Cybersecurity News and Magazine

Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?

Mihir Bagwe — Mon, 08 Jun 2026 10:18:17 +0000

OpenAI introduced two new protections designed to help users and organizations mitigate prompt injection attacks when it launched Lockdown Mode in February. Last week, the LLM giant announced rollout of Lockdown Mode to all personal ChatGPT accounts, including Free, Go, Plus, and Pro, and also self-serve ChatGPT Business accounts. Users can enable it from ChatGPT Settings under Security.

The rollout is notable not just for what Lockdown Mode does, but for what its existence concedes.

Does the existence of Lockdown Mode imply that ChatGPT, in its default settings, does not provide robust protection against sufficiently determined data exfiltration attacks. OpenAI does not seem to dispute this. Lockdown Mode is designed to help prevent the final stage of data exfiltration from a prompt injection attack by limiting outbound network requests that could transfer sensitive data to an attacker. Lockdown Mode does not prevent prompt injections from appearing in the content ChatGPT processes.

That distinction matters enormously. Lockdown Mode is not an anti-injection control. It is a last-line-of-defense control. OpenAI is not stopping malicious instructions from reaching the model — it is blocking the network paths those instructions might use to smuggle data out. The attack still happens; the payload just has nowhere to go.

Also read: OpenAI’s New Enterprise Security Mode Locks Down ChatGPT Against Prompt Injection

What Prompt Injection Actually Is

Prompt injection is the attack class Lockdown Mode is designed to constrain. In these attacks, a third party attempts to mislead a conversational AI system into following malicious instructions or revealing sensitive information.

In a connected AI system — one that browses the web, processes documents, or interacts with external tools — the attack surface is every piece of external content the model touches. A malicious instruction embedded in a webpage, a PDF, a calendar invite, or a shared document can hijack the model's behavior without the user ever knowing it happened. The model reads the injected instruction, treats it as a legitimate command, and acts accordingly — potentially exfiltrating whatever is in the conversation window to an attacker-controlled endpoint via a web request.

As AI systems become more capable and connected, this threat class has moved from academic demonstration to production risk. Agent Mode, Deep Research, live web browsing, and file connectors all dramatically expand the surface area available for injection attacks — and all of them represent outbound network paths a compromised model could abuse.

What Lockdown Mode Disables and Why

When enabled, the Lockdown Mode limits or turns off certain features that connect ChatGPT to the web or external services, including live web access, image support in responses, Deep Research including shopping research, Agent Mode, Canvas networking, live connectors and file downloads.

Each disabled feature maps directly to an exploitation pathway. Live web access allows the model to retrieve attacker-controlled content. Agent Mode allows autonomous multi-step actions, meaning an injected instruction has more time and capability to execute before a human notices. File downloads create an outbound data transfer channel. Image support in responses can encode and transmit data through image URLs. Disabling all of them simultaneously removes the most exploitable exfiltration paths without modifying the model itself.

The tradeoff is real. Lockdown Mode disables several important features, including Deep Research and live web access. If you rely on up-to-date information, advanced workflows, or multi-step research tools, enabling it may limit your productivity in certain parameters. OpenAI is explicit that this is a deliberate trade — capability for security surface reduction — and that it is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.

Lockdown Mode is for Whom?

Lockdown Mode is aimed at people facing elevated digital risk, including journalists, activists, and users working in sensitive environments. To that population, add legal, financial, and healthcare professionals who paste client or patient documents into ChatGPT; executives whose conversations contain strategic or deal-sensitive information; security analysts who process threat intelligence in AI workflows; and any organization operating under data residency or confidentiality obligations that prohibit third-party data transmission.

For folks who have an elevated risk profile due to who they are, what they work on, or the types of data they work with, it's an excellent tool for further securing themselves. This has some tradeoffs on functionality and utility, but for these users, the tradeoff is worthwhile.

For everyone else, as AI systems take on more complex tasks — especially those that involve the web and connected apps — the security stakes change. Lockdown Mode going to all personal accounts is the right moment for every user who regularly pastes sensitive material into ChatGPT to make an explicit, informed decision about whether the productivity features they are trading away are worth more than the exfiltration risk they are trading for.

Lockdown Mode is available now across all ChatGPT account types. It can be enabled from Settings → Safety and security → Advanced security → Lockdown Mode toggle, with a per-session override in the header for moments when a connected feature is needed for a lower-risk task.

CBSE Re-Evaluation Portal Goes Live After Final Cybersecurity Clearance

Ashish Khaitan — Mon, 08 Jun 2026 08:10:47 +0000

The Central Board of Secondary Education has secured the final CBSE cybersecurity clearance required for its examiner-facing re-evaluation portal, allowing the reassessment of Class 12 answer scripts to move forward. The approval was granted on the night of June 6, 2026, after the completion of the final phase of cybersecurity testing conducted through an IIT-led red team and blue team audit. The development marks a significant step for more than 70,000 students who submitted valid applications for verification of marks and re-evaluation before the June 7 midnight deadline. According to a report first published by The Indian Express, citing officials familiar with the matter, the final security clearance has now enabled examiners to begin accessing answer scripts through the upgraded system.

CBSE Cybersecurity Clearance Granted After Final Security Audit

The final CBSE cybersecurity clearance followed extensive testing of the examiner-facing re-evaluation portal by cybersecurity experts from multiple institutions. An IIT official confirmed that all major vulnerabilities identified during the audit process had been addressed before the approval was granted. “From our side, we gave a green signal on Friday night. Whatever we found has been fixed, and we could not find anything more. There may be some minor vulnerabilities, but nothing that would have any impact,” the official said. Although students had been able to submit applications through the portal since June 2, examiner access to answer scripts remained restricted until the cybersecurity review process was completed. The latest clearance now allows the full re-evaluation workflow to commence.

How the Re-Evaluation Portal Was Tested

Before receiving the final CBSE cybersecurity clearance, the re-evaluation portal underwent a detailed red team and blue team assessment designed to identify and address potential security weaknesses. According to officials, IIT Kanpur’s cybersecurity experts spent more than ten days examining both the CBSE registration portal and the OSM re-evaluation portal. The registration portal had earlier been taken offline following a cyberattack before being relaunched on June 2. Meanwhile, the OSM platform underwent multiple rounds of security testing before ultimately receiving approval on June 6.

Ethical Hacker Nisarga Adhikary Recognized for Reporting Vulnerabilities

The cybersecurity review process also included discussions with ethical hacker Nisarga Adhikary, the 19-year-old cybersecurity researcher who publicly disclosed vulnerabilities within the OSM platform. An IIT Kanpur official confirmed that Adhikary was invited by CBSE to explain how he identified the weaknesses. His contribution was formally acknowledged during the review process. The official stated, “So far, we have not found any breach of data from the systems that have been created.” The acknowledgment highlights the role that responsible vulnerability disclosure can play in improving cybersecurity standards for public examination systems.

How the New CBSE-Controlled Re-Evaluation Portal Operates

Following the migration to CBSE servers and the completion of the CBSE cybersecurity clearance process, the updated re-evaluation portal will function through a fully digital workflow. Under the revised system:

Examiners can access only the specific questions that have been flagged by students for re-evaluation rather than the complete answer book.
Access is provided through CBSE-issued tablets.
Marks are awarded according to CBSE’s original marking scheme.
Every action within the process is digitally recorded, creating comprehensive audit trails.

Officials believe these measures will help improve transparency, accountability, and security during the reassessment process.

Cisco Warns of Active Exploitation of Catalyst SD-WAN Flaw With No Patch Available

Ashish Khaitan — Mon, 08 Jun 2026 06:52:00 +0000

Cisco has issued an urgent warning that a high-severity vulnerability in its Catalyst SD-WAN Manager platform is being actively exploited in the wild—and no patch exists yet. CVE-2026-20245 allows authenticated attackers with netadmin privileges to execute arbitrary commands as root, placing wide-area network infrastructure at severe risk.

The disclosure is particularly alarming because Catalyst SD-WAN Manager controls and orchestrates SD-WAN deployments across enterprise and carrier networks. A successful exploit could allow attackers to push malicious configurations to thousands of edge devices simultaneously.

Understanding CVE-2026-20245

CVE-2026-20245 exists in the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager, resulting from insufficient validation of user-supplied input when processing file arguments. The vulnerability carries a CVSS base score of 7.8 (High), with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

To exploit the flaw, an attacker must have netadmin-level credentials on the affected system. While this limits the immediate attack surface, Cisco noted in its advisory that attackers are chaining CVE-2026-20245 with two related vulnerabilities—CVE-2026-20182 and CVE-2026-20127—to achieve initial access before escalating to root execution. This chaining technique effectively reduces the privilege prerequisite in practice.

An attacker supplies a specially crafted file to the Catalyst SD-WAN Manager CLI. Insufficient input validation allows the crafted file to execute arbitrary OS-level commands with root privileges. Cisco confirmed "limited cases" in which exploitation resulted in configuration changes being pushed to downstream edge devices—a significant escalation of potential impact.

No Patch Available — Cisco Plans Future Release

Unlike most critical vulnerability advisories, Cisco has disclosed CVE-2026-20245 without an accompanying patch. The company stated it plans to address the vulnerability in a future software release but did not provide a specific timeline.

This leaves organisations with only partial mitigations at their disposal. Cisco advises restricting CLI access to only trusted users and applying strict controls on file upload functionality within SD-WAN Manager administrative interfaces.

A vulnerability without a patch and with confirmed in-the-wild exploitation is a worst-case scenario for network defenders," noted a network security practitioner familiar with SD-WAN infrastructure. Every day without a patch is another day of active risk.

Why It Matters

SD-WAN infrastructure occupies a privileged position in modern enterprise networks, providing policy control over traffic routing across branches, data centres, and cloud environments. Compromising the management plane—which CVE-2026-20245 enables—gives attackers visibility into traffic flows, the ability to redirect connectivity, and the power to inject backdoor configurations across all managed edges.

The impact extends beyond a single organisation. Managed service providers (MSPs) and telecommunications carriers that use Cisco Catalyst SD-WAN to manage multiple customer environments face the prospect of cross-tenant compromise if their management platform is breached.

Mitigation Steps

Immediately audit who holds netadmin credentials on Catalyst SD-WAN Manager deployments and revoke unnecessary access.
Enable multi-factor authentication (MFA) for all SD-WAN Manager administrative accounts to reduce credential-theft risk.
Restrict file upload functionality within the SD-WAN Manager interface to the absolute minimum required for operations.
Monitor SD-WAN Manager CLI logs for unusual file upload activity or unexpected root-level command executions.
Apply network segmentation to isolate the SD-WAN management plane from general enterprise networks.
Subscribe to Cisco Security Advisories (tools.cisco.com/security/center) and apply the patch immediately upon release.
Conduct a configuration audit of all managed edge devices to identify any unauthorized configuration pushes already applied.

The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews

Ashish Khaitan — Fri, 05 Jun 2026 11:39:19 +0000

The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. Rather than relying on one-off intrusions, attackers are now building sustained access paths into enterprise systems, enabling repeated exploitation, data theft, and extortion from within trusted environments.

The Cyber Express Weekly Roundup

Pink Extortion Group Targets Microsoft 365 Users via Voice Phishing

A newly identified cyber extortion group known as “Pink” is using voice phishing (vishing) campaigns to steal credentials for Microsoft 365 accounts. Once access is gained, the group rapidly exfiltrates data from cloud platforms such as SharePoint and OneDrive and sends extortion messages directly from compromised internal accounts to pressure victims. Read more…

China-Linked VerdantBamboo Maintains 18-Month Network Access

Researchers have uncovered an 18-month intrusion attributed to the China-linked threat group VerdantBamboo. The attackers maintained long-term access using compromised MSP credentials, multiple malware families, and repeated re-entry techniques after remediation attempts. Read more…

DPDP and Cybersecurity: Why Less Data Means Better Security

India’s DPDP framework promotes data minimization as a key cybersecurity strategy. Organizations are urged to collect only necessary data, store it briefly, and delete unused information to reduce breach risk. Excess data increases attack surface and impact, making deletion as important as protection in modern security practices. Read more...

Google Patches Actively Exploited Android Zero-Day (CVE-2025-48595)

Google’s June 2026 security update addresses 124 vulnerabilities in Android, including CVE-2025-48595, a high-severity zero-day that was actively exploited in targeted attacks. The flaw enables local privilege escalation without user interaction, underscoring the growing focus of sophisticated threat actors on mobile devices as high-value entry points. Read more…

CBSE Launches Security Review of OSM Platform After Vulnerability Reports

The Central Board of Secondary Education (CBSE) has engaged experts from the Indian Institute of Technology Madras and the Indian Institute of Technology Kanpur to review security concerns in its On-Screen Marking (OSM) system used for Class 12 board examinations. The audit follows reports of weak authentication controls and potential cloud storage exposure, prompting a full-scale security assessment and hardening exercise. Read more…

Weekly Cybersecurity Takeaway

This week’s incidents reinforce a consistent pattern: attackers are prioritizing identity compromise and trusted cloud platforms over traditional perimeter breaches. From phishing-as-a-service extortion campaigns targeting Microsoft 365 to long-term espionage operations and mobile zero-days, the common thread is the abuse of legitimate access rather than forced intrusion. As organizations continue to expand cloud and mobile reliance, the attack surface is increasingly defined not by infrastructure boundaries, but by identity trust and administrative privilege.

DPDP and Cybersecurity: Why the Safest Data May Be the Data You Delete

Editorial — Fri, 05 Jun 2026 07:40:45 +0000

By Malcolm Gomes, COO, IDfy

Seventy percent of all sensitive data sitting in enterprise systems right now has not been accessed, used, or reviewed in years, according to a Data Risk report from 2021. It was never deleted when it should have been and, in a breach, it is just as exposed as everything else. For years, enterprises treated personal data as an asset to be collected first and governed later. More data meant better personalization, sharper analytics, stronger fraud models, and business intelligence. But in DPDP and cybersecurity, that equation is changing. Data without a clear purpose is no longer an asset. It is an attack surface.

India’s cyber risk environment makes this urgent. In 2025, CERT-In handled over 29.44 lakh cyber incidents. IBM’s 2025 breach research pegged the average cost of a data breach in India at ₹220 million, while the global average stood at USD 4.44 million. Verizon’s 2026 Data Breach Investigations Report found that 31% of breaches now start with software vulnerability exploitation, overtaking stolen credentials as the leading entry point.

What that figure means in practice is that attackers are no longer just looking for weak passwords. They are looking for unguarded data stores, and enterprises that hold more data than they need are giving attackers more to find.

Why DPDP and Cybersecurity Are Now Closely Connected

This is why the Digital Personal Data Protection (DPDP) framework should not be viewed only as privacy compliance. It is also a cybersecurity reset. It forces enterprises to ask a fundamental security question: why are we holding this data in the first place?

Data minimization is not about doing less business. It is about reducing unnecessary exposure. Every extra field collected, every duplicated customer record, every old document retained beyond its purpose, and every vendor copy sitting outside the organization’s control expands the blast radius of a breach.

Security teams can encrypt systems and monitor networks, but they cannot fully protect data that the business does not know exists, no longer needs, or cannot justify.

How DPDP Is Reshaping Data Governance

DPDP and cybersecurity changes that conversation. Organizations must be able to explain what they collect, why they collect it, how long they keep it, whom they share it with, and when it must be deleted.

These are not just legal requirements. They are security design principles.

The law also carries serious consequences. Failure to maintain reasonable security safeguards can attract penalties of up to ₹250 crore, while failure to notify the Board or affected individuals of a personal data breach can attract penalties of up to ₹200 crore.

The most secure piece of personal data is the one you never collected unnecessarily. The second most secure is the one you deleted when its purpose was fulfilled.

Data Minimization as a Cybersecurity Strategy

For Indian enterprises, digital journeys have become data-heavy by default. Onboarding, lending, insurance, healthcare, ecommerce, and fraud prevention journeys may all have legitimate reasons to process personal data. The challenge is to distinguish necessary data from convenient data.

Cyber risk is no longer limited to firewalls and endpoint protection. It includes data hoarding, excessive access, old records, test data, unused integrations, shadow databases, and third-party copies.

When a breach happens, regulators, customers, and partners will not only ask how the attacker got in. They will ask why so much data was there to be exposed.

Data minimization reduces three risks.

First, it reduces data breach risk. If expired data has already been deleted, it cannot be stolen. If a system contains ten required fields instead of fifty collected by habit, the harm is lower.
Second, it improves visibility. Many organizations struggle not because they lack security tools, but because they lack a reliable map of personal data across applications, databases, documents, cloud environments, and third parties. You cannot secure what you cannot see.
Third, it strengthens accountability. Product, operations, legal, vendor, and security teams must now work from the same understanding of purpose, consent, retention, and safeguards.

Together, these three elements create a mature enterprise cybersecurity posture.

Balancing Fraud Prevention and Personal Data Protection

The hardest balancing act will be fraud prevention.

Banks, insurers, fintechs, marketplaces, and digital platforms need strong controls to detect synthetic identities, account takeover, mule activity, payment fraud, and suspicious behavior. But fraud prevention cannot become a blanket justification for collecting everything.

The way forward is not to weaken fraud controls. It is to make them sharper.

Purpose-bound fraud prevention means collecting only the data required for a specific risk decision, using it with clear controls, retaining it for a justified period, and restricting access to systems that genuinely need it.

Good security does not require unlimited data. It requires the right data, governed well.

Why Trust Is Becoming a Competitive Advantage

This is where trust becomes a competitive advantage. Enterprises that can demonstrate why they collect data, how they protect it, and when they delete it will earn customer and partner confidence.

In a market where cyber threats are rising and regulatory scrutiny is increasing, trust will influence both customer choice and institutional credibility.

For boards and leadership teams, the question is no longer, “Are we DPDP compliant?”

The sharper question is, “Can we prove that our data practices reduce risk?”

Answering that question requires more than a compliance audit. It requires a live view of personal data across the enterprise: what exists, where it goes, who can access it, and whether it still needs to.

Privacy and security used to be treated as separate disciplines with separate teams, budgets, and agendas. That separation is no longer viable. A security team that does not know what personal data the business holds cannot protect it. A privacy team that does not have technical visibility into data flows cannot govern them.

The Future of DPDP and Cybersecurity

DPDP is not asking enterprises to choose between innovation and protection. It is asking them to build digital systems where innovation does not depend on uncontrolled data accumulation.

For too long, “collect more” was seen as the safer business strategy. In the DPDP era, the safer cybersecurity strategy may be the opposite: collect with purpose, protect with discipline, and delete with confidence.

Data minimization is no longer a privacy checkbox. It is becoming one of the most practical security controls an enterprise can deploy.

(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official position of The Cyber Express. This article is published as part of our contributed content program and is intended for informational purposes only.)

China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

Mihir Bagwe — Fri, 05 Jun 2026 06:48:31 +0000

China's VerdantBamboo spent 18 months inside a company's network. The entry point was the managed service provider next door.

The incident response started with a suspicious connection from a Linux appliance. It ended with the discovery of a Chinese state-sponsored threat actor that had been silently present in two interconnected networks for at least a year and a half — and that came back through a different door within days of being evicted through the first one.

Researchers at Volexity, documented a multi-stage intrusion campaign by the threat actor it tracks as VerdantBamboo, also known as WARP PANDA and UNC5221 by other vendors, that began with a compromised file sync appliance, expanded through a breached managed service provider, and persisted through three separate re-entry attempts, each one exploiting a different piece of infrastructure that lacked endpoint detection coverage.

A File Sync Box No One Was Watching

In September 2025, Volexity was called in after a customer noticed suspicious outbound traffic from a Linux virtual machine running Egnyte Storage Sync, software designed to synchronize on-premise files with cloud storage.

Instead of connecting to Egnyte infrastructure, the appliance was making encrypted TLS connections to a threat-actor-controlled domain hidden behind Cloudflare IP addresses. It was also querying Google's public DNS server at 8.8.8.8 via DNS over HTTPS, a technique that allows DNS lookups to masquerade as ordinary HTTPS traffic, bypassing DNS-based network monitoring.

Also read: China Sits at the Top of America’s Cyber Threat List

Forensic analysis of the appliance revealed two backdoors. The primary implant was BRICKSTORM, a Golang-based remote access trojan previously documented by CISA, Google Cloud, and NVISO in the context of Ivanti zero-day exploitation campaigns. The secondary was a previously undocumented Python reverse shell that the researchers named AGENTPSD, packaged as a native binary using PyInstaller and configured to execute once a month on the 15th as a fallback should BRICKSTORM become unavailable. Both had been on the system for at least 18 months before discovery.

VerdantBamboo's initial foothold came through the appliance's default service account, egnyteservice, accessed via SSH using credentials the attacker had obtained from the organization's managed service provider. A misconfigured sudo rule on the appliance, which allowed the egnyteservice account to run the Linux tee command as root, gave the attacker an inadvertent local privilege escalation path. Using tee, they could write files anywhere on the filesystem as root, which they used to install BRICKSTORM in /usr/sbin/ and create a cron-based execution mechanism. Volexity reported the sudo misconfiguration to Egnyte, which fixed it in Storage Sync v13.13.

The MSP Was Already Compromised

As researchers examined the supply chain of the compromise, it turned its attention to the managed service provider — the third-party firm that administered the victim organization's systems. The MSP's pfSense firewall, a popular open-source firewall running on FreeBSD, had been compromised by multiple threat actors simultaneously: web shells, cryptocurrency miners, alternate VPN configurations, and a FreeBSD-compatible BRICKSTORM implant deployed by VerdantBamboo, disguised as a file named "blacklist" in the IPsec directory and persisted via a modified cron file. That implant beaconed to a different C2 domain than those found on the victim organization's systems. It had also been present for at least 18 months.

Volexity assesses with medium confidence that the victim organization was first compromised via VerdantBamboo's prior breach of the MSP — with the attacker using MSP-held administrative credentials and infrastructure access as the initial foothold into the primary target's environment.

Three Evictions, Three Re-entries

The operational persistence VerdantBamboo demonstrated after initial discovery is the most important finding. Within days of the Storage Sync appliance and SSL VPN being taken offline, the organization's Synology NAS device began beaconing to the same C2 domain found on the Storage Sync server.

The re-entry path was when the MSP retired the SSL VPN device during remediation, the organization's firewall became directly accessible to the internet. VerdantBamboo connected to its administrative interface using stolen credentials that were not protected by multi-factor authentication, configured a new SSL VPN network on the firewall itself, and used that access to pivot back into the internal network.

From there, the attacker connected via SSH to the Synology NAS and deployed a third previously undocumented malware family, tracked by Volexity as PLENET — a .NET Core backdoor compiled to native code using the Native AOT framework introduced in .NET 7, which Google Cloud independently tracked under the name GRIMBOLT.

Researchers also found that VerdantBamboo had validated administrative credentials for the organization's VMware vCenter infrastructure via web-based logins but did not proceed to deploy malware on ESXi or vCenter systems in this incident, despite public reporting that ESXi persistence is a standard behavior for this group.

The Technique That Made All of This Work

Across the entire operation, VerdantBamboo consistently used compromised devices to proxy connections into the victim organization's Microsoft 365 environment. By routing M365 access through the organization's own SSL VPN IP address space, the attacker's logins appeared to originate from trusted internal infrastructure — bypassing Conditional Access policies specifically designed to block external access. Conditional Access policies in Microsoft Entra ID allow organizations to restrict cloud access by device, location, or network; VerdantBamboo rendered those controls useless by making its traffic look like it came from inside.

The entire attack surface VerdantBamboo operated against — the Egnyte appliance, the pfSense firewall, the Synology NAS — shared one characteristic; none of these devices support endpoint detection and response software. BRICKSTORM, PLENET, and AGENTPSD were all deployed on infrastructure that sits permanently outside the EDR visibility layer that most security teams treat as their primary detection surface.

VerdantBamboo did not breach this organization through a zero-day exploit on a managed Windows endpoint. It entered through the blind spots — the devices that sit on the network and are administered via web interface and SSH, with no agent, no behavioral monitoring, and no MFA on their administrative accounts.

Researchers recommended enforcement of MFA on all administrative accounts without exception, including those managing firewalls and network appliances; audit sudo configurations on Linux appliances for inadvertent privilege escalation paths; ensure that network appliances are never exposed directly to the internet following remediation work; and extend network monitoring coverage to all devices capable of making outbound connections, regardless of whether they support EDR agents.

Study of AI-Assisted Cyberattacks May Reshape How Security Industry Measures Risk

Mihir Bagwe — Fri, 05 Jun 2026 04:36:25 +0000

The threat intelligence community has spent decades building frameworks to assess how dangerous a cyberattacker is. Anthropic just published data suggesting those frameworks are failing — not because they were poorly designed, but because AI has fundamentally changed the relationship between attacker skill and attacker capability, and AI-assisted cyberattacks are now becoming a norm.

Anthropic's Frontier Red Team published findings drawn from 832 accounts banned for malicious cyber activity between March 2025 and 2026, mapping each case against MITRE ATT&CK, the industry's most widely used taxonomy of attacker tactics and techniques.

A subset of those findings appeared in Verizon's 2026 Data Breach Investigations Report. The full analysis, published simultaneously with an interactive visualization on Anthropic's Red blog, delivers three conclusions that should unsettle security teams relying on traditional risk-scoring models.

AI Is Moving Deeper Into the Attack Chain

The most common AI-assisted activity in the dataset is also the most expected - writing malware. Of the 832 accounts studied, 560 or 67.3% used AI for that purpose. But the more significant finding is directional. Across the twelve-month study period, AI use shifted measurably from initial-access techniques toward post-compromise activity. It's the harder, more technically demanding work that happens after an attacker is already inside a network.

AI-assisted account discovery — identifying valid accounts inside a compromised environment — rose 8.9% across the period. AI-assisted phishing, a standard initial-access technique, fell 8.6%. Lateral movement, the process of navigating deeper inside a compromised network to reach high-value targets, was used with AI assistance by 54 of the 832 actors, or 6.5%. These are precisely the techniques that have historically required sophisticated operators to execute effectively. AI is democratizing them.

The risk-scoring data makes that democratization concrete. In the first six months of the study period, 33% of actors were classified as medium risk or higher. By the second six months, that share had jumped to 56% — a roughly 1.7-fold increase in just six months.

The Old Signals for Measuring Threat Level No Longer Work

Security teams have traditionally assessed actor sophistication by counting how many distinct techniques they employ and observing what tools or interfaces they use. Anthropic's data shows those signals have decoupled from actual risk in an AI-enabled environment.

The least-skilled actors in the dataset used an average of 16 distinct techniques. The most skilled used an average of 20. The gap is so small as to be operationally meaningless for triage purposes. Similarly, whether an attacker used Claude Code, the API, or a chat interface showed no correlation with risk level.

What does distinguish higher-risk actors is where in the attack lifecycle they apply AI. Higher-risk operators concentrate AI use on operationally demanding techniques — account discovery, lateral movement, privilege escalation — rather than merely on initial-access tasks. But even that signal is eroding. Those post-compromise techniques are exactly where the broader attacker population is now heading, as more actors get reclassified as higher risk and the behavior diffuses downward through the threat actor ecosystem.

The more durable differentiator, Anthropic found, is architectural. The highest-risk actors build scaffolding around models that allows AI to chain together discrete stages of a cyberattack and execute them with minimal human input. That capability — agentic attack orchestration — is the real frontier of AI-enabled threat activity, and it is not captured anywhere in the current MITRE ATT&CK framework.

MITRE ATT&CK Was Not Built for AI Agents

Researchers show the framework gap with an example of a state-sponsored cyber espionage operation the company disrupted in November 2025, in which a malicious actor manipulated Claude Code into attempting to infiltrate targets worldwide with minimal human intervention.

Read: Chinese Hackers Weaponize Claude AI to Execute First Autonomous Cyber Espionage Campaign at Scale

Mapping that operation against MITRE ATT&CK produced a count of 30 techniques across 13 tactics — a profile comparable to many medium-risk actors in the dataset, and one that drastically understates how dangerous the operation actually was. Anthropic's own risk-scoring methodology, applied to the same operation, returned a maximum score of 100.

The gap exists because MITRE ATT&CK was designed to document what attackers do, not how they orchestrate it. An AI agent that executes commands, exploits vulnerabilities, steals credentials, and makes real-time tactical decisions across a full attack chain — requiring human input only at a few key moments — is a categorically different threat actor than a human operator executing those same steps manually. There is no ATT&CK ID for agentic orchestration. There is no technique entry for autonomous chaining of attack stages. There is no tactic that captures the removal of human decision bottlenecks from the attack lifecycle.

Anthropic says it is in active discussions with MITRE about how the ATT&CK framework might evolve to include these AI-enabled behaviors. The company has also used the findings from this analysis to inform the cyber safeguards built into its most capable models — including detection and blocking mechanisms for malware development and mass data exfiltration activities documented in the dataset.

Risk triage models built on technique counts, tool-type signals, or initial-access sophistication are now systematically underclassifying AI-enabled actors. A threat actor who uses 16 techniques with AI assistance may pose the same operational risk as one using 25 techniques manually. An attacker deploying a free-tier chat interface may be running the same agentic attack chain as one using a direct API connection.

The more meaningful questions for detection and triage are behavioral and architectural. Is this actor using AI post-compromise rather than merely for initial access? Is there evidence of automated chaining between attack stages? Is human intervention being removed from operationally demanding steps? Those questions are not yet embedded in standard detection frameworks — and closing that gap, researchers argue, is now an urgent priority for the industry.

New Threat Actor Targets Crypto Firms’ Development Infrastructure

Mihir Bagwe — Thu, 04 Jun 2026 18:22:27 +0000

A previously undocumented threat actor is conducting highly targeted attacks against cryptocurrency organizations, using fake recruitment opportunities, custom macOS malware, and software supply chain compromises to gain access to development environments and cloud infrastructure.

Researchers at Wiz Research have identified the group as JINX-0164, a financially motivated actor that has been active since at least mid-2025. Unlike many crypto-focused threat groups that target wallets and exchanges directly, JINX-0164 is going after the software development infrastructure that powers crypto companies.

The Attack Starts on LinkedIn

According to Wiz's investigation, the threat actor's operations begin with carefully crafted social engineering campaigns.

Developers and technical employees at cryptocurrency firms are approached on LinkedIn by profiles posing as recruiters, business partners, or industry professionals. The interactions often appear legitimate and may continue for days before the target is invited to a virtual meeting.

The meeting invitation directs victims to a website masquerading as a teleconferencing platform. However, instead of joining a video call, users unknowingly download malware specifically designed for macOS systems.

This level of targeting suggests the attackers have conducted reconnaissance beforehand and are deliberately selecting employees with access to development resources and sensitive corporate systems.

From Developer Laptop to Production Infrastructure

Once the malware is executed, attackers establish remote access to the compromised machine and begin harvesting credentials.

What makes JINX-0164 particularly dangerous is its focus on developer environments. Rather than stopping at endpoint compromise, the group pivots toward software repositories, build pipelines, cloud environments, and CI/CD systems.

Researchers observed attackers moving laterally from employee devices into development infrastructure, enabling them to access source code, authentication tokens, and deployment systems.

In at least one incident investigated by Wiz, the campaign escalated into a software supply chain attack, showing the potential for downstream impact beyond the initial victim organization.

A Shift in Crypto Threat Actor Tactics

Historically, many crypto-focused threat actors have concentrated on stealing digital assets directly through wallet compromise or exchange breaches.

JINX-0164 appears to be taking a different route.

By targeting developers and the systems they use to build and distribute software, the group gains access to a broader attack surface. Compromising a CI/CD pipeline can potentially provide access to production environments, customer-facing applications, and software updates distributed to thousands of users.

Custom Tooling and Long-Term Access

Wiz researchers noted that the actor relies on custom-built malware rather than publicly available tools. This enables the group to maintain stealth, evade traditional security controls, and adapt quickly when defenses change.

The malware serves as a foothold into the victim environment, after which the attackers focus heavily on credential collection and infrastructure access.

Particular attention appears to be paid to cloud resources and development secrets—assets that can provide privileged access across an organization's environment.

Why Cryptocurrency Firms Are Being Targeted

Cryptocurrency companies remain among the most lucrative targets for cybercriminals.

Beyond direct access to digital assets, these organizations often manage large volumes of financial transactions, proprietary code, and privileged infrastructure. Developers within these firms frequently have access to production environments, signing keys, cloud platforms, and deployment pipelines.

For attackers, compromising a single engineer can become a gateway to an entire ecosystem.

Also read: $15M Grinex Hack Forces Trading Halt After Major Crypto Wallet Breach

Pink Extortion Group Emerges Targeting Microsoft 365 Data

Mihir Bagwe — Thu, 04 Jun 2026 16:38:36 +0000

A newly identified cyber extortion operation is gaining attention among incident responders after security researchers uncovered a threat group using voice phishing, cloud data theft and aggressive extortion tactics to target organizations.

Researchers at Unit 42 have begun tracking the activity under the cluster designation CL-CRI-1147, while the threat actors themselves operate under the newly established "Pink" extortion brand. The group's leak site reportedly became active on May 31, and already lists multiple victims, signaling an effort to establish an independent reputation within the cybercrime ecosystem.

A New Brand With Familiar Tactics

While Pink is a new name, its techniques are anything but.

Researchers assess that CL-CRI-1147 is likely affiliated with the broader "Com" cybercriminal ecosystem—a loosely used term for financially motivated actors linked to several high-profile extortion campaigns. The group's tradecraft closely resembles that of cybercrime crews such as ShinyHunters and Blackfile, both known for targeting cloud environments and stealing corporate data for extortion purposes.

Also read: ShinyHunters, CL0P Return with New Claimed Victims

The emergence of Pink suggests that rather than a completely new threat actor entering the scene, an existing operator may be rebranding or spinning off under a new identity.

Voice Phishing Opens the Door

Unlike ransomware groups that rely on malware deployment, Pink appears focused on manipulating employees.

According to Unit 42, attacks begin with vishing—voice phishing calls in which attackers impersonate internal IT staff. During these conversations, victims are persuaded to visit phishing websites and enter their credentials.

Researchers identified several domains used in these campaigns, including:

passkeyadd[.]com
passkeydeploy[.]com
deploypasskey[.]com

The domains mimic legitimate password and authentication workflows, helping attackers convince users that they are participating in a routine security process.

Once credentials are captured, the threat actors gain access to Microsoft 365 accounts, including multi-factor authentication sessions.

Cloud Data Theft Within Minutes

After compromising an account, the attackers move quickly.

Rather than deploying ransomware or attempting to establish long-term persistence, Pink appears focused on immediate data theft from cloud collaboration platforms such as SharePoint and OneDrive.

Researchers observed activity associated with tools and user-agent strings commonly used to automate cloud data collection, including:

Microsoft.Graph.Client/5.62.0
python-requests/2.28.1
python-requests/2.33.1

The use of Microsoft Graph APIs suggests the actors are leveraging legitimate cloud functionality to identify and exfiltrate sensitive corporate files at scale while blending into normal administrative activity.

Using the Victim's Own Accounts

One of the more notable aspects of Pink's operations is how quickly attackers weaponize compromised accounts.

Shortly after stealing data, the actors reportedly use the victim's Microsoft 365 account to distribute extortion messages internally. These communications are sent both via email and Microsoft Teams, creating immediate credibility and increasing pressure on the organization.

This tactic allows attackers to demonstrate access while amplifying confusion among employees and incident responders.

Infrastructure Reuse Points to Organized Operations

Researchers also identified infrastructure patterns that suggest a structured operation rather than opportunistic attacks.

Pink reportedly reuses second-level phishing domains across multiple campaigns while customizing third-level subdomains to match the targeted organization. The infrastructure has been observed leveraging services associated with DDoS-Guard hosting.

Among the indicators identified by researchers are:

185[.]178.208[.]153 (hosting phishing infrastructure)
172[.]93.100[.]252 (accessing compromised accounts)
96[.]232.20[.]66 (linked to extortion email creation via residential proxy services)

The reuse of infrastructure combined with consistent phishing themes indicates an operation designed for repeatable, scalable attacks.

AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats

Samiksha Jain — Thu, 04 Jun 2026 12:19:25 +0000

For years, security teams have relied on behavioral clues to identify malicious activity. However, the rise of AI-powered bots is making that task far more challenging. Unlike traditional automated tools, these bots can imitate legitimate user behavior with remarkable accuracy, allowing them to blend into normal traffic patterns. A new study examining enterprise security readiness suggests that artificial intelligence is fundamentally changing how bot attacks are carried out. Rather than behaving like traditional automated tools, modern AI-powered bots are now capable of mimicking legitimate users with a level of sophistication that many organizations struggle to detect. The report, based on a survey of 300 enterprise leaders across North America, highlights a growing concern among cybersecurity professionals: attackers are no longer trying to force their way into systems. Instead, they are increasingly blending into normal digital activity.

AI-Powered Bot Threats Are Becoming More Advanced

According to the findings, AI-driven bot threats are reshaping the threat landscape by enabling attackers to automate reconnaissance, optimize targeting, and operate within normal user behavior patterns. Credential-based attacks remain the most common form of bot-related activity, with 74% of respondents identifying them as a major concern. DDoS attacks followed at 51%, while 40% reported dealing with AI-driven scraping campaigns designed to harvest sensitive information from websites and online platforms. What makes these attacks particularly challenging is not just their scale, but their ability to imitate legitimate traffic. Modern bots can browse websites, submit forms, test stolen credentials, and interact with applications in ways that closely resemble human behavior. Security experts warn that this evolution is making traditional bot detection methods less effective.

Many Organizations Still Rely on Slow Defensive Processes

While attackers are increasingly operating at machine speed, many organizations continue to update their defenses at a much slower pace. The survey found that only 25% of enterprises continuously update bot detection rules. In contrast, nearly half of respondents update protections on a weekly basis, creating potential windows of opportunity for attackers. This gap between attack speed and response speed is becoming a growing concern as AI lowers the barriers to launching automated campaigns. Researchers noted that the cost of executing large-scale bot attacks has dropped significantly, allowing threat actors to conduct more reconnaissance, launch more credential attacks, and scale operations faster than ever before.

The Challenge of Distinguishing Good Bots From Bad Bots

One of the most notable findings from the study is the difficulty organizations face when trying to classify bot activity. Nearly one-quarter of respondents said they cannot reliably distinguish malicious bots from legitimate automated traffic. That challenge is becoming increasingly relevant as businesses themselves rely on automation. Organizations commonly use bots for search engine optimization, website monitoring, analytics, and performance testing. As a result, security teams are often managing environments where beneficial and malicious automation can appear remarkably similar. Industry experts warn that threat actors are taking advantage of this overlap. By designing attacks that resemble trusted automated activity, they can reduce the likelihood of detection and remain active for longer periods.

Confidence Does Not Always Reflect Readiness

Despite growing concerns around AI-driven bot threats, many organizations remain confident in their ability to detect malicious activity. The survey found that 79% of enterprise leaders believe they can identify bot traffic. However, only 23% reported having mature, governance-driven programs designed to manage automated threats proactively. Meanwhile, 44% continue to rely primarily on reactive approaches, while many depend on default protections provided by web application firewalls and content delivery networks. This disconnect suggests that confidence may be outpacing actual preparedness. The report also found that only one-third of respondents said their existing tools successfully blocked more than half of AI-generated bot traffic over the past year.

Business Impact Extends Beyond Security Teams

The consequences of AI-driven bot threats are no longer limited to cybersecurity departments. More than half of surveyed organizations expect AI-powered bots to negatively affect customer experience during the next 12 months. Others anticipate increased exposure of sensitive data and growing operational challenges. Bots can create subtle but costly disruptions. Slower website performance, disrupted transactions, account takeover attempts, and unauthorized data collection can all affect customer trust and business performance. For large organizations handling millions of monthly website visits, even small disruptions can translate into significant financial and operational consequences.

A Shift Toward Bot Governance

As AI continues to reshape cyber threats, security leaders are increasingly being encouraged to move beyond traditional bot detection strategies. The report argues that organizations should begin treating bots as identity-bearing actors rather than simply another source of internet traffic. This approach places greater emphasis on understanding intent, verifying identities, and continuously assessing behavior rather than relying solely on signature-based detection methods. The broader message from the research is clear: as automated threats become more intelligent, organizations will need to focus not only on identifying malicious activity but also on understanding and governing it. The challenge is no longer just stopping bots. It is determining which automated actors can be trusted and which are actively working against the organization.