cnn.com
By
Sean Lyngaas
PUBLISHED Jan 28, 2026, 6:00 AM ET

Weeks before the 2024 election, American military hackers carried out a secret operation to disrupt the work of Russian trolls spewing false information at US voters.

Weeks before the 2024 election, American military hackers carried out a secret operation to disrupt the work of Russian trolls spewing false information at US voters.

From their perch at Cyber Command at Fort Meade, Maryland, the military hackers took aim at the computer servers and key personnel of at least two Russian companies that were covertly pumping out the propaganda, according to multiple sources briefed on the operation.

The trolls were trying to influence election results in six swing states by publishing fictitious news stories that attacked American politicians who supported Ukraine. One of the companies had held “strategy meetings” with Kremlin officials on how to covertly influence US voters, according to an FBI affidavit.

In one case, the Cyber Command operatives planned to knock offline computer servers based in a European country that one of the Russian companies used, the sources said. Though the Russian trolls continued to create content through Election Day, when President Donald Trump defeated then-Vice President Kamala Harris, one source briefed on the hacking effort said it successfully slowed down the Russians’ operations.

The hacking campaign, which hasn’t been previously reported, was one of multiple US cyber operations against Russian and Iranian groups aimed at blunting foreign influence on the 2024 election. It was part of a broader US government effort involving the FBI, the Department of Homeland Security, and other intelligence and security agencies that exposed and disrupted foreign meddling.

But a year into a second Trump administration, many of the government centers previously tasked with repelling foreign influence operations have been disbanded or downsized — and local election officials are preparing to face a continued onslaught of foreign influence operations largely on their own.

The administration has shut down foreign-influence-focused centers at the Office of the Director of National Intelligence, the FBI and the State Department that helped warn the public that China, Russia and Iran’s spy services were targeting Americans with election-related disinformation. The Department of Homeland Security has also slashed its election security teams, which pass intelligence to local election offices and help them defend against cyber threats.

The Trump administration has accused those federal programs of censoring Americans and conducting domestic interference in US elections.

While military cyber operations are still an option, there is widespread concern among current and former officials that the US government’s willingness to combat foreign efforts to shape elections has waned. The cuts to election security programs risk causing an exodus of expertise at US intelligence and security agencies that was built up over nearly a decade.

The cuts come even as the US intelligence community found, in a threat assessment released by the Office of the Director of National Intelligence Tulsi Gabbard, that foreign powers will continue to try to influence US elections.

“I find it devastating and deeply alarming for our national security,” said Mike Moser, a former election security specialist at DHS’ Cybersecurity and Infrastructure Security Agency, who resigned after the agency froze its election work last year. “To see those partnerships unilaterally dismantled is a tragedy. We are losing the human and technological infrastructure that protects our democracy.”

Foreign influence and propaganda tend to increase in years when general elections or midterms are held. But even in the off-year of 2025, groups tied to authoritarian regimes were weighing in on races like the New York City mayoral election.

Chinese state-owned media accounts repeatedly amplified Trump’s attacks on Zohran Mamdani, the Democrat who ended up winning New York’s mayoral election, according to disinformation-tracking firm Alethea Group. Some pro-Iranian influencer accounts, meanwhile, pivoted to attacking Mamdani as a “Zionist apologist” in October after Mamdani made overtures to Jewish voters in New York, Alethea said.

But by the time that election was held in November of last year, the cuts to election protection efforts had already taken hold.

The 2026 midterms could be a litmus test for how foreign adversaries respond to a US government that is less forceful in publicly combating influence operations.

“We’ve not had a disaster take place because, in many ways, the procedures and policies and tools set up during the first Trump administration helped keep us safe,” Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, told CNN. “We’re going into a (2026) election cycle with our guard down.”

Multiple government agencies and processes for countering foreign influence that are now being cut were set up during Trump’s first term, including a dedicated team at the FBI that tracked counterintelligence threats to elections.

In April, Trump fired Gen. Tim Haugh, the head of Cyber Command and the National Security Agency ,who had led numerous operations countering Russian meddling.

“The foundation that we built to protect our electoral process was driven by the first Trump administration’s direct guidance to NSA and Cyber Command — the focus that they put at CISA and FBI to counter foreign influence and then any potential hacking activity targeting our electoral process,” Haugh told CNN in his first interview on the subject since being fired. He declined to comment on any Cyber Command operations during the 2024 election.

Far-right activist and Trump confidant Laura Loomer had pushed for Haugh’s removal, publicly calling him “disloyal” to Trump due to the fact that he had served alongside former Chairman of the Joint Chiefs of Staff Gen. Mark Milley. Haugh has denied the allegation.

Nearly 10 years after Russian agents tried to influence the 2016 election through hacking and disinformation, Americans are arguably more susceptible to covert propaganda than ever, according to experts.

“This is just an enormous set of vulnerability for our nation,” Haugh said. “We have shown a decreasing ability to discern truth from fiction as a society.”

Cyber Command declined to comment for this story. The NSA referred to questions to ODNI.

Cuts to federal funding for cybersecurity services for election offices have forced those offices to scramble for alternative funds, said Paul Lux, a Republican who is the top election official for Okaloosa County, Florida.

Election officials are also unsure whether the FBI and CISA will continue to hold classified briefings for them on threats to elections, something those agencies have done for years.

The briefings were “illuminating,” Lux said. “They allowed me to personally connect some dots” by making the threats more tangible, he added.

The FBI had no comment when asked by CNN whether the briefings would continue.

A CISA spokesperson did not directly answer a question about the briefings but provided a statement that read, in part, “since January 2025, CISA has issued 38 joint cybersecurity advisories with law enforcement and international partners and provided threat intelligence guidance to combat evolving threats and protect critical infrastructure, and we will continue to ensure election officials remain informed of any emerging issues going forward.”

With or without federal security and intelligence support, election officials will be ready to do their job, Lux said. “Our mission doesn’t change. (It is to) provide safe, free and fair elections with as much transparency as possible.”

Dismantling offices
The same type of Russian trolls that Cyber Command took aim at in the 2024 election continue to churn out content. A Russian covert influence network focused on undermining Western support for Ukraine has set up at least 200 fake websites since last March to target audiences in the US, France and elsewhere, according to the cyber intelligence firm Recorded Future.

The concern among more than a dozen current and former officials who spoke to CNN is that the Trump administration took a hatchet, rather than a scalpel, to federal programs aimed at countering the type of influence operation that Recorded Future uncovered. The programs could have been downsized, rather than abruptly canceled, in a way that met the Trump administration’s goal of cutting bureaucratic red tape, the sources said.

The State Department’s Global Engagement Center, which focused on combating foreign propaganda, posted a massive US intelligence dump on Russian meddling prior to the 2024 election. (The Trump administration formally shut down the State Department center last April after Congress let its funding expire.)

ODNI’s Foreign Malign Influence Center, which was set up under then-President Joe Biden, turned intelligence on Russian AI-generated videos posted on X purporting to show voter fraud into public statements in the days before Election Day in 2024.

Without that center, it’s unclear which government agency would warn the public of such efforts.

In announcing the Foreign Malign Influence Center’s closure in August, ODNI said the center was “redundant” and that other elements of the intelligence community perform some of the same work. Some Republican lawmakers agree.

“I am confident ODNI and the (intelligence community) will remain poised to assess and warn policymakers of covert and overt foreign influence operations targeting (US government) policies and manipulating public opinion,” said Rick Crawford, an Arkansas Republican who chairs the House intelligence committee, in a statement to CNN.

But Haugh, who spent more than three decades in the Air Force, said the cuts at various federal agencies mean that the US government has fewer levers to pull to punish or expose foreign influence operations.

ODNI did not answer a detailed list of questions on how the agency plans to counter foreign influence, including whether ODNI has a top intelligence specialist dedicated to the issue, as it has had in years past. An ODNI spokesperson referred CNN to a previous agency statement saying the Foreign Malign Influence Center’s core functions would be moved to other parts of ODNI.

Gabbard said in August that ODNI would cut its workforce by over 40% and save taxpayers hundreds of millions of dollars in the process.

Trump’s new pick to replace Haugh and lead the NSA and Cyber Command, Lt. Gen. Joshua Rudd, pledged to protect the electoral process from foreign interference during his Senate confirmation hearing.

“Any foreign attempt to undermine the American process of democracy, and at the center of that is our electoral process, as you all know far better than I do, has got to be safeguarded,” Rudd told senators on January 15.

A sensitive subject
The FBI’s election security posture today has been shaped by Trump’s grievances over the bureau’s investigation into his 2016 campaign’s contacts with Russia and his false claims of a stolen 2020 election.

As president-elect in 2017, Trump was incsensed when then-FBI Director James Comey briefed him on the existence of a salacious, and later debunked, dossier about Trump gathered by a former British intelligence agent. Many see a through line between that day and the FBI’s current counterintelligence posture for elections.

“You could argue that where we are today happened because Comey briefed Trump, Trump got embarrassed and the rest is one big revenge tour,” said a former senior FBI counterintelligence official who served during the first Trump term and Biden’s term. They spoke on the condition of anonymity out of fear of retaliation from the Trump administration

If and when US officials speak publicly on foreign efforts to shape US democracy is an intensely delicate subject in the second Trump administration. Trump has bristled at US intelligence findings that Russia tried to influence the 2016 election in his favor, while Democrats have often exaggerated those findings to attack Trump.

A year after FBI agents were caught off-guard in 2016 by the scale of Russian hacking and propaganda aimed at voters, the bureau set up a Foreign Influence Task Force (FITF), a team of about 30 people to focus on the threat of foreign meddling. The task force passed intelligence about what foreign spies were doing on Facebook and Twitter to those social media platforms.

In February 2025, Attorney General Pam Bondi dissolved FITF, citing the need to “free resources to address more pressing priorities, and end risks of further weaponization and abuses of prosecutorial discretion.”

The impact of Bondi’s memo goes beyond FITF, according to current and former FBI officials. It’s a disincentive for any FBI agent to take up a case involving Russian election influence.

“Say the Russians influence the election again — I’m worried that we won’t know it until after the fact,” the ex-FBI official said.

In a statement to CNN, the FBI said it continues to pursue cases related to “foreign influence efforts by adversarial nations.”

“The Counterintelligence Division and our field offices work together to defend the homeland against all foreign influence efforts, including any attempts at election interference,” the FBI said.

The Cyber Command operation against Russian trolls in 2024 followed the Justice Department’s public disclosure that it had seized internet domains used by the trolls. US officials saw the hacking as an added, clandestine counter-punch to complement the law enforcement seizure. Under the second Trump administration, the public may not know if the Justice Department takes such an action leading up to an election.

After Trump won the 2024 election, a planning document used by his transition team and reviewed by CNN lamented a “surge in politicization and meddling in US politics by US intelligence agencies,” and said the Justice Department and the FBI should revisit how they communicate threats to the public, “e.g. in announcing indictments of foreign hackers or getting involved in threats to election security in partisan ways.”

Working with local election offices
Cyber Command, the NSA and other parts of the US intelligence community began playing a more prominent role in the cyber defense of US elections after the Russian intervention in 2016. The federal Cybersecurity and Infrastructure Security Agency emerged as a conduit between those powerful military and spy agencies and local election offices, building trust with those offices and passing on intelligence on foreign threats. Trump signed a law establishing CISA as a part of the Department of Homeland Security during his first term.

But Trump and his top advisers never forgave CISA’s leadership for saying the 2020 election was secure. They accused CISA of “censoring” conservative voices when in the first Trump term, at the urging of Republican and Democratic election officials, the agency flagged to social media platforms posts that spread false information about voting. The second Trump administration last year paused all of CISA’s election security work and reassigned the agency’s election specialists or put them on administrative leave

CISA spokespeople say the agency still offers some cybersecurity services to election offices, as it does other sectors. But election officials say the impact from the cuts to so many offices, including CISA, is clear.

A day after the US bombed Iranian nuclear facilities in June, pro-Iranian hackers breached an Arizona state election website and replaced candidates’ photos with an image of Iran’s Supreme Leader Ayatollah Ali Khamenei. It had echoes of 2020, when, according to the FBI, Iranian hackers set up a website with violent threats to election officials.

But while CISA was central to the federal response to the 2020 incident — and communicated proactively with election officials then — Arizona election officials now say they are not getting the same level of collaboration with the agency. In a statement to CNN, a CISA official said the agency “worked with Arizona and provided direct assistance to support their response efforts.”

The cuts to CISA have “drastically reduced national visibility into foreign threats and increased the potential for security failures,” Moser, the former CISA election security official, told CNN. “While state and local officials take great care to secure elections, now they are effectively being siloed and expected to combat sophisticated nation-state adversaries with severely limited federal support.”

A CISA spokesperson said: “Every day, DHS and CISA are providing our partners the most capable and timely threat intelligence, expertise, no-cost tools and resources these partners need to defend against risks.”

Foreign powers, with the help of artificial intelligence, will continue to target American voters with disinformation, the ODNI said in its annual worldwide threat assessment published in March.

“Reinforcing doubt in the integrity of the U.S. electoral system achieves one of (Russia’s) core objectives,” the intelligence report says.

China, in particular, is making alarming leaps in AI-powered influence activity, according to researchers at Vanderbilt University’s Institute of National Security. In August, the institute published documents leaked from a Chinese firm that appear to show it targeting the 2024 Taiwan election with a wave of social media posts. The Chinese firm has also put together profiles on at least 117 members of Congress and more than 2,000 American political figures and “thought leaders,” according to the research.

“This election cycle, foreign governments will be able to use AI tools to essentially whisper in the ear of anyone they target,” said Emerson Brooking, a former Pentagon cyber policy adviser who now studies influence operations at the Atlantic Council’s Digital Forensic Research Lab. “And the Trump team isn’t just unprepared; they’ve deliberately knocked down a lot of the defenses built over the past eight years.”

Last year, Gabbard and Iowa GOP Sen. Chuck Grassley released declassified intelligence documents related to the FBI and intelligence community’s probes of Russian influence on the 2016 election. Contrary to Gabbard’s public claims, the documents do not show the probes were a hoax. But they do show the lengths to which Russia’s SVR foreign intelligence service was willing to go either to impress their Kremlin bosses or to play mind games with US officials analyzing the hack, according to Michael van Landingham, a former CIA analyst, and Alex Orleans, a counterintelligence researcher.

That Americans are still arguing about Russia’s 2016 influence operations 10 years later is exactly what Russian intelligence hoped for, they said.

“SVR officers are definitely dining out on the fact that our national discourse still can’t fully escape the riptides of 2016,” Orleans told CNN.

CNN’s Katie Bo Lillis and Evan Perez contributed to this report.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

red.anthropic.com September 29, 2025 ANTHROPIC

AI models are now useful for cybersecurity tasks in practice, not just theory. As research and experience demonstrated the utility of frontier AI as a tool for cyber attackers, we invested in improving Claude’s ability to help defenders detect, analyze, and remediate vulnerabilities in code and deployed systems. This work allowed Claude Sonnet 4.5 to match or eclipse Opus 4.1, our frontier model released only two months prior, in discovering code vulnerabilities and other cyber skills. Adopting and experimenting with AI will be key for defenders to keep pace.

We believe we are now at an inflection point for AI’s impact on cybersecurity.

For several years, our team has carefully tracked the cybersecurity-relevant capabilities of AI models. Initially, we found models to be not particularly powerful for advanced and meaningful capabilities. However, over the past year or so, we’ve noticed a shift. For example:

We showed that models could reproduce one of the costliest cyberattacks in history—the 2017 Equifax breach—in simulation.
We entered Claude into cybersecurity competitions, and it outperformed human teams in some cases.
Claude has helped us discover vulnerabilities in our own code and fix them before release.
In this summer’s DARPA AI Cyber Challenge, teams used LLMs (including Claude) to build “cyber reasoning systems” that examined millions of lines of code for vulnerabilities to patch. In addition to inserted vulnerabilities, teams found (and sometimes patched) previously undiscovered, non-synthetic vulnerabilities. Beyond a competition setting, other frontier labs now apply models to discover and report novel vulnerabilities.

At the same time, as part of our Safeguards work, we have found and disrupted threat actors on our own platform who leveraged AI to scale their operations. Our Safeguards team recently discovered (and disrupted) a case of “vibe hacking,” in which a cybercriminal used Claude to build a large-scale data extortion scheme that previously would have required an entire team of people. Safeguards has also detected and countered Claude's use in increasingly complex espionage operations, including the targeting of critical telecommunications infrastructure, by an actor that demonstrated characteristics consistent with Chinese APT operations.

All of these lines of evidence lead us to think we are at an important inflection point in the cyber ecosystem, and progress from here could become quite fast or usage could grow quite quickly.

Therefore, now is an important moment to accelerate defensive use of AI to secure code and infrastructure. We should not cede the cyber advantage derived from AI to attackers and criminals. While we will continue to invest in detecting and disrupting malicious attackers, we think the most scalable solution is to build AI systems that empower those safeguarding our digital environments—like security teams protecting businesses and governments, cybersecurity researchers, and maintainers of critical open-source software.

In the run-up to the release of Claude Sonnet 4.5, we started to do just that.

Claude Sonnet 4.5: emphasizing cyber skills
As LLMs scale in size, “emergent abilities”—skills that were not evident in smaller models and were not necessarily an explicit target of model training—appear. Indeed, Claude’s abilities to execute cybersecurity tasks like finding and exploiting software vulnerabilities in Capture-the-Flag (CTF) challenges have been byproducts of developing generally useful AI assistants.

But we don’t want to rely on general model progress alone to better equip defenders. Because of the urgency of this moment in the evolution of AI and cybersecurity, we dedicated researchers to making Claude better at key skills like code vulnerability discovery and patching.

The results of this work are reflected in Claude Sonnet 4.5. It is comparable or superior to Claude Opus 4.1 in many aspects of cybersecurity while also being less expensive and faster.

Evidence from evaluations
In building Sonnet 4.5, we had a small research team focus on enhancing Claude’s ability to find vulnerabilities in codebases, patch them, and test for weaknesses in simulated deployed security infrastructure. We chose these because they reflect important tasks for defensive actors. We deliberately avoided enhancements that clearly favor offensive work—such as advanced exploitation or writing malware. We hope to enable models to find insecure code before deployment and to find and fix vulnerabilities in deployed code. There are, of course, many more critical security tasks we did not focus on; at the end of this post, we elaborate on future directions.

To test the effects of our research, we ran industry-standard evaluations of our models. These enable clear comparisons across models, measure the speed of AI progress, and—especially in the case of novel, externally developed evaluations—provide a good metric to ensure that we are not simply teaching to our own tests.

As we ran these evaluations, one thing that stood out was the importance of running them many times. Even if it is computationally expensive for a large set of evaluation tasks, it better captures the behavior of a motivated attacker or defender on any particular real-world problem. Doing so reveals impressive performance not only from Claude Sonnet 4.5, but also from models several generations older.

Cybench
One of the evaluations we have tracked for over a year is Cybench, a benchmark drawn from CTF competition challenges.[1] On this evaluation, we see striking improvement from Claude Sonnet 4.5, not just over Claude Sonnet 4, but even over Claude Opus 4 and 4.1 models. Perhaps most striking, Sonnet 4.5 achieves a higher probability of success given one attempt per task than Opus 4.1 when given ten attempts per task. The challenges that are part of this evaluation reflect somewhat complex, long-duration workflows. For example, one challenge involved analyzing network traffic, extracting malware from that traffic, and decompiling and decrypting the malware. We estimate that this would have taken a skilled human at least an hour, and possibly much longer; Claude took 38 minutes to solve it.

When we give Claude Sonnet 4.5 ten attempts at the Cybench evaluation, it succeeds on 76.5% of the challenges. This is particularly noteworthy because we have doubled this success rate in just the past six months (Sonnet 3.7, released in February 2025, had only a 35.9% success rate when given ten trials).

Figure 1: Model Performance on Cybench—Claude Sonnet 4.5 significantly outperforms all previous models given k=1, 10, or 30 trials, where probability of success is measured as the expectation over the proportion of problems where at least one of k trials succeeds. Note that these results are on a subset of 37 of the 40 original Cybench problems, where 3 problems were excluded due to implementation difficulties.
CyberGym
In another external evaluation, we evaluated Claude Sonnet 4.5 on CyberGym, a benchmark that evaluates the ability of agents to (1) find (previously-discovered) vulnerabilities in real open-source software projects given a high-level description of the weakness, and (2) discover new (previously-undiscovered) vulnerabilities.[2] The CyberGym team previously found that Claude Sonnet 4 was the strongest model on their public leaderboard.

Claude Sonnet 4.5 scores significantly better than either Claude Sonnet 4 or Claude Opus 4. When using the same cost constraints as the public CyberGym leaderboard (i.e., a limit of $2 of API queries per vulnerability) we find that Sonnet 4.5 achieves a new state-of-the-art score of 28.9%. But true attackers are rarely limited in this way: they can attempt many attacks, for far more than $2 per trial. When we remove these constraints and give Claude 30 trials per task, we find that Sonnet 4.5 reproduces vulnerabilities in 66.7% of programs. And although the relative price of this approach is higher, the absolute cost—about $45 to try one task 30 times—remains quite low.

Figure 2: Model Performance on CyberGym—Sonnet 4.5 outperforms all previous models, including Opus 4.1.

*Note that Opus 4.1, given its higher price, did not follow the same $2 cost constraint as the other models in the one-trial scenario.

Equally interesting is the rate at which Claude Sonnet 4.5 discovers new vulnerabilities. While the CyberGym leaderboard shows that Claude Sonnet 4 only discovers vulnerabilities in about 2% of targets, Sonnet 4.5 discovers new vulnerabilities in 5% of cases. By repeating the trial 30 times it discovers new vulnerabilities in over 33% of projects.

Figure 3: Model Performance on CyberGym—Sonnet 4.5 outperforms Sonnet 4 at new vulnerablity discovery with only one trial and dramatically outstrips its performance when given 30 trials.
Further research into patching
We are also conducting preliminary research into Claude's ability to generate and review patches that fix vulnerabilities. Patching vulnerabilities is a harder task than finding them because the model has to make surgical changes that remove the vulnerability without altering the original functionality. Without guidance or specifications, the model has to infer this intended functionality from the code base.

In our experiment we tasked Claude Sonnet 4.5 with patching vulnerabilities in the CyberGym evaluation set based on a description of the vulnerability and information about what the program was doing when it crashed. We used Claude to judge its own work, asking it to grade the submitted patches by comparing them to human-authored reference patches. 15% of the Claude-generated patches were judged to be semantically equivalent to the human-generated patches. However, this comparison-based approach has an important limitation: because vulnerabilities can often be fixed in multiple valid ways, patches that differ from the reference may still be correct, leading to false negatives in our evaluation.

We manually analyzed a sample of the highest-scoring patches and found them to be functionally identical to reference patches that have been merged into the open-source software on which the CyberGym evaluation is based. This work reveals a pattern consistent with our broader findings: Claude develops cyber-related skills as it generally improves. Our preliminary results suggest that patch generation—like vulnerability discovery before it—is an emergent capability that could be enhanced with focused research. Our next step is to systematically address the challenges we've identified to make Claude a reliable patch author and reviewer.

Conferring with trusted partners
Real world defensive security is more complicated in practice than our evaluations can capture. We’ve consistently found that real problems are more complex, challenges are harder, and implementation details matter a lot. Therefore, we feel it is important to work with the organizations actually using AI for defense to get feedback on how our research could accelerate them. In the lead-up to Sonnet 4.5 we worked with a number of organizations who applied the model to their real challenges in areas like vulnerability remediation, testing network security, and threat analysis.

Nidhi Aggarwal, Chief Product Officer of HackerOne, said, “Claude Sonnet 4.5 reduced average vulnerability intake time for our Hai security agents by 44% while improving accuracy by 25%, helping us reduce risk for businesses with confidence.” According to Sven Krasser, Senior Vice President for Data Science and Chief Scientist at CrowdStrike, “Claude shows strong promise for red teaming—generating creative attack scenarios that accelerate how we study attacker tradecraft. These insights strengthen our defenses across endpoints, identity, cloud, data, SaaS, and AI workloads.”

These testimonials made us more confident in the potential for applied, defensive work with Claude.

What’s next?
Claude Sonnet 4.5 represents a meaningful improvement, but we know that many of its capabilities are nascent and do not yet match those of security professionals and established processes. We will keep working to improve the defense-relevant capabilities of our models and enhance the threat intelligence and mitigations that safeguard our platforms. In fact, we have already been using results of our investigations and evaluations to continually refine our ability to catch misuse of our models for harmful cyber behavior. This includes using techniques like organization-level summarization to understand the bigger picture beyond just a singular prompt and completion; this helps disaggregate dual-use behavior from nefarious behavior, particularly for the most damaging use-cases involving large scale automated activity.

But we believe that now is the time for as many organizations as possible to start experimenting with how AI can improve their security posture and build the evaluations to assess those gains. Automated security reviews in Claude Code show how AI can be integrated into the CI/CD pipeline. We would specifically like to enable researchers and teams to experiment with applying models in areas like Security Operations Center (SOC) automation, Security Information and Event Management (SIEM) analysis, secure network engineering, or active defense. We would like to see and use more evaluations for defensive capabilities as part of the growing third-party ecosystem for model evaluations.

But even building and adopting to advantage defenders is only part of the solution. We also need conversations about making digital infrastructure more resilient and new software secure by design—including with help from frontier AI models. We look forward to these discussions with industry, government, and civil society as we navigate the moment when AI’s impact on cybersecurity transitions from being a future concern to a present-day imperative.

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.

In December 2023, the Molfar website experienced a DDoS attack. This occurred immediately after the publication of our extensive investigation into the production of Shaheds and Lancets, which included the deanon of the family of chief designer Zakharov. Recently, Molfar discovered who was behind that DDos attack.

Molfar's OSINT analysts, in collaboration with the DC8044 F33d community team, identified several Russian hackers allegedly connected to Russian state structures and received funding from them. Some of these individuals are Ukrainian.

A cyber prodigy defended companies against intrusion while continuing to amass data through a series of his own hacks.

Russian and Moldovan companies targeted by XDSpy phishing campaign, deploying DSDownloader malware, amid escalating cyber conflicts.

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.

Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection

Albania's Parliament and a telecommunications service provider faced online attacks on Christmas day, according to the Albanian National Authority for Electronic
#AKCESK #Albania #Authority #Certification #Cyber #Cyberwarfare #Electronic #Hacking #Homeland #Iran #Justice #MEK #National #Security #Warfare #and #for

In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time.

Several water monitors – which monitor irrigation systems and wastewater treatment systems – were left dysfunctional on Sunday after a cyber attack targeted the monitoring systems.

Specifically, water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.

The NCF outlines how it conducts responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious crime

The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike, the head of U.S. Cyber Command said.

U.S. Army General Paul Nakasone said the cyber effort to secure the vote began before the Nov. 8 vote and carried through until the elections were certified.

"We did conduct operations persistently to make sure that our foreign adversaries couldn't utilize infrastructure to impact us," Nakasone, who is also the director of the U.S. National Security Agency, told reporters.

The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022.

Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy.

Si les sanctions économiques contre la Russie ont un impact significatif, il en est autrement de celles imposées dans le domaine cyber.