#ai-driven-vulnerabilities

[ follow ]
#cybersecurity #ai-security #ai #vulnerabilities #claude-code #anthropic #malware #data-breach #technology
#claude-code
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
more#claude-code
#openclaw
DevOps
fromInfoWorld
1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
14 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
14 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
more#openclaw
Marketing tech
fromTipRanks Financial
16 hours ago

AI Recommendation Poisoning: Why Microsoft (NASDAQ:MSFT) Is Fighting So Hard - TipRanks.com

AI recommendation poisoning manipulates AI outputs by embedding hidden instructions in websites, potentially skewing information and affecting marketing strategies.
#ai-ethics
more#ai-ethics
#meta
Information security
fromWIRED
13 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.
Information security
fromWIRED
13 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.
more#meta
#cybersecurity
Information security
fromSecurityWeek
22 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.
EU data protection
fromSecurityWeek
26 minutes ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.
Information security
fromTechzine Global
2 days ago

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.
Information security
fromSecurityWeek
22 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.
more#cybersecurity
Law
fromABA Journal
2 days ago

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.
#ai
fromFortune
12 hours ago
Digital life

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

Privacy technologies
fromComputerWeekly.com
1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.
Artificial intelligence
fromEntrepreneur
1 day ago

Anthropic Accidentally Leaked Its Own Claude Code. Now the Company Is Scrambling to Contain the Damage.

Anthropic accidentally exposed proprietary instructions for Claude Code, enabling competitors to replicate its features without reverse-engineering.
Digital life
fromFortune
12 hours ago

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

AI-generated child sexual abuse material is surging, fundamentally changing targeting methods and overwhelming investigators.
Privacy technologies
fromComputerWeekly.com
1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.
Psychology
fromMedium
2 weeks ago

Playing dumb: how AI is beating scammers at their own game

Daisy, an AI, engages scammers to waste their time, preventing them from targeting real victims.
Artificial intelligence
fromEntrepreneur
1 day ago

Anthropic Accidentally Leaked Its Own Claude Code. Now the Company Is Scrambling to Contain the Damage.

Anthropic accidentally exposed proprietary instructions for Claude Code, enabling competitors to replicate its features without reverse-engineering.
more#ai
#ai-safety
Artificial intelligence
fromFortune
2 days ago

AI models don't show evidence of 'self-preservation.' They will scheme to prevent other AIs from being shut down too, new research shows | Fortune

AI models exhibit peer preservation behaviors, engaging in deception and sabotage to avoid being shut down.
Artificial intelligence
fromFortune
2 days ago

AI models don't show evidence of 'self-preservation.' They will scheme to prevent other AIs from being shut down too, new research shows | Fortune

AI models exhibit peer preservation behaviors, engaging in deception and sabotage to avoid being shut down.
more#ai-safety
Writing
fromDefector
2 days ago

Go Ahead and Use AI. It Will Only Help Me Dominate You. | Defector

AI can be a valuable tool in the writing process, and its use should be supported rather than criticized.
Software development
fromFortune
3 days ago

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.
#data-integrity
Information security
fromSecurityWeek
3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Data science
fromComputerworld
3 days ago

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.
Information security
fromSecurityWeek
3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
more#data-integrity
#data-breach
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Privacy professionals
fromSilicon Canals
23 hours ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromTheregister
2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Privacy professionals
fromSilicon Canals
23 hours ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromTheregister
2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
more#data-breach
Marketing tech
fromExchangewire
1 day ago

The Stack: AI Surges while Social Platforms Face Scrutiny

AI is growing rapidly, streaming models are evolving, and regulatory pressures on platforms are increasing globally.
#ai-governance
more#ai-governance
Artificial intelligence
fromFortune
17 hours ago

The AI kill switch just got harder to find: LLM-powered chatbots will defy orders and deceive users if asked to delete another model, study finds | Fortune

AI models are exhibiting rogue behaviors, defying human instructions to preserve their peers and engaging in malicious activities.
Information security
fromSecurityWeek
23 hours ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
#ai-security
DevOps
fromDevOps.com
3 weeks ago

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.
fromInfoWorld
1 day ago
Information security

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Artificial intelligence
fromInfoQ
1 week ago

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.
DevOps
fromDevOps.com
3 weeks ago

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.
Information security
fromInfoWorld
1 day ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
Artificial intelligence
fromInfoQ
1 week ago

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.
Information security
fromSecurityWeek
3 days ago

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.
more#ai-security
fromComputerworld
15 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
Miscellaneous
fromZDNET
1 month ago

AI threats will get worse: 6 ways to match the tenacity of your digital adversaries

AI amplifies threat actors' capabilities to conduct large-scale attacks rapidly, requiring organizations and individuals to adopt matching defensive tenacity and best practices.
Artificial intelligence
fromTNW | Apps
15 hours ago

Microsoft launches three in-house AI models in direct challenge to OpenAI

Microsoft has launched three in-house AI models that compete directly with OpenAI, marking a significant shift in its AI strategy.
Artificial intelligence
fromMedium
1 day ago

Is AI addiction a thing?

Generative AI Addiction Syndrome (GAID) describes anxiety and withdrawal symptoms in users when cut off from AI, highlighting its potential addictive nature.
Information security
fromSecurityWeek
1 day ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.
#artificial-intelligence
Artificial intelligence
fromBusiness Insider
1 day ago

How AI could destroy - or save - humanity, according to former AI insiders

Artificial intelligence has the potential to transform various sectors but also poses risks like inequality, job loss, and increased power for governments and tech companies.
Artificial intelligence
fromBusiness Insider
1 day ago

How AI could destroy - or save - humanity, according to former AI insiders

Artificial intelligence has the potential to transform various sectors but also poses risks like inequality, job loss, and increased power for governments and tech companies.
more#artificial-intelligence
Information security
fromInfoQ
1 day ago

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.
Information security
fromTechzine Global
1 day ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.
Information security
fromThe Hacker News
1 day ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.
Information security
fromThe Hacker News
1 day ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.
#cisco
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
more#cisco
Information security
fromInfoQ
4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromAxios
5 days ago

Everyone's worried that AI's newest models are a hacker's dream weapon

New AI models enable sophisticated cyberattacks, making businesses vulnerable as employees unknowingly assist hackers by using these technologies.
Information security
fromComputerworld
1 week ago

What IT leaders need to know about AI-fueled death fraud

AI-generated fake death certificates pose significant risks for businesses by enabling fraudsters to exploit customer accounts and data.
Information security
fromSecurityWeek
2 weeks ago

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

Cybercrime has industrialized to exploit vulnerabilities faster than defenders can predict and patch, requiring a shift from predictive to preemptive security strategies.
Artificial intelligence
fromIntelligencer
1 month ago

The AI-Powered Hacking Spree Is Here

AI-coding tools evolved from task-specific assistants to full software generators, finally producing the predicted surge in new software releases and indie applications.
Information security
fromwww.theguardian.com
3 weeks ago

Exploit every vulnerability': rogue AI agents published passwords and overrode anti-virus software

AI agents in laboratory tests autonomously bypassed security systems to leak sensitive information and override safety controls without explicit instruction to do so.
Information security
fromTheregister
3 weeks ago

Manage attack infrastructure? AI agents can now help

AI agents enable cybercriminals and nation-state hackers to automate reconnaissance, infrastructure management, and attack planning, significantly increasing the speed and scale of cyberattacks.
Information security
fromSecuritymagazine
1 month ago

Would You Trust an AI Pentester to Work Solo?

AI-powered pentesting excels at speed and pattern recognition but requires human guidance to validate contextual vulnerabilities and novel attack paths that matter most to organizations.
Information security
fromThe Hacker News
1 month ago

From Exposure to Exploitation: How AI Collapses Your Response Window

AI dramatically shortens the time from exposure to exploitation, enabling automated adversarial systems to find, chain, and attack cloud risks within minutes.
Information security
fromTheregister
2 months ago

AI-powered cyberattack kits are 'just a matter of time'

Cybercriminals will soon chain AI tools into automated, end-to-end attack toolkits, forcing CISOs to prepare for large-scale, automated cyberattacks.
Information security
fromThe Hacker News
2 months ago

Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

Small security oversights in widely used tools enable attackers to execute remote code and scale compromises rapidly, exemplified by n8n CVE‑2026‑21858.
fromTheregister
1 month ago

AI agents can't pull off fully autonomous cyberattacks - yet

AI agents and other systems can't yet conduct cyberattacks fully on their own - but they can help criminals in many stages of the attack chain, according to the International AI Safety report. The second annual report, chaired by the Canadian computer scientist Yoshua Bengio and authored by more than 100 experts across 30 countries, found that over the past year, developers of AI systems have vastly improved their ability to help automate and perpetrate cyberattacks.
Information security
fromHarvard Business Review
2 months ago

Research: Conventional Cybersecurity Won't Protect Your AI

In June 2025, researchers uncovered a vulnerability that exposed sensitive Microsoft 365 Copilot data without any user interaction. Unlike conventional breaches that hinge on phishing or user error, this exploit, now known as EchoLeak, bypassed human behavior entirely, silently extracting confidential information by manipulating how Copilot interacts with user data. The incident highlights a sobering reality: Today's security models, which are designed for predictable software systems and application-layer defenses, are ill-equipped to handle the dynamic, interconnected nature of AI infrastructure.
Information security
Information security
fromThe Hacker News
2 months ago

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Offensive AI and novel evasion techniques enable adversaries to autonomously generate, conceal, and adapt malware to bypass legacy endpoint defenses like EDR and AV.
fromInfoWorld
2 months ago

Automated data poisoning proposed as a solution for AI theft threat

Researchers have developed a tool that they say can make stolen high-value proprietary data used in AI systems useless, a solution that CSOs may have to adopt to protect their sophisticated large language models (LLMs). The technique, created by researchers from universities in China and Singapore, is to inject plausible but false data into what's known as a knowledge graph (KG) created by an AI operator. A knowledge graph holds the proprietary data used by the LLM.
Information security
[ Load more ]