From Anthropic: > In mid-September 2025, we detected suspicious activity that later > investigation determined to be a highly sophisticated espionage campaign. The > attackers used AI’s “agentic” capabilities to an unprecedented degree­—using > AI not just as an advisor, but to execute the cyberattacks themselves. > > The threat actor—­whom we assess with high confidence was a Chinese > state-sponsored group—­manipulated our Claude Code tool into attempting > infiltration into roughly thirty global targets and succeeded in a small > number of cases. The operation targeted large tech companies, financial > institutions, chemical manufacturing companies, and government agencies. We > believe this is the first documented case of a large-scale cyberattack > executed without substantial human intervention...

Lots of interesting details in the story: > The US Department of Justice on Wednesday announced the indictment of 12 > Chinese individuals accused of more than a decade of hacker intrusions around > the world, including eight staffers for the contractor i-Soon, two officials > at China’s Ministry of Public Security who allegedly worked with them, and two > other alleged hackers who are said to be part of the Chinese hacker group > APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury > breach late last year. > > […] > > According to prosecutors, the group as a whole has targeted US state and > federal agencies, foreign ministries of countries across Asia, Chinese > dissidents, US-based media outlets that have criticized the Chinese > government, and most recently the US Treasury, which was breached between > September and December of last year. An internal Treasury report ...

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: > The thousands of apps, included in hacked files from location data company > Gravy Analytics, include everything from games like Candy Crush to dating apps > like Tinder, to pregnancy tracking and religious prayer apps across both > Android and iOS. Because much of the collection is occurring through the > advertising ecosystem­—not code developed by the app creators themselves—­this > data collection is likely happening both without users’ and even app > developers’ knowledge...

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers. > Legal documents released in ongoing US litigation between NSO Group and > WhatsApp have revealed for the first time that the Israeli cyberweapons maker > ­ and not its government customers ­ is the party that “installs and extracts” > information from mobile phones targeted by the company’s hacking software...