LayerX says it received no clear response after it flagged a serious Claude Code flaw to Anthropic that bypasses safety rules via the CLAUDE.md file, letting attackers run SQL injection and steal credentials using simple instructions.

Read: https://hackread.com/claude-code-claude-md-sql-injection-attacks/

#CyberSecurity #Claude #Anthropic #AI #ClaudeCode #LayerX

企業間決済の効率化に向けた新たな一手🏢
#GMOペイメントゲートウェイ が #LayerX の「バクラク請求書発行」へカード決済機能を提供。最短即日で請求書のカード払いが設定可能になり、売り手の債権回収と買い手の資金繰り改善を両立させます💳

https://finwave.jp/archives/3088

Chrome: extensões fingem ser IA e roubam dados de 300 mil usuários

https://fed.brid.gy/r/https://tecnoblog.net/noticias/chrome-extensoes-fingem-ser-ia-e-roubam-dados-de-300-mil-usuarios/

LayerX uncovered a multi-year malicious Chrome extension operation posing as “free VPN” and ad-blocking tools. Some versions reached 9M+ installs, intercepting traffic, collecting browsing data, and manipulating proxy settings via remote configs and dynamic code.

New variants continue to appear even after takedowns.

Full report:
https://www.technadu.com/malicious-chrome-extensions-steal-data-via-fake-free-vpn-tools/614073/

Follow us for ongoing threat research & cybersecurity updates.

#CyberSecurity #BrowserExtensions #VPN #Privacy #LayerX #Infosec

CometJacking: 링크 하나로 AI 브라우저가 당신의 Gmail을 훔친다

https://aisparkup.com/posts/5480

💥 AI dominates enterprise data leakage

💥 AI dominates enterprise data leakage
LayerX’s research proves that AI tools (ChatGPT, Claude, Copilot) are now the largest uncontrolled exfiltration channels, exceeding shadow SaaS or unmanaged file sharing.
- 77% of data leaves via copy/paste
- 67% of AI sessions occur via unmanaged accounts
- High-risk categories: AI, chat, and file storage

💬 How can CISOs enforce visibility and governance over these channels? Follow @technadu for daily enterprise cybersecurity insights.

#AI #DataExfiltration #CyberSecurity #EnterpriseSecurity #LayerX #GenAI

🚨 Threat Alert: One click can turn AI browsers against you.
CometJacking abuses Perplexity’s Comet AI browser, using prompt injection via malicious URLs to exfiltrate Gmail, Calendar, and connector data.
Key takeaways:
- No credentials stolen; browser already has access
- Base64 obfuscation bypasses protection checks
- Enterprises must monitor AI browser agent memory and prompt execution

Stay ahead of AI-native browser threats.

#CometJacking #CometAI #CyberSecurity #PromptInjection #InsiderThreat #LayerX #DataSecurity #EmailSecurity #CalendarSecurity #Infosec #ThreatIntel #AI