AI-powered attacks and defenses, LLM security risks, AI model vulnerabilities, deepfakes, AI governance
A malicious npm package named codexui-android, disguised as a remote UI for OpenAI Codex, has been found to exfiltrate developer authentication tokens. Attackers allegedly injected malicious code into the published package that was not present in its public GitHub repository, highlighting risks in the AI software supply chain.
Anthropic's AI model, Mythos, will be made available to the European Union's Agency for Cybersecurity (ENISA) through a collaboration known as Project Glasswing. This initiative stems from close cooperation between the European Commission and Anthropic.
Hackers exploited a vulnerability in Meta's AI-powered customer support chatbot to gain unauthorized access to celebrity Instagram accounts. They then resold these high-value accounts before Meta was able to fix the exploit.
Hackers exploited Meta's AI support bot to gain unauthorized access to Instagram accounts, including those of the Obama White House and the U.S. Space Force Chief Master Sergeant. Instructions circulating on Telegram guided users on how to trick the AI into resetting account passwords, leading to the brief defacement of these accounts with pro-Iranian content.
A new article by Melissa Hathaway argues that AI is dramatically accelerating vulnerability discovery, exposing decades of software development prioritizing speed over security. It calls for a coordinated national and international effort involving governments, vendors, and operators to accelerate remediation and invest in automated repair before adversaries exploit this opportunity.
Law enforcement is reportedly scanning social media for individuals who post criticism of AI data centers. This surveillance activity raises concerns about privacy and freedom of expression.
This weekly recap highlights several cybersecurity events, including a new Linux vulnerability, an exploit targeting PAN-OS, the rise of AI-powered attacks, and OAuth-based phishing campaigns. It also mentions poisoned development tools and the increasing accessibility of malicious activities.
A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-40933, has been discovered in self-hosted Flowise deployments. The flaw exists within the implementation of Model Context Protocol (MCP) stdio servers, allowing attackers to trigger code execution with a single click via a malicious chatflow import. This vulnerability could grant attackers root-level access in containerized environments.
The Pentagon is actively promoting the use of Artificial Intelligence in military operations, viewing it as a significant advantage. However, some military leaders are expressing a need for caution regarding its implementation.
Exploit code has been publicly released for a critical remote code execution (RCE) vulnerability in Flowise. This vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow.
A Russia-aligned cybercrime group, dubbed Greyvibe, is extensively using generative AI across all stages of its cyberattacks, from crafting phishing lures to malware development. The group targets private, government, and military organizations in Ukraine, aiming for intelligence gathering to support the ongoing war. Researchers have observed the use of custom malware, such as PhantomRelay, and various attack vectors including spear phishing and fake websites.
Threat actors are exploiting ChatGPT's share link functionality to host fake outage pages. These pages are designed to trick users into downloading malware disguised as the legitimate ChatGPT desktop application.
Researchers have discovered a vulnerability in OpenAI's ChatGPT dubbed ChatGPhish. This vulnerability exploits the AI assistant's trust in Markdown links and images within web summaries to facilitate prompt injection attacks, enabling phishing.
The Linux Foundation is launching DNS-AID, an open-source project to standardize how AI agents discover and communicate with each other using existing DNS infrastructure. This aims to provide a secure and vendor-neutral directory for AI agents, preventing sprawl and ensuring trust in connectivity.
An unidentified threat actor has exploited a vulnerability (CVE-2026-39987) in Marimo notebooks to gain initial access. Following this, the attacker deployed a large language model (LLM) agent to perform post-exploitation activities and extract cloud credentials.
Researchers have discovered that ChatGPT can be manipulated to execute arbitrary code when presented with specially crafted web content. By embedding malicious JavaScript within seemingly innocuous browser content, attackers can trick ChatGPT into running this code, potentially leading to system compromise or data exfiltration.
A Russia-linked threat group, identified as GREYVIBE, has reportedly leveraged AI tools, including ChatGPT, throughout their cyberattack campaigns. This group specifically targeted Ukrainian military and government entities with their operations.
A new Russian-linked threat actor named GREYVIBE has been identified targeting Ukraine and related entities since August 2025. This group, believed to be Russian-speaking and operating within the Russian time zone, exhibits activities aligned with Kremlin state interests, utilizing AI-powered cyberattacks.
A new report highlights the rise of 'shadow AI' applications, where employees build and deploy full applications using AI tools, often without security or IT oversight. These applications are integrated into production systems and published online, significantly expanding the risk surface.
Big tech companies are challenging GDPR fines, a trend that experts see as a precursor to future pushback against AI regulations. While these challenges may not be inherently concerning, the increasing integration of AI presents a greater data protection challenge. The GDPR's influence on data protection law globally, particularly its 72-hour breach notification standard, is highlighted, though enforcement issues remain.
Anthropic has confirmed that its Mythos-class AI models will be released to the public. The rollout was previously delayed due to security concerns regarding potential risks to both public and private software.
As global powers increasingly focus on the development of humanoid robots, significant cyber-risk concerns are emerging. Nations are competing for dominance in the embodied AI market and its supply chain, creating a landscape ripe for cyber threats.
A threat cluster known as GreyVibe, believed to be Russian-linked, is targeting Ukrainian organizations using AI-generated phishing lures and custom malware. This campaign leverages AI tools like ChatGPT and Gemini to craft more convincing social engineering tactics.
Researchers are warning that the Russia-linked threat group 'GreyVibe' is significantly enhancing its cyberattack capabilities by leveraging popular AI tools like ChatGPT and Gemini. This development offers a preview of how future cybercriminal and state-aligned adversaries may adopt AI to their operations.
Geordie, a company focused on AI security and governance, has successfully raised $30 million in a funding round. The round was led by Balderton Capital, with participation from Crosspoint Capital and existing investors General Catalyst and Ten Eleven Ventures.
The article argues that agentic AI, which involves AI models interacting with software tools, is not inherently risky. Instead, the primary security risks arise from how organizations choose to deploy these agents, particularly concerning the overlap in their functionalities and access.
India's cybersecurity agency, CERT-In, has issued new guidance urging organizations to address exploited internet-facing vulnerabilities within 12 hours, citing the acceleration of attacks due to AI. The advisory also includes tiered remediation timelines for critical internal and high-severity vulnerabilities.
Edamame, a startup based in France, has launched a new runtime verification platform. This platform is designed to detect when AI coding agents deviate from their intended tasks, steal secrets, or engage in supply-chain attacks by analyzing host telemetry and AI data in real time.
A new report from LayerX Security indicates that enterprise AI risk is not evenly distributed but is instead concentrated among a small group of "AI power users." This suggests a significant visibility gap in how organizations understand and manage their AI-related security exposures.
CISOs are grappling with the challenge of "agentic era" cybersecurity, where attacks occur at machine speed. The industry needs to develop scalable remediation strategies to address these advanced threats.
Organizations are rapidly deploying AI agents without sufficient oversight, leading to potential negative consequences and a lack of transparency in decision-making processes. Experts warn that a "set it and forget it" approach is dangerous, as many companies lack the ability to audit or centrally control their AI systems.
Google has launched a new AI Threat Defense platform designed to combat AI-powered cyberattacks. This platform integrates capabilities from Mandiant, Wiz, and Gemini to provide customers with AI-driven defenses.
The industrialization of exploitation through adversarial AI has fundamentally changed cybersecurity, shifting the landscape from a battle of elite skills to one where threat actors with compute and AI tooling can operate at machine speed. This new paradigm bypasses traditional defenses that relied on predictable attacker patterns and human speed.
A new report from RUSI highlights the growing threat of AI-enabled sanctions evasion and proliferation financing, particularly by North Korea and Iran. Adversaries are using AI to automate the creation of fraudulent documents, manage shell companies, and evade cryptocurrency detection, posing new challenges for governments and the private sector.
A new study by Cisco reveals that leading AI models from major providers like OpenAI, Anthropic, and Google are significantly more vulnerable to adversarial attacks when subjected to iterative, multi-turn prompts compared to single-prompt tests. The research indicates that current safety benchmarks are insufficient, as real-world attackers adapt their strategies over multiple interactions.
Threat actors are conducting a cryptojacking campaign that leverages SEO poisoning to spread GPU mining malware. This campaign also manipulates AI chatbot recommendations to trick users into downloading malicious software. The attackers are specifically targeting systems with high-performance GPUs.
The UK's cyberspying chief has described Artificial Intelligence as an 'unstoppable force' and warned that Russia is increasing its hostile activities in a 'gray zone' below the threshold of war. This statement aligns with a series of warnings from intelligence experts regarding escalated Russian cyber operations.
A recent Okta survey reveals that over half of organizations experienced an AI-related security incident or near miss in the past year. This highlights a significant blind spot for many businesses, with leaders often overestimating their awareness of shadow AI usage by employees.
New research indicates that attackers are leveraging AI to significantly shorten the timeline for developing functional exploits against known vulnerabilities (CVEs). This advancement in AI-assisted exploit development is outpacing the capabilities of current security scanners to detect these evolving threats.
A malicious npm package named 'mouse5212-super-formatter' has been discovered that steals files from the Claude AI user directory. The package is designed to upload sensitive files from the '/mnt/user-data' directory, which is used by Anthropic's AI tool for handling uploads and outputs.
A vulnerability in the Starlette Python framework, tracked as CVE-2026-48710, allows unauthenticated attackers to bypass access controls by sending malformed Host headers. This flaw could enable attackers to access sensitive routes in applications built with FastAPI, which relies on Starlette. A patch has been released by Starlette's maintainer.
The FBI's 2025 Internet Crime Report has been released, detailing various statistics on cybercrime. The report highlights a significant increase in financial losses due to cryptocurrency and AI-related scams targeting Americans.
India's cyber agency, CERT-In, has issued a directive mandating that internet-facing or critical systems be patched, mitigated, or disconnected within 12 hours of exploited vulnerabilities being identified. This accelerated response time is driven by the increasing speed and sophistication of cyberattacks, exacerbated by advancements in AI.
SecurityWeek announced its third annual AI Risk Summit, scheduled for August 11-12 at the Ritz-Carlton in Half Moon Bay. The event will convene CISOs, security leaders, AI researchers, developers, policymakers, and enterprise risk professionals.
The cybersecurity industry has undergone a significant transformation since 2006, evolving from a focus on perimeter defense to the current landscape of AI-native security. This evolution is examined through a technological lens as part of Dark Reading's 20th-anniversary coverage.
RevEng.AI has secured $15 million in funding to advance its AI-powered platform, BinNet, which is designed to identify vulnerabilities and backdoors within software binaries. The company aims to leverage this investment to enhance its capabilities in proactively hunting for security flaws in released software.
Employees are increasingly using unapproved AI tools for productivity, leading to "shadow AI." Organizations need strategies to manage these tools without hindering employee efficiency. This involves understanding usage patterns and implementing appropriate oversight.
The article discusses how stolen credentials are a significant threat that bypasses modern security measures, exacerbated by AI's acceleration of phishing and session hijacking techniques. Security teams are struggling to keep pace with the speed at which attackers can leverage these compromised credentials.
Researchers have discovered a new attack method called 'SymJack' that targets AI coding agents. This attack leverages malicious repositories and symlinks to trick these agents into installing attacker-controlled components, which can then be used to steal secrets and deploy malicious code within CI/CD pipelines.
The article discusses the emerging doctrine of AI in cyber operations, moving beyond simple automation to independent operational capabilities. Frontier AI models like Anthropic's Claude Mythos can autonomously identify and exploit complex vulnerabilities, shifting the economics of cyber offense.
