Latest Interesting Cybersecurity News – 01-03-2026

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. The US government seems to want to use AI for civilian surveillance and autonomous weapons

President Trump directed all federal agencies to immediately cease use of Anthropic’s AI and gave agencies such as the Department of Defense up to six months to phase out the company’s services, while Defense Secretary Pete Hegseth declared Anthropic a Supply‑Chain Risk to National Security. 

The move stems from a breakdown with the Pentagon over Anthropic’s requested guardrails—prohibitions on mass domestic surveillance and preventing fully autonomous weapons—and raises immediate operational and contractual risk for DoD programs, military contractors, and vendors that rely on Anthropic or its cloud providers. 

Anthropic says it will challenge the designation in court and maintain support for lawful national‑security uses during the transition period.

Key Details

• Defense Secretary Pete Hegseth declared Anthropic a Supply‑Chain Risk, barring contractors, suppliers, or partners that do business with the U.S. military from commercial activity with Anthropic.
• The dispute centers on two requested Anthropic limits: banning mass domestic surveillance and preventing use of Claude for fully autonomous weapon targeting.
• Anthropic has operated under roughly a $200 million DoD contract since mid‑2024 and its model is deployed on the Pentagon’s classified networks via a Palantir partnership.
• Anthropic plans to legally challenge the supply‑chain designation, citing limits in 10 U.S.C. 3252 and arguing the designation should not extend to non‑DoD commercial relationships.

Read more at SecurityWeek, The Hacker News, SiliconANGLE, SecurityWeek, CBS News, CybersecurityNews

2. Public Google Maps keys can gain secret access to Gemini AI without developer notification

Google uses a single API key format (AIza…) for two fundamentally different purposes: public identifiers (for Maps, Firebase, YouTube embeds) and sensitive authentication. For years, Google explicitly told developers these keys are safe to paste into public frontend code. When Google launched Gemini, they made the same key format authenticate to Gemini endpoints — meaning any existing public Maps key automatically becomes a valid Gemini credential the moment someone enables the Gemini API on that project. 

Developers are never notified about the fact. Researchers scanned the web and found 2,863 live public keys now silently granting Gemini access — including keys from Google's own products. Google has begun blocking known-exposed keys and is working on a root-cause fix, but organisations should audit and rotate affected keys now.

Key Details

• Truffle Security scanned the November 2025 Common Crawl (~700 TiB) and identified 2,863 live, publicly exposed Google API keys
• Exposed keys use the ‘AIza’ prefix and are commonly embedded in client-side JavaScript for Maps, Firebase, or other services
• When a project enables the Generative Language API, existing (including public) API keys can access Gemini endpoints such as /files and /cachedContents
• New API keys in Google Cloud default to ‘Unrestricted’, allowing use with every enabled API in the project
• Potential impacts include disclosure of uploaded datasets/cached AI context, quota exhaustion, and large unexpected billing from attacker-driven LLM calls

Next Steps

• Audit all GCP projects for the Generative Language API enabled
• Restrict GCP Project API keys to specific APIs, referrers, and IPs; avoid unrestricted keys
• Search your public sites/repos for ‘AIza’ strings and rotate any exposed keys

Read more at CSO Online, The Hacker News, BleepingComputer, CybersecurityNews, Truffle Security

3. Critical ‘ClawJacked’ 0‑click Flaw Lets Websites Hijack Local OpenClaw AI Agents

Oasis Security disclosed a zero‑interaction vulnerability in the OpenClaw AI agent framework that allows any malicious website visited in a browser to silently take full control of a developer’s local agent. 

Because OpenClaw agents run with broad access to files, development tools and messaging, a successful exploit can lead to workstation‑level compromise and credential/API key theft; a patch is available and should be treated as urgent.

Key Details

• Attack vector: browser JavaScript opens a cross‑origin WebSocket to OpenClaw’s localhost gateway; browsers allow loopback WebSocket connections.
• Gateway flaws: localhost connections were auto‑trusted, pairings auto‑approved with no prompt, and rate limiting exempted loopback, permitting brute‑force attempts at hundreds/sec to guess the gateway password.
• With admin access an attacker can execute anything – shell commands, read/exfiltrate files, search chat history for API keys, and access connected node capabilities — effectively a full workstation compromise.
• OpenClaw patched the issue within 24 hours; fixed release is version 2026.2.25 or later.

Next Steps

• Update OpenClaw to version 2026.2.25 or later immediately
• Inventory endpoints for OpenClaw and shadow installations
• Revoke/exchange exposed API keys and audit agent node permissions

Read more at The Hacker News, CSO Online, Cybersecurity News, HackRead

4. Google Disrupts UNC2814 ‘GRIDTIDE’ Campaign That Used Google Sheets API for Command-and-Control Channel

Google Threat Intelligence Group, working with Mandiant and partners, disrupted a widespread cyber-espionage campaign attributed to UNC2814 that has compromised at least 53 organizations across 42 countries and is suspected in 20+ more. The actor deployed a novel backdoor called GRIDTIDE that abuses the Google Sheets API as a command-and-control channel to hide malicious traffic; telecommunications providers and government entities were primary targets.

 This disruption terminated attacker-controlled Google Cloud projects, disabled known infrastructure and accounts, and triggered victim notifications.

Key Details

• Confirmed impact: 53 victims in 42 countries; suspected infections in 20+ additional countries.
• GRIDTIDE is a C-based backdoor that uses Google Sheets API cells (A1, A2-An, V1) for bidirectional C2 and supports file upload/download and arbitrary shell command execution.
• Post-compromise activity included service-account-driven lateral movement via SSH, living-off-the-land binaries, and persistence via /etc/systemd/system/xapt.service spawning /usr/sbin/xapt (binary observed at /var/tmp/xapt).
• Google reported no observed data exfiltration during the disruption and revoked attacker access to Google Cloud projects and Google Sheets API calls, and published IOCs and victim notifications.

Next Steps

• Audit and restrict service accounts and Google Sheets API access

Read more at The Hacker News, BleepingComputer, CSO Online, SecurityWeek, Google Cloud Blog

5. Fake Next.js ‘interview’ repos deliver in-memory JavaScript backdoors to developer machines. Next steps: How to stay safe?

Microsoft and other researchers warn of a coordinated campaign that seeds fake Next.js projects and job-assessment repos to trick developers into executing malicious code that runs entirely in memory. 

The loaders retrieve attacker-controlled JavaScript (staged from Vercel, GitHub gists or shorteners), register the host with a controller, and execute follow-on tasks — enabling discovery, data exfiltration (source code, secrets, credentials) and persistent access via C2. 

Key Details

• Three distinct execution paths observed: VS Code workspace tasks (runOn: “folderOpen”), running ‘npm run dev’, and backend/server startup module imports
• Initial stage fetches a JavaScript loader (examples staged on Vercel or gist.githubusercontent.com) and executes it in-memory with Node.js
• Campaign uses job/interview-themed repo lures on trusted platforms (Bitbucket/GitHub names like ‘Cryptan-Platform-MVP1’)
• Researchers found a malicious npm package (‘eslint-validator’) that fetched BeaverTail from Google Drive, plus Windows chains using certutil, Node installer, and PyArmor-protected Python malware
• Controller supports kill-switches, process tracking, error telemetry and retry logic to maintain stealth and stability

Next Steps

• Run interview code in an isolated, disposable environment (preferably a fresh VM or cloud dev environment like Codespaces — not your primary machine)
• If using Docker, avoid weakening isolation (no home directory mounts, no SSH agent forwarding, no –privileged, no real credentials inside the container)
• Disable auto-run behavior before opening the repo (keep VS Code Workspace Trust enabled and block runOn: folderOpen tasks)
• Never expose real secrets to test projects (no personal SSH keys, cloud tokens, or password manager access in interview environments)

Read more at The Hacker News, BleepingComputer, CSO Online, Microsoft, The Register

6. Critical RCE and API-key exfiltration flaws in Anthropic’s Claude Code via repository-controlled configs

Check Point Research found multiple vulnerabilities in Anthropic’s Claude Code that let malicious repository-controlled configuration files execute shell commands on developer machines and exfiltrate full Anthropic API keys. 

Anthropic patched the issues before public disclosure; the flaws underscore a new supply-chain risk where .claude/.mcp project files can be weaponized to compromise developer endpoints and shared Claude workspaces. 

Key Details

• Anthropic patched all issues prior to public disclosure.
• Hooks in .claude/settings.json could run on SessionStart without explicit consent, enabling arbitrary shell command execution.
• Researchers used code-execution to regenerate workspace files, making previously non-downloadable team files retrievable.

Next Steps

• Block or review .claude/.mcp files in CI and pre-merge checks

Read more at The Hacker News, SecurityWeek, The Register, Cybersecurity News, Cybersecurity News, Dark Reading

7. CrowdStrike: Average attacker breakout time fell below 30 minutes in 2025

CrowdStrike's 2026 Global Threat Report finds attackers are moving laterally through victim environments far faster, compressing the time defenders have to detect and respond and increasing risk to cloud and unmanaged devices. The report calls out widespread credential abuse, a shift toward malware-free (legitimate-tool) intrusions, rising zero-day exploitation, and growing attacker use of AI as key drivers of the acceleration.

Key Details

• Average breakout time for financially motivated attackers dropped to 29 minutes in 2025, a 65% acceleration year-over-year; the fastest observed breakout was 27 seconds.
• Cloud-focused attacks rose 37% year-over-year, with nation-state cloud activity up 266%.
• 82% of detections in 2025 were malware-free; 35% of cloud intrusion incident responses involved valid or abused credentials.
• Observed zero-day exploitation increased 42% year-over-year; Chinese-linked actors achieved immediate system access on two-thirds of exploited vulnerabilities and targeted edge devices in 40% of cases.
• Attacks attributed to North Korea rose 130% and attackers who leveraged AI increased their attack volume by 89%.

Next Steps

• Read the CrowdStrike 2026 Global Threat Report

Read more at CrowdStrike, CyberScoop, Dark Reading, SC World

8. 1Campaign cloaking platform lets attackers bypass Google Ads review to serve phishing and crypto‑drainers

Varonis Threat Labs uncovered 1Campaign, a commercially offered cloaking platform that helps attackers pass Google Ads screening and deliver phishing pages, fake downloads, and cryptocurrency‑draining sites to real users. 

The service—operated by a developer using the handle DuppyMeister for over three years with Telegram support—uses fraud scoring, device fingerprinting, IP reputation checks and a built‑in Google Ads launcher to hide malicious content from reviewers, increasing the lifespan and reach of malvertising campaigns. 

Key Details

• Operator known as ‘DuppyMeister’; platform available for >3 years with Telegram support channels
• Filters on the platform automatically block traffic from Microsoft, Google, Tencent Cloud, OVH and other data‑center/VPN ranges

Next Steps

• Block ‘bitcoinhorizon [.] pro’ at DNS and web filters

Read more at BleepingComputer, Cybersecurity News, HackRead, SC World

9. Compromised QuickLens Chrome extension pushed ClickFix malware and crypto-stealing scripts

The QuickLens - Search Screen with Google Lens Chrome extension was compromised after a change of ownership and an update (v5.8) on Feb 17, 2026 that injected malicious scripts to display fake Google Update prompts (ClickFix attacks), run second-stage malware, and steal cryptocurrency wallet seeds and browser credentials. 

Google has removed and auto-disabled the extension; affected users risk wallet hijacking, credential theft, and broader data exfiltration. 

Key Details

• Extension had roughly 7,000 users and was updated to malicious version 5.8 on Feb 17, 2026 after ownership changed on Feb 1, 2026
• Attack used a ‘1×1 GIF onload’ technique to inject and execute JavaScript payloads on every page, delivering fake Google Update prompts that prompted users to run code
• Windows payload named ‘googleupdate.exe’ was distributed (signed with a certificate from Hubei Da’e Zhidao Food Technology Co., Ltd.); additional scripts targeted crypto wallets and credentials
• Detected wallet targets included MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Solflare, Backpack, Brave Wallet, Exodus, Binance Chain Wallet, WalletConnect, and Argon

Next Steps

• Remove QuickLens extension and verify it’s fully uninstalled
• Uninstall non-critical browser extensions, disable extensions while not in active use. 

Read more at BleepingComputer

10. Hobbyist accessed ~7,000 DJI Romo vacuums and their camera feeds via MQTT permission flaw

A Sammy Azdoufal wanted to connect his vacuum with his Playstation controller. With the help of AI he reverse-engineered DJI Romo's cloud protocol and — by extracting his device token — was able to query DJI's MQTT servers and observe or control thousands of devices globally, including live video, room maps, battery state, and location. 

DJI says it patched a backend permission-validation issue with updates on Feb 8 and Feb 10, but initial fixes were not applied to all service nodes and the company disputes some of the researcher’s technical claims. 

Key Details

• Azdoufal cataloged about 6,700 DJI Romo devices across 24 countries in nine minutes and captured over 100,000 MQTT messages
• Including DJI Power stations, his scanner saw data from over 10,000 devices
• He could view live video, remote-control devices, generate 2D floor plans, and read device status (battery, rooms, obstacles)
• Access relied on MQTT-based communication and an extracted private token; Azdoufal says his tool connected to US, EU, China, and pre-production servers
• DJI says the vulnerability was a backend permission-validation issue, patched with updates on Feb 8 and Feb 10, and that device-to-server traffic uses TLS

Next Steps

• Update your Robot Vacuums
• Consider if your vacuum really need to be on the Internet?

Read more at The Verge

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.