Canada's Daily Cybersecurity Intelligence
Claude Code GitHub Action Flaw Enabled Full Repository Takeover via a Single Bot Issue A critical vulnerability in Anthropic’s Claude Code GitHub Action gave attackers the ability to fully compromise any public repository running the tool, using nothing more than a single GitHub issue submitted by a bot account. Discovered by security researcher RyotaK of … Read more
Meta’s AI Support Chatbot Was Weaponized to Hijack Instagram Accounts, No Malware Required A critical flaw in Meta’s AI Support Assistant on Instagram allowed attackers to seize control of accounts belonging to high-profile individuals and organizations using nothing more than a target’s username and a VPN. No malware, no phishing link, no access to the … Read more
AI-Built Ransomware Toolkit Automates EDR Evasion, Leverages Claude Agents for Attack Development Researchers at Sophos have uncovered an active threat actor operating a fully functional, AI-built ransomware toolkit that automates Active Directory (AD) reconnaissance, systematically tests endpoint detection bypass techniques, and uses multiple AI agents, including one powered by Claude Opus 4.5, to build and … Read more
Anthropic Confirms Claude Mythos AI Models Are Coming to the General Public Anthropic has confirmed that it will bring Claude Mythos-class models to general public availability, ending one of the most tightly controlled AI model restrictions in the industry. The company withheld the model from public release since April 2026, citing the risk that a tool capable … Read more
GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks A threat group tracked as GreyVibe is actively using commercial AI platforms, including ChatGPT and Google Gemini, to build convincing attack lures and develop a custom suite of malware tools targeting military, government, civilian, and business organizations. Cybersecurity firm WithSecure identified and reported the campaign in January … Read more