Weekly threat intelligence roundup covering major data breaches at Instructure (Canvas), Zara, Mediaworks, and Škoda. AI-related threats include a critical WebSocket hijacking flaw in the Cline coding agent (CVSS 9.7), a vulnerability in Anthropic's Claude Chrome extension, and a malware campaign using fake Claude AI installers. Critical vulnerabilities patched include MOVEit Automation auth bypass, Ivanti EPMM zero-day, and an active Palo Alto PAN-OS buffer overflow with no fix yet. Threat actor reports cover Iran's MuddyWater using Chaos ransomware for espionage, Silver Fox phishing campaigns, a large-scale adversary-in-the-middle phishing operation targeting 35,000 users, China-linked UAT-8302 espionage, and a NuGet supply chain attack with 65,000 downloads of malicious packages.
Sort: