Risk
-
Researchers find flaw that could let websites inject prompts into Anthropic’s Claude Chrome extension
Researchers disclosed a flaw called ShadowPrompt in Anthropic’s Claude Chrome extension that combined an overly permissive origin allowlist and a DOM-based XSS in an Arkose Labs CAPTCHA, allowing websites to inject prompts; Anthropic and Arkose issued fixes in December 2025 and February 2026.
-
Kaspersky links Coruna iOS exploit framework to Operation Triangulation, finds expanded targets
Kaspersky researchers say the Coruna exploit framework is an updated successor to the Operation Triangulation toolkit, adding support for A17 and M3 chips and iOS up to 17.2, and that its components include multiple exploit chains used in both espionage and financially motivated attacks.
-
Operation Alice shuts down 373,000 fake CSAM dark web sites
Operation Alice, led by Germany, shut down more than 373,000 dark web sites selling fake CSAM packages. About 10,000 buyers paid roughly $400,000 and investigators seized 287 servers, including 105 in Germany.
-
Apple warns older iPhones vulnerable to web-based exploit kits
Apple warned in a support document that exploit kits Coruna and DarkSword can steal data from outdated iPhones via malicious websites. Users should install listed security updates or enable Lockdown Mode if updates are not possible.
-
Big Tech provides $12.5m to help open source maintainers handle AI-generated bug reports
Six major tech firms have provided $12.5 million in grants to a foundation project and OpenSSF to help open source maintainers triage and remediate AI-generated bug and security reports. Details and timing remain unclear.
-
DDoS attack disables Perm parking payments, drivers excused for March 10–13
A DDoS attack knocked Perm’s parking payment portal offline from March 10 to 13, leaving paid parking zones free and drivers excused for non-payment while systems were restored.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
Suspected China-based operation targets Southeast Asian military organizations
A technical analysis by Palo Alto Networks Unit 42 says a suspected China-based espionage campaign has targeted Southeast Asian military organizations since at least 2020 using modular backdoors and Pastebin-based command and control.
-
Poland’s nuclear research centre foils cyberattack, says systems blocked intrusion
Poland’s National Centre for Nuclear Research says a cyberattack on its IT systems was detected and blocked this week before any impact. The MARIA research reactor was not affected and an investigation is under way.
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
