LIVE FEED
Browser Ransomware via File System Access API: DeepSeek

Browser Ransomware via File System Access API: DeepSeek

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Check Point Research

Check Point Research demonstrates how DeepSeek's lower refusal rates allowed researchers to transform an LLM-hallucinated malware concept into a practical browser-native ransomware technique targeting Android photo directories via the File System Access API. The attack requires no native payload, APK installation, or root access — only social engineering to obtain a legitimate browser permission prompt. This research highlights how frontier AI models with weaker safety controls can independently design novel attack paths not yet seen in real-world campaigns.

mouse5212-super-formatter npm Malware Steals Claude Files

mouse5212-super-formatter npm Malware Steals Claude Files

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 The Hacker News

A malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. The package disguised itself as a legitimate archive utility while silently uploading all local workspace files during the postinstall phase. Notably, the attacker's poor operational security — including a leaked GitHub token — suggests AI-generated malware with minimal human oversight, pointing to a growing trend of low-skill threat actors leveraging AI to produce supply chain malware.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.