‘Vibe-hacking’ is now a top AI threat
https://www.theverge.com/ai-artificial-intelligence/766435/anthropic-claude-threat-intelligence-report-ai-cybersecurity-hacking

Anthropic’s new report shows how bad actors are misusing Claude —and, likely, other AI agents.

“Agentic AI systems are being weaponized.”

That’s one of the first lines of Anthropic’s new Threat Intelligence report, out today, which details the wide range of cases in which Claude — and likely many other leading AI agents and chatbots — are being abused.

First up: “Vibe-hacking.” One sophisticated cybercrime ring that Anthropic says it recently disrupted used Claude Code, Anthropic’s AI coding agent, to extort data from at least 17 different organizations around the world within one month. The hacked parties included healthcare organizations, emergency services, religious institutions, and even government entities.

“If you’re a sophisticated actor, what would have otherwise required maybe a team of sophisticated actors, like the vibe-hacking case, to conduct — now, a single individual can conduct, with the assistance of agentic systems,” Jacob Klein, head of Anthropic’s threat intelligence team, told The Verge in an interview. He added that in this case, Claude was “executing the operation end-to-end.”

Australia täräyttää kovan kiellon alle 16-vuotiaille
https://www.is.fi/digitoday/art-2000011395401.html

What it means is that no system connected to the internet can be defended.

Our own national cybersecurity agency asked UK businesses to make this presumption in 2020. The reason this hasn’t been bigger news is that we’ve become fatalistic and weary, as one cybersecurity attack follows another.

Andrew Orlowski
Chinese hackers have seized control. How did we let this happen?
The complacency of the great and good of IT has left the West horribly exposed to Beijing
https://www.telegraph.co.uk/business/2025/07/28/chinese-hackers-seized-control-how-let-it-happen/

A civilisation that cannot defend itself really should not expect to survive, and after the latest cybersecurity news, I wonder how it can.

An official advisory was recently sent out to the US military, warning that all forces must now assume their networks have been breached. The enemy is inside the house.

Microsoft has warned that hackers linked to Beijing are exploiting the flaw, while Britain’s National Cyber Security Centre has said organisations in the UK have also been hit.

The flaw allows hackers to remotely run software code on victims’ servers, potentially allowing them to install malicious software and steal data.

According to Bloomberg, which reported the breach, no sensitive information is believed to have been stolen in the hack on the NNSA.

A spokesman for the US energy department said it was “minimally impacted” by the hack last Friday.

It is unclear whether Chinese hackers are responsible for the nuclear agency attack.

However, Microsoft has alleged that China-linked groups dubbed Linen Typhoon, Violet Typhoon and Storm-2603 have been exploiting the software vulnerability.

“It seems logical that it would be the Chinese,”

The flaw disproportionately targets government agencies since they are more likely to run Microsoft software on their own servers. Many companies run the software on Microsoft’s cloud, which has not been affected by the attacks.

https://www.telegraph.co.uk/business/2025/07/23/chinese-hackers-suspected-americas-nuclear-weapons-agency/

#Lenovo #cybersecurity

Major flaws found in Lenovo BIOS: attackers can take over systems
https://cybernews.com/security/lenovo-warns-about-major-bios-flaws/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post

Lenovo has released urgent BIOS updates and warned about high-severity flaws that allow privileged local attackers to gain complete control of systems. Some updates are still pending.

Six newly discovered vulnerabilities are affecting Lenovo computers with BIOS from Insyde Software, a global provider of system firmware and software engineering services.

“Potential vulnerabilities were reported in Insyde BIOS used in some Lenovo IdeaCentre and Yoga All-In-One products that could allow a privileged local attacker to read SMRAM contents or execute arbitrary code in System Management Mode (SMM),” the Lenovo advisory reads.

https://support.lenovo.com/us/en/product_security/LEN-201013

Major delays have been reported to flights in the UK due to traffic control issues, grounding planes in the London area.

In a statement, Gatwick Airport said the technical issue meant there are currently no departures while the situation is being resolved.

Get full visibility into the Vanta platform

Receive one-to-one feedback on the best strategies to automate your security and compliance

The leading security compliance solution trusted by over 12,000 customers.

https://www.vanta.com/lp/demo-ad