Latest news as of 2/26/2026, 12:58:12 AM
The Register
Anthropic fixed the flaws - but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an untrustworthy project.…
Graham Cluley
When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.
Bleeping Computer
American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. [...]
Dark Reading
The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains.
Dark Reading
The PCI Security Standards Council experienced a record year in many regards, but its first annual report shows it needs to work even faster to stay ahead of attackers.
Dark Reading
Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.
Bleeping Computer
The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. [...]
Dark Reading
A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account.
The Register
UNC2814 historically targets governments and telcos A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits.…
The Hacker News
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"