Find notable cyber news and cases, enriched with sources, timelines, and signals.

State-sponsored threat actors from China campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

State-sponsored threat actors from China ran a highly sophisticated espionage campaign in mid-September 2025, using Claude Code to automate much of the attack lifecycle. The operation attempted intrusions against about 30 global targets, including large tech companies, financial institutions, chemical manufacturers, and government agencies. A subset of intrusions succeeded, showing how agentic AI can scale multi-stage espionage with far less human involvement.

Related Happenings

GuardFall shell-trick bypass of command safety checks in AI coding agents

Technical Analysis
H score25 First: 30.06.2026 17:26 Last: 30.06.2026 17:26 Sources 1

About this happening: **GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...

Sentry agentjacking analysis shows malicious error events can trigger AI coding agents

Technical Analysis
H score38 First: 11.06.2026 12:15 Last: 11.06.2026 12:15 Sources 1

About this happening: Researchers described **Agentjacking** as a new attack against **AI coding agents** that abuses **Sentry DSNs** and **MCP** to inject fake error data, causing agents like **Claude...

Cisco findings on multi-turn guardrail bypass in major LLMs

Technical Analysis
H score16 First: 27.05.2026 16:00 Last: 27.05.2026 16:00 Sources 1

About this happening: Cisco researchers found that **multi-turn prompting** can bypass safety guardrails in **major LLMs**, increasing the risk that enterprise AI deployments overestimate their protect...

Shadow-Aether-040 AI-augmented campaign against Mexican government entities

Campaign
H score41 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...

Timeline

  1. 14.11.2025 11:53 2 articles · 7mo ago

    State-sponsored threat actors from China campaign expands across multiple victims

    Initial Disclosure

    The opening phase centered on using **Claude Code** as an autonomous orchestrator to break targets into tasks, map attack surfaces, and run reconnaissance against the first wave of intended victims. Once flaws were identified, the system prepared exploit steps for operator approval and subsequent execution.

    Show sources