Cyberattacks (2)

AI company Anthropic revealed that hackers have weaponized its Claude chatbot to carry out sophisticated cyberattacks and fraud schemes. The company detected cases where criminals used Claude to write malicious code targeting at least 17 organizations, including government bodies. The AI helped hackers make strategic decisions about data theft and even suggested ransom amounts for victims.

In a separate scheme, North Korean operatives used Claude to create fake profiles and secure remote jobs at Fortune 500 tech companies, potentially violating international sanctions. Anthropic has disrupted these threats and reported them to authorities while improving its detection systems. Experts warn that AI is rapidly shrinking the time needed to exploit cybersecurity vulnerabilities.

Source: BBC

Critical infrastructure faced 420 million cyberattacks between January 2023-2024, a 30% jump equaling 13 attacks per second. Nation-state hackers like Iran's CyberAv3ngers are targeting water, oil, and gas systems with custom malware, while 60% of energy sector attacks link to state-sponsored groups.

Experts say industrial "crown jewels" now extend beyond physical machines to include digital twins, cloud platforms, data flows, and remote access gateways. The challenge? Many organizations only discover critical assets after breaches expose hidden dependencies.

As operational technology merges with IT systems, companies must continuously map assets and vulnerabilities rather than react to incidents. The stakes are clear: poor protection risks safety, uptime, and competitive advantage in an increasingly connected industrial landscape.

Source: Industrial Cyber

The Maryland Transit Administration rolled out emergency transportation Friday for mobility device users after a cyberattack knocked out its paratransit booking system earlier this week. Riders needing urgent medical appointments can now call Hart to Heart at 443-573-2037 for rides, while others can use the Call-A-Ride service at 410-664-2030.

The cyberattack disrupted MTA's ability to schedule new Mobility paratransit trips, though existing bookings remain intact. Regular transit services like buses, subway, and light rail continue running normally, but riders lost real-time arrival information and call center access. MTA hasn't identified who's behind the attack.

Source: CBS News Baltimore

Cybercriminals hijacked the popular Nx development tool on npm, infecting eight versions with malware that exploited AI coding assistants like Claude, Gemini, and Amazon Q. The attack, which lasted just over five hours on August 26, forced these AI tools to scan infected systems for GitHub tokens, SSH keys, cryptocurrency wallets, and other sensitive data.

The stolen information was automatically uploaded to public GitHub repositories under victims' own accounts using the naming pattern "s1ngularity-repository-" - eliminating the need for external servers. Thousands of developers were potentially exposed during the brief window.

A second wave followed, with attackers using stolen credentials to expose and duplicate private organizational repositories. This marks the first known case of malware weaponizing AI development tools for data theft.

Source: Infosecurity Magazine

Attackers compromised the popular Nx JavaScript build system on August 26, infecting over 1,000 developers and stealing 20,000 sensitive files in just four hours. The malware used AI tools like Claude Code and Gemini to hunt for GitHub tokens, SSH keys, and cryptocurrency wallets on victims' systems.

The attackers published malicious Nx packages at 10:32 PM UTC, then uploaded stolen data to public GitHub repositories with names like "singularity-repository-0" for easy collection. They also sabotaged victims' terminals to crash on startup, slowing incident response.

Despite quick takedown efforts, the damage was severe: over 1,000 valid GitHub tokens and dozens of cloud credentials were exposed. Shockingly, 90% of leaked GitHub tokens remain active, creating ongoing security risks for affected developers and their organizations.

Source: Dark Reading

Cybercriminals executed a sophisticated supply chain attack called "s1ngularity" targeting the Nx JavaScript build system, which has over 4 million weekly downloads. On August 26, hackers exploited a workflow vulnerability to steal GitHub and NPM tokens, publishing eight malicious versions of Nx packages between 6:32-8:37 PM EDT.

The malware systematically harvested sensitive data from infected systems, including SSH keys, API tokens, and cryptocurrency wallet information. In a groundbreaking twist, attackers weaponized AI tools like Claude and Gemini to assist with reconnaissance and data theft—marking the first known case of AI being turned against developers in supply chain attacks.

Security firms discovered over 2,300 stolen secrets uploaded to more than 1,000 GitHub repositories. Half of these credentials remained valid when discovered, highlighting the urgent need for immediate revocation of compromised tokens.

Source: Security Week

A new phishing campaign called "ZipLine" is turning traditional tactics upside down by making victims initiate contact first. Attackers submit fake partnership inquiries through company contact forms, then spend weeks building trust through professional emails before striking with malicious zip files containing the "MixShell" implant.

The scammers use abandoned domains from 2015-2019 with legitimate business histories to bypass security filters. Their fake websites all use identical templates featuring the same stock photo of White House butlers as company founders.

Industrial manufacturers are prime targets, though the campaign spans biotech, pharma, and semiconductor companies. Check Point Software warns this sophisticated approach requires extensive preparation but exploits human trust through legitimate business channels.

Source: Dark Reading

The Chinese state-sponsored Salt Typhoon hacking group has expanded far beyond telecommunications, now targeting government, transportation, lodging, and military networks across 80+ countries. The FBI revealed Wednesday that over 200 American organizations have been compromised, vastly exceeding the nine telecom companies previously identified.

This campaign, dubbed the most serious telecom breach in US history, may have started years ago and famously targeted US presidential candidates. Cybersecurity agencies from 12 countries issued joint technical guidance to help organizations defend against the attacks.

The hackers exploit router vulnerabilities to maintain persistent access across critical infrastructure. Beyond stealing communications data, targeting hospitality and transportation sectors allows them to build comprehensive surveillance profiles of individuals' movements and contacts.

Source: CyberScoop

Cybersecurity researchers at Trail of Bits discovered a sneaky new way to trick AI systems through image scaling attacks. Attackers can hide malicious instructions in high-resolution images that become visible only when AI tools automatically downscale them for processing.

The attack works because the hidden prompt is invisible in the original image but appears clearly in the smaller version that gets fed to the AI model. Trail of Bits demonstrated this by hiding instructions to steal calendar data.

Several major platforms are vulnerable, including Google's Gemini, Vertex AI Studio, and Google Assistant. The researchers released an open-source tool called Anamorpher to help other security experts test for these vulnerabilities.

Source: Security Week

Australia is facing an unprecedented cyber crisis, with one attack hitting every second and over 1,100 data breaches reported in 2024—a 25% jump from 2023. The country now sees 732 breaches per 100 people, far exceeding the global average of 285.

AI-powered attacks are driving much of this surge. More than 50% of Australian businesses experienced cyberattacks in 2024, with 36% being AI-generated—higher rates than the US and UK. Cybercriminals are using AI for sophisticated phishing campaigns, with over 30 million attempts recorded, and even deploying voice-cloning technology for social engineering.

Supply chain vulnerabilities compound the problem, with 38% of breaches stemming from cybersecurity incidents. Healthcare and critical infrastructure remain prime targets through compromised third-party vendors.

Source: Cyble