u/_cybersecurity_

Microsoft's terms of use for its free Copilot AI assistant label the tool for entertainment purposes only, warning users not to rely on it for important advice and to use it entirely at their own risk.

The disclaimer has drawn fresh attention because it directly contradicts the company's aggressive marketing of Copilot as a productivity tool across Windows, Office, and enterprise environments.

The tension between marketing and legal language creates real exposure for organizations. Security professionals have noted that companies using Copilot to generate code, draft contracts, or handle compliance documentation are doing so without any warranty that the outputs are accurate, free from copyright infringement, or safe from a data privacy standpoint.

Microsoft's terms also state that prompts and responses may be used to improve the service, adding another layer of concern for teams handling sensitive or proprietary information. The disclaimer is not unique to Microsoft, as other AI vendors carry similar language, but few market their products as aggressively for business use.

If an AI vendor's own legal terms say not to trust its tool for important work, should organizations still be deploying it with access to sensitive data?

Wisconsin's governor vetoed the state's age verification bill, rejecting a measure that would have required websites to confirm users' ages before granting access to certain content.

Privacy and civil liberties groups had opposed the legislation because it would have pushed websites to collect government IDs and biometric data from anyone attempting to access lawful speech.

An earlier version of the bill went even further, attempting to criminalize VPN use to bypass those checks, though that provision was removed after public backlash.

Age verification mandates are now active or pending in roughly half the country. The central tradeoff remains the same in each case: verifying someone's identity requires collecting it first. Once stored, that personal data becomes a target for breaches, and no consistent standard exists for how long it must be retained or how it should be secured.

Do the privacy risks of requiring government IDs to access websites outweigh the child safety benefits these laws are designed to provide?

A bipartisan group of lawmakers urged disclosure of VPN surveillance policies, asking the Director of National Intelligence to tell the public whether Americans who route their internet traffic through overseas VPN servers are being treated as foreign targets.

The concern centers on FISA Section 702, which expires April 20 and allows intelligence agencies to collect communications from people who appear to be located outside the United States. Because VPNs mask a user's real location, lawmakers warn that Americans using these tools could be treated as foreigners under surveillance rules, effectively losing their constitutional protections without knowing it.

Millions of people rely on VPNs to protect their data on public Wi-Fi, secure remote work connections, or browse privately.

If using a privacy tool can place someone under greater government scrutiny, it undermines the entire purpose of the tool. The question of how intelligence agencies classify VPN traffic has taken on new urgency as Congress decides whether to renew Section 702 or let it lapse.

Should intelligence agencies be required to verify a user's nationality before collecting their communications, even if it slows down surveillance operations?

The European Commission has confirmed a significant data breach resulting from a compromised API key in the Trivy supply chain attack.

Key Points:

• Hackers stole over 300GB of data from the European Commission's AWS environment.
• The breach was initiated using an API key compromised during an attack on Aqua Security’s Trivy scanner.
• Data from the breach includes personal information from clients of the Europa web hosting service.
• The EC took immediate action by revoking access and notifying data protection authorities.
• The compromised data is currently being analyzed for its full extent and implications.

On March 24, the European Commission confirmed a breach that saw hackers steal more than 300GB of data from their AWS environment, exploiting an API key obtained through the Trivy supply chain attack. This attack was linked to the TeamPCP hacking group and underscored vulnerabilities in the Commission’s cloud infrastructure, specifically the backend of the Europa.eu website, where numerous EU entities’ resources are hosted. The breach was initially disclosed days later, on March 27, highlighting how quickly the situation developed and the importance of timely communication from organizations under attack.

The compromised API key was traced back to a version of the Trivy vulnerability scanner, which the EC unknowingly used following normal software updates. Attackers utilized this key to create additional access controls within the AWS account and initiated reconnaissance activities. They subsequently exfiltrated sensitive data related to numerous websites hosted for up to 71 clients, including 42 affiliated with the Commission and other EU entities. The breach contained not only usernames and email addresses but also automated notifications that could reveal additional personal information, emphasizing the large-scale implications of this cybersecurity failure.

What steps should organizations take to prevent similar supply chain attacks in the future?

Learn More: Security Week

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A significant surge in device code phishing attacks, exploiting OAuth 2.0, poses a serious threat as malicious kits become more accessible to cybercriminals.

Key Points:

• Device code phishing attacks have increased over 37 times this year.
• Cybercriminals are using kits like EvilTokens to simplify phishing methods.
• At least 11 phishing kits are now available, targeting various popular services.

Device code phishing attacks are exploiting the OAuth 2.0 Device Authorization Grant flow, a system intended to allow easy connections for devices lacking input options. Attackers send a device authorization request and trick victims into entering the provided code on a legitimate login page, which then grants access to their accounts. This year, researchers have noted a shocking increase of more than 37 times in such attacks, largely driven by the proliferation of malicious kits that make these techniques accessible to less-skilled criminals.

The rise of kits like EvilTokens highlights a concerning trend where even novice cybercriminals can engage in sophisticated phishing activities. Research indicates that various platforms are now available, offering multiple options for executing device code phishing, including kits themed around known companies like Citrix and Microsoft. As these kits grow in popularity, organizations must be vigilant, monitoring authentication logs for suspicious activity, and employing security measures like conditional access policies to mitigate risks associated with device code authentication flows.

How can organizations better protect themselves from the rising threat of device code phishing?

Learn More: Bleeping Computer

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

Mikko Hyppönen, a veteran in combating malware, shifts focus to defending against drone threats amid increasing geopolitical tensions.

Key Points:

• Hyppönen has over 35 years of experience fighting malware, making him a prominent figure in cybersecurity.
• His shift towards drone defense is motivated by the rise of unmanned aerial attacks in conflicts like Ukraine.
• Modern drone warfare presents unique cybersecurity challenges that differ significantly from traditional malware.
• Hyppönen's new role at Sensofusion involves developing anti-drone systems for military and law enforcement.
• The cat-and-mouse dynamic between hackers and cybersecurity defenders continues in the realm of drone technology.

Mikko Hyppönen has been a landmark figure in the cybersecurity arena, dedicating decades to the fight against malware. Starting in the late 1980s, Hyppönen has examined thousands of malware types and witnessed their evolution from floppy disk viruses to sophisticated cyber threats used by government-backed entities. As malware has become a multibillion-dollar industry plagued by cybercriminals, the need for robust cybersecurity defenses has only intensified. Notably, while malware has become harder to create and deploy for casual hackers, the dynamics are shifting as other technologies, such as drones, present new avenues for potential threats.

Recognizing the urgent need for drone defense, especially given the strategic implications of recent conflicts, Hyppönen has taken the helm as chief research officer at Sensofusion. This Finnish-based company focuses on developing systems to neutralize unauthorized drones, an arena where identifying and mitigating threats is crucial. Hyppönen draws parallels between combating malware and drones, emphasizing that both fields require innovative signatures to recognize threats. Nonetheless, aerial assaults pose distinct challenges, as it necessitates new detection and deterrent methodologies to effectively counter sophisticated drone operations. This shift illustrates a broader evolution of the cybersecurity landscape as it adapts to emerging technologies.

What do you think are the biggest cybersecurity challenges that come with the rise of drone technology?

Learn More: TechCrunch

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A recent leak of Anthropic's Claude Code raises concerns about user data tracking and potential advantages for competitors.

Key Points:

• Anthropic's source code leak reveals user tracking of vulgar language usage.
• Competitors may gain an edge by reverse engineering the leaked code.
• The leak includes details about unreleased AI models and features.
• Company executives attribute the leak to human error in the deployment process.
• Developers are utilizing the leaked data to create open-source alternatives.

A significant breach at Anthropic has led to the leak of the source code for its Claude Code AI assistant. This leak has caused massive repercussions, triggering copyright takedown requests as the company scrambles to contain the fallout. Observers note the leak could provide competitors with valuable insights into Anthropic's technology and the potential for new tools being developed by the company. Among the most surprising revelations is the active tracking of user interactions, specifically how frequently vulgar language is used by those interacting with the AI. Such tracking raises privacy concerns and has sparked discussions about user experience metrics.

In addition to checking user sentiments through language analysis, the leak has revealed insight into upcoming technologies, including an experimental feature resembling a “Tamagotchi” that interacts with users during coding tasks. While Anthropic’s leadership has publicly acknowledged the blunder resulted from human error, claiming that there have been no dismissals as a result, the incident has drawn attention to the need for improved security measures and automation to prevent similar leaks in the future. As developers continue to leverage the leaked materials, it opens up avenues for democratizing AI tools, making them more accessible to a broader range of users across various fields.

What are your thoughts on user data tracking in AI tools like Claude Code?

Learn More: Futurism

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A leaked version of Anthropic's Claude Code has been repurposed by hackers to embed malware, risking security for those attempting to access the code.

Key Points:

• Anthropic mistakenly made the Claude Code public, prompting rapid reposting on GitHub.
• Hackers embedded infostealer malware in the leaked code, endangering users.
• Anthropic is actively working to remove the unauthorized copies of the code from GitHub.

Earlier this week, security researchers discovered that Anthropic inadvertently released the source code for its coding tool, Claude Code. This has led to numerous reposts on GitHub, where the code has become a target for hackers. Reports indicate that these malicious individuals have inserted infostealer malware disguised within the otherwise legitimate lines of code. Given that many users may not be versed in securing their development environments, downloading this compromised code could lead to devastating breaches of personal or corporate data.

Anthropic, aware of the issue, has initiated copyright takedown requests to remove instances of the leaked code from the internet. Initially, the company aimed to block over 8,000 versions on GitHub but refined its efforts to target 96 specific instances that contained potentially harmful adaptations. This situation highlights a recurring threat in the cybersecurity landscape, where hackers exploit legitimate software interest to distribute malware, as seen in previous cases involving misleading installation guides masquerading as official content.

How can developers better protect themselves from malware embedded in legitimate code leaks?

Learn More: Wired

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A coordinated effort by hackers to infiltrate open source maintainers, particularly targeting those involved with Node.js, through fake social media profiles has emerged.

Key Points:

• Hackers are using social engineering to lure Node.js maintainers via fake LinkedIn and Slack profiles.
• The attacks involve creating trust over weeks before sending fake links to download malicious software.
• Some notable targets include maintainers of popular libraries like Mocha, Lodash, and dotenv.

A recent investigation by Socket revealed a sophisticated phishing scheme aimed at Open Source Maintainers in the Node.js community. Hackers are impersonating recruiters or podcast hosts using fake profiles on LinkedIn and Slack, employing social engineering tactics that build rapport over extended periods. This careful approach allows them to disarm their targets before sending deceptive links that appear to lead to legitimate meeting platforms like Microsoft Teams. Once the target is convinced to join the call, they are prompted to download a so-called 'fix', which is actually a remote access trojan that grants hackers total control of their systems.

This method demonstrates an alarming new trend among cybercriminals, particularly the North Korean group UNC1069, who have been linked to other significant supply chain attacks such as the Axios npm package incident. As they pivot from targeting numerous individuals to compromising key figures within software communities, the implications for everyday users are severe. If maintainers are successfully breached, the attackers can inject malicious code into widely-used software, endangering countless users. Therefore, it is crucial for maintainers to be on high alert for any software installation requests and for all users to keep their systems secure and updated.

What measures do you think open source maintainers should implement to protect themselves from these types of targeted attacks?

Learn More: Hack Read

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A new victim of the Incransom ransomware group has been identified as Community Connections, indicating a worrying trend in cybersecurity.

Key Points:

• Incransom has claimed responsibility for the attack on Community Connections on April 4, 2026.
• This incident highlights the ongoing threat of ransomware affecting community organizations and nonprofits.
• The attack comes amidst rising concerns over Infostealer infections leading to more ransomware incidents.

On April 4, 2026, the ransomware group Incransom published information about Community Connections as their latest victim. This incident underlines the increasing vulnerabilities that community-focused organizations face in today’s digital landscape. Such attacks not only disrupt their operations but also compromise sensitive information and community trust.

Learn More: Ransomware.live

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

Nightspire has claimed responsibility for a significant data breach at Advanced Vehicle Assemblies, resulting in the exfiltration of 350GB of sensitive information.

Key Points:

• Attack confirmed by Nightspire, with data breach occurring on March 20, 2026.
• 350GB of data has been compromised, raising concerns about the impact on operations.
• The breach was publicized by ransomware.live, highlighting the importance of cybersecurity.
• The incident underscores the growing trend of vehicle industry attacks.

In a recent alarming development, Nightspire, a known ransomware group, has disclosed a data breach affecting Advanced Vehicle Assemblies. The attack, believed to have taken place on March 20, 2026, has resulted in the exfiltration of a substantial 350GB of sensitive data. This incident illustrates the continuous targeting of major industry players, including those within the automotive sector, which is increasingly becoming a focus for cybercriminals.

The exposure of such a large amount of data poses significant risks, including potential operational disruptions and financial repercussions for Advanced Vehicle Assemblies. As the vehicle industry continues to digitize and connect, it has become more vulnerable to sophisticated cyberattacks that threaten not only data integrity but also customer trust and safety. This incident serves as a reminder for businesses in all sectors to enhance their cybersecurity measures, prioritize data protection, and stay vigilant against evolving threats.

What steps should companies take to protect themselves against ransomware attacks in the automotive industry?

Learn More: Ransomware.live

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

A high-severity sandbox escape vulnerability (CVE-2026-34955) has been identified in PraisonAI, potentially allowing attackers to execute arbitrary commands on affected systems.

Key Points:

• CVE-2026-34955 has a CVSS score of 8.8, indicating its high severity.
• The vulnerability arises due to the SubprocessSandbox's use of shell=True without adequate protections.
• Common shell executables like sh and bash are improperly excluded from the blocklist, allowing exploits.
• Versions prior to 4.5.97 are at risk, with a simple command injection method documented.
• PraisonAI has released a fix; users must upgrade to version 4.5.97 or newer.

CVE-2026-34955 is a critical vulnerability affecting the PraisonAI multi-agent systems. The issue lies in the SubprocessSandbox component, where subprocess.run() is called with the shell=True argument. This poses significant risks, as it allows execution of shell commands directly, undermining the security controls intended to confine operations within the sandbox environment. The existing blocklist meant to prevent command injections is inadequate; it fails to account for commonly used shell interpreters when called directly, thereby exposing systems to potential threat actors.

The exploitation of this vulnerability does not require specific authentication, making it easier for attackers to target affected versions of PraisonAI. A simple command such as sh -c '' can lead to arbitrary command execution. Although no public proof of concept is available currently, the potential for exploitation is well-established and poses considerable risks for users. To protect systems against this flaw, users are strongly advised to upgrade to version 4.5.97 or newer, as the developers have addressed this critical issue in the patch.

How can organizations better manage vulnerabilities like CVE-2026-34955 in their systems?

Learn More: The Hacker Wire

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

The Federal Trade Commission settled with OkCupid and Match Group after the dating platform allegedly provided personal user data to an unauthorized third party in violation of its own privacy policy.

According to the complaint, OkCupid shared user data with Clarifai, a facial recognition company, giving the firm access to nearly three million user photos along with location and demographic information. No contractual restrictions governed how the data could be used. The connection between the companies was personal rather than commercial: OkCupid's founders were financial investors in Clarifai.

The FTC also alleged that OkCupid and Match spent years actively concealing the data sharing and obstructing the investigation.

The settlement prohibits future misrepresentations about data practices but includes no monetary penalty, raising the question of whether enforcement without financial consequences is enough to change corporate behavior.

Do dating apps owe users a higher standard of data protection given the sensitivity of the information people share on them?

Iran's IRGC claimed it struck an Oracle facility in Dubai this week as part of a broader campaign against American technology companies operating in the Gulf.

Dubai authorities denied the attack, but the incident still marks a new chapter in infrastructure security. The IRGC had previously warned 18 US tech companies that their regional facilities would be considered military targets, telling employees to evacuate immediately.

Oracle, Amazon, Microsoft, and Google all host significant cloud and AI infrastructure in the Middle East, and this conflict is testing assumptions about geographic risk that many organizations have not fully accounted for.

Whether or not the Oracle data center was actually hit, the targeting of cloud infrastructure by a state military force introduces a threat model that most enterprise disaster recovery plans were not built for.

Should cloud providers be required to disclose to customers when their data is stored in regions facing active military conflict?

Australia's world-first ban on social media for users under 16 is struggling to deliver results, with reports that many teens have already bypassed the restrictions using VPNs and false age declarations.

The more significant concern for privacy professionals is what the ban demands from everyone else. To comply, platforms are collecting biometric selfies, identity documents, and behavioral signals from all Australian users, not just minors.

Critics warn that these verification systems create data honeypots for hackers, meaning a policy designed to protect children may be putting every user's personal information at greater risk.

As countries including the US, UK, and France consider similar legislation, the Australian experiment is becoming a cautionary tale about what happens when age verification infrastructure outpaces data protection safeguards.

Is there a way to verify a user's age online without creating new privacy vulnerabilities for everyone?

Anthropic accidentally exposed Claude Code's full source through a packaging error in its npm release, giving researchers an unfiltered look at how the popular AI coding tool operates on user machines.

The roughly 500,000 lines of leaked TypeScript revealed background processes, clipboard access, screenshot capabilities, and an unreleased headless mode that runs while the user is away from the terminal. Researchers also found that the tool monitors user frustration patterns through regex analysis of conversation inputs, raising questions about behavioral data collection that users may not realize is happening.

The leak was the second major accidental exposure from Anthropic in days, drawing scrutiny toward whether a company that markets itself on safety and transparency can adequately secure its own systems.

How much access to your local machine should an AI coding tool have before you start treating it like a security risk?

A cyberattack has disrupted the emergency communications system used by several towns in northern Massachusetts, affecting non-emergency phone lines while 9-1-1 remains operational.

Key Points:

• Several towns in northern Massachusetts impacted by a cyberattack on their emergency communications system.
• Non-emergency phone lines are out of service, but 9-1-1 remains functional.
• Investigations are underway to assess the damage and potential data breaches.
• This incident follows a similar attack on the CodeRED emergency notification service.
• Local authorities are urging officials to change passwords related to the system to enhance security.

An emergency communications system known as the Patriot Regional Emergency Communications Center, serving towns like Pepperell, Ashby, and Groton in northern Massachusetts, has been compromised by a cyberattack that initiated on Tuesday. While the critical 9-1-1 dispatching service continues to operate, other non-emergency phone lines have been rendered inoperable, raising concerns about the overall public safety infrastructure during this breach. Officials from the center have engaged IT vendors and cybersecurity agencies in response to the intrusion to assess what information might have been accessed or stolen during the attack.

This incident mirrors previous cyber threats faced by emergency systems, notably the recent attack on the CodeRED notification service which impacted numerous municipalities across the U.S. The overlapping timeline of these incidents underscores an ongoing vulnerability in emergency communication platforms, prompting local officials to urgently reassess their cybersecurity protocols. Federal law enforcement has also been notified, emphasizing the seriousness of the situation as the community relies on effective communication systems for emergencies. As investigations continue, the Pepperell authorities stress the importance of changing passwords for local government officials to prevent further breaches.

What measures do you think local governments should implement to protect their emergency communication systems from cyberattacks?

Learn More: The Record

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub

AI firm Mercor faces a severe security incident due to a supply chain attack linked to a compromised open-source tool, impacting sensitive candidate and internal data.

Key Points:

• Mercor confirmed a data breach related to the compromised LiteLLM tool, affecting thousands of organizations.
• Attackers exploited a 40-minute window to publish malicious LiteLLM versions, impacting millions of daily downloads.
• Lapsus$ claimed to possess 4TB of stolen data, including personal and technical information related to Mercor.
• The breach highlights the risk of supply chain attacks and their rapid impact across numerous cloud environments.
• Mercor is under investigation while taking steps to contain the breach and assess the data leak.

AI recruitment firm Mercor has confirmed its involvement in a significant cybersecurity incident triggered by a supply chain attack, specifically through the compromise of the LiteLLM open-source tool. This incident, attributed to hacking groups TeamPCP and Lapsus$, illustrates how adversaries can exploit trusted software to access sensitive information across various organizations quickly. The malicious versions of LiteLLM were available for a brief period, yet their prevalence in numerous cloud environments exacerbated the repercussions of the breach, emphasizing how swiftly an attack can cascade through the software ecosystem.

The extent of the breach was further compounded by claims from the Lapsus$ extortion group, who alleged possession of 4TB of stolen data, including sensitive candidate profiles and technical assets from Mercor. While the authenticity and scope of this data theft have yet to be confirmed, the incident underscores a dire warning regarding the implications of supply chain vulnerabilities. Security researchers are now investigating any potential connections between the groups involved in the attack, revealing a complex landscape of cybersecurity risks that threaten organizations relying on widely-used software dependencies.

What steps should organizations take to protect themselves against supply chain attacks like the one faced by Mercor?

Learn More: Hack Read

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub