This week’s cybersecurity updates highlight several vulnerabilities and threats across different platforms, emphasizing the ongoing challenges in securing digital environments.
Phishing Campaign Targeting Businesses
A phishing campaign has emerged, targeting small businesses in Europe, Asia, the Middle East, and the U.S. The attackers are sending emails that impersonate law enforcement officials, claiming to contain evidence of suspicious activities. Recipients are pressured to open a password-protected archive, which ultimately delivers a custom-built ransomware payload, as reported by Bitdefender.
Vulnerability in Apple’s Hide My Email
A vulnerability has been identified in Apple’s Hide My Email service, which allows users’ real email addresses to be exposed. Researcher Tyler Murphy disclosed that he reported this issue to Apple over a year ago, yet it remains unpatched. In preliminary tests, it was found that 100% of Hide My Email addresses were exploitable, although the full scope of the vulnerability is still unclear.
Exploitation of Claude Cowork Sandbox
Research from Armadin has uncovered an attack chain affecting the Claude Cowork application on Windows. This vulnerability allows an attacker with local code execution to plant malicious files in the application directory, enabling them to run arbitrary commands as root within the sandbox environment. The exploit takes advantage of unvalidated parameters in the service’s interface, allowing sensitive data to be exfiltrated without network restrictions. Anthropic, the company behind Claude, does not classify this as a security issue since exploitation requires pre-existing local code execution.
Emerging Threats and Trends
In addition to these vulnerabilities, a new remote access Trojan (RAT) named BeepRAT has been identified, linked to a Chinese phone number management utility. This malware establishes persistence on infected hosts and can perform various malicious activities, including file transfers and keystroke logging. Furthermore, there is a noted shift in phishing tactics, with campaigns becoming more tailored to the victim’s device and environment, reflecting a strategic evolution in threat operations.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








