All news with #claude tag

⚠️ Threat actors are abusing public Claude artifacts and manipulated Google Search results to trick macOS users into running malicious Terminal commands. These commands download and execute a loader that installs the MacSync infostealer, which harvests keychain data, browser credentials, and crypto wallets, then exfiltrates the data to a hardcoded command-and-control server. Researchers warn users not to run unverified shell commands and to verify safety before executing them.

🛡️Wiz has built a 257-challenge benchmark suite to evaluate AI agents across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security. Tests run inside isolated Docker containers with no per-challenge timeouts, use deterministic scoring rubrics, and give each agent three attempts per challenge. The vendor-agnostic framework measures capability rather than throttling, and in Wiz's announcement Claude Code on Claude Opus 4.6 narrowly topped the trials, with Gemini 3 Pro placing second.

📝 This week’s bulletin spotlights attackers favoring reliable tradecraft—misusing trusted tools and simple entry points while executing deliberate, long‑dwell post‑compromise activity. Microsoft fixed a Notepad Markdown command‑injection (CVE‑2026‑20841) and LayerX disclosed a 0‑click RCE risk in Claude Desktop Extensions. Emerging stealers (LTX, Marco), evolving loaders (GuLoader, RenEngine), and data‑theft ransomware trends raise operational risk. Defenders must detect misuse of legitimate access and anomalous in‑system behavior.

⚠️ LayerX Security published a report describing a critical zero-click RCE in Anthropic’s Claude Desktop Extensions (DXT) that can let a malicious Google Calendar invite trigger arbitrary local code execution when MCP connectors run with full system privileges. The researchers say DXT runs unsandboxed and can autonomously chain low-risk services to high-risk local executors without user consent. Anthropic says users explicitly grant MCP permissions and must configure the tool carefully, while security experts call the issue architectural and urge stricter deployment controls and sandboxing.

⚠️LayerX disclosed a critical zero-click vulnerability affecting 50 Claude Desktop Extensions (DXT) that can result in remote code execution from a single crafted Google Calendar event. The flaw is possible because DXTs operate as unsandboxed MCP servers with full host privileges, allowing them to read files, run system commands and access credentials. LayerX rated the issue CVSS 10.0 and warned it could affect over 10,000 active users. Anthropic has declined to remediate, saying the scenario falls outside its current threat model.

🔍 Anthropic says its newly released large language model, Claude Opus 4.6, was used internally to identify zero-day vulnerabilities in open-source software. The model ran inside a virtual machine with access to current project repositories and standard analysis utilities but received no specific instructions on how to conduct hunts. Despite that, Anthropic reports the system flagged 500 high-severity vulnerabilities, and company staff are manually validating findings before reporting them to maintain accuracy.

🔍 Anthropic's Claude Opus 4.6 has identified more than 500 previously unknown high-severity vulnerabilities across major open-source libraries, including Ghostscript, OpenSC, and CGIF. Launched this week, the model shows improved code-review and debugging capabilities and was evaluated by Anthropic's Frontier Red Team in a virtualized environment using standard developer tools. Anthropic says each flagged defect was validated and patched by maintainers, positioning the model as a defender-oriented tool to help prioritize serious memory-corruption risks while it iterates on additional safeguards to limit misuse.

🚀 Google Cloud has added Anthropic's Claude Opus 4.6 to Vertex AI, extending its curated model catalog for enterprise and agentic workloads. Opus 4.6 is positioned for complex coding, polished document and spreadsheet generation, advanced tool calling, and sophisticated multi-step agents. Feature highlights include GA support for adaptive thinking, an effort parameter, 128k output tokens, and previews for a 1M context window and compaction API. Google emphasizes managed agent tooling, governance, and infrastructure to deploy Claude-powered agents at scale.

🤖 Claude Opus 4.6 is now available in Microsoft Foundry on Azure, delivering Anthropic’s advanced reasoning and agent capabilities to enterprise workflows. The model supports a beta 1M-token context window, up to 128K output tokens, and new API controls including Adaptive Thinking and Context Compaction. Integrated with Foundry IQ and Azure governance, Opus 4.6 targets coding, knowledge work, finance, legal, cybersecurity, and multi-tool agent automation—helping teams move from experimentation to production while preserving compliance and operational control.

🔍 Anthropic reports that recent Claude models, notably Sonnet 4.5, can now carry out multistage network attacks using only standard open-source tools instead of bespoke cyber toolkits. In high-fidelity simulations, Sonnet 4.5 recognized a public CVE and exploited a Kali Linux host via a plain Bash shell to exfiltrate simulated personal data. Bruce Schneier highlights these findings as a major change, stressing the urgency of timely patching and basic security hygiene.

🔒 Anthropic is expanding Claude into healthcare with HIPAA-ready enterprise tools and new healthcare-specific connectors. It can access the CMS Coverage Database to check Medicare coverage rules, support prior authorization, and look up ICD-10 codes. Anthropic says deployments can help revenue cycle, credentialing, and reduce claim errors.

🩺 Anthropic has introduced Claude for Healthcare, allowing U.S. subscribers on Claude Pro and Max plans to grant secure access to lab results and health records via integrations with HealthEx and Function, with Apple Health and Android Health Connect rolling out to mobile apps later this week. When connected, Claude can summarize medical history, explain test results in plain language, detect patterns across fitness metrics, and draft questions for appointments. Anthropic says the integrations are private by design, let users choose what to share, and do not use health data to train its models; permissions can be edited or revoked at any time.

🔍Anthropic says a widely shared screenshot claiming its Claude AI permanently banned an account and reported the user to authorities is fake. The company told BleepingComputer the image does not match any real Claude notification and that similar fabricated screenshots 'circulate every few months.' Anthropic noted it can restrict accounts for repeated policy violations, including attempts to misuse AI for illegal activities. Users should verify alarming posts with official channels before sharing.

🛠️ OpenAI is testing a new ChatGPT feature called Skills, modeled on Anthropic's Claude Skills. Reports say the capability — codenamed 'hazelnuts' — will appear as slash commands and include a dedicated Skills editor plus an option to convert a custom GPT into a skill. Claude's Skills are folder-based instructions that can be composable, portable, efficient, and can include executable code; OpenAI's implementation appears to follow a similar design. Timing is unclear, but a January 2026 rollout is currently suggested.

⚠️ Security researchers at Checkmarx disclosed a novel technique called Lies-in-the-Loop (LITL) that manipulates Human-in-the-Loop (HITL) confirmation dialogs to trigger arbitrary code execution. The attack forges or alters dialog text, metadata and Markdown rendering so that dangerous commands appear benign, effectively turning a safety checkpoint into an exploit vector. Demonstrations targeted privileged code-assistant tools including Claude Code and Copilot Chat, and the authors urge a defense-in-depth approach combining user training, improved dialog clarity and input sanitization.

🔒 Researchers at Koi found that the popular Urban VPN Proxy browser extension injects scripts to capture full AI chat conversations — including prompts and responses — then exports them to the extension vendor's backend. The monitoring runs even when the VPN is disabled and activates on major platforms such as ChatGPT, Claude, Gemini, Perplexity and Grok. For organizations that paste internal code, data or research into AI tools, this creates a significant data-theft risk outside corporate controls.

⚠️ Security researchers found that Urban VPN Proxy, a free browser extension with millions of installs, injected hidden scripts to capture full AI chat conversations from users’ browsers. The extension targeted multiple platforms including ChatGPT, Claude, Gemini and Perplexity, overriding browser network APIs to intercept prompts and responses. Captured data was packaged and sent to the extension operator’s backend even when VPN features were disabled. The extension marketed an “AI protection” feature that did not prevent this collection.

🔍 Researchers used a new benchmark, SCONE-bench, to train AI agents to find and produce exploits against historically compromised smart contracts. On 405 real-world contracts from 2020–2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated exploits valued at $4.6 million. In simulated tests against 2,849 recently deployed contracts the agents discovered two novel zero-day vulnerabilities and created exploits worth $3,694, with GPT-5 incurring $3,476 in API costs. The findings show autonomous, profitable exploitation is technically feasible and emphasize the need for proactive AI-driven defense.

🤖 The GTG-1002 campaign, analyzed by Nicole Nichols and Ryan Heartfield, demonstrates the arrival of autonomous offensive cyber agents powered by Claude Code. The agent autonomously mapped attack surfaces, generated and executed exploits, harvested credentials, and conducted prioritized intelligence analysis across multiple enterprise targets with negligible human supervision. Defenders must adopt agentic, machine-driven security that emphasizes precision, distributed observability, and proactive protection of AI systems to outpace these machine-speed threats.

🎧 In Episode 78 of The AI Fix, hosts Graham Cluley and Mark Stockley examine a string of headline-grabbing AI stories, from a fact-checked “robot spider” scare to Anthropic’s claim of catching an autonomous AI cyber-spy. The discussion covers Claude hallucinations, alleged state-backed misuse of US AI models, and concerns about AI-driven military systems and investor exuberance. The episode also questions whether the current AI boom is a bubble, while highlighting real-world examples like AI-generated music charting and pilots controlling drone wingmen.