain execution evidence quickly, enabling faster, evidence-backed verdicts within about a minute. This approach aims to reduce costs, improve consistency across shifts, and shorten response times.
-
infosec 5A new phishing technique called telephone-oriented attack delivery (TOAD) is successfully bypassing email security gateways. In these attacks, emails contain only a phone number, often impersonating a trusted entity like PayPal, prompting the recipient to call and be socially engineered. This method accounted for nearly 28% of detected gateway-bypassing threats in recent research, as the phone number payload is indistinguishable from legitimate contact information. Attackers are increasingly using multiple evasion techniques simultaneously, tailoring their approach based on the target's email platform to improve success rates.
-
infosec 5Cybersecurity researchers identified four malicious NuGet packages targeting ASP.NET developers to steal sensitive data and create backdoors. The packages, published in August 2024 and downloaded over 4,500 times, exfiltrate ASP.NET Identity data and manipulate authorization rules. The campaign aims to compromise the applications built by developers, allowing threat actors persistent access to production systems. In a related incident, a malicious npm package named 'ambar-src' was also disclosed, having been downloaded over 50,000 times before removal.
-
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
infosec 3A new scoring system called the Operational Technology Incident (OTI) Impact Score has been developed to measure the severity of cybersecurity events in industrial control and operational technology environments. Modeled after the Richter Scale, it rates incidents based on their severity, geographic reach, and duration to provide a clear, standardized assessment of business impact. The tool aims to help executives, insurers, and the media better understand and respond to OT cyber incidents, which are often mischaracterized. The score will be determined by vetted industry volunteers through an online portal shortly after an event occurs.
-
infosec 4Manual processes for transferring sensitive data remain prevalent in national security organizations, creating significant security vulnerabilities and operational inefficiencies. These manual methods introduce risks like human error, delays, and exploitable gaps that adversaries can target, compromising mission assurance. Key barriers to automation include legacy systems, complex procurement cycles, cultural trust in manual oversight, and fear of disruption during technology transitions. The article concludes that persisting with manual handling undermines critical principles of speed, accuracy, and trust in contested environments.
-
infosec 3Mexican Army Special Forces killed Nemesio "El Mencho" Oseguera Cervantes, leader of the Jalisco New Generation Cartel (CJNG). His death is expected to cause a major reconfiguration in global drug trafficking and potentially increase violence. The article details the CJNG's origins as a splinter group from the Sinaloa Cartel and its rapid expansion into a global criminal enterprise involved in drug trafficking, extortion, and migrant smuggling. It also highlights the cartel's sophisticated use of technology, including social media for recruitment and AI for financial scams, to build its operational capacity.
-
infosec 5An Australian national and former U.S. defense contractor employee, Peter Williams, was sentenced to over seven years in prison for selling eight zero-day cyber exploits to the Russian broker Operation Zero for millions in cryptocurrency. The stolen tools, intended for U.S. government use, could have enabled global cybercrime and espionage, causing significant financial loss to his employer. In response, the U.S. government sanctioned Operation Zero, its director Sergey Zelenyuk, and related entities for acquiring and distributing these tools, which they marketed to non-NATO countries and intelligence agencies. The main topics covered are the criminal conviction and sentencing for trade secret theft, the details of the cyber exploit sale to a Russian entity, and the subsequent U.S. sanctions against the foreign brokers.
-
infosec 5A major international law enforcement operation called Red Card 2.0 resulted in 651 arrests and the recovery of over $4.3 million from cybercriminal groups across Africa. The operation, involving Interpol, 16 African countries, and private cybersecurity firms, targeted various fraud schemes including investment scams and a syndicate that infiltrated a telecom provider. The article highlights that cybercrime in Africa is increasingly organized and transnational, with criminals using AI to enhance attacks like phishing. It also emphasizes the growing importance of public-private partnerships and regional cooperation to combat these threats despite resource challenges for some local agencies. The main topics covered are the results of Operation Red Card 2.0, the nature of cybercrime in Africa, and the collaborative efforts to fight it.