Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

This Scam Impersonates the Official Claude Code Website to Spread Malware

InstallFix delivers an infostealer to your device.
The Hacker News

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

UNC4899 breached a crypto firm via AirDrop malware and cloud exploitation in 2025, stealing millions through Kubernetes and Cloud SQL abuse.
CSO Online

Devs looking for OpenClaw get served a GhostClaw RAT

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.
Bleeping Computer

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. Researchers at cybersecurity ...
Dark Reading

'InstallFix' Attacks Spread Fake Claude Code Sites

The cyberattacks blend malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.
SecurityWeek

OpenAI Rolls Out Codex Security Vulnerability Scanner

Codex Security, formerly Aardvark⁠, has found hundreds of critical vulnerabilities in tested software in the past month.