Claude Code CI hijack, RedSun SYSTEM priv esc, Iran AI attacks
Security researcher RyotaK uncovered a permission bypass and prompt injection in Anthropic's Claude Code GitHub Actions, allowing attackers to run workflows on public repos, read /proc/self/environ, and exfiltrate secrets, potentially compromising downstream repositories. Anthropic fixed the bugs in version 1.0.94.
RedSun (CVE‑2026‑41091) exploits a flaw in Windows Defender’s remediation workflow that rewrites quarantined files, letting an unprivileged user write arbitrary data to C:\Windows\System32 and execute code as NT AUTHORITY\SYSTEM. The technique leverages NTFS junction points, opportunistic locks, and volume shadow copies to hijack Defender’s SYSTEM‑privileged file operations.
A Financial Times report finds Iranian cyber actors are systematically using Western AI tools such as ChatGPT and Gemini to draft phishing lures, assist malware development, and conduct target research for military operations, while Tehran builds its own domestic AI platform at Sharif University. OpenAI and Google acknowledge misuse but claim their safety systems block novel capabilities.
ExaTrack analyzed roughly 90 PixyNetLoader samples, identifying four sub‑families and a unified YARA rule. The latest 2026 variants use advanced PNG‑based steganography to hide a Covenant Grunt payload, with new C2 channels and delivery via CVE‑2026‑21509 exploits. The report includes IOCs, detection guidance, and a payload extraction script.
Dashlane detected repeated failed attempts to register new devices and submit authentication tokens, triggering automated protections that temporarily suspended affected user accounts and 2FA access on Sunday afternoon. The precaution aims to safeguard customers while the company investigates the brute‑force campaign.
A Department of Commerce Office of Inspector General report found NIST’s National Vulnerability Database suffering from poor planning, a contract lapse, and duplicated work with MITRE, inflating a backlog from 13 000 to over 27 000 unprocessed vulnerabilities. Auditors call for new processes and staffing reforms to restore trust.
A UK government consultation on the Online Safety Act proposes that platforms block voice and text chat between minors and unknown players. If adopted, games like Fortnite and Roblox would have to prevent children under 16 from talking to strangers, a move aimed at curbing online abuse but raising privacy and implementation concerns.
Pipelock acts as an inline proxy for AI agents, inspecting outbound HTTP, MCP, A2A, and WebSocket traffic for data exfiltration and prompt‑injection attempts. It blocks threats and produces mediator‑signed action receipts that external parties can independently verify, offering transparent egress control across popular AI tooling.
The Screamer tool leverages TTL‑limited probes across ICMP, UDP, and TCP to infer subnet structures without exhaustive port scans. By analyzing ICMP Time Exceeded and other responses, it builds a network graph that reveals routing devices and hidden subnets efficiently, reducing traffic overhead in large address spaces.
Interisle's 2025 analysis reveals that cybercriminals bought at least 10%, potentially 20%, of all new generic top‑level domain registrations, with abuse concentrated among a few registrars and TLDs. The report highlights how cheap, disposable domains fuel phishing, malware, and botnet C2, urging stronger abuse‑prevention measures.
A five‑year census of 65,907 exposed databases found 30,515 (46%) with ransom notes, totaling over 215 billion records at risk. Tracing 514 attacker Bitcoin wallets revealed 62% received no on‑chain payments, yet the data was still destroyed or held. The few wallets that did receive funds captured most of the value, showing a highly concentrated, automated extortion ecosystem.
Subscribe free