Canada's Daily Cybersecurity Intelligence
Claude Code GitHub Action Flaw Enabled Full Repository Takeover via a Single Bot Issue A critical vulnerability in Anthropic’s Claude Code GitHub Action gave attackers the ability to fully compromise any public repository running the tool, using nothing more than a single GitHub issue submitted by a bot account. Discovered by security researcher RyotaK of … Read more
Meta’s AI Support Chatbot Was Weaponized to Hijack Instagram Accounts, No Malware Required A critical flaw in Meta’s AI Support Assistant on Instagram allowed attackers to seize control of accounts belonging to high-profile individuals and organizations using nothing more than a target’s username and a VPN. No malware, no phishing link, no access to the … Read more
AI-Built Ransomware Toolkit Automates EDR Evasion, Leverages Claude Agents for Attack Development Researchers at Sophos have uncovered an active threat actor operating a fully functional, AI-built ransomware toolkit that automates Active Directory (AD) reconnaissance, systematically tests endpoint detection bypass techniques, and uses multiple AI agents, including one powered by Claude Opus 4.5, to build and … Read more
GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks A threat group tracked as GreyVibe is actively using commercial AI platforms, including ChatGPT and Google Gemini, to build convincing attack lures and develop a custom suite of malware tools targeting military, government, civilian, and business organizations. Cybersecurity firm WithSecure identified and reported the campaign in January … Read more