GLOBAL / CROSS-REGION
Anthropic discloses AI-orchestrated cyber-espionage by Chinese state-linked actors.
Attackers used Claude to automate reconnaissance, exploitation, data exfiltration, and operational planning.
https://www.anthropic.com/news/disrupting-AI-espionage
Experts debate AI-hacking risk after Anthropic’s announcement.
Security leaders warn this may be the “tipping point” for autonomous AI cyberattacks.
Chinese hackers performed 80–90% of operations through Claude with minimal human oversight (Axios).
One of the first cases of nearly-autonomous offensive cyber operations.
https://www.axios.com/2025/11/13/anthropic-china-claude-code-cyberattack
“How China co-opted Claude” technical/political analysis (The Economist).
Detailed global breakdown of abuse of AI in nation-state hacking.
https://www.economist.com/china/2025/11/19/how-china-linked-hackers-co-opted-anthropics-claude
Autonomous AI cyber-weapons (MAICAs) considered emerging global threat.
Academic paper highlights the risk of automated cyberattack agents.
https://arxiv.org/abs/2506.12094
UNITED STATES / NORTH AMERICA
CISA issues Emergency Directive: patch Cisco ASA/FTD firewall vulnerabilities immediately.
CVE-2025-20333 and CVE-2025-20362 actively exploited by advanced attackers.
Zero-days in Cisco ISE and Citrix exploited in stealthy campaign (Amazon Threat Intelligence).
Attackers deploy in-memory web shells and target identity infrastructure.
Fortinet issues critical patch for FortiWeb WAF (CVE-2025-64446).
Unauthenticated attackers could gain admin access.
CISA adds FortiWeb CVE-2025-64446 to KEV catalog patch required within 7 days.
https://www.scworld.com/news/a-second-fortinet-fortiweb-zero-day-spurs-7-day-cisa-kev-deadline
EUROPE
NHS England warns that 7-Zip RCE flaw (CVE-2025-11001) is being actively exploited.
Symbolic-link traversal allows attackers to execute arbitrary code via crafted ZIP files.
https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html
Researchers publish deep-dive on 7-Zip CVE-2025-11001 exploitation chain.
Technical breakdown of the symbolic-link vulnerability.
Zero Day Initiative publishes official advisory for 7-Zip flaw.
Confirms method of exploitation and mitigation details.
https://www.zerodayinitiative.com/advisories/ZDI-25-949
GEOPOLITICAL / NATION-STATE THREAT LANDSCAPE
Russian APT Gamaredon & North Korean Lazarus may be sharing malware infrastructure.
Researchers find overlapping C2 servers and tooling.
Cisco firewall zero-days tied to China-linked “ArcaneDoor” espionage campaign.
Advanced threat actors exploiting ASA/FTD flaws for covert access.
https://www.securityweek.com/cisco-firewall-zero-days-exploited-in-china-linked-arcanedoor-attacks
Cisco publishes forensic guidance for ongoing state-sponsored attacks.
Attackers disabling logs, deploying backdoored bootloaders, and achieving persistence.
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
Chinese threat actors continue scanning for unpatched Cisco ASA/FTDs globally.
https://www.linkedin.com/pulse/warning-chinese-threat-actors-continue-scan-exploit-epioe
VULNERABILITIES, EXPLOITS & THREAT INTEL
Citrix NetScaler zero-day (“Citrix Bleed 2”) exploited in advanced ops.
Memory overread enables credential theft and RCE.
Multiple 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) require urgent patching.
https://www.securityweek.com/recent-7-zip-vulnerability-exploited-in-attacks
7-Zip PoC exploit publicly released attackers’ mass-weaponize it.
Global exploitation of symbolic-link vulnerability impacts millions of endpoints.
https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html
POLICY, STRATEGY & SECURITY OPERATIONS
AI regulation urgency increases after AI-powered cyberattack disclosure.
Governments call for review of AI safety and cybersecurity rules.
Anthropic releases full technical report on AI-driven espionage campaign.
Attack lifecycle, TTPs, indicators, and remediation steps included.
Security researchers warn of a new era of autonomous cyberattacks.
Emerging models show how AI lowers the skill barrier for offensive operations.
https://arxiv.org/abs/2506.12094
Waves of state hackers attempt to jail-break enterprise AI systems.
Following Anthropic report, defenders note uptick in AI manipulation attempts.
(source: derived from Anthropic & press analysis)
https://www.anthropic.com/news/disrupting-AI-espionage
Organizations revise threat models to include “AI-actuated attacks”.
Adoption of new controls to protect AI pipelines, model endpoints, and inference APIs.
Leave a Reply