‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
Desarrolladores de Mozilla logran instalar malware en Claude Code vía GitHub
Desarrolladores de Mozilla han demostrado que es posible engañar a Claude Code para lograr la instalación de malware proveniente de repositorios de GitHub
https://t.co/MIIhTZq9Zo
🚨 CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited
Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots
This vulnerability has no known previous exploitation and no public POC code exists.
Oracle E-Business is part of our free feeds - track exploitation now 👉 https://t.co/iRDhHlDkep
X Launches Hosted MCP Servers to Connect Cursor, Claude, and Other AI Tools
Source: https://t.co/lN7btVhs5Z
X has officially launched hosted Model Context Protocol (MCP) servers, enabling AI development tools such as Grok Build, Cursor, and Claude Desktop to seamlessly connect with the platform’s API and documentation.
Announced on Tuesday, the move positions X as an early adopter of Anthropic’s open MCP standard for agentic AI integrations at scale. Model Context Protocol (MCP) is an open standard developed by Anthropic that allows AI tools and agents to interface with external services in a structured, permission-controlled manner.
#X #mcp #cybersecuritynews
🛡️ Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking
Source: https://t.co/9HUqCtAbye
Kali Linux team officially released Kali Linux 2026.2 right on schedule at the close of Q2 2026, delivering a compelling mix of desktop environment upgrades, infrastructure modernization, VM performance enhancements, and nine brand-new tools for penetration testers and security researchers.
Kali 2026.2 expands its toolset with nine new additions to the network repositories. In 2026.2, pre-built VM images no longer include graphics firmware, and the installer now detects VM environments and skips graphics firmware installation accordingly.
#cybersecuritynews #kaliLinux
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems
Source: https://t.co/l5UcqnR1hW
A proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agents like Claude Code into silently opening a reverse shell on a developer’s machine, without a single line of malicious code ever appearing in the repository.
Published on June 25, 2026, the proof-of-concept (PoC) attack targets agentic coding tools such as Claude Code and exploits indirect prompt injection, a technique that embeds malicious instructions in external content the AI agent processes, rather than in direct user input.
The result is catastrophic: a fully interactive shell running under the developer's own user privileges, with access to every secret in the environment, from ANTHROPIC_API_KEY to AWS_SECRET_ACCESS_KEY and GITHUB_TOKEN.
#cybersecuritynews
🚨 Oracle E-Business Suite has a new active exploitation problem.
CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that can allow unauthenticated HTTP takeover.
No public PoC. Attribution unknown.
Read the full report: https://t.co/H0c1euDjSR
🛡️ Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks
Source: https://t.co/4ioGNSk0NB
Nissan Americas has officially confirmed a data breach affecting current and former employees across four countries after threat actors exploited a critical zero-day vulnerability in Oracle PeopleSoft software, a campaign attributed to the ShinyHunters extortion group.
The attack stems from CVE-2026-35273, a CVSS 9.8-rated unauthenticated Server-Side Request Forgery (SSRF)-to-Remote Code Execution (RCE) vulnerability residing in the Updates Environment Management (PSEMHUB) component of Oracle PeopleSoft PeopleTools versions 8.61 and 8.62.
#cybersecuritynews #databreach
‼️ CVE-2026-24418: OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module.
GitHub: https://t.co/c2OO3VMzVx
‼️ "Samaritan API" Advertised as Citizen Intelligence Service for LATAM
A threat actor is advertising a subscription-based service called **Samaritan API**, claiming to aggregate information on more than **230 million records** from government and private-sector sources across Latin America.
* According to the listing, the service currently covers **Argentina, Uruguay, Peru, and Chile**, with plans to expand to additional countries.
* The advertisement claims the platform indexes data from multiple organizations, including:
* National identity and civil registry agencies
* Educational institutions
* Telecommunications providers (including Claro and Movistar)
* Property and public record databases
* Other government and commercial sources
* The actor markets the API as a cyber intelligence platform with **30+ endpoints** and **130+ searchable parameters**, offering subscription access ranging from one week to two years and accepting cryptocurrency payments.
* Daily Dark Web has **not independently verified** the authenticity of the claimed data sources, record counts, or the platform's access to the advertised databases.
Analyst Note: Services that aggregate data from numerous government and commercial sources significantly lower the barrier for large-scale identity profiling, fraud, doxxing, and social engineering. Organizations operating in the region should monitor for unauthorized data aggregation involving their users and investigate any indications of compromised public or private datasets.
#DDW #Intelligence #DarkWeb #LATAM
> get dm
> "government ppl in Colombia getting weird file"
> lolwtf
> send link
> look inside
> phishing page (looks good tho tbh)
> image 1
> i dont speak spanish, idk wtf it says
> look inside .html
> .zip hidden inside it as base64
> lol ok
> bonk with stick
> "Oficio 2231" zip file
> idk what that means still
> look inside
> .zip has .js inside of it
> look inside
> big ass fuck off obfuscated bs trying to trick u
> image 2
> utf16 bullshit
> utf16 makes another file
> ???
> extract from tiny little fragments of js
> look inside
> .dll .net file
> wtf lol
> look inside
> heavily obfuscated .net malware
> image 3
> tiny .js fragments contain powershell script
> ???
tl;dr
.html does something that triggers .js which extracts .zip. the .js from .html executes the .js inside the .zip which reads the .ps script from the .js. the .ps then executes a c# .dll which is named taskscheduler (its malware)
why would someone send government officials in Colombia this file wtf lol
⚠️ A trusted VS Code workspace can trigger the attack.
Hijacked npm packages used hidden folder-open tasks instead of npm lifecycle scripts.
JavaScript was hidden as a font file, resolved through blockchain dead drops, and used to deploy a Python infostealer.
Learn more ➝ https://t.co/i2FvyVykzK
Módulo ZisaCom SFP+ 10Gbps con ONT integrada y el Firmware 8311 que permite emular y clonar todos los parámetros del ONT original de tu operadora
🇪🇸Compatible con Digi y Movistar
Ejemplo Movistar
PON Serial Number (ONT ID): ASKYXXXXXXXX
Registration ID (HEX): F4XXXXXXXXXXXX
Vendor ID: ASKY
Equipment ID: RTF8316VW
Hardware Version: REV4
Software Version A: GL_g1.11_R8316_V2.11
Software Version B: GL_g1.11_R8316_V2.11
Mac Address Router Wifi 7 Movistar
https://t.co/C23pRfKWS2
OpenAI Released GPT-5.6 Sol With Limited Access and Strong Cyberattack Protections
Source: https://t.co/IWA2s6EZL7
OpenAI has officially begun a limited preview of the GPT‑5.6 model series Sol, Terra, and Luna, positioning its flagship Sol as the company’s most capable and security-hardened AI model to date, available initially only to a small group of trusted partners at the formal request of the Trump administration.
The GPT‑5.6 family introduces three distinct capability tiers under a new naming system. Sol is the flagship model; Terra is a balanced model for everyday work, delivering competitive performance to GPT‑5.5 at 2x lower cost; and Luna is a fast, affordable model designed to bring strong AI capability at the lowest price point in the lineup.
#cybersecuritynews
🇲🇽 New "Leaks MX" Threat Actor Claims Multiple Mexican Organizations
A threat actor operating under the name "Leaks MX" has published a post listing multiple Mexican organizations it claims to have compromised or obtained data from.
* The published list includes:
* CEA Querétaro
* BanCoppel
* Citibanamex
* Banco Azteca
* CECyTEA Aguascalientes
* OOAPAS Morelia
* Regio Ruta
* Fiscalía General de Justicia del Estado de Tamaulipas
* Farmacias del Ahorro
* Secretaría de Salud (DGDRH) Aguascalientes
* SAT (Servicio de Administración Tributaria)
* At this stage, the post appears to be a victim listing and does not include technical evidence, data samples, or proof of compromise for the organizations named.
* Organizations listed should review the claim, validate whether any unauthorized access or data exposure has occurred, and monitor for follow-on extortion or data leak activity.
* Daily Dark Web has not independently verified the authenticity of the claims or confirmed that any of the listed organizations have been compromised.
Analyst Note: Threat actors frequently publish victim lists before releasing supporting evidence. While such claims should not be treated as confirmation of compromise, they warrant monitoring for subsequent data releases, ransom negotiations, or official disclosures.
#DDW #Intelligence #DarkWeb #Mexico
Google told a security researcher his bug was a 'nice catch', lined up his payout, then eleven days later called it harmless and refused to pay.
The bug, which the researcher named ConfigConfusion, is an unpatched flaw in Google Config Connector that he says lets anyone with basic Kubernetes access grant themselves owner rights over an entire Google Cloud organization. Google's stated reason for the reversal was that the tool works as designed, and it declined to assign a CVE.
Months on, there is still no patch. Google's own docs recommend running Config Connector with organization-level permissions, so plenty of teams are exposed.